Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e1/e77d7b-bc0f-4635-8101-d1eeb29c951b/1/d099hTA9N0rBX0a4mIMTtvx7dLM.roa
File:                     d099hTA9N0rBX0a4mIMTtvx7dLM.roa (raw, json)
Hash identifier:          LT02ny7o04CIcPy2ptlO2f83f/uDQvGL+KruqdAn2tw=
Subject key identifier:   77:4F:7D:85:30:3D:37:4A:C1:5F:46:B8:98:83:13:B6:FC:7B:74:B3
Certificate issuer:       /CN=e5164534979e60a564701232b2e5200889542606
Certificate serial:       0194228D97CFF85171EFC68B9A46291CFF61
Authority key identifier: E5:16:45:34:97:9E:60:A5:64:70:12:32:B2:E5:20:08:89:54:26:06
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5RZFNJeeYKVkcBIysuUgCIlUJgY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e1/e77d7b-bc0f-4635-8101-d1eeb29c951b/1/d099hTA9N0rBX0a4mIMTtvx7dLM.roa
Signing time:             Wed 01 Jan 2025 15:48:12 +0000
ROA not before:           Wed 01 Jan 2025 15:48:12 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     41132
IP address blocks:        85.237.128.0/19 maxlen: 19
                          212.33.160.0/19 maxlen: 19
                          217.145.240.0/20 maxlen: 20
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e1/e77d7b-bc0f-4635-8101-d1eeb29c951b/1/5RZFNJeeYKVkcBIysuUgCIlUJgY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e1/e77d7b-bc0f-4635-8101-d1eeb29c951b/1/5RZFNJeeYKVkcBIysuUgCIlUJgY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/5RZFNJeeYKVkcBIysuUgCIlUJgY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 28 Apr 2025 11:00:21 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:8d:97:cf:f8:51:71:ef:c6:8b:9a:46:29:1c:ff:61
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e5164534979e60a564701232b2e5200889542606
        Validity
            Not Before: Jan  1 15:48:12 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=774f7d85303d374ac15f46b8988313b6fc7b74b3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e8:25:03:1e:70:e6:72:22:b0:e3:0f:15:c7:fd:
                    92:19:77:f3:ac:19:c7:ad:0c:16:8e:ce:9a:c1:ca:
                    23:ba:2f:66:30:12:0d:4a:28:ed:66:35:de:fd:38:
                    3b:17:98:54:d3:45:b9:68:40:22:09:d3:59:f4:59:
                    b6:94:25:c7:60:18:cb:f4:5b:51:df:3e:54:b9:34:
                    0b:6a:0a:43:39:2f:9f:e0:85:d7:c6:18:51:3e:4a:
                    59:09:f0:44:21:55:13:ac:aa:2f:c4:e9:48:14:44:
                    3c:74:23:f1:f9:86:f9:1c:1d:b1:c4:4c:ca:a6:49:
                    05:56:6b:6f:d1:50:e8:1f:a5:16:96:ca:9f:dd:0b:
                    d4:f4:4d:5a:ce:65:97:2a:7d:fc:30:81:33:a0:83:
                    04:c9:e1:a0:0f:8f:a9:6c:fe:59:df:80:30:3e:88:
                    fc:fe:2f:c6:1b:0f:2d:61:dc:2a:ac:c3:b6:90:0c:
                    f3:52:49:3b:49:f7:81:cc:31:7f:70:66:54:b0:9a:
                    c7:df:7e:41:82:4c:ec:2e:b1:cf:79:70:73:de:62:
                    e8:6e:ea:f2:4d:cc:d9:9a:67:19:d6:2b:6a:ac:bd:
                    d9:17:37:b6:22:55:b4:c0:28:12:10:2c:ca:4c:33:
                    40:20:fd:1d:b2:92:17:de:ba:cb:ff:6f:99:a7:1e:
                    c4:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                77:4F:7D:85:30:3D:37:4A:C1:5F:46:B8:98:83:13:B6:FC:7B:74:B3
            X509v3 Authority Key Identifier:
                keyid:E5:16:45:34:97:9E:60:A5:64:70:12:32:B2:E5:20:08:89:54:26:06

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5RZFNJeeYKVkcBIysuUgCIlUJgY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e1/e77d7b-bc0f-4635-8101-d1eeb29c951b/1/d099hTA9N0rBX0a4mIMTtvx7dLM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e1/e77d7b-bc0f-4635-8101-d1eeb29c951b/1/5RZFNJeeYKVkcBIysuUgCIlUJgY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.237.128.0/19
                  212.33.160.0/19
                  217.145.240.0/20

    Signature Algorithm: sha256WithRSAEncryption
         07:31:3b:5c:36:47:7b:06:f7:e8:17:78:41:92:ac:85:14:a4:
         36:eb:1d:4a:30:60:66:a8:29:a8:b7:31:54:aa:5f:5c:ba:10:
         92:f4:20:71:7c:34:b9:20:5f:f6:5f:6c:7e:f2:dd:96:24:d7:
         f5:26:cc:87:36:c6:11:67:f7:60:53:d1:72:1f:fe:5d:18:e8:
         55:c9:d9:fa:d0:98:d5:32:90:79:9b:0b:5d:da:6a:4b:e1:13:
         0d:39:8e:60:cb:f7:08:ab:ba:fc:98:91:09:cb:eb:70:07:cf:
         1f:34:ef:18:8e:a6:2a:c9:3a:35:b9:bf:7e:57:0c:91:03:af:
         4c:63:53:98:7c:bc:e9:7e:68:07:75:c6:b2:33:56:d4:3e:df:
         16:27:77:24:04:d7:22:5e:96:e0:65:9c:63:ec:97:33:e7:52:
         71:e0:58:d9:67:06:64:08:e4:27:06:56:6f:85:25:0a:9d:19:
         30:69:9d:43:d4:53:a2:59:0b:8e:1c:f1:3b:52:67:b8:5f:9e:
         f9:bd:67:e6:3e:93:26:c0:81:02:35:ae:6e:cf:73:02:a2:96:
         b0:8b:32:5b:c4:88:10:a6:11:10:2f:81:f2:23:0b:4f:57:f4:
         de:81:e9:74:43:96:c2:cc:30:38:1a:da:12:64:99:dc:e6:de:
         59:c2:6c:cd
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZQijZfP+FFx78aLmkYpHP9hMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU1MTY0NTM0OTc5ZTYwYTU2NDcwMTIzMmIyZTUyMDA4ODk1
NDI2MDYwHhcNMjUwMTAxMTU0ODEyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NzRmN2Q4NTMwM2QzNzRhYzE1ZjQ2Yjg5ODgzMTNiNmZjN2I3NGIzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6CUDHnDmciKw4w8Vx/2SGXfzrBnH
rQwWjs6awcojui9mMBINSijtZjXe/Tg7F5hU00W5aEAiCdNZ9Fm2lCXHYBjL9FtR
3z5UuTQLagpDOS+f4IXXxhhRPkpZCfBEIVUTrKovxOlIFEQ8dCPx+Yb5HB2xxEzK
pkkFVmtv0VDoH6UWlsqf3QvU9E1azmWXKn38MIEzoIMEyeGgD4+pbP5Z34AwPoj8
/i/GGw8tYdwqrMO2kAzzUkk7SfeBzDF/cGZUsJrH335BgkzsLrHPeXBz3mLobury
TczZmmcZ1itqrL3ZFze2IlW0wCgSECzKTDNAIP0dspIX3rrL/2+Zpx7E8wIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFHdPfYUwPTdKwV9GuJiDE7b8e3SzMB8GA1UdIwQY
MBaAFOUWRTSXnmClZHASMrLlIAiJVCYGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNVJaRk5KZWVZS1ZrY0JJeXN1VWdDSWxVSmdZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMS9lNzdkN2ItYmMwZi00NjM1LTgxMDEt
ZDFlZWIyOWM5NTFiLzEvZDA5OWhUQTlOMHJCWDBhNG1JTVR0dng3ZExNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMS9lNzdkN2ItYmMwZi00NjM1LTgxMDEtZDFlZWIyOWM5NTFi
LzEvNVJaRk5KZWVZS1ZrY0JJeXN1VWdDSWxVSmdZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQFVe2AAwQF
1CGgAwQE2ZHwMA0GCSqGSIb3DQEBCwUAA4IBAQAHMTtcNkd7BvfoF3hBkqyFFKQ2
6x1KMGBmqCmotzFUql9cuhCS9CBxfDS5IF/2X2x+8t2WJNf1JsyHNsYRZ/dgU9Fy
H/5dGOhVydn60JjVMpB5mwtd2mpL4RMNOY5gy/cIq7r8mJEJy+twB88fNO8YjqYq
yTo1ub9+VwyRA69MY1OYfLzpfmgHdcayM1bUPt8WJ3ckBNciXpbgZZxj7Jcz51Jx
4FjZZwZkCOQnBlZvhSUKnRkwaZ1D1FOiWQuOHPE7Ume4X575vWfmPpMmwIECNa5u
z3MCopawizJbxIgQphEQL4HyIwtPV/Tegel0Q5bCzDA4GtoSZJnc5t5ZwmzN
-----END CERTIFICATE-----