Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9b/ce4a4e-b1a3-45f4-a27c-e1aca01062ff/1/8kdm1ZAPNcZedXP01TafIjBXKRs.roa
File:                     8kdm1ZAPNcZedXP01TafIjBXKRs.roa (raw, json)
Hash identifier:          itb59cI824fq1EKKCsVfc6XjwoFA0+TxsZlQLnTiMW4=
Subject key identifier:   F2:47:66:D5:90:0F:35:C6:5E:75:73:F4:D5:36:9F:22:30:57:29:1B
Certificate issuer:       /CN=04560bea392eaf69208ab705ef405cf78684176b
Certificate serial:       01972263CC27E5C4ACAA810E7070474B28EA
Authority key identifier: 04:56:0B:EA:39:2E:AF:69:20:8A:B7:05:EF:40:5C:F7:86:84:17:6B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BFYL6jkur2kgircF70Bc94aEF2s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9b/ce4a4e-b1a3-45f4-a27c-e1aca01062ff/1/8kdm1ZAPNcZedXP01TafIjBXKRs.roa
Signing time:             Fri 30 May 2025 18:10:55 +0000
ROA not before:           Fri 30 May 2025 18:10:55 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     16509
IP address blocks:        185.173.184.0/24 maxlen: 24
                          185.173.185.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9b/ce4a4e-b1a3-45f4-a27c-e1aca01062ff/1/BFYL6jkur2kgircF70Bc94aEF2s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9b/ce4a4e-b1a3-45f4-a27c-e1aca01062ff/1/BFYL6jkur2kgircF70Bc94aEF2s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BFYL6jkur2kgircF70Bc94aEF2s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 15 Jun 2025 00:00:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:22:63:cc:27:e5:c4:ac:aa:81:0e:70:70:47:4b:28:ea
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=04560bea392eaf69208ab705ef405cf78684176b
        Validity
            Not Before: May 30 18:10:55 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f24766d5900f35c65e7573f4d5369f223057291b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:03:7b:74:30:39:1f:38:37:97:c0:6c:ab:a5:
                    b7:b8:6b:25:cd:9c:ef:c7:76:8a:4c:7e:34:83:5d:
                    61:22:d6:47:28:e8:1a:76:eb:e8:3a:a8:84:8c:66:
                    79:ef:d4:b3:50:4f:a2:f6:3b:b8:97:59:50:9f:72:
                    ac:54:fb:8d:f6:70:2b:7e:0d:e1:a9:7a:03:e9:2a:
                    f8:c9:8c:e7:f2:3a:85:eb:27:83:70:92:61:f7:45:
                    7c:e1:4f:bc:e6:a0:53:09:72:34:d1:a3:b9:53:98:
                    02:7f:93:43:29:82:e4:57:eb:d5:c0:d0:eb:14:fb:
                    b2:70:f1:90:f8:b9:82:1f:16:0a:1c:55:89:24:51:
                    84:c3:49:3a:40:b9:f3:41:69:78:af:34:8f:7e:12:
                    bb:a3:9d:26:b1:82:57:b5:fc:fa:90:c6:84:dd:4c:
                    66:64:04:72:f4:a6:9a:5c:d9:97:78:33:46:cd:0c:
                    ee:e4:88:9c:b2:1d:33:c8:c1:a6:c1:d0:20:7b:f8:
                    e6:b4:c6:1d:4e:9d:de:cc:7b:49:43:f4:8e:f4:9f:
                    9e:b7:06:3e:b0:0b:e0:a7:dc:e7:4b:0f:c4:d5:c1:
                    d4:2c:f0:85:02:f0:37:48:3e:ed:89:48:37:08:c4:
                    49:07:ee:7f:7f:f4:33:5f:9a:1c:61:bb:1d:21:70:
                    46:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F2:47:66:D5:90:0F:35:C6:5E:75:73:F4:D5:36:9F:22:30:57:29:1B
            X509v3 Authority Key Identifier:
                keyid:04:56:0B:EA:39:2E:AF:69:20:8A:B7:05:EF:40:5C:F7:86:84:17:6B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BFYL6jkur2kgircF70Bc94aEF2s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/ce4a4e-b1a3-45f4-a27c-e1aca01062ff/1/8kdm1ZAPNcZedXP01TafIjBXKRs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/ce4a4e-b1a3-45f4-a27c-e1aca01062ff/1/BFYL6jkur2kgircF70Bc94aEF2s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.173.184.0/23

    Signature Algorithm: sha256WithRSAEncryption
         6c:78:3d:72:a1:6e:e6:e6:c0:ff:ee:f0:7a:ec:5d:62:94:4e:
         a0:a4:60:cb:5f:5f:04:d0:17:b1:99:88:87:37:5e:a6:86:86:
         b1:26:cb:9e:ac:57:d3:0f:42:54:b3:ab:a9:0f:ee:84:3b:b8:
         db:5b:de:84:b4:2f:48:a6:8f:e7:0b:4c:c7:4d:70:d3:8b:a7:
         93:0d:d5:c3:1f:c0:7e:94:0e:d1:36:a9:f4:bf:fd:24:bb:8e:
         c2:50:b4:2e:e2:a3:3a:83:e4:4d:0e:04:14:4f:d9:91:25:b3:
         64:ec:0b:ab:be:70:75:5a:e5:8b:e9:a0:97:69:74:94:59:ca:
         21:19:1a:bd:2b:42:45:b5:e5:c6:5a:c2:fa:5e:ab:5e:95:63:
         83:1f:51:1b:fa:6d:2e:cd:10:3a:2b:c0:31:f5:eb:a1:99:d5:
         ee:ed:46:0b:68:2f:1c:a4:72:bd:2c:2c:2b:c8:09:38:cc:11:
         8d:91:19:7f:2c:77:3c:8f:12:8e:ed:10:54:26:e0:cd:eb:24:
         8b:c6:7b:3e:fe:bd:61:68:98:81:1e:a2:8d:86:2a:00:79:18:
         9a:44:de:a0:f4:24:fa:fa:2b:4b:97:28:4a:86:b2:57:1a:d0:
         32:2b:29:07:a3:bb:c8:0d:85:08:a2:c2:c6:96:e2:6f:b2:af:
         06:a9:96:b0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZciY8wn5cSsqoEOcHBHSyjqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA0NTYwYmVhMzkyZWFmNjkyMDhhYjcwNWVmNDA1Y2Y3ODY4
NDE3NmIwHhcNMjUwNTMwMTgxMDU1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMjQ3NjZkNTkwMGYzNWM2NWU3NTczZjRkNTM2OWYyMjMwNTcyOTFiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqgN7dDA5Hzg3l8Bsq6W3uGslzZzv
x3aKTH40g11hItZHKOgaduvoOqiEjGZ579SzUE+i9ju4l1lQn3KsVPuN9nArfg3h
qXoD6Sr4yYzn8jqF6yeDcJJh90V84U+85qBTCXI00aO5U5gCf5NDKYLkV+vVwNDr
FPuycPGQ+LmCHxYKHFWJJFGEw0k6QLnzQWl4rzSPfhK7o50msYJXtfz6kMaE3Uxm
ZARy9KaaXNmXeDNGzQzu5Iicsh0zyMGmwdAge/jmtMYdTp3ezHtJQ/SO9J+etwY+
sAvgp9znSw/E1cHULPCFAvA3SD7tiUg3CMRJB+5/f/QzX5ocYbsdIXBGDQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPJHZtWQDzXGXnVz9NU2nyIwVykbMB8GA1UdIwQY
MBaAFARWC+o5Lq9pIIq3Be9AXPeGhBdrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQkZZTDZqa3VyMmtnaXJjRjcwQmM5NGFFRjJzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Yi9jZTRhNGUtYjFhMy00NWY0LWEyN2Mt
ZTFhY2EwMTA2MmZmLzEvOGtkbTFaQVBOY1plZFhQMDFUYWZJakJYS1JzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Yi9jZTRhNGUtYjFhMy00NWY0LWEyN2MtZTFhY2EwMTA2MmZm
LzEvQkZZTDZqa3VyMmtnaXJjRjcwQmM5NGFFRjJzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBua24MA0G
CSqGSIb3DQEBCwUAA4IBAQBseD1yoW7m5sD/7vB67F1ilE6gpGDLX18E0BexmYiH
N16mhoaxJsuerFfTD0JUs6upD+6EO7jbW96EtC9Ipo/nC0zHTXDTi6eTDdXDH8B+
lA7RNqn0v/0ku47CULQu4qM6g+RNDgQUT9mRJbNk7AurvnB1WuWL6aCXaXSUWcoh
GRq9K0JFteXGWsL6XqtelWODH1Eb+m0uzRA6K8Ax9euhmdXu7UYLaC8cpHK9LCwr
yAk4zBGNkRl/LHc8jxKO7RBUJuDN6ySLxns+/r1haJiBHqKNhioAeRiaRN6g9CT6
+itLlyhKhrJXGtAyKykHo7vIDYUIosLGluJvsq8GqZaw
-----END CERTIFICATE-----