Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9c/12eaad-8a45-4789-bab5-726057a1f2a4/1/XsgnOEF7vfK5ibiX2gO0dbUdvH4.roa
File:                     XsgnOEF7vfK5ibiX2gO0dbUdvH4.roa (raw, json)
Hash identifier:          dl+Z9gagDpH+bvVgRzlNoZwLOa8t3AYa/5on8N/ozZc=
Subject key identifier:   5E:C8:27:38:41:7B:BD:F2:B9:89:B8:97:DA:03:B4:75:B5:1D:BC:7E
Certificate issuer:       /CN=1c06a82bb115d7393e39fd58b73bbf20f6cd0b1f
Certificate serial:       01973B084E96BFF9324F4E829446A1AC7AE1
Authority key identifier: 1C:06:A8:2B:B1:15:D7:39:3E:39:FD:58:B7:3B:BF:20:F6:CD:0B:1F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HAaoK7EV1zk-Of1Ytzu_IPbNCx8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9c/12eaad-8a45-4789-bab5-726057a1f2a4/1/XsgnOEF7vfK5ibiX2gO0dbUdvH4.roa
Signing time:             Wed 04 Jun 2025 13:01:29 +0000
ROA not before:           Wed 04 Jun 2025 13:01:29 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     211439
IP address blocks:        185.20.255.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9c/12eaad-8a45-4789-bab5-726057a1f2a4/1/HAaoK7EV1zk-Of1Ytzu_IPbNCx8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9c/12eaad-8a45-4789-bab5-726057a1f2a4/1/HAaoK7EV1zk-Of1Ytzu_IPbNCx8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HAaoK7EV1zk-Of1Ytzu_IPbNCx8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 16 Jun 2025 13:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:3b:08:4e:96:bf:f9:32:4f:4e:82:94:46:a1:ac:7a:e1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1c06a82bb115d7393e39fd58b73bbf20f6cd0b1f
        Validity
            Not Before: Jun  4 13:01:29 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5ec82738417bbdf2b989b897da03b475b51dbc7e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:61:28:73:e6:dd:86:e0:f4:3c:8d:0f:1a:3c:
                    e3:cc:10:b8:64:cf:22:42:7f:27:c7:b6:6a:75:e1:
                    f9:a6:7b:46:bb:b0:d5:69:ec:dc:a9:40:14:6e:ab:
                    ab:07:71:a5:9b:ee:c6:b2:22:09:f0:fc:c9:1a:1b:
                    aa:ff:dc:ed:6a:da:e3:da:3e:64:7f:21:e6:ea:88:
                    b3:c1:0b:52:a3:e9:e5:7f:0f:13:ce:1a:a9:f1:84:
                    84:c7:b0:85:d2:a8:72:85:e9:b7:d2:ff:59:40:d7:
                    b9:3c:b0:d9:5c:cf:55:d0:40:3d:e3:9f:ee:fe:2d:
                    c3:c5:68:a2:2e:e8:dc:8d:40:a1:86:e6:d8:02:f7:
                    97:24:a2:34:41:90:01:dd:10:dd:b7:b9:98:8e:dd:
                    1b:e6:50:e8:9b:6f:90:fd:a0:69:32:fc:7e:e2:8d:
                    a2:a7:ba:12:68:d6:aa:77:cc:aa:db:37:3a:c6:4e:
                    c3:0e:71:6d:5b:75:ad:dc:bf:11:51:65:69:9e:63:
                    81:e1:a0:da:51:a3:19:72:fe:0b:be:da:fb:ee:24:
                    f6:4a:28:fd:dd:97:6c:79:7a:76:04:7a:fc:87:f4:
                    d2:ef:f0:7b:0b:f0:44:e7:e6:72:99:75:98:89:42:
                    60:07:a9:d7:3f:9d:9e:cf:b8:18:c6:5d:5f:c2:f6:
                    2b:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5E:C8:27:38:41:7B:BD:F2:B9:89:B8:97:DA:03:B4:75:B5:1D:BC:7E
            X509v3 Authority Key Identifier:
                keyid:1C:06:A8:2B:B1:15:D7:39:3E:39:FD:58:B7:3B:BF:20:F6:CD:0B:1F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HAaoK7EV1zk-Of1Ytzu_IPbNCx8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9c/12eaad-8a45-4789-bab5-726057a1f2a4/1/XsgnOEF7vfK5ibiX2gO0dbUdvH4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9c/12eaad-8a45-4789-bab5-726057a1f2a4/1/HAaoK7EV1zk-Of1Ytzu_IPbNCx8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.20.255.0/24

    Signature Algorithm: sha256WithRSAEncryption
         16:04:a3:b7:3e:68:00:b4:60:a7:8c:30:2a:7c:fa:6e:60:b5:
         75:06:ae:88:d4:b8:50:65:bb:a6:bc:31:d4:c9:22:5f:a9:ee:
         2a:c8:ef:61:63:32:27:04:c2:e4:6d:f6:a5:25:28:f1:94:cf:
         c3:f5:19:6f:ad:17:ce:6a:f7:95:f4:1d:3c:7f:9f:0b:a8:c6:
         c0:d7:16:3d:12:11:1c:1e:b3:65:ed:3c:e2:dc:a1:e0:89:40:
         1d:7d:a2:85:ba:fc:9a:8c:2e:ba:5a:40:f7:7b:e5:7d:1e:c6:
         23:d9:44:9b:eb:af:52:1d:08:c8:6f:01:c3:3a:6e:93:61:76:
         c1:b7:4c:c2:46:79:ff:5f:e5:65:4f:f4:88:b1:41:17:bc:ba:
         84:7a:f2:3c:44:56:0b:85:f6:db:4f:59:b9:d7:e9:1d:f6:3e:
         c3:b5:22:f8:45:ba:c8:0a:27:72:cd:3a:66:04:33:1a:17:d9:
         f5:f4:8c:31:6c:1c:e3:e5:a2:ef:2a:80:4c:d4:41:cf:d8:b4:
         73:f2:6c:41:c8:39:7e:30:49:ef:96:63:a2:61:e9:41:68:96:
         04:eb:51:df:a2:6f:74:02:64:98:d6:b5:58:2c:c3:7d:83:1d:
         dd:93:26:3d:aa:7e:b7:ab:5e:21:7c:f4:c9:32:ca:f0:8a:2a:
         93:cf:27:52
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZc7CE6Wv/kyT06ClEahrHrhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjMDZhODJiYjExNWQ3MzkzZTM5ZmQ1OGI3M2JiZjIwZjZj
ZDBiMWYwHhcNMjUwNjA0MTMwMTI5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZWM4MjczODQxN2JiZGYyYjk4OWI4OTdkYTAzYjQ3NWI1MWRiYzdlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArWEoc+bdhuD0PI0PGjzjzBC4ZM8i
Qn8nx7ZqdeH5pntGu7DVaezcqUAUbqurB3Glm+7GsiIJ8PzJGhuq/9ztatrj2j5k
fyHm6oizwQtSo+nlfw8Tzhqp8YSEx7CF0qhyhem30v9ZQNe5PLDZXM9V0EA945/u
/i3DxWiiLujcjUChhubYAveXJKI0QZAB3RDdt7mYjt0b5lDom2+Q/aBpMvx+4o2i
p7oSaNaqd8yq2zc6xk7DDnFtW3Wt3L8RUWVpnmOB4aDaUaMZcv4Lvtr77iT2Sij9
3ZdseXp2BHr8h/TS7/B7C/BE5+ZymXWYiUJgB6nXP52ez7gYxl1fwvYrCwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFF7IJzhBe73yuYm4l9oDtHW1Hbx+MB8GA1UdIwQY
MBaAFBwGqCuxFdc5Pjn9WLc7vyD2zQsfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEFhb0s3RVYxemstT2YxWXR6dV9JUGJOQ3g4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Yy8xMmVhYWQtOGE0NS00Nzg5LWJhYjUt
NzI2MDU3YTFmMmE0LzEvWHNnbk9FRjd2Zks1aWJpWDJnTzBkYlVkdkg0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Yy8xMmVhYWQtOGE0NS00Nzg5LWJhYjUtNzI2MDU3YTFmMmE0
LzEvSEFhb0s3RVYxemstT2YxWXR6dV9JUGJOQ3g4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuRT/MA0G
CSqGSIb3DQEBCwUAA4IBAQAWBKO3PmgAtGCnjDAqfPpuYLV1Bq6I1LhQZbumvDHU
ySJfqe4qyO9hYzInBMLkbfalJSjxlM/D9RlvrRfOaveV9B08f58LqMbA1xY9EhEc
HrNl7Tzi3KHgiUAdfaKFuvyajC66WkD3e+V9HsYj2USb669SHQjIbwHDOm6TYXbB
t0zCRnn/X+VlT/SIsUEXvLqEevI8RFYLhfbbT1m51+kd9j7DtSL4RbrICidyzTpm
BDMaF9n19IwxbBzj5aLvKoBM1EHP2LRz8mxByDl+MEnvlmOiYelBaJYE61Hfom90
AmSY1rVYLMN9gx3dkyY9qn63q14hfPTJMsrwiiqTzydS
-----END CERTIFICATE-----