Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/95/8efa86-c35f-41b6-ad01-4906103dbd16/1/IMuaaqkXSGjmCph5e3uk681ceAc.roa
File:                     IMuaaqkXSGjmCph5e3uk681ceAc.roa (raw, json)
Hash identifier:          IjS3EjK/LCrXgvu7toh9AQWnzqQYr/P4/Fdrho/vCP8=
Subject key identifier:   20:CB:9A:6A:A9:17:48:68:E6:0A:98:79:7B:7B:A4:EB:CD:5C:78:07
Certificate issuer:       /CN=34531c54b1e7956c2cc371b23e0a75567aa27518
Certificate serial:       019531F03CE4F9DE279EC5B6B412C40774DB
Authority key identifier: 34:53:1C:54:B1:E7:95:6C:2C:C3:71:B2:3E:0A:75:56:7A:A2:75:18
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NFMcVLHnlWwsw3GyPgp1VnqidRg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/95/8efa86-c35f-41b6-ad01-4906103dbd16/1/IMuaaqkXSGjmCph5e3uk681ceAc.roa
Signing time:             Sun 23 Feb 2025 08:33:02 +0000
ROA not before:           Sun 23 Feb 2025 08:33:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     60786
IP address blocks:        185.107.245.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/95/8efa86-c35f-41b6-ad01-4906103dbd16/1/NFMcVLHnlWwsw3GyPgp1VnqidRg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/95/8efa86-c35f-41b6-ad01-4906103dbd16/1/NFMcVLHnlWwsw3GyPgp1VnqidRg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NFMcVLHnlWwsw3GyPgp1VnqidRg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 28 Apr 2025 16:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:31:f0:3c:e4:f9:de:27:9e:c5:b6:b4:12:c4:07:74:db
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=34531c54b1e7956c2cc371b23e0a75567aa27518
        Validity
            Not Before: Feb 23 08:33:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=20cb9a6aa9174868e60a98797b7ba4ebcd5c7807
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:1a:39:52:90:c8:0e:ad:34:3f:00:f1:a8:86:
                    d0:fa:ef:8d:d7:2e:3f:26:91:7b:74:5b:6f:47:4d:
                    c6:3b:de:e8:fd:fb:da:81:6d:c7:c0:2a:e0:33:1e:
                    16:af:8f:53:af:07:d6:eb:67:d5:5a:8a:e3:2a:e6:
                    39:65:e1:ba:b8:83:6b:d2:0e:b0:e2:d4:dc:42:fc:
                    32:28:4c:db:7e:0a:a4:8a:62:16:aa:86:22:c8:0e:
                    41:a6:b2:5b:73:63:a8:ac:46:03:97:34:48:91:be:
                    4a:8e:3b:83:19:c6:ac:6e:1b:56:9a:05:3f:df:7a:
                    e6:60:28:bb:57:ae:59:d8:22:07:34:b0:a8:f6:b3:
                    e2:8e:73:44:71:7e:29:c4:0c:60:a7:98:ed:a1:ba:
                    fb:c7:cc:cb:98:a3:1d:56:98:ff:43:d0:b8:12:2f:
                    46:d7:d5:77:bb:3e:a9:df:ae:9c:f1:19:25:55:4d:
                    c1:83:c7:95:85:d8:6f:bc:ab:42:20:c5:d8:c3:24:
                    e2:6a:e1:2c:72:75:47:01:2d:81:5f:80:24:fa:15:
                    2e:80:8a:49:9d:c9:3c:a8:c6:d6:96:7f:7a:d4:74:
                    e6:8d:70:b9:28:f9:f6:dc:41:bf:e1:4a:12:1c:b4:
                    d6:46:d4:17:2b:13:cf:46:9a:17:49:6d:15:93:d7:
                    b2:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                20:CB:9A:6A:A9:17:48:68:E6:0A:98:79:7B:7B:A4:EB:CD:5C:78:07
            X509v3 Authority Key Identifier:
