Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f3/ba88f2-215f-4f89-a3af-138b787de3e3/1/1F9MijuQpgadBC0qomGmUYJZ8Qo.roa
File:                     1F9MijuQpgadBC0qomGmUYJZ8Qo.roa (raw, json)
Hash identifier:          +dDzScNaK5jHBDGWnNSKAKH4zr9szjlmXCKJdH9h2oE=
Subject key identifier:   D4:5F:4C:8A:3B:90:A6:06:9D:04:2D:2A:A2:61:A6:51:82:59:F1:0A
Certificate issuer:       /CN=999df7dc0ed518f1ec69974cf98cecaada1a8680
Certificate serial:       0196E8B752352D20F7E5E2A38A4D7ECEA0C1
Authority key identifier: 99:9D:F7:DC:0E:D5:18:F1:EC:69:97:4C:F9:8C:EC:AA:DA:1A:86:80
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mZ333A7VGPHsaZdM-YzsqtoahoA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f3/ba88f2-215f-4f89-a3af-138b787de3e3/1/1F9MijuQpgadBC0qomGmUYJZ8Qo.roa
Signing time:             Mon 19 May 2025 13:24:10 +0000
ROA not before:           Mon 19 May 2025 13:24:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     206562
IP address blocks:        185.152.56.0/24 maxlen: 24
                          185.152.59.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f3/ba88f2-215f-4f89-a3af-138b787de3e3/1/mZ333A7VGPHsaZdM-YzsqtoahoA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f3/ba88f2-215f-4f89-a3af-138b787de3e3/1/mZ333A7VGPHsaZdM-YzsqtoahoA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/mZ333A7VGPHsaZdM-YzsqtoahoA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 04 Jul 2025 04:01:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:e8:b7:52:35:2d:20:f7:e5:e2:a3:8a:4d:7e:ce:a0:c1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=999df7dc0ed518f1ec69974cf98cecaada1a8680
        Validity
            Not Before: May 19 13:24:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d45f4c8a3b90a6069d042d2aa261a6518259f10a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:6f:be:83:a8:40:ef:a1:fa:0b:8e:5b:76:b9:
                    44:82:d7:a1:df:81:6a:21:11:a3:e0:9a:83:51:26:
                    8e:f7:ed:1e:15:5a:62:cd:0c:4c:d3:1e:d0:db:a7:
                    2b:1f:11:7e:58:e5:eb:39:f8:f9:5d:02:8b:1c:5a:
                    8e:1b:77:84:c5:91:6b:0b:a1:61:ef:42:71:12:f0:
                    e1:4d:70:a1:9c:b3:49:48:95:4c:ae:d1:06:83:47:
                    9d:09:47:d5:a4:ee:a0:8a:9d:c3:df:a2:5d:84:19:
                    04:cf:20:89:88:49:72:47:dc:9b:d7:54:d8:74:91:
                    29:3d:19:38:c4:d5:f0:bf:f9:1b:df:a9:0e:4f:e5:
                    8b:06:52:e6:f0:74:eb:d1:db:e3:b2:b5:f8:e3:f5:
                    c1:f3:33:45:d7:1f:cf:7a:31:bc:4e:da:18:40:05:
                    5b:16:37:56:39:89:ed:90:d2:c5:03:64:9f:ab:c3:
                    22:c6:a4:b7:b7:f3:18:79:da:f4:ae:b0:31:27:cb:
                    6a:8c:69:e9:f0:f2:4a:45:d8:96:d5:5e:9d:d9:ed:
                    fd:35:b1:9a:41:c3:7b:63:0c:ef:96:10:4c:3d:c7:
                    59:e6:d0:b7:95:c8:ab:85:63:79:4f:75:27:72:24:
                    d4:04:cc:74:88:7d:df:81:00:9b:5f:fb:69:f6:9d:
                    95:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D4:5F:4C:8A:3B:90:A6:06:9D:04:2D:2A:A2:61:A6:51:82:59:F1:0A
            X509v3 Authority Key Identifier:
