Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f8/0a7eae-739c-42ea-940a-58366e98a9e6/1/C24hBvMCpb8Fi_DpEmPZdmz8EJo.roa
File:                     C24hBvMCpb8Fi_DpEmPZdmz8EJo.roa (raw, json)
Hash identifier:          UzgGmOtFh4KbFiZPVXPVFFT0H/bS5Q5Sw4mu6gaXkiU=
Subject key identifier:   0B:6E:21:06:F3:02:A5:BF:05:8B:F0:E9:12:63:D9:76:6C:FC:10:9A
Certificate issuer:       /CN=ecfb00381e733dc6e41d06db9ec8ddd311281bdd
Certificate serial:       0197D5E4AB68EFC263DD7DC4C7D9DE3DBAC3
Authority key identifier: EC:FB:00:38:1E:73:3D:C6:E4:1D:06:DB:9E:C8:DD:D3:11:28:1B:DD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7PsAOB5zPcbkHQbbnsjd0xEoG90.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f8/0a7eae-739c-42ea-940a-58366e98a9e6/1/C24hBvMCpb8Fi_DpEmPZdmz8EJo.roa
Signing time:             Fri 04 Jul 2025 14:43:42 +0000
ROA not before:           Fri 04 Jul 2025 14:43:42 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     15830
IP address blocks:        85.158.127.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f8/0a7eae-739c-42ea-940a-58366e98a9e6/1/7PsAOB5zPcbkHQbbnsjd0xEoG90.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f8/0a7eae-739c-42ea-940a-58366e98a9e6/1/7PsAOB5zPcbkHQbbnsjd0xEoG90.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7PsAOB5zPcbkHQbbnsjd0xEoG90.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 09 Aug 2025 11:00:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:d5:e4:ab:68:ef:c2:63:dd:7d:c4:c7:d9:de:3d:ba:c3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ecfb00381e733dc6e41d06db9ec8ddd311281bdd
        Validity
            Not Before: Jul  4 14:43:42 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0b6e2106f302a5bf058bf0e91263d9766cfc109a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:e1:db:5a:ce:c6:70:98:b1:2a:a5:a3:4d:cf:
                    ec:54:45:ed:6e:86:0b:d4:5e:4c:cd:42:66:74:2c:
                    f3:23:c4:fc:eb:1a:d0:c8:71:2f:01:10:d8:08:fa:
                    76:f0:26:35:14:b5:a9:1e:14:a7:06:00:c8:0e:12:
                    42:7e:b4:ba:b2:91:18:e5:29:55:cf:d0:70:32:df:
                    4a:e5:05:14:02:fd:91:27:86:6a:8d:b4:cd:e4:fc:
                    d8:7a:b4:7f:91:a9:8d:8d:f1:9b:3c:cd:b0:8a:0b:
                    7a:90:d1:61:7c:e0:87:e6:93:3a:49:4d:c5:83:3a:
                    d3:03:1a:02:5e:2f:a2:51:4e:01:35:a0:64:cf:6d:
                    09:2b:7c:25:56:01:0b:ef:ad:1d:f9:58:36:ed:ce:
                    c2:f6:3a:e7:b8:6e:ad:fb:9b:82:f0:66:10:70:51:
                    86:5b:70:fa:80:54:84:0e:3d:b0:9c:7d:47:04:e5:
                    d6:56:99:d7:16:17:9d:c6:87:72:65:0a:54:86:f5:
                    e4:ef:35:96:aa:27:8a:4e:9a:a3:91:96:6d:66:ef:
                    e9:4b:15:f7:e0:ac:93:4a:b5:ed:63:4b:cf:4c:bb:
                    8b:74:05:a1:71:27:4f:7e:7b:72:7c:53:b5:7f:86:
                    df:0e:ec:5d:74:b5:ff:01:e5:8b:64:d1:47:2f:95:
                    0c:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0B:6E:21:06:F3:02:A5:BF:05:8B:F0:E9:12:63:D9:76:6C:FC:10:9A
            X509v3 Authority Key Identifier:
                keyid:EC:FB:00:38:1E:73:3D:C6:E4:1D:06:DB:9E:C8:DD:D3:11:28:1B:DD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7PsAOB5zPcbkHQbbnsjd0xEoG90.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f8/0a7eae-739c-42ea-940a-58366e98a9e6/1/C24hBvMCpb8Fi_DpEmPZdmz8EJo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f8/0a7eae-739c-42ea-940a-58366e98a9e6/1/7PsAOB5zPcbkHQbbnsjd0xEoG90.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.158.127.0/24

    Signature Algorithm: sha256WithRSAEncryption
         bd:6a:21:71:da:6b:6c:bd:5a:2a:bc:19:f6:dc:d4:34:68:8b:
         cb:ee:24:88:35:52:bb:b1:65:6f:fe:f8:45:20:7e:27:92:48:
         a6:da:8a:41:75:0b:a3:a9:9d:29:07:9d:64:99:fc:68:f8:45:
         44:ca:dc:db:36:b1:7f:a4:1f:d7:5e:53:db:8a:46:30:c5:1d:
         b6:8a:a1:99:1f:78:09:74:ba:b1:03:d6:47:4e:bd:4b:29:81:
         b2:1f:2d:e3:bb:a9:23:8a:e4:b7:31:bf:e9:d5:ec:55:a7:ac:
         ad:b7:f9:89:e9:84:49:e9:ab:35:fd:44:ad:d9:a3:1d:10:bc:
         79:f0:0c:a8:a7:16:9a:a8:34:7f:54:e5:83:fb:dd:2c:9a:73:
         82:5f:83:b6:33:8a:a7:1c:46:13:a9:7a:60:97:10:08:4e:25:
         4e:cd:7c:8e:cb:ee:42:57:c5:a7:0f:ae:c3:d3:e5:9d:d1:61:
         fb:16:4f:9c:d8:bd:c5:6b:a4:38:3f:c3:d2:bf:e6:fc:20:d2:
         65:63:08:e5:2f:5d:c3:4f:a8:05:f0:6e:87:9a:ba:82:16:ff:
         fc:64:49:aa:ed:b1:50:9c:73:db:a1:6d:14:66:60:82:37:22:
         99:a8:f7:4f:27:e9:f8:15:02:d2:84:66:34:31:31:33:5b:97:
         0b:d3:5c:7a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZfV5Kto78Jj3X3Ex9nePbrDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVjZmIwMDM4MWU3MzNkYzZlNDFkMDZkYjllYzhkZGQzMTEy
ODFiZGQwHhcNMjUwNzA0MTQ0MzQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYjZlMjEwNmYzMDJhNWJmMDU4YmYwZTkxMjYzZDk3NjZjZmMxMDlhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAouHbWs7GcJixKqWjTc/sVEXtboYL
1F5MzUJmdCzzI8T86xrQyHEvARDYCPp28CY1FLWpHhSnBgDIDhJCfrS6spEY5SlV
z9BwMt9K5QUUAv2RJ4ZqjbTN5PzYerR/kamNjfGbPM2wigt6kNFhfOCH5pM6SU3F
gzrTAxoCXi+iUU4BNaBkz20JK3wlVgEL760d+Vg27c7C9jrnuG6t+5uC8GYQcFGG
W3D6gFSEDj2wnH1HBOXWVpnXFhedxodyZQpUhvXk7zWWqieKTpqjkZZtZu/pSxX3
4KyTSrXtY0vPTLuLdAWhcSdPfntyfFO1f4bfDuxddLX/AeWLZNFHL5UMQQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAtuIQbzAqW/BYvw6RJj2XZs/BCaMB8GA1UdIwQY
MBaAFOz7ADgecz3G5B0G257I3dMRKBvdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN1BzQU9CNXpQY2JrSFFiYm5zamQweEVvRzkwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mOC8wYTdlYWUtNzM5Yy00MmVhLTk0MGEt
NTgzNjZlOThhOWU2LzEvQzI0aEJ2TUNwYjhGaV9EcEVtUFpkbXo4RUpvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mOC8wYTdlYWUtNzM5Yy00MmVhLTk0MGEtNTgzNjZlOThhOWU2
LzEvN1BzQU9CNXpQY2JrSFFiYm5zamQweEVvRzkwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVZ5/MA0G
CSqGSIb3DQEBCwUAA4IBAQC9aiFx2mtsvVoqvBn23NQ0aIvL7iSINVK7sWVv/vhF
IH4nkkim2opBdQujqZ0pB51kmfxo+EVEytzbNrF/pB/XXlPbikYwxR22iqGZH3gJ
dLqxA9ZHTr1LKYGyHy3ju6kjiuS3Mb/p1exVp6ytt/mJ6YRJ6as1/USt2aMdELx5
8AyopxaaqDR/VOWD+90smnOCX4O2M4qnHEYTqXpglxAITiVOzXyOy+5CV8WnD67D
0+Wd0WH7Fk+c2L3Fa6Q4P8PSv+b8INJlYwjlL13DT6gF8G6HmrqCFv/8ZEmq7bFQ
nHPboW0UZmCCNyKZqPdPJ+n4FQLShGY0MTEzW5cL01x6
-----END CERTIFICATE-----