                keyid:34:53:1C:54:B1:E7:95:6C:2C:C3:71:B2:3E:0A:75:56:7A:A2:75:18

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NFMcVLHnlWwsw3GyPgp1VnqidRg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/95/8efa86-c35f-41b6-ad01-4906103dbd16/1/IMuaaqkXSGjmCph5e3uk681ceAc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/95/8efa86-c35f-41b6-ad01-4906103dbd16/1/NFMcVLHnlWwsw3GyPgp1VnqidRg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.107.245.0/24

    Signature Algorithm: sha256WithRSAEncryption
         52:ba:d0:62:ba:bd:59:1f:81:2d:73:04:1d:49:ea:fa:b2:65:
         9e:ff:ca:c3:5c:4c:4a:12:d9:dc:02:f8:15:70:d0:74:a8:3a:
         21:77:ee:1b:5a:0e:0c:cf:97:2e:2c:af:07:cd:f5:3e:38:57:
         98:f5:8d:3d:9c:00:c2:67:3e:dd:d3:2b:50:2b:bb:18:fb:3f:
         5e:09:03:30:76:15:2b:9d:7f:98:dc:c8:f4:55:38:47:13:9a:
         3e:31:9b:22:1f:e4:c1:46:1b:c0:7b:c1:76:07:4b:15:02:1c:
         8a:6e:f9:8e:3e:a4:1d:b8:8b:a6:ef:91:bd:9e:56:ec:45:cd:
         61:19:7f:6c:19:86:ee:7b:fb:e4:32:ec:40:11:83:db:a0:1a:
         24:33:67:61:06:f7:50:e1:67:6b:ac:74:94:d5:46:d5:e2:10:
         c0:61:b1:10:1a:b5:f5:49:c9:b2:cb:23:e2:f4:3c:be:33:cb:
         06:fc:01:a3:76:c6:a4:5c:34:a6:04:63:09:6a:18:f0:aa:41:
         3e:7c:46:a9:4a:3f:03:94:28:18:d1:f3:9f:d5:dc:10:68:2e:
         9d:ed:d4:2b:9a:56:13:4b:81:cb:8a:6f:e9:bc:c0:24:6e:1d:
         2f:8d:b0:ab:08:ad:cf:51:47:fd:5f:8e:a4:e6:12:48:70:6d:
         50:17:a5:54
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZUx8Dzk+d4nnsW2tBLEB3TbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM0NTMxYzU0YjFlNzk1NmMyY2MzNzFiMjNlMGE3NTU2N2Fh
Mjc1MTgwHhcNMjUwMjIzMDgzMzAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMGNiOWE2YWE5MTc0ODY4ZTYwYTk4Nzk3YjdiYTRlYmNkNWM3ODA3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuxo5UpDIDq00PwDxqIbQ+u+N1y4/
JpF7dFtvR03GO97o/fvagW3HwCrgMx4Wr49TrwfW62fVWorjKuY5ZeG6uINr0g6w
4tTcQvwyKEzbfgqkimIWqoYiyA5BprJbc2OorEYDlzRIkb5KjjuDGcasbhtWmgU/
33rmYCi7V65Z2CIHNLCo9rPijnNEcX4pxAxgp5jtobr7x8zLmKMdVpj/Q9C4Ei9G
19V3uz6p366c8RklVU3Bg8eVhdhvvKtCIMXYwyTiauEscnVHAS2BX4Ak+hUugIpJ
nck8qMbWln961HTmjXC5KPn23EG/4UoSHLTWRtQXKxPPRpoXSW0Vk9eyRQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCDLmmqpF0ho5gqYeXt7pOvNXHgHMB8GA1UdIwQY
MBaAFDRTHFSx55VsLMNxsj4KdVZ6onUYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTkZNY1ZMSG5sV3dzdzNHeVBncDFWbnFpZFJnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85NS84ZWZhODYtYzM1Zi00MWI2LWFkMDEt
NDkwNjEwM2RiZDE2LzEvSU11YWFxa1hTR2ptQ3BoNWUzdWs2ODFjZUFjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85NS84ZWZhODYtYzM1Zi00MWI2LWFkMDEtNDkwNjEwM2RiZDE2
LzEvTkZNY1ZMSG5sV3dzdzNHeVBncDFWbnFpZFJnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuWv1MA0G
CSqGSIb3DQEBCwUAA4IBAQBSutBiur1ZH4EtcwQdSer6smWe/8rDXExKEtncAvgV
cNB0qDohd+4bWg4Mz5cuLK8HzfU+OFeY9Y09nADCZz7d0ytQK7sY+z9eCQMwdhUr
nX+Y3Mj0VThHE5o+MZsiH+TBRhvAe8F2B0sVAhyKbvmOPqQduIum75G9nlbsRc1h
GX9sGYbue/vkMuxAEYPboBokM2dhBvdQ4WdrrHSU1UbV4hDAYbEQGrX1ScmyyyPi
9Dy+M8sG/AGjdsakXDSmBGMJahjwqkE+fEapSj8DlCgY0fOf1dwQaC6d7dQrmlYT
S4HLim/pvMAkbh0vjbCrCK3PUUf9X46k5hJIcG1QF6VU
-----END CERTIFICATE-----