Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ce/24fbfc-d902-49db-978a-35a20ff8923e/1/FyqKK2FcK12A9-k5axnFf2sz21k.roa
File:                     FyqKK2FcK12A9-k5axnFf2sz21k.roa (raw, json)
Hash identifier:          W5mhlrOLXBrpKomBUnhpTyesgUMLSIHoT9QMJTSp0oA=
Subject key identifier:   17:2A:8A:2B:61:5C:2B:5D:80:F7:E9:39:6B:19:C5:7F:6B:33:DB:59
Certificate issuer:       /CN=d05ed7a58147aa514c8e6dafbcc5d8757c7d3272
Certificate serial:       01967D0D5F0616C94096A48BBED8C7A258EF
Authority key identifier: D0:5E:D7:A5:81:47:AA:51:4C:8E:6D:AF:BC:C5:D8:75:7C:7D:32:72
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0F7XpYFHqlFMjm2vvMXYdXx9MnI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ce/24fbfc-d902-49db-978a-35a20ff8923e/1/FyqKK2FcK12A9-k5axnFf2sz21k.roa
Signing time:             Mon 28 Apr 2025 15:39:10 +0000
ROA not before:           Mon 28 Apr 2025 15:39:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     44901
IP address blocks:        185.177.56.0/24 maxlen: 24
                          185.177.57.0/24 maxlen: 24
                          185.177.59.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ce/24fbfc-d902-49db-978a-35a20ff8923e/1/0F7XpYFHqlFMjm2vvMXYdXx9MnI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ce/24fbfc-d902-49db-978a-35a20ff8923e/1/0F7XpYFHqlFMjm2vvMXYdXx9MnI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0F7XpYFHqlFMjm2vvMXYdXx9MnI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 09 May 2025 15:42:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:7d:0d:5f:06:16:c9:40:96:a4:8b:be:d8:c7:a2:58:ef
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d05ed7a58147aa514c8e6dafbcc5d8757c7d3272
        Validity
            Not Before: Apr 28 15:39:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=172a8a2b615c2b5d80f7e9396b19c57f6b33db59
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:76:08:88:dc:de:9f:c8:a5:fe:6e:28:0e:32:
                    f9:e3:41:46:d8:99:6e:0e:c7:e6:16:0a:fb:8f:49:
                    67:04:bd:58:34:ea:67:1c:50:fc:fb:79:8c:4d:83:
                    db:23:09:5c:69:d8:c2:df:2e:70:ba:e9:77:93:8c:
                    88:62:de:b6:45:a4:37:85:88:6d:40:f6:86:24:0b:
                    b0:63:27:e1:7d:9c:05:82:0d:0c:14:07:6c:aa:8b:
                    df:a7:19:10:e5:3e:83:63:26:d2:bf:ef:70:9f:6c:
                    df:ae:af:e9:0a:26:ae:79:6e:f7:27:6e:16:a9:65:
                    b3:2c:db:44:82:9e:75:36:5e:cc:49:fd:cb:16:fb:
                    41:70:d3:80:20:b4:a3:3b:f4:63:f6:5f:53:e0:dd:
                    33:50:5d:bf:4e:10:a3:00:6c:b1:d1:45:2b:71:b3:
                    1c:74:27:36:09:e6:b4:88:eb:40:ca:bc:ba:20:d5:
                    3a:ae:dd:1e:44:84:d8:52:ef:aa:f7:c6:be:77:aa:
                    93:ed:22:7b:f5:e1:b3:c2:13:39:e6:b5:35:50:e2:
                    32:dc:cb:c2:a7:0f:dd:15:db:ca:ec:48:29:b3:ab:
                    43:a7:e9:f0:cb:16:38:1d:ac:60:c6:5b:74:1b:57:
                    9f:32:17:22:5a:74:98:27:bf:2a:36:80:e4:f1:74:
                    60:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                17:2A:8A:2B:61:5C:2B:5D:80:F7:E9:39:6B:19:C5:7F:6B:33:DB:59
            X509v3 Authority Key Identifier:
