Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/56/f560e1-7840-4951-ab78-5001539d7185/1/59PndGiGSGsbZj2RG0Ycf2mhgxQ.roa
File:                     59PndGiGSGsbZj2RG0Ycf2mhgxQ.roa (raw, json)
Hash identifier:          4mRCrakJ34q1MdXD9vBIYWH6H5pZIK2v8drs+brvjAI=
Subject key identifier:   E7:D3:E7:74:68:86:48:6B:1B:66:3D:91:1B:46:1C:7F:69:A1:83:14
Certificate issuer:       /CN=8b47aa09f2c610f6f44b4e75c1cd9dcd3884e55d
Certificate serial:       01962A3244F1F083E6BCD5BE3FF48B359966
Authority key identifier: 8B:47:AA:09:F2:C6:10:F6:F4:4B:4E:75:C1:CD:9D:CD:38:84:E5:5D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i0eqCfLGEPb0S051wc2dzTiE5V0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/56/f560e1-7840-4951-ab78-5001539d7185/1/59PndGiGSGsbZj2RG0Ycf2mhgxQ.roa
Signing time:             Sat 12 Apr 2025 13:30:59 +0000
ROA not before:           Sat 12 Apr 2025 13:30:59 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     211021
IP address blocks:        185.252.85.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/56/f560e1-7840-4951-ab78-5001539d7185/1/i0eqCfLGEPb0S051wc2dzTiE5V0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/56/f560e1-7840-4951-ab78-5001539d7185/1/i0eqCfLGEPb0S051wc2dzTiE5V0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i0eqCfLGEPb0S051wc2dzTiE5V0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 30 Apr 2025 01:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:2a:32:44:f1:f0:83:e6:bc:d5:be:3f:f4:8b:35:99:66
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b47aa09f2c610f6f44b4e75c1cd9dcd3884e55d
        Validity
            Not Before: Apr 12 13:30:59 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e7d3e7746886486b1b663d911b461c7f69a18314
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:54:69:04:d0:ea:9c:a9:6f:46:aa:d1:73:8b:
                    89:7d:81:cb:5e:53:32:8f:a8:27:b5:14:e6:6c:8a:
                    be:ee:dd:7a:52:a4:ff:a3:1d:50:cf:79:30:54:ed:
                    76:c7:0a:07:f8:d9:99:85:f8:bd:f1:48:a9:4f:29:
                    03:c7:73:6e:56:e3:da:a1:49:d2:99:5e:4d:1b:6a:
                    02:25:d3:8c:95:1c:91:41:5f:81:f8:7d:9f:16:8a:
                    e1:f1:10:27:4d:2e:1f:c7:e0:a4:7d:07:54:05:16:
                    f8:11:80:e4:71:54:a2:4a:e7:1b:6e:1c:2f:6b:fa:
                    42:ec:d8:99:b9:b1:fb:a9:af:81:ca:0d:c1:9f:0b:
                    17:54:07:2b:c5:c8:a6:c6:c3:d3:37:3d:0c:82:72:
                    6a:bd:b2:57:33:67:66:0b:b2:1f:04:83:be:88:62:
                    5a:e3:4d:aa:db:94:cc:17:50:ae:be:b9:7e:52:08:
                    0b:54:e6:3c:8f:78:d5:64:ad:d9:13:6f:18:a7:52:
                    c4:e5:d7:cf:5b:30:d0:73:ac:79:96:67:6b:a1:33:
                    c9:fe:b3:b8:ab:c7:24:ac:9b:41:ac:3b:2b:50:94:
                    31:35:b5:98:40:76:a0:6c:5a:6c:85:93:40:1b:4e:
                    93:eb:b1:0a:ca:de:95:cd:c8:78:89:0d:11:55:76:
                    74:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E7:D3:E7:74:68:86:48:6B:1B:66:3D:91:1B:46:1C:7F:69:A1:83:14
            X509v3 Authority Key Identifier:
