Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/49/dd8bc5-86ef-4135-bf1f-a4c8d9895a43/1/_Sk86eGU6RbYb2vHgW0Ui6wMfs0.roa
File:                     _Sk86eGU6RbYb2vHgW0Ui6wMfs0.roa (raw, json)
Hash identifier:          Avs1rLJgkMJRxv1FINcH2aH5zw28kBN1QbSOsvT0vZA=
Subject key identifier:   FD:29:3C:E9:E1:94:E9:16:D8:6F:6B:C7:81:6D:14:8B:AC:0C:7E:CD
Certificate issuer:       /CN=0ef47d753d25289fd98794974aa0536010567bd9
Certificate serial:       019421B20B50E4DCCA8E3F8A995FBA89EDBB
Authority key identifier: 0E:F4:7D:75:3D:25:28:9F:D9:87:94:97:4A:A0:53:60:10:56:7B:D9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DvR9dT0lKJ_Zh5SXSqBTYBBWe9k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/49/dd8bc5-86ef-4135-bf1f-a4c8d9895a43/1/_Sk86eGU6RbYb2vHgW0Ui6wMfs0.roa
Signing time:             Wed 01 Jan 2025 11:48:23 +0000
ROA not before:           Wed 01 Jan 2025 11:48:23 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     207505
IP address blocks:        185.242.219.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/49/dd8bc5-86ef-4135-bf1f-a4c8d9895a43/1/DvR9dT0lKJ_Zh5SXSqBTYBBWe9k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/49/dd8bc5-86ef-4135-bf1f-a4c8d9895a43/1/DvR9dT0lKJ_Zh5SXSqBTYBBWe9k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DvR9dT0lKJ_Zh5SXSqBTYBBWe9k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 27 Apr 2025 17:20:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:b2:0b:50:e4:dc:ca:8e:3f:8a:99:5f:ba:89:ed:bb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0ef47d753d25289fd98794974aa0536010567bd9
        Validity
            Not Before: Jan  1 11:48:23 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=fd293ce9e194e916d86f6bc7816d148bac0c7ecd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:18:b2:35:02:00:82:5b:2d:6f:23:de:92:ad:
                    17:dd:81:e4:30:0a:6d:ab:95:67:83:4b:22:1e:94:
                    78:4a:55:74:d3:eb:14:d0:c8:e1:47:2b:38:cf:ed:
                    00:fb:75:53:05:49:e8:70:d6:26:d2:87:7f:9c:b5:
                    6f:75:84:d3:52:4d:0a:e9:15:4a:ac:64:ef:b2:b8:
                    87:71:d8:e5:ec:b9:5c:84:21:22:7f:d8:76:67:fe:
                    d5:b4:15:ed:9d:9f:cb:42:6d:64:83:7c:4f:4d:45:
                    bd:8c:52:31:89:6a:dc:36:ab:af:b7:e1:97:bd:0a:
                    9b:cd:04:92:e7:7d:65:53:0b:b2:b5:b3:24:56:4c:
                    d8:d9:99:1a:1e:12:c0:c3:3f:cd:28:d3:da:95:a3:
                    de:54:e6:2e:bc:4d:f3:0f:9e:33:cc:61:56:f6:e5:
                    fb:f2:69:30:45:4b:a5:a6:01:6e:74:ce:86:98:e7:
                    d8:66:d0:00:17:d0:1f:ba:35:46:7c:31:53:07:33:
                    81:8f:36:24:46:a1:85:97:c7:db:a3:b6:22:b7:08:
                    84:36:65:21:ff:b6:71:2e:fb:36:19:cb:7a:6d:51:
                    4b:d9:b8:8d:cf:a2:cd:56:62:3c:6b:66:4a:34:02:
                    6f:4b:f1:86:1f:8a:d2:8c:37:60:36:6f:39:e8:bd:
                    92:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FD:29:3C:E9:E1:94:E9:16:D8:6F:6B:C7:81:6D:14:8B:AC:0C:7E:CD
            X509v3 Authority Key Identifier:
                keyid:0E:F4:7D:75:3D:25:28:9F:D9:87:94:97:4A:A0:53:60:10:56:7B:D9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DvR9dT0lKJ_Zh5SXSqBTYBBWe9k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/49/dd8bc5-86ef-4135-bf1f-a4c8d9895a43/1/_Sk86eGU6RbYb2vHgW0Ui6wMfs0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/49/dd8bc5-86ef-4135-bf1f-a4c8d9895a43/1/DvR9dT0lKJ_Zh5SXSqBTYBBWe9k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.242.219.0/24

    Signature Algorithm: sha256WithRSAEncryption
         10:67:77:09:8a:eb:73:41:1f:de:a0:4f:d9:d5:2e:76:ad:45:
         cc:ef:7d:ae:95:6b:29:b5:a7:61:2e:e4:f9:99:2f:6b:f4:3a:
         b2:2e:41:b8:2c:ef:37:41:3c:c8:eb:02:74:54:73:f7:1a:38:
         20:7e:a6:6c:3b:fe:9d:87:33:b5:44:fd:86:f8:ef:f4:25:b2:
         e1:7d:de:bb:98:19:d6:c3:93:8c:2b:94:93:f3:59:70:23:fc:
         18:d6:37:23:86:e3:f4:dd:04:8c:c2:59:91:40:46:5e:dd:92:
         d4:d5:7a:4f:47:6c:cc:59:10:fd:30:8c:c0:71:96:93:f4:87:
         f1:8c:54:f4:bf:47:d0:d4:04:c3:3c:4a:72:ac:32:71:f3:ff:
         dd:f1:f8:f0:1f:b5:88:87:c1:fd:83:80:04:08:a3:a8:f0:c1:
         91:34:7c:00:85:00:bf:ae:9f:2a:8e:d6:a4:34:77:ea:33:a0:
         69:47:37:ab:d3:d3:c3:68:44:b1:71:f7:ec:28:11:33:29:81:
         15:7a:f2:64:0f:c7:4c:88:f6:b1:f5:ac:18:43:0a:fc:4d:c3:
         74:b6:3a:3d:e8:c1:83:92:66:88:61:50:46:54:96:33:87:30:
         5c:0b:f6:33:66:4a:25:06:ca:c1:cd:68:63:45:b7:8d:5a:f9:
         7a:45:69:6b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhsgtQ5NzKjj+KmV+6ie27MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBlZjQ3ZDc1M2QyNTI4OWZkOTg3OTQ5NzRhYTA1MzYwMTA1
NjdiZDkwHhcNMjUwMTAxMTE0ODIzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZDI5M2NlOWUxOTRlOTE2ZDg2ZjZiYzc4MTZkMTQ4YmFjMGM3ZWNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxBiyNQIAglstbyPekq0X3YHkMApt
q5Vng0siHpR4SlV00+sU0MjhRys4z+0A+3VTBUnocNYm0od/nLVvdYTTUk0K6RVK
rGTvsriHcdjl7LlchCEif9h2Z/7VtBXtnZ/LQm1kg3xPTUW9jFIxiWrcNquvt+GX
vQqbzQSS531lUwuytbMkVkzY2ZkaHhLAwz/NKNPalaPeVOYuvE3zD54zzGFW9uX7
8mkwRUulpgFudM6GmOfYZtAAF9AfujVGfDFTBzOBjzYkRqGFl8fbo7YitwiENmUh
/7ZxLvs2Gct6bVFL2biNz6LNVmI8a2ZKNAJvS/GGH4rSjDdgNm856L2SzQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFP0pPOnhlOkW2G9rx4FtFIusDH7NMB8GA1UdIwQY
MBaAFA70fXU9JSif2YeUl0qgU2AQVnvZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRHZSOWRUMGxLSl9aaDVTWFNxQlRZQkJXZTlrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80OS9kZDhiYzUtODZlZi00MTM1LWJmMWYt
YTRjOGQ5ODk1YTQzLzEvX1NrODZlR1U2UmJZYjJ2SGdXMFVpNndNZnMwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80OS9kZDhiYzUtODZlZi00MTM1LWJmMWYtYTRjOGQ5ODk1YTQz
LzEvRHZSOWRUMGxLSl9aaDVTWFNxQlRZQkJXZTlrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAufLbMA0G
CSqGSIb3DQEBCwUAA4IBAQAQZ3cJiutzQR/eoE/Z1S52rUXM732ulWsptadhLuT5
mS9r9DqyLkG4LO83QTzI6wJ0VHP3GjggfqZsO/6dhzO1RP2G+O/0JbLhfd67mBnW
w5OMK5ST81lwI/wY1jcjhuP03QSMwlmRQEZe3ZLU1XpPR2zMWRD9MIzAcZaT9Ifx
jFT0v0fQ1ATDPEpyrDJx8//d8fjwH7WIh8H9g4AECKOo8MGRNHwAhQC/rp8qjtak
NHfqM6BpRzer09PDaESxcffsKBEzKYEVevJkD8dMiPax9awYQwr8TcN0tjo96MGD
kmaIYVBGVJYzhzBcC/YzZkolBsrBzWhjRbeNWvl6RWlr
-----END CERTIFICATE-----