Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/dmCtcIdQMhbwJeIudKTLOx_b0VU.roa
File:                     dmCtcIdQMhbwJeIudKTLOx_b0VU.roa (raw, json)
Hash identifier:          aXzf7nY4YbUC0M8Kx5plPg9SATFrH4ks1C81TO/xeno=
Subject key identifier:   76:60:AD:70:87:50:32:16:F0:25:E2:2E:74:A4:CB:3B:1F:DB:D1:55
Certificate issuer:       /CN=7508475ff0d8ec960336016e0e04221a98e5ecf2
Certificate serial:       019744D102960C31F559E993A20C1E0C9F9B
Authority key identifier: 75:08:47:5F:F0:D8:EC:96:03:36:01:6E:0E:04:22:1A:98:E5:EC:F2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dQhHX_DY7JYDNgFuDgQiGpjl7PI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/dmCtcIdQMhbwJeIudKTLOx_b0VU.roa
Signing time:             Fri 06 Jun 2025 10:37:17 +0000
ROA not before:           Fri 06 Jun 2025 10:37:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     56971
IP address blocks:        185.159.128.0/24 maxlen: 24
                          185.159.131.0/24 maxlen: 24
                          185.228.235.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/dQhHX_DY7JYDNgFuDgQiGpjl7PI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/dQhHX_DY7JYDNgFuDgQiGpjl7PI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dQhHX_DY7JYDNgFuDgQiGpjl7PI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 09 Jun 2025 16:01:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:44:d1:02:96:0c:31:f5:59:e9:93:a2:0c:1e:0c:9f:9b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7508475ff0d8ec960336016e0e04221a98e5ecf2
        Validity
            Not Before: Jun  6 10:37:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=7660ad7087503216f025e22e74a4cb3b1fdbd155
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:33:df:01:3c:41:fa:6a:f8:b5:39:ea:2a:fe:
                    eb:bf:41:c3:b8:28:42:ab:5e:af:50:e3:02:ff:f7:
                    57:51:f3:0d:54:a7:f5:f8:20:89:fe:5e:ea:1b:ef:
                    31:d6:d4:81:a4:d4:eb:bf:4a:71:bd:b3:88:a4:73:
                    45:69:8b:3c:c8:fc:c1:b7:81:7e:79:ae:19:b3:31:
                    9d:52:63:6d:72:72:14:ea:42:fd:b8:e8:9e:93:60:
                    38:c2:5d:5b:61:fb:40:6d:f2:20:b2:eb:64:a5:a0:
                    83:0a:6c:24:29:9a:5f:d0:7b:37:3b:5d:1c:f0:64:
                    5f:8d:9f:5a:2d:4e:60:e6:e4:90:90:f9:d5:54:49:
                    51:1a:a8:f9:d2:00:97:83:b6:af:ef:57:2b:25:e3:
                    bd:f6:b9:70:86:8c:9c:22:4f:9d:b4:72:43:b2:ee:
                    dd:10:5b:1f:12:41:67:44:cd:15:f8:6e:36:d5:07:
                    75:1a:ac:43:b1:ac:d1:82:b3:57:50:ed:3c:c7:73:
                    ce:ef:08:8e:bc:a8:14:cc:52:f9:ee:a0:7b:8a:5e:
                    2e:2c:01:75:f2:e5:af:f8:9b:ad:25:a1:92:9d:b5:
                    9f:05:c7:5d:24:8c:4e:5c:b0:38:af:cf:aa:cd:91:
                    65:71:78:1a:00:b4:a1:15:4b:56:61:10:b7:28:44:
                    84:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                76:60:AD:70:87:50:32:16:F0:25:E2:2E:74:A4:CB:3B:1F:DB:D1:55
            X509v3 Authority Key Identifier:
