Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/02/c0bb52-70de-4af0-a9fb-900034f00d9e/1/xv9HfwhggDXbUMv-czQzhIKTeZ8.roa
File:                     xv9HfwhggDXbUMv-czQzhIKTeZ8.roa (raw, json)
Hash identifier:          8zbraxRvCOHngoKaCuyrD6Tzu9xckameA/akAOr4XQk=
Subject key identifier:   C6:FF:47:7F:08:60:80:35:DB:50:CB:FE:73:34:33:84:82:93:79:9F
Certificate issuer:       /CN=7aef069e7e3ed5bf70f682ce40c5810ff3e5e378
Certificate serial:       0194228D2BF6383EE914D0636653F4BEE542
Authority key identifier: 7A:EF:06:9E:7E:3E:D5:BF:70:F6:82:CE:40:C5:81:0F:F3:E5:E3:78
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eu8Gnn4-1b9w9oLOQMWBD_Pl43g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/02/c0bb52-70de-4af0-a9fb-900034f00d9e/1/xv9HfwhggDXbUMv-czQzhIKTeZ8.roa
Signing time:             Wed 01 Jan 2025 15:47:44 +0000
ROA not before:           Wed 01 Jan 2025 15:47:44 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     56795
IP address blocks:        85.204.46.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/02/c0bb52-70de-4af0-a9fb-900034f00d9e/1/eu8Gnn4-1b9w9oLOQMWBD_Pl43g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/02/c0bb52-70de-4af0-a9fb-900034f00d9e/1/eu8Gnn4-1b9w9oLOQMWBD_Pl43g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eu8Gnn4-1b9w9oLOQMWBD_Pl43g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 28 Apr 2025 07:29:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:8d:2b:f6:38:3e:e9:14:d0:63:66:53:f4:be:e5:42
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7aef069e7e3ed5bf70f682ce40c5810ff3e5e378
        Validity
            Not Before: Jan  1 15:47:44 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c6ff477f08608035db50cbfe733433848293799f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ea:66:e1:47:8d:9e:f5:61:3b:0e:66:71:95:85:
                    25:95:e7:6e:90:ce:bf:fd:4c:bf:0f:97:68:be:dc:
                    9f:0c:aa:22:ef:27:57:0c:61:ca:50:21:0c:41:35:
                    78:27:bf:92:f2:34:73:01:df:3b:7e:3e:56:37:09:
                    5b:98:ad:f6:14:54:da:52:fc:5d:86:bb:a8:7f:ee:
                    a1:5f:67:2b:3c:43:85:68:38:8b:4f:9f:e4:1f:b9:
                    e3:f7:d3:5e:99:67:c4:cf:69:da:29:8d:b9:37:28:
                    01:f8:3d:61:7e:48:fa:39:03:8c:ec:91:03:50:75:
                    71:18:70:a0:66:b7:d0:46:1b:57:ac:4f:b5:8b:3d:
                    a2:bd:af:42:d7:c4:03:f0:41:4c:4a:43:6f:38:a3:
                    6e:9c:37:f5:ff:cf:13:10:29:62:7a:91:ef:4f:00:
                    f8:f4:ed:15:c9:7e:1c:13:4f:3a:68:3c:b9:f7:65:
                    2b:7f:2a:fa:ff:78:80:73:e2:87:09:a5:d2:0c:ba:
                    90:1e:23:ee:11:22:32:29:02:54:d9:bb:da:68:8c:
                    f8:83:d8:ca:15:f8:f7:a0:e8:4d:ba:c4:a2:02:3d:
                    8c:76:c6:d4:bd:59:1d:0c:ec:01:05:89:17:ab:9c:
                    38:b9:c4:a3:20:60:94:e6:8c:2d:52:73:cd:36:59:
                    10:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C6:FF:47:7F:08:60:80:35:DB:50:CB:FE:73:34:33:84:82:93:79:9F
            X509v3 Authority Key Identifier:
                keyid:7A:EF:06:9E:7E:3E:D5:BF:70:F6:82:CE:40:C5:81:0F:F3:E5:E3:78

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eu8Gnn4-1b9w9oLOQMWBD_Pl43g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/02/c0bb52-70de-4af0-a9fb-900034f00d9e/1/xv9HfwhggDXbUMv-czQzhIKTeZ8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/02/c0bb52-70de-4af0-a9fb-900034f00d9e/1/eu8Gnn4-1b9w9oLOQMWBD_Pl43g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.204.46.0/24

    Signature Algorithm: sha256WithRSAEncryption
         31:49:53:f8:c2:ee:8d:b1:47:00:11:2f:19:26:7c:b6:8f:d5:
         ea:ce:d7:03:fe:0f:7f:70:b5:2c:81:12:03:a2:59:4a:b2:54:
         74:e6:7c:6e:e9:d3:ad:f1:81:39:4e:a3:35:6f:ca:d4:7f:fd:
         54:86:c4:3e:ad:09:74:a8:3c:7f:41:2c:63:9b:35:5d:1d:af:
         89:90:51:49:b5:93:4e:24:34:1a:c4:80:51:f8:f5:25:9a:2b:
         5b:da:ff:74:e4:3c:ad:5d:f3:54:40:a0:64:73:55:d3:60:7e:
         af:7d:ab:81:58:bc:b6:24:ae:9a:3b:1f:9a:83:8f:7b:84:59:
         35:60:37:41:51:99:23:fe:91:61:11:54:bf:1e:5e:c5:f8:52:
         e5:07:30:0b:b9:59:54:7e:5b:6c:81:90:c3:d9:55:93:85:62:
         5e:23:fd:80:1a:3e:a5:a2:a7:57:7f:c6:93:2c:b3:a3:b4:67:
         82:d3:29:cd:43:91:e1:c5:a1:71:29:82:f9:7b:b0:35:94:26:
         d8:af:1c:fa:6d:bd:d4:75:b9:08:39:5d:48:d5:8a:5f:41:a0:
         70:55:73:a7:3e:7f:79:03:04:50:81:72:2b:ca:08:f1:d2:7d:
         a1:c8:74:79:15:e0:4d:43:47:21:11:44:17:6b:15:d1:9b:d4:
         d9:80:3e:a4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQijSv2OD7pFNBjZlP0vuVCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdhZWYwNjllN2UzZWQ1YmY3MGY2ODJjZTQwYzU4MTBmZjNl
NWUzNzgwHhcNMjUwMTAxMTU0NzQ0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNmZmNDc3ZjA4NjA4MDM1ZGI1MGNiZmU3MzM0MzM4NDgyOTM3OTlmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6mbhR42e9WE7DmZxlYUlledukM6/
/Uy/D5dovtyfDKoi7ydXDGHKUCEMQTV4J7+S8jRzAd87fj5WNwlbmK32FFTaUvxd
hruof+6hX2crPEOFaDiLT5/kH7nj99NemWfEz2naKY25NygB+D1hfkj6OQOM7JED
UHVxGHCgZrfQRhtXrE+1iz2iva9C18QD8EFMSkNvOKNunDf1/88TECliepHvTwD4
9O0VyX4cE086aDy592Urfyr6/3iAc+KHCaXSDLqQHiPuESIyKQJU2bvaaIz4g9jK
Ffj3oOhNusSiAj2MdsbUvVkdDOwBBYkXq5w4ucSjIGCU5owtUnPNNlkQPQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMb/R38IYIA121DL/nM0M4SCk3mfMB8GA1UdIwQY
MBaAFHrvBp5+PtW/cPaCzkDFgQ/z5eN4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZXU4R25uNC0xYjl3OW9MT1FNV0JEX1BsNDNnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMi9jMGJiNTItNzBkZS00YWYwLWE5ZmIt
OTAwMDM0ZjAwZDllLzEveHY5SGZ3aGdnRFhiVU12LWN6UXpoSUtUZVo4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMi9jMGJiNTItNzBkZS00YWYwLWE5ZmItOTAwMDM0ZjAwZDll
LzEvZXU4R25uNC0xYjl3OW9MT1FNV0JEX1BsNDNnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVcwuMA0G
CSqGSIb3DQEBCwUAA4IBAQAxSVP4wu6NsUcAES8ZJny2j9XqztcD/g9/cLUsgRID
ollKslR05nxu6dOt8YE5TqM1b8rUf/1UhsQ+rQl0qDx/QSxjmzVdHa+JkFFJtZNO
JDQaxIBR+PUlmitb2v905DytXfNUQKBkc1XTYH6vfauBWLy2JK6aOx+ag497hFk1
YDdBUZkj/pFhEVS/Hl7F+FLlBzALuVlUfltsgZDD2VWThWJeI/2AGj6loqdXf8aT
LLOjtGeC0ynNQ5HhxaFxKYL5e7A1lCbYrxz6bb3UdbkIOV1I1YpfQaBwVXOnPn95
AwRQgXIrygjx0n2hyHR5FeBNQ0chEUQXaxXRm9TZgD6k
-----END CERTIFICATE-----