Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3e/34c5b2-b6e3-4b23-a609-16ed3cd0c72a/1/jCClE4UcGhBO2O17hYmlu4VMdbE.roa
File:                     jCClE4UcGhBO2O17hYmlu4VMdbE.roa (raw, json)
Hash identifier:          xUf30JSF1caq3EkHup8JJIOwj8vWi588sMeLSXGvQtg=
Subject key identifier:   8C:20:A5:13:85:1C:1A:10:4E:D8:ED:7B:85:89:A5:BB:85:4C:75:B1
Certificate issuer:       /CN=509bc63e68c90932b4fc28997fc3bf78de3b3743
Certificate serial:       0195B2D3A5F7DC799B31687D55FFD2C5BFE0
Authority key identifier: 50:9B:C6:3E:68:C9:09:32:B4:FC:28:99:7F:C3:BF:78:DE:3B:37:43
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/UJvGPmjJCTK0_CiZf8O_eN47N0M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3e/34c5b2-b6e3-4b23-a609-16ed3cd0c72a/1/jCClE4UcGhBO2O17hYmlu4VMdbE.roa
Signing time:             Thu 20 Mar 2025 09:12:49 +0000
ROA not before:           Thu 20 Mar 2025 09:12:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     198065
IP address blocks:        185.164.76.0/24 maxlen: 24
                          185.164.78.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3e/34c5b2-b6e3-4b23-a609-16ed3cd0c72a/1/UJvGPmjJCTK0_CiZf8O_eN47N0M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3e/34c5b2-b6e3-4b23-a609-16ed3cd0c72a/1/UJvGPmjJCTK0_CiZf8O_eN47N0M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/UJvGPmjJCTK0_CiZf8O_eN47N0M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 22 Apr 2025 06:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:b2:d3:a5:f7:dc:79:9b:31:68:7d:55:ff:d2:c5:bf:e0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=509bc63e68c90932b4fc28997fc3bf78de3b3743
        Validity
            Not Before: Mar 20 09:12:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8c20a513851c1a104ed8ed7b8589a5bb854c75b1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:66:fb:66:ff:2a:f8:b1:6a:53:f1:8c:cc:c7:
                    0d:e6:85:7f:0c:30:4c:a0:f8:62:31:71:ac:83:3e:
                    8d:74:1f:4d:4a:0f:ce:fa:c5:48:22:5d:90:f0:05:
                    f1:e9:89:06:76:d8:f5:93:ff:13:03:64:2e:2a:70:
                    19:03:6d:61:68:18:d6:48:e7:04:06:a9:1a:de:2b:
                    f3:e3:b1:eb:3c:31:c6:d8:6d:34:f1:eb:eb:21:79:
                    8b:9a:a7:75:d9:4e:7b:99:7d:34:50:2f:35:36:f4:
                    08:11:2b:ae:f6:95:78:23:b7:9e:52:b4:ec:19:b2:
                    45:df:ba:a3:0d:b5:3c:4d:8b:1b:f1:8d:8b:a3:50:
                    4d:3b:d8:1d:59:8f:46:2e:3e:e0:bb:4a:7d:8f:5b:
                    a0:87:d3:5d:44:5b:cb:3e:e3:8d:a0:ed:88:44:b4:
                    31:a0:49:d5:3b:79:3f:ba:70:54:ed:99:ae:8a:82:
                    48:4c:e2:41:30:1c:e4:e1:e8:7f:2f:e1:b2:fb:54:
                    6c:3e:d5:fa:42:53:cf:3a:1e:a7:40:72:a1:79:35:
                    a6:4f:86:95:0f:2a:95:55:2f:88:ee:bb:b1:77:36:
                    5b:a6:da:fa:ca:dd:a9:77:01:e8:13:21:9b:a0:22:
                    6d:a3:1e:d9:0b:fd:38:5f:9a:97:60:f7:d0:a2:15:
                    5b:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8C:20:A5:13:85:1C:1A:10:4E:D8:ED:7B:85:89:A5:BB:85:4C:75:B1
            X509v3 Authority Key Identifier:
