Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/45/8c1e49-7dd1-448d-8815-a09266bb4d8c/1/391q0ORxT4xG9OJulnRyuopOqJ0.roa
File:                     391q0ORxT4xG9OJulnRyuopOqJ0.roa (raw, json)
Hash identifier:          NrXAEo8vyldYYMy7S8MG4TYkAjpck2o/sTniVV0WKZE=
Subject key identifier:   DF:DD:6A:D0:E4:71:4F:8C:46:F4:E2:6E:96:74:72:BA:8A:4E:A8:9D
Certificate issuer:       /CN=959efe6ef97728a4282ae2c7b05a240506571f1c
Certificate serial:       0196980732607432D73F3BB0C759BACB6638
Authority key identifier: 95:9E:FE:6E:F9:77:28:A4:28:2A:E2:C7:B0:5A:24:05:06:57:1F:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/lZ7-bvl3KKQoKuLHsFokBQZXHxw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/45/8c1e49-7dd1-448d-8815-a09266bb4d8c/1/391q0ORxT4xG9OJulnRyuopOqJ0.roa
Signing time:             Sat 03 May 2025 21:22:10 +0000
ROA not before:           Sat 03 May 2025 21:22:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212889
IP address blocks:        185.203.111.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/45/8c1e49-7dd1-448d-8815-a09266bb4d8c/1/lZ7-bvl3KKQoKuLHsFokBQZXHxw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/45/8c1e49-7dd1-448d-8815-a09266bb4d8c/1/lZ7-bvl3KKQoKuLHsFokBQZXHxw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/lZ7-bvl3KKQoKuLHsFokBQZXHxw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 08 May 2025 06:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:98:07:32:60:74:32:d7:3f:3b:b0:c7:59:ba:cb:66:38
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=959efe6ef97728a4282ae2c7b05a240506571f1c
        Validity
            Not Before: May  3 21:22:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=dfdd6ad0e4714f8c46f4e26e967472ba8a4ea89d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:51:d0:1a:22:d9:17:bb:72:27:59:8a:a8:68:
                    74:e0:58:16:78:04:e2:aa:50:87:a9:76:1c:8d:bd:
                    57:f6:92:c1:f6:df:85:6e:15:e3:4b:2e:aa:c3:1e:
                    77:9c:23:f2:3f:f5:f3:21:9e:c7:aa:27:32:2c:1b:
                    0b:b7:4f:23:00:f7:38:20:a8:34:d9:57:f5:5e:07:
                    44:2a:3e:1d:83:ce:ef:b3:11:cd:c3:f2:b4:49:ac:
                    cd:79:70:1c:2a:ac:3d:b3:09:2b:51:51:8b:9e:cb:
                    50:e2:ba:96:29:2d:ba:60:20:23:28:e4:65:c6:ef:
                    eb:86:6c:79:a3:58:1d:53:6e:c8:26:4b:76:60:88:
                    3f:cb:91:df:fd:6f:27:78:d4:2d:34:22:24:70:50:
                    a3:75:a8:ad:78:67:39:8a:1c:64:71:82:c2:1e:5e:
                    90:70:17:38:55:aa:60:f2:ee:e5:4d:51:29:5f:26:
                    92:27:33:ef:cb:6c:7a:3d:38:c1:f5:0e:66:78:77:
                    58:23:94:70:a4:a9:68:9d:18:63:e8:92:7f:d0:53:
                    7b:f1:a8:5f:b1:a4:75:c4:a6:da:be:c7:c1:0c:9b:
                    e4:d4:38:2a:b5:28:55:16:9a:88:3e:38:6b:ef:5e:
                    a9:0f:76:4a:23:b9:42:9c:d1:01:fa:cc:44:8a:1f:
                    46:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DF:DD:6A:D0:E4:71:4F:8C:46:F4:E2:6E:96:74:72:BA:8A:4E:A8:9D
            X509v3 Authority Key Identifier:
                keyid:95:9E:FE:6E:F9:77:28:A4:28:2A:E2:C7:B0:5A:24:05:06:57:1F:1C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lZ7-bvl3KKQoKuLHsFokBQZXHxw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/45/8c1e49-7dd1-448d-8815-a09266bb4d8c/1/391q0ORxT4xG9OJulnRyuopOqJ0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/45/8c1e49-7dd1-448d-8815-a09266bb4d8c/1/lZ7-bvl3KKQoKuLHsFokBQZXHxw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.203.111.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b3:4e:a9:0a:b2:90:c1:02:72:c1:a7:39:89:94:25:d8:0a:46:
         72:39:e1:44:2d:f9:63:51:59:6c:9b:7a:5e:00:fc:e5:b6:0d:
         88:76:4f:4a:18:2e:31:4f:c9:65:5c:61:2e:a6:6a:3c:0d:41:
         da:14:03:3a:e6:76:96:07:38:7f:96:c6:ad:81:dc:2a:e9:35:
         96:6a:1e:20:ea:95:77:dd:21:bd:5d:e0:59:89:48:45:d3:a0:
         02:8d:3e:2d:67:ac:98:aa:f4:cf:e7:ec:c6:a3:2e:7f:ee:5c:
         e4:83:cf:40:94:4f:f1:06:25:19:9d:f3:b7:3e:ca:c3:c2:43:
         34:1f:1d:bd:17:36:e7:dd:6a:52:98:fd:ca:bc:77:ff:3e:7e:
         5a:79:f3:5d:b5:df:aa:c7:17:f6:17:a3:0a:af:5e:48:c6:82:
         9c:09:97:53:fc:d5:ce:92:3c:07:1d:26:50:eb:71:b1:66:a7:
         f7:c3:4c:f9:6f:95:66:43:65:7c:6d:09:a5:4f:71:a0:82:f1:
         48:77:9f:1c:e4:5e:7c:f2:e0:1b:99:c3:87:06:e9:2e:38:01:
         28:04:24:2a:18:c8:c0:61:42:cc:09:b5:79:61:16:5d:6a:35:
         a9:ed:bd:e4:c4:75:02:fd:b5:1f:a1:91:e3:28:01:c3:c9:fe:
         8f:c8:65:b7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZaYBzJgdDLXPzuwx1m6y2Y4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk1OWVmZTZlZjk3NzI4YTQyODJhZTJjN2IwNWEyNDA1MDY1
NzFmMWMwHhcNMjUwNTAzMjEyMjEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZmRkNmFkMGU0NzE0ZjhjNDZmNGUyNmU5Njc0NzJiYThhNGVhODlkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxlHQGiLZF7tyJ1mKqGh04FgWeATi
qlCHqXYcjb1X9pLB9t+FbhXjSy6qwx53nCPyP/XzIZ7HqicyLBsLt08jAPc4IKg0
2Vf1XgdEKj4dg87vsxHNw/K0SazNeXAcKqw9swkrUVGLnstQ4rqWKS26YCAjKORl
xu/rhmx5o1gdU27IJkt2YIg/y5Hf/W8neNQtNCIkcFCjdaiteGc5ihxkcYLCHl6Q
cBc4Vapg8u7lTVEpXyaSJzPvy2x6PTjB9Q5meHdYI5RwpKlonRhj6JJ/0FN78ahf
saR1xKbavsfBDJvk1DgqtShVFpqIPjhr716pD3ZKI7lCnNEB+sxEih9GWwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFN/datDkcU+MRvTibpZ0crqKTqidMB8GA1UdIwQY
MBaAFJWe/m75dyikKCrix7BaJAUGVx8cMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbFo3LWJ2bDNLS1FvS3VMSHNGb2tCUVpYSHh3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80NS84YzFlNDktN2RkMS00NDhkLTg4MTUt
YTA5MjY2YmI0ZDhjLzEvMzkxcTBPUnhUNHhHOU9KdWxuUnl1b3BPcUowLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80NS84YzFlNDktN2RkMS00NDhkLTg4MTUtYTA5MjY2YmI0ZDhj
LzEvbFo3LWJ2bDNLS1FvS3VMSHNGb2tCUVpYSHh3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuctvMA0G
CSqGSIb3DQEBCwUAA4IBAQCzTqkKspDBAnLBpzmJlCXYCkZyOeFELfljUVlsm3pe
APzltg2Idk9KGC4xT8llXGEupmo8DUHaFAM65naWBzh/lsatgdwq6TWWah4g6pV3
3SG9XeBZiUhF06ACjT4tZ6yYqvTP5+zGoy5/7lzkg89AlE/xBiUZnfO3PsrDwkM0
Hx29Fzbn3WpSmP3KvHf/Pn5aefNdtd+qxxf2F6MKr15IxoKcCZdT/NXOkjwHHSZQ
63GxZqf3w0z5b5VmQ2V8bQmlT3GggvFId58c5F588uAbmcOHBukuOAEoBCQqGMjA
YULMCbV5YRZdajWp7b3kxHUC/bUfoZHjKAHDyf6PyGW3
-----END CERTIFICATE-----