Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/5e9f90-a6b0-4fd8-b8dd-792802c43925/1/N-BSf874DQvK549b1pSEfsfJ-W8.roa
File:                     N-BSf874DQvK549b1pSEfsfJ-W8.roa (raw, json)
Hash identifier:          bW40XSisvNpm05Mkk5fR9GiNdKpGc7uzNKkhrhBHqx4=
Subject key identifier:   37:E0:52:7F:CE:F8:0D:0B:CA:E7:8F:5B:D6:94:84:7E:C7:C9:F9:6F
Certificate issuer:       /CN=68f83e2a34145ad47e0cc2b3c79fc6312bae2c71
Certificate serial:       01968272E6DD9CC45A0E0D8A2C2EF3A0885B
Authority key identifier: 68:F8:3E:2A:34:14:5A:D4:7E:0C:C2:B3:C7:9F:C6:31:2B:AE:2C:71
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/aPg-KjQUWtR-DMKzx5_GMSuuLHE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/5e9f90-a6b0-4fd8-b8dd-792802c43925/1/N-BSf874DQvK549b1pSEfsfJ-W8.roa
Signing time:             Tue 29 Apr 2025 16:48:10 +0000
ROA not before:           Tue 29 Apr 2025 16:48:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     216074
IP address blocks:        185.116.112.0/24 maxlen: 24
                          2a14:600::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/03/5e9f90-a6b0-4fd8-b8dd-792802c43925/1/aPg-KjQUWtR-DMKzx5_GMSuuLHE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/03/5e9f90-a6b0-4fd8-b8dd-792802c43925/1/aPg-KjQUWtR-DMKzx5_GMSuuLHE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/aPg-KjQUWtR-DMKzx5_GMSuuLHE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 11 May 2025 22:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:82:72:e6:dd:9c:c4:5a:0e:0d:8a:2c:2e:f3:a0:88:5b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=68f83e2a34145ad47e0cc2b3c79fc6312bae2c71
        Validity
            Not Before: Apr 29 16:48:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=37e0527fcef80d0bcae78f5bd694847ec7c9f96f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ee:e0:22:b5:dc:ca:72:dd:b6:c9:2d:9e:80:cf:
                    02:88:17:ae:dd:d4:7a:d1:e5:a1:67:f7:b4:e0:d6:
                    d2:fd:34:f7:66:ee:5b:b4:8e:e5:39:be:09:3b:5d:
                    f8:0b:3d:77:c2:83:a4:27:e9:ff:63:c3:92:31:59:
                    cb:d1:4a:1d:79:80:7f:8d:d1:07:bb:03:09:26:fb:
                    57:39:2c:aa:d9:d6:b5:fc:29:87:91:3a:5a:83:f0:
                    2d:a5:5d:b8:5f:ae:7c:ec:e5:7a:06:45:d0:01:2e:
                    63:4c:1a:e2:ff:28:b1:22:da:d5:b2:8f:9d:ee:c5:
                    cd:11:05:e7:6a:e0:0f:34:2d:f5:77:8e:ea:29:f9:
                    77:85:d0:99:f4:0b:c9:f3:a1:a9:b9:c1:2b:22:37:
                    37:c5:41:66:99:74:30:06:16:37:4f:76:10:c8:a5:
                    89:42:19:ed:b0:17:36:0b:1d:57:a5:1d:89:dc:23:
                    0a:13:f2:60:87:b2:28:13:de:12:80:30:29:3a:32:
                    12:e0:9f:97:ea:af:3d:1c:40:19:e5:4a:d7:5b:b9:
                    24:4b:82:7e:e7:eb:a4:ae:18:9b:f4:5f:fb:ee:c6:
                    a3:47:fa:98:f7:cf:0b:26:ce:28:dd:96:1b:ad:b4:
                    fe:a6:94:b3:83:29:ca:fb:d3:39:c7:fc:b4:ea:79:
                    36:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                37:E0:52:7F:CE:F8:0D:0B:CA:E7:8F:5B:D6:94:84:7E:C7:C9:F9:6F
            X509v3 Authority Key Identifier:
                keyid:68:F8:3E:2A:34:14:5A:D4:7E:0C:C2:B3:C7:9F:C6:31:2B:AE:2C:71

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/aPg-KjQUWtR-DMKzx5_GMSuuLHE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/5e9f90-a6b0-4fd8-b8dd-792802c43925/1/N-BSf874DQvK549b1pSEfsfJ-W8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/5e9f90-a6b0-4fd8-b8dd-792802c43925/1/aPg-KjQUWtR-DMKzx5_GMSuuLHE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.116.112.0/24
                IPv6:
                  2a14:600::/29

    Signature Algorithm: sha256WithRSAEncryption
         a6:b1:ab:16:8d:d2:51:92:d9:b8:c1:01:35:31:7a:8b:16:07:
         15:ec:27:5d:ad:c5:f1:b2:52:1a:f7:d0:aa:de:1f:04:53:7d:
         44:b6:57:57:94:bb:34:49:46:d0:1d:02:dd:9f:37:4a:aa:02:
         1e:c0:67:1a:83:81:c1:74:81:56:cb:93:01:2b:23:65:8c:a1:
         8b:92:c0:9a:32:6a:22:59:78:30:df:8e:e2:26:29:36:a4:62:
         e9:44:38:af:68:8d:ff:cf:dd:87:61:5c:13:f8:c1:3e:f1:21:
         2c:93:33:31:26:06:7d:15:67:49:46:3c:7f:ea:11:ce:b7:3b:
         9f:b7:d5:b7:dc:30:12:cc:2c:90:aa:2d:37:c4:6c:70:84:42:
         7f:3b:5e:9b:fd:3a:62:4b:dd:fb:66:1a:97:07:8f:94:99:a6:
         0e:31:d1:c6:58:52:77:d1:20:ae:1d:81:4b:e9:9d:a0:5c:98:
         01:e1:26:6e:44:17:38:e1:a5:e5:d7:2a:d8:d4:0f:47:eb:c9:
         d8:6a:e8:66:af:c6:88:b0:41:2f:33:99:80:31:6b:a3:d0:14:
         95:2a:61:f4:b3:96:df:10:79:95:42:80:20:82:f3:db:62:22:
         f1:1d:ca:f9:03:76:c0:c4:05:94:a8:c1:b7:7b:18:17:3a:9d:
         cb:fe:08:5b
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZaCcubdnMRaDg2KLC7zoIhbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY4ZjgzZTJhMzQxNDVhZDQ3ZTBjYzJiM2M3OWZjNjMxMmJh
ZTJjNzEwHhcNMjUwNDI5MTY0ODEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzN2UwNTI3ZmNlZjgwZDBiY2FlNzhmNWJkNjk0ODQ3ZWM3YzlmOTZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7uAitdzKct22yS2egM8CiBeu3dR6
0eWhZ/e04NbS/TT3Zu5btI7lOb4JO134Cz13woOkJ+n/Y8OSMVnL0UodeYB/jdEH
uwMJJvtXOSyq2da1/CmHkTpag/AtpV24X6587OV6BkXQAS5jTBri/yixItrVso+d
7sXNEQXnauAPNC31d47qKfl3hdCZ9AvJ86GpucErIjc3xUFmmXQwBhY3T3YQyKWJ
QhntsBc2Cx1XpR2J3CMKE/Jgh7IoE94SgDApOjIS4J+X6q89HEAZ5UrXW7kkS4J+
5+ukrhib9F/77sajR/qY988LJs4o3ZYbrbT+ppSzgynK+9M5x/y06nk2gQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFDfgUn/O+A0LyuePW9aUhH7HyflvMB8GA1UdIwQY
MBaAFGj4Pio0FFrUfgzCs8efxjErrixxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYVBnLUtqUVVXdFItRE1Leng1X0dNU3V1TEhFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy81ZTlmOTAtYTZiMC00ZmQ4LWI4ZGQt
NzkyODAyYzQzOTI1LzEvTi1CU2Y4NzREUXZLNTQ5YjFwU0Vmc2ZKLVc4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy81ZTlmOTAtYTZiMC00ZmQ4LWI4ZGQtNzkyODAyYzQzOTI1
LzEvYVBnLUtqUVVXdFItRE1Leng1X0dNU3V1TEhFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAuXRwMA0E
AgACMAcDBQMqFAYAMA0GCSqGSIb3DQEBCwUAA4IBAQCmsasWjdJRktm4wQE1MXqL
FgcV7CddrcXxslIa99Cq3h8EU31EtldXlLs0SUbQHQLdnzdKqgIewGcag4HBdIFW
y5MBKyNljKGLksCaMmoiWXgw347iJik2pGLpRDivaI3/z92HYVwT+ME+8SEskzMx
JgZ9FWdJRjx/6hHOtzuft9W33DASzCyQqi03xGxwhEJ/O16b/TpiS937ZhqXB4+U
maYOMdHGWFJ30SCuHYFL6Z2gXJgB4SZuRBc44aXl1yrY1A9H68nYauhmr8aIsEEv
M5mAMWuj0BSVKmH0s5bfEHmVQoAggvPbYiLxHcr5A3bAxAWUqMG3exgXOp3L/ghb
-----END CERTIFICATE-----