                keyid:50:9B:C6:3E:68:C9:09:32:B4:FC:28:99:7F:C3:BF:78:DE:3B:37:43

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UJvGPmjJCTK0_CiZf8O_eN47N0M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3e/34c5b2-b6e3-4b23-a609-16ed3cd0c72a/1/jCClE4UcGhBO2O17hYmlu4VMdbE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3e/34c5b2-b6e3-4b23-a609-16ed3cd0c72a/1/UJvGPmjJCTK0_CiZf8O_eN47N0M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.164.76.0/24
                  185.164.78.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9e:b3:c9:09:84:49:14:fd:2e:7b:bf:a6:74:84:6b:ca:2b:df:
         fb:35:6d:e7:37:6f:2d:05:97:d3:ea:b5:b8:85:73:cd:e2:eb:
         2e:fb:07:79:97:2b:24:3b:0a:7f:e9:dd:fc:cf:19:6a:2c:79:
         52:f6:f3:c1:97:86:78:23:dc:1c:75:46:3a:2d:22:db:7a:6e:
         62:62:9e:b4:2b:03:75:fe:25:f1:ec:24:54:1c:95:2b:1d:77:
         3d:72:2e:fb:ed:13:9c:00:71:6c:8f:a1:03:72:aa:3f:6b:8f:
         a3:ea:d9:28:7d:de:44:11:66:fe:4e:a9:15:c3:31:a7:90:43:
         d0:7b:7c:4d:fb:8e:a2:81:cf:47:bf:c5:3b:4c:dd:34:8e:6a:
         b3:4d:af:50:10:86:ab:6d:86:d2:74:fb:9a:7d:91:d0:4d:31:
         a1:57:06:c6:3b:5c:bc:29:b5:47:4e:7a:a7:ac:f9:12:74:66:
         32:db:8f:22:a9:94:f4:00:ea:a3:65:09:f2:7c:e9:c4:78:85:
         9d:11:2a:d3:49:35:c4:c6:cc:c3:b4:46:d2:80:74:eb:6d:c5:
         22:81:a6:ac:74:f5:a3:b0:e1:fc:67:fa:4a:19:fd:e1:a4:5d:
         eb:1f:ea:bb:93:e8:e9:a3:7d:6e:d3:30:40:3f:99:da:39:f5:
         0e:0b:89:89
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZWy06X33HmbMWh9Vf/Sxb/gMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUwOWJjNjNlNjhjOTA5MzJiNGZjMjg5OTdmYzNiZjc4ZGUz
YjM3NDMwHhcNMjUwMzIwMDkxMjQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YzIwYTUxMzg1MWMxYTEwNGVkOGVkN2I4NTg5YTViYjg1NGM3NWIxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsWb7Zv8q+LFqU/GMzMcN5oV/DDBM
oPhiMXGsgz6NdB9NSg/O+sVIIl2Q8AXx6YkGdtj1k/8TA2QuKnAZA21haBjWSOcE
Bqka3ivz47HrPDHG2G008evrIXmLmqd12U57mX00UC81NvQIESuu9pV4I7eeUrTs
GbJF37qjDbU8TYsb8Y2Lo1BNO9gdWY9GLj7gu0p9j1ugh9NdRFvLPuONoO2IRLQx
oEnVO3k/unBU7ZmuioJITOJBMBzk4eh/L+Gy+1RsPtX6QlPPOh6nQHKheTWmT4aV
DyqVVS+I7ruxdzZbptr6yt2pdwHoEyGboCJtox7ZC/04X5qXYPfQohVbZQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFIwgpROFHBoQTtjte4WJpbuFTHWxMB8GA1UdIwQY
MBaAFFCbxj5oyQkytPwomX/Dv3jeOzdDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVUp2R1BtakpDVEswX0NpWmY4T19lTjQ3TjBNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZS8zNGM1YjItYjZlMy00YjIzLWE2MDkt
MTZlZDNjZDBjNzJhLzEvakNDbEU0VWNHaEJPMk8xN2hZbWx1NFZNZGJFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZS8zNGM1YjItYjZlMy00YjIzLWE2MDktMTZlZDNjZDBjNzJh
LzEvVUp2R1BtakpDVEswX0NpWmY4T19lTjQ3TjBNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAuaRMAwQA
uaROMA0GCSqGSIb3DQEBCwUAA4IBAQCes8kJhEkU/S57v6Z0hGvKK9/7NW3nN28t
BZfT6rW4hXPN4usu+wd5lyskOwp/6d38zxlqLHlS9vPBl4Z4I9wcdUY6LSLbem5i
Yp60KwN1/iXx7CRUHJUrHXc9ci777ROcAHFsj6EDcqo/a4+j6tkofd5EEWb+TqkV
wzGnkEPQe3xN+46igc9Hv8U7TN00jmqzTa9QEIarbYbSdPuafZHQTTGhVwbGO1y8
KbVHTnqnrPkSdGYy248iqZT0AOqjZQnyfOnEeIWdESrTSTXExszDtEbSgHTrbcUi
gaasdPWjsOH8Z/pKGf3hpF3rH+q7k+jpo31u0zBAP5naOfUOC4mJ
-----END CERTIFICATE-----