Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/45/558348-4912-4bc1-8e58-f92d7dc37d2e/1/arEZQsEXnVSI6-bLVQjh4JrMbdU.roa
File:                     arEZQsEXnVSI6-bLVQjh4JrMbdU.roa (raw, json)
Hash identifier:          MfvALKIE92SEVes0Rhmk60exxz6cpg20MFq0EbINdeM=
Subject key identifier:   6A:B1:19:42:C1:17:9D:54:88:EB:E6:CB:55:08:E1:E0:9A:CC:6D:D5
Certificate issuer:       /CN=8d3402eae027abcd926090cc0ddeff80aab92c35
Certificate serial:       019420682E4F771501B592EBCAD55FAEA35A
Authority key identifier: 8D:34:02:EA:E0:27:AB:CD:92:60:90:CC:0D:DE:FF:80:AA:B9:2C:35
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jTQC6uAnq82SYJDMDd7_gKq5LDU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/45/558348-4912-4bc1-8e58-f92d7dc37d2e/1/arEZQsEXnVSI6-bLVQjh4JrMbdU.roa
Signing time:             Wed 01 Jan 2025 05:48:05 +0000
ROA not before:           Wed 01 Jan 2025 05:48:05 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     136258
IP address blocks:        185.186.76.0/24 maxlen: 24
                          185.186.78.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/45/558348-4912-4bc1-8e58-f92d7dc37d2e/1/jTQC6uAnq82SYJDMDd7_gKq5LDU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/45/558348-4912-4bc1-8e58-f92d7dc37d2e/1/jTQC6uAnq82SYJDMDd7_gKq5LDU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jTQC6uAnq82SYJDMDd7_gKq5LDU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 13:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:68:2e:4f:77:15:01:b5:92:eb:ca:d5:5f:ae:a3:5a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8d3402eae027abcd926090cc0ddeff80aab92c35
        Validity
            Not Before: Jan  1 05:48:05 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6ab11942c1179d5488ebe6cb5508e1e09acc6dd5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:28:3a:56:4d:dd:2d:2f:54:fb:cc:7c:ce:ee:
                    47:54:94:f9:e5:cf:dd:b3:ea:93:71:a5:e9:6d:45:
                    ed:63:bb:f6:67:61:9a:a3:0f:71:82:95:e4:b6:95:
                    18:23:34:90:7e:f5:e9:1f:85:d5:2d:cf:bd:78:d0:
                    ad:d2:6e:6a:78:e8:a1:62:ce:21:8d:d4:35:f7:82:
                    92:53:a7:58:63:45:9e:ad:5a:99:f6:ae:8e:7c:bb:
                    6e:c7:e7:f0:6e:db:e8:92:29:63:2c:9f:a8:8b:da:
                    d5:1d:22:24:6f:c2:bb:cb:79:41:63:6b:b9:d5:a3:
                    fa:70:91:45:15:e2:27:4d:72:4e:8b:d7:1d:8e:23:
                    57:ff:75:df:dc:2f:e3:b0:23:18:e4:19:5b:fb:af:
                    8c:09:a0:a0:fc:12:e4:c0:a1:e9:b1:db:d9:b6:0b:
                    3c:41:76:c0:80:8c:18:be:66:2e:8e:50:f5:92:f1:
                    f3:f6:e9:1b:c5:6d:9e:47:79:0a:f3:cc:f0:9a:d0:
                    b5:1c:af:85:08:e4:26:7d:df:6c:1c:a6:06:7d:ea:
                    37:76:44:f8:c0:27:83:b0:20:19:64:75:af:cd:ad:
                    fe:bc:72:8c:da:2f:4d:ff:2c:5c:4e:e9:e5:13:27:
                    d0:f8:54:63:bc:82:9b:40:54:be:e9:37:4c:08:29:
                    c5:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6A:B1:19:42:C1:17:9D:54:88:EB:E6:CB:55:08:E1:E0:9A:CC:6D:D5
            X509v3 Authority Key Identifier:
                keyid:8D:34:02:EA:E0:27:AB:CD:92:60:90:CC:0D:DE:FF:80:AA:B9:2C:35

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jTQC6uAnq82SYJDMDd7_gKq5LDU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/45/558348-4912-4bc1-8e58-f92d7dc37d2e/1/arEZQsEXnVSI6-bLVQjh4JrMbdU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/45/558348-4912-4bc1-8e58-f92d7dc37d2e/1/jTQC6uAnq82SYJDMDd7_gKq5LDU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.186.76.0/24
                  185.186.78.0/24

    Signature Algorithm: sha256WithRSAEncryption
         84:03:c7:3b:ae:c3:57:29:9a:84:44:0c:10:8e:40:2d:76:1b:
         55:e9:b0:d2:03:4f:7b:af:98:20:a4:60:14:c7:a3:e2:67:c3:
         61:4d:70:c2:7f:c7:1a:e5:9d:6c:68:48:2a:d3:ef:68:87:25:
         46:26:ec:8b:91:b1:c1:d0:0e:0c:5e:e4:4a:f3:cb:f0:8b:70:
         52:5c:8a:ab:f4:12:18:65:ee:2d:e6:3a:e4:b0:6b:57:62:57:
         21:43:c2:26:bb:d2:d1:d3:a1:21:3b:24:0b:b0:25:95:81:8c:
         ac:48:e2:52:f9:83:39:c6:62:9e:f1:ef:46:ca:7e:e0:72:9c:
         55:22:90:04:39:40:ed:0e:b2:cf:62:c1:f1:f8:06:9d:35:05:
         ea:80:30:5c:96:1c:e2:2f:d6:2c:81:34:a5:ac:7e:f5:42:c5:
         3b:8b:ee:d2:46:ab:34:03:56:6e:12:bc:bb:be:cc:15:ae:84:
         58:e3:f4:57:b9:4d:63:53:21:71:b4:ad:df:19:f5:c6:30:16:
         2e:1c:a2:d1:b4:45:5a:8e:8e:d7:f0:75:0b:32:82:ca:f0:5f:
         93:e2:b6:9c:7f:79:f7:fd:a8:76:09:27:0a:e9:e3:b5:9a:e2:
         5c:16:9d:c6:3d:66:18:77:35:23:fd:ca:bf:d1:1b:0e:a6:30:
         6b:27:0a:20
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQgaC5PdxUBtZLrytVfrqNaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhkMzQwMmVhZTAyN2FiY2Q5MjYwOTBjYzBkZGVmZjgwYWFi
OTJjMzUwHhcNMjUwMTAxMDU0ODA1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YWIxMTk0MmMxMTc5ZDU0ODhlYmU2Y2I1NTA4ZTFlMDlhY2M2ZGQ1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuyg6Vk3dLS9U+8x8zu5HVJT55c/d
s+qTcaXpbUXtY7v2Z2Gaow9xgpXktpUYIzSQfvXpH4XVLc+9eNCt0m5qeOihYs4h
jdQ194KSU6dYY0WerVqZ9q6OfLtux+fwbtvokiljLJ+oi9rVHSIkb8K7y3lBY2u5
1aP6cJFFFeInTXJOi9cdjiNX/3Xf3C/jsCMY5Blb+6+MCaCg/BLkwKHpsdvZtgs8
QXbAgIwYvmYujlD1kvHz9ukbxW2eR3kK88zwmtC1HK+FCOQmfd9sHKYGfeo3dkT4
wCeDsCAZZHWvza3+vHKM2i9N/yxcTunlEyfQ+FRjvIKbQFS+6TdMCCnF2QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFGqxGULBF51UiOvmy1UI4eCazG3VMB8GA1UdIwQY
MBaAFI00AurgJ6vNkmCQzA3e/4CquSw1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvalRRQzZ1QW5xODJTWUpETURkN19nS3E1TERVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80NS81NTgzNDgtNDkxMi00YmMxLThlNTgt
ZjkyZDdkYzM3ZDJlLzEvYXJFWlFzRVhuVlNJNi1iTFZRamg0SnJNYmRVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80NS81NTgzNDgtNDkxMi00YmMxLThlNTgtZjkyZDdkYzM3ZDJl
LzEvalRRQzZ1QW5xODJTWUpETURkN19nS3E1TERVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAubpMAwQA
ubpOMA0GCSqGSIb3DQEBCwUAA4IBAQCEA8c7rsNXKZqERAwQjkAtdhtV6bDSA097
r5ggpGAUx6PiZ8NhTXDCf8ca5Z1saEgq0+9ohyVGJuyLkbHB0A4MXuRK88vwi3BS
XIqr9BIYZe4t5jrksGtXYlchQ8Imu9LR06EhOyQLsCWVgYysSOJS+YM5xmKe8e9G
yn7gcpxVIpAEOUDtDrLPYsHx+AadNQXqgDBclhziL9YsgTSlrH71QsU7i+7SRqs0
A1ZuEry7vswVroRY4/RXuU1jUyFxtK3fGfXGMBYuHKLRtEVajo7X8HULMoLK8F+T
4racf3n3/ah2CScK6eO1muJcFp3GPWYYdzUj/cq/0RsOpjBrJwog
-----END CERTIFICATE-----