                keyid:D0:5E:D7:A5:81:47:AA:51:4C:8E:6D:AF:BC:C5:D8:75:7C:7D:32:72

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0F7XpYFHqlFMjm2vvMXYdXx9MnI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ce/24fbfc-d902-49db-978a-35a20ff8923e/1/FyqKK2FcK12A9-k5axnFf2sz21k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ce/24fbfc-d902-49db-978a-35a20ff8923e/1/0F7XpYFHqlFMjm2vvMXYdXx9MnI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.177.56.0/23
                  185.177.59.0/24

    Signature Algorithm: sha256WithRSAEncryption
         85:28:d9:44:49:7c:3b:20:d8:c4:87:09:aa:13:d3:df:d1:a2:
         d7:96:78:78:e1:eb:81:ce:39:ad:79:a9:45:fc:53:82:b3:df:
         a7:a2:42:c8:56:fc:12:69:70:01:6c:a1:28:c4:56:0d:8e:62:
         9e:80:c7:9d:52:fc:ff:1d:28:e6:e0:3c:93:43:fb:93:c3:1c:
         36:d6:af:62:30:4f:69:0f:ea:4d:b7:db:2b:d9:5c:c3:32:5d:
         9a:ce:4a:93:cf:d8:18:4f:bb:07:24:5a:38:06:1d:c8:57:18:
         81:de:d5:30:50:d5:00:86:81:6a:03:90:89:f3:8c:b8:4f:f7:
         3c:37:ad:ad:c8:0c:2e:55:96:80:a5:97:7c:af:cd:6e:a5:72:
         dd:06:4e:74:2a:c9:89:e4:7d:fa:b0:bb:64:b2:d7:8b:89:33:
         55:91:81:26:d9:ec:77:54:f8:e7:14:a0:17:95:55:93:ed:65:
         2d:ca:7e:a4:90:87:3c:86:9f:71:bb:7e:6c:a0:87:2b:8c:b2:
         da:71:69:0e:75:fb:f9:c3:e7:bd:ce:b1:01:b3:66:c0:fa:06:
         12:35:97:f8:50:c8:4e:07:e8:af:e1:42:00:ef:f1:a0:50:49:
         da:7b:25:25:a8:da:3e:5a:02:9b:5d:ca:14:ca:1e:46:18:7b:
         4f:32:f6:a3
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZZ9DV8GFslAlqSLvtjHoljvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQwNWVkN2E1ODE0N2FhNTE0YzhlNmRhZmJjYzVkODc1N2M3
ZDMyNzIwHhcNMjUwNDI4MTUzOTEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNzJhOGEyYjYxNWMyYjVkODBmN2U5Mzk2YjE5YzU3ZjZiMzNkYjU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsHYIiNzen8il/m4oDjL540FG2Jlu
DsfmFgr7j0lnBL1YNOpnHFD8+3mMTYPbIwlcadjC3y5wuul3k4yIYt62RaQ3hYht
QPaGJAuwYyfhfZwFgg0MFAdsqovfpxkQ5T6DYybSv+9wn2zfrq/pCiaueW73J24W
qWWzLNtEgp51Nl7MSf3LFvtBcNOAILSjO/Rj9l9T4N0zUF2/ThCjAGyx0UUrcbMc
dCc2Cea0iOtAyry6INU6rt0eRITYUu+q98a+d6qT7SJ79eGzwhM55rU1UOIy3MvC
pw/dFdvK7Egps6tDp+nwyxY4Haxgxlt0G1efMhciWnSYJ78qNoDk8XRg3QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFBcqiithXCtdgPfpOWsZxX9rM9tZMB8GA1UdIwQY
MBaAFNBe16WBR6pRTI5tr7zF2HV8fTJyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMEY3WHBZRkhxbEZNam0ydnZNWFlkWHg5TW5JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZS8yNGZiZmMtZDkwMi00OWRiLTk3OGEt
MzVhMjBmZjg5MjNlLzEvRnlxS0syRmNLMTJBOS1rNWF4bkZmMnN6MjFrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZS8yNGZiZmMtZDkwMi00OWRiLTk3OGEtMzVhMjBmZjg5MjNl
LzEvMEY3WHBZRkhxbEZNam0ydnZNWFlkWHg5TW5JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBubE4AwQA
ubE7MA0GCSqGSIb3DQEBCwUAA4IBAQCFKNlESXw7INjEhwmqE9Pf0aLXlnh44euB
zjmtealF/FOCs9+nokLIVvwSaXABbKEoxFYNjmKegMedUvz/HSjm4DyTQ/uTwxw2
1q9iME9pD+pNt9sr2VzDMl2azkqTz9gYT7sHJFo4Bh3IVxiB3tUwUNUAhoFqA5CJ
84y4T/c8N62tyAwuVZaApZd8r81upXLdBk50KsmJ5H36sLtksteLiTNVkYEm2ex3
VPjnFKAXlVWT7WUtyn6kkIc8hp9xu35soIcrjLLacWkOdfv5w+e9zrEBs2bA+gYS
NZf4UMhOB+iv4UIA7/GgUEnaeyUlqNo+WgKbXcoUyh5GGHtPMvaj
-----END CERTIFICATE-----