                keyid:8B:47:AA:09:F2:C6:10:F6:F4:4B:4E:75:C1:CD:9D:CD:38:84:E5:5D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i0eqCfLGEPb0S051wc2dzTiE5V0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/56/f560e1-7840-4951-ab78-5001539d7185/1/59PndGiGSGsbZj2RG0Ycf2mhgxQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/56/f560e1-7840-4951-ab78-5001539d7185/1/i0eqCfLGEPb0S051wc2dzTiE5V0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.252.85.0/24

    Signature Algorithm: sha256WithRSAEncryption
         46:0e:aa:b6:e2:64:b9:d5:bc:42:5d:f4:0b:73:da:09:8a:95:
         22:ab:93:a0:1f:f6:8e:b9:91:81:73:6d:dd:d7:45:b8:99:ca:
         e3:15:28:e3:22:e2:bf:24:bb:81:85:dd:6c:ad:1b:71:b5:f2:
         39:90:40:2c:0d:7e:e2:30:7d:80:0d:71:40:02:e4:19:ef:9f:
         a1:90:36:91:6d:4a:61:1e:0a:84:99:b2:87:9e:57:c3:f1:28:
         b5:5e:dd:b5:bb:ee:7d:19:38:5e:32:15:24:12:87:03:a8:ec:
         f0:e5:7d:e1:8d:98:ed:d5:16:de:82:38:dc:bb:d5:5d:a3:58:
         c1:7a:e4:48:93:be:eb:a2:f6:34:2a:20:93:4d:60:b0:25:2a:
         8d:2f:f2:60:88:f8:a2:02:69:c9:6a:90:07:c4:99:89:39:cf:
         36:29:d6:2d:8f:10:9f:82:0c:40:73:58:de:85:22:55:d4:77:
         63:5c:e6:da:9e:31:74:be:7d:75:6c:ca:61:72:d3:29:6a:4d:
         95:12:17:63:4f:76:c2:dc:11:37:26:cc:76:7d:41:54:30:19:
         19:f7:92:01:55:c2:89:33:c5:89:bd:ea:f4:77:4b:e2:5c:3b:
         dc:87:bc:64:cc:07:37:e9:1c:bc:29:cb:2a:43:80:58:c8:19:
         7f:e5:8f:aa
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZYqMkTx8IPmvNW+P/SLNZlmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhiNDdhYTA5ZjJjNjEwZjZmNDRiNGU3NWMxY2Q5ZGNkMzg4
NGU1NWQwHhcNMjUwNDEyMTMzMDU5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlN2QzZTc3NDY4ODY0ODZiMWI2NjNkOTExYjQ2MWM3ZjY5YTE4MzE0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1lRpBNDqnKlvRqrRc4uJfYHLXlMy
j6gntRTmbIq+7t16UqT/ox1Qz3kwVO12xwoH+NmZhfi98UipTykDx3NuVuPaoUnS
mV5NG2oCJdOMlRyRQV+B+H2fForh8RAnTS4fx+CkfQdUBRb4EYDkcVSiSucbbhwv
a/pC7NiZubH7qa+Byg3BnwsXVAcrxcimxsPTNz0MgnJqvbJXM2dmC7IfBIO+iGJa
402q25TMF1Cuvrl+UggLVOY8j3jVZK3ZE28Yp1LE5dfPWzDQc6x5lmdroTPJ/rO4
q8ckrJtBrDsrUJQxNbWYQHagbFpshZNAG06T67EKyt6Vzch4iQ0RVXZ0HQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOfT53RohkhrG2Y9kRtGHH9poYMUMB8GA1UdIwQY
MBaAFItHqgnyxhD29EtOdcHNnc04hOVdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaTBlcUNmTEdFUGIwUzA1MXdjMmR6VGlFNVYwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Ni9mNTYwZTEtNzg0MC00OTUxLWFiNzgt
NTAwMTUzOWQ3MTg1LzEvNTlQbmRHaUdTR3NiWmoyUkcwWWNmMm1oZ3hRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Ni9mNTYwZTEtNzg0MC00OTUxLWFiNzgtNTAwMTUzOWQ3MTg1
LzEvaTBlcUNmTEdFUGIwUzA1MXdjMmR6VGlFNVYwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAufxVMA0G
CSqGSIb3DQEBCwUAA4IBAQBGDqq24mS51bxCXfQLc9oJipUiq5OgH/aOuZGBc23d
10W4mcrjFSjjIuK/JLuBhd1srRtxtfI5kEAsDX7iMH2ADXFAAuQZ75+hkDaRbUph
HgqEmbKHnlfD8Si1Xt21u+59GTheMhUkEocDqOzw5X3hjZjt1Rbegjjcu9Vdo1jB
euRIk77rovY0KiCTTWCwJSqNL/JgiPiiAmnJapAHxJmJOc82KdYtjxCfggxAc1je
hSJV1HdjXObanjF0vn11bMphctMpak2VEhdjT3bC3BE3Jsx2fUFUMBkZ95IBVcKJ
M8WJver0d0viXDvch7xkzAc36Ry8KcsqQ4BYyBl/5Y+q
-----END CERTIFICATE-----