                keyid:75:08:47:5F:F0:D8:EC:96:03:36:01:6E:0E:04:22:1A:98:E5:EC:F2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dQhHX_DY7JYDNgFuDgQiGpjl7PI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/dmCtcIdQMhbwJeIudKTLOx_b0VU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/dQhHX_DY7JYDNgFuDgQiGpjl7PI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.159.128.0/24
                  185.159.131.0/24
                  185.228.235.0/24

    Signature Algorithm: sha256WithRSAEncryption
         50:0e:2f:88:4b:e4:93:a4:4c:cf:b5:f3:e5:f6:77:81:d5:aa:
         08:c9:42:e0:4d:24:3f:9b:4f:fe:55:e3:3d:f1:99:51:ad:fe:
         0a:e8:cf:7b:bf:52:c1:e2:a3:17:29:f3:25:1b:e4:e8:ed:02:
         36:ee:75:da:4a:e0:25:6c:43:10:2c:b1:e9:26:02:b7:89:04:
         20:7c:a1:33:da:e4:79:c5:ce:c2:51:9b:70:0d:47:68:02:ee:
         7e:08:1b:94:6f:78:22:ee:b4:42:c2:e4:cc:4c:f3:9d:d9:bf:
         81:81:04:5e:a1:7d:d8:42:07:12:b4:bb:7a:28:87:8e:ba:19:
         38:8d:80:97:8a:82:10:f0:00:0e:a5:14:45:89:e6:1a:9f:7f:
         f4:ec:98:1d:bc:20:7b:b5:da:5b:1c:26:6a:0c:7d:80:fd:12:
         c9:53:b2:14:04:1b:f9:eb:eb:a0:67:21:da:08:be:dd:96:51:
         27:65:da:7d:cd:7b:e7:f0:3a:e9:dc:22:f2:5a:18:76:98:eb:
         26:9f:91:da:2f:d8:40:6e:a1:38:95:bb:5e:1d:c4:00:21:23:
         ac:f7:7c:a9:7f:02:02:74:c2:84:b6:d9:cc:7e:a5:9c:77:eb:
         2d:48:92:86:9c:6b:66:7a:08:5c:b4:1d:32:70:e9:a3:eb:0c:
         81:1e:a9:84
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZdE0QKWDDH1WemTogweDJ+bMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc1MDg0NzVmZjBkOGVjOTYwMzM2MDE2ZTBlMDQyMjFhOThl
NWVjZjIwHhcNMjUwNjA2MTAzNzE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NjYwYWQ3MDg3NTAzMjE2ZjAyNWUyMmU3NGE0Y2IzYjFmZGJkMTU1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtzPfATxB+mr4tTnqKv7rv0HDuChC
q16vUOMC//dXUfMNVKf1+CCJ/l7qG+8x1tSBpNTrv0pxvbOIpHNFaYs8yPzBt4F+
ea4ZszGdUmNtcnIU6kL9uOiek2A4wl1bYftAbfIgsutkpaCDCmwkKZpf0Hs3O10c
8GRfjZ9aLU5g5uSQkPnVVElRGqj50gCXg7av71crJeO99rlwhoycIk+dtHJDsu7d
EFsfEkFnRM0V+G421Qd1GqxDsazRgrNXUO08x3PO7wiOvKgUzFL57qB7il4uLAF1
8uWv+JutJaGSnbWfBcddJIxOXLA4r8+qzZFlcXgaALShFUtWYRC3KESEFQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFHZgrXCHUDIW8CXiLnSkyzsf29FVMB8GA1UdIwQY
MBaAFHUIR1/w2OyWAzYBbg4EIhqY5ezyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZFFoSFhfRFk3SllETmdGdURnUWlHcGpsN1BJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZS8xZmE2YTMtOGRjNS00YzM1LWE0OWIt
MTcxYzM2N2JlNzgyLzEvZG1DdGNJZFFNaGJ3SmVJdWRLVExPeF9iMFZVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZS8xZmE2YTMtOGRjNS00YzM1LWE0OWItMTcxYzM2N2JlNzgy
LzEvZFFoSFhfRFk3SllETmdGdURnUWlHcGpsN1BJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAuZ+AAwQA
uZ+DAwQAueTrMA0GCSqGSIb3DQEBCwUAA4IBAQBQDi+IS+STpEzPtfPl9neB1aoI
yULgTSQ/m0/+VeM98ZlRrf4K6M97v1LB4qMXKfMlG+To7QI27nXaSuAlbEMQLLHp
JgK3iQQgfKEz2uR5xc7CUZtwDUdoAu5+CBuUb3gi7rRCwuTMTPOd2b+BgQReoX3Y
QgcStLt6KIeOuhk4jYCXioIQ8AAOpRRFieYan3/07JgdvCB7tdpbHCZqDH2A/RLJ
U7IUBBv56+ugZyHaCL7dllEnZdp9zXvn8Drp3CLyWhh2mOsmn5HaL9hAbqE4lbte
HcQAISOs93ypfwICdMKEttnMfqWcd+stSJKGnGtmeghctB0ycOmj6wyBHqmE
-----END CERTIFICATE-----