                keyid:99:9D:F7:DC:0E:D5:18:F1:EC:69:97:4C:F9:8C:EC:AA:DA:1A:86:80

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mZ333A7VGPHsaZdM-YzsqtoahoA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/ba88f2-215f-4f89-a3af-138b787de3e3/1/1F9MijuQpgadBC0qomGmUYJZ8Qo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/ba88f2-215f-4f89-a3af-138b787de3e3/1/mZ333A7VGPHsaZdM-YzsqtoahoA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.152.56.0/24
                  185.152.59.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8e:16:5a:f3:21:fa:12:c4:b2:36:13:28:a6:8c:4b:e9:fd:c4:
         57:c2:30:4e:af:ec:fb:97:ab:a8:a8:3a:c1:4d:e1:f4:95:cd:
         b9:4e:9c:dc:bd:25:ea:47:42:eb:bd:e8:1d:5f:6c:47:ec:0c:
         cc:10:9e:e7:67:63:31:31:f2:f0:3c:43:01:ba:79:18:16:9e:
         83:14:19:1d:98:6e:07:3b:c1:7a:d1:0e:98:48:d3:f5:7c:cd:
         30:9f:f8:ec:b0:5a:cd:c6:ec:08:5b:e3:ef:2c:f4:53:3c:a6:
         3e:94:1e:77:9e:9c:61:37:a4:3f:88:04:f4:a5:83:d0:7f:76:
         14:38:d9:af:24:4f:f7:11:8a:67:0b:e7:8c:22:4b:43:eb:bf:
         c2:cd:09:2a:cc:51:0d:1a:69:d7:5a:ab:84:da:9e:64:cf:ff:
         38:2f:70:b1:63:3a:70:15:bb:71:17:21:15:ce:93:03:72:52:
         d2:47:7b:d1:6f:7e:5d:4b:c1:5b:60:17:12:b9:3e:7d:f7:5f:
         35:fe:7b:30:c4:f5:7d:40:1e:44:40:fb:95:54:61:ef:ef:92:
         d1:82:5b:3e:13:d5:08:9b:12:c6:23:46:f7:42:aa:4a:b5:b6:
         2d:73:79:7e:da:84:95:87:73:e8:e2:46:26:cf:d2:07:e9:2a:
         e9:ff:41:7e
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZbot1I1LSD35eKjik1+zqDBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk5OWRmN2RjMGVkNTE4ZjFlYzY5OTc0Y2Y5OGNlY2FhZGEx
YTg2ODAwHhcNMjUwNTE5MTMyNDEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNDVmNGM4YTNiOTBhNjA2OWQwNDJkMmFhMjYxYTY1MTgyNTlmMTBhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt2++g6hA76H6C45bdrlEgteh34Fq
IRGj4JqDUSaO9+0eFVpizQxM0x7Q26crHxF+WOXrOfj5XQKLHFqOG3eExZFrC6Fh
70JxEvDhTXChnLNJSJVMrtEGg0edCUfVpO6gip3D36JdhBkEzyCJiElyR9yb11TY
dJEpPRk4xNXwv/kb36kOT+WLBlLm8HTr0dvjsrX44/XB8zNF1x/PejG8TtoYQAVb
FjdWOYntkNLFA2Sfq8MixqS3t/MYedr0rrAxJ8tqjGnp8PJKRdiW1V6d2e39NbGa
QcN7YwzvlhBMPcdZ5tC3lcirhWN5T3UnciTUBMx0iH3fgQCbX/tp9p2V6wIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFNRfTIo7kKYGnQQtKqJhplGCWfEKMB8GA1UdIwQY
MBaAFJmd99wO1Rjx7GmXTPmM7KraGoaAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbVozMzNBN1ZHUEhzYVpkTS1ZenNxdG9haG9BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMy9iYTg4ZjItMjE1Zi00Zjg5LWEzYWYt
MTM4Yjc4N2RlM2UzLzEvMUY5TWlqdVFwZ2FkQkMwcW9tR21VWUpaOFFvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMy9iYTg4ZjItMjE1Zi00Zjg5LWEzYWYtMTM4Yjc4N2RlM2Uz
LzEvbVozMzNBN1ZHUEhzYVpkTS1ZenNxdG9haG9BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAuZg4AwQA
uZg7MA0GCSqGSIb3DQEBCwUAA4IBAQCOFlrzIfoSxLI2EyimjEvp/cRXwjBOr+z7
l6uoqDrBTeH0lc25TpzcvSXqR0LrvegdX2xH7AzMEJ7nZ2MxMfLwPEMBunkYFp6D
FBkdmG4HO8F60Q6YSNP1fM0wn/jssFrNxuwIW+PvLPRTPKY+lB53npxhN6Q/iAT0
pYPQf3YUONmvJE/3EYpnC+eMIktD67/CzQkqzFENGmnXWquE2p5kz/84L3CxYzpw
FbtxFyEVzpMDclLSR3vRb35dS8FbYBcSuT599181/nswxPV9QB5EQPuVVGHv75LR
gls+E9UImxLGI0b3QqpKtbYtc3l+2oSVh3Po4kYmz9IH6Srp/0F+
-----END CERTIFICATE-----