Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a9/3c02f6-7c41-49bb-b9de-b69dce7547a1/1/dK_YVUmItcs6Jo6KBWMzLehOltU.roa
File:                     dK_YVUmItcs6Jo6KBWMzLehOltU.roa (raw, json)
Hash identifier:          cxdMWN6vf7XXfhS5ABEMBqXeAf173QdfF9qlyNjA1g8=
Subject key identifier:   74:AF:D8:55:49:88:B5:CB:3A:26:8E:8A:05:63:33:2D:E8:4E:96:D5
Certificate issuer:       /CN=16cde139ae0573b0a4dda93e77b57ff27f9beba1
Certificate serial:       0194266A4FB78FCAED9FB2F80E14836F63F7
Authority key identifier: 16:CD:E1:39:AE:05:73:B0:A4:DD:A9:3E:77:B5:7F:F2:7F:9B:EB:A1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Fs3hOa4Fc7Ck3ak-d7V_8n-b66E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a9/3c02f6-7c41-49bb-b9de-b69dce7547a1/1/dK_YVUmItcs6Jo6KBWMzLehOltU.roa
Signing time:             Thu 02 Jan 2025 09:48:08 +0000
ROA not before:           Thu 02 Jan 2025 09:48:08 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     20594
IP address blocks:        185.62.144.0/23 maxlen: 23
                          185.62.146.0/24 maxlen: 24
                          217.194.32.0/20 maxlen: 20
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a9/3c02f6-7c41-49bb-b9de-b69dce7547a1/1/Fs3hOa4Fc7Ck3ak-d7V_8n-b66E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a9/3c02f6-7c41-49bb-b9de-b69dce7547a1/1/Fs3hOa4Fc7Ck3ak-d7V_8n-b66E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Fs3hOa4Fc7Ck3ak-d7V_8n-b66E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 09 Apr 2025 18:01:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:6a:4f:b7:8f:ca:ed:9f:b2:f8:0e:14:83:6f:63:f7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=16cde139ae0573b0a4dda93e77b57ff27f9beba1
        Validity
            Not Before: Jan  2 09:48:08 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=74afd8554988b5cb3a268e8a0563332de84e96d5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:8d:7d:98:e0:dc:6a:e1:09:e2:f8:ca:ad:8f:
                    41:b1:aa:4f:60:ba:6e:1d:3c:22:cf:7f:da:60:09:
                    fe:e7:84:bc:ed:8a:d2:bc:4a:a2:43:a2:56:c8:44:
                    94:a7:d0:79:d9:3d:8d:47:dc:ec:35:7a:a4:81:7f:
                    70:f8:94:e6:3a:a2:60:53:d3:7b:9e:b7:f6:8a:65:
                    46:af:a2:95:90:18:2b:d1:08:76:90:24:77:40:76:
                    5d:8d:1d:62:da:c4:6c:de:2f:4f:1f:52:67:ab:60:
                    0e:22:36:a1:3e:d4:f0:23:1f:81:fb:c1:81:90:f9:
                    df:a3:2d:8e:1c:4c:cc:e4:33:e6:d2:44:f8:69:1a:
                    28:89:f8:b5:b0:55:58:e9:47:53:91:b4:23:b5:8c:
                    80:2c:39:b4:81:5a:c7:89:7e:2f:0c:d2:0b:40:59:
                    01:78:6a:16:ea:ae:73:c4:4f:5f:58:93:f7:06:d3:
                    4b:1e:0d:02:39:d7:15:1c:aa:7e:20:df:ba:c1:a7:
                    79:13:1d:19:d6:5c:23:d3:8c:b7:72:3c:25:b8:b0:
                    a1:fe:0a:76:3b:5d:6a:df:1c:07:6e:84:be:db:84:
                    6f:9f:aa:37:0e:d1:ea:8d:74:7a:cb:fb:73:16:91:
                    25:56:d7:44:aa:7d:21:85:45:4e:40:4d:cf:fd:a0:
                    4d:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                74:AF:D8:55:49:88:B5:CB:3A:26:8E:8A:05:63:33:2D:E8:4E:96:D5
            X509v3 Authority Key Identifier:
                keyid:16:CD:E1:39:AE:05:73:B0:A4:DD:A9:3E:77:B5:7F:F2:7F:9B:EB:A1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Fs3hOa4Fc7Ck3ak-d7V_8n-b66E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/3c02f6-7c41-49bb-b9de-b69dce7547a1/1/dK_YVUmItcs6Jo6KBWMzLehOltU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/3c02f6-7c41-49bb-b9de-b69dce7547a1/1/Fs3hOa4Fc7Ck3ak-d7V_8n-b66E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.62.144.0-185.62.146.255
                  217.194.32.0/20

    Signature Algorithm: sha256WithRSAEncryption
         6a:6a:bc:ec:4c:a0:c8:b3:39:f6:14:1f:5e:57:af:ef:f5:9a:
         c1:a9:b3:3a:73:c4:97:f8:c5:81:55:6f:2e:cc:6b:e1:ce:b5:
         0c:c9:78:53:84:23:14:4a:66:9e:27:31:59:44:a4:93:9a:97:
         4e:25:5b:be:31:ba:d0:cd:3e:c9:46:7b:08:bf:03:ba:d3:d8:
         61:c1:59:95:0d:f7:f6:f8:3b:b0:89:cf:c2:c9:55:d8:e2:a0:
         99:af:94:82:7f:fa:50:59:84:2f:cf:f7:0e:d4:bd:dd:05:e6:
         86:61:c4:92:88:39:8f:0b:c9:a8:ef:ce:f4:a4:57:8e:51:9d:
         24:b6:74:ff:c1:cd:18:58:fc:f8:69:c2:e1:52:e5:ce:18:7a:
         b5:fa:a6:16:d7:4b:c0:74:aa:c6:b8:08:af:b6:47:31:62:f8:
         2e:d3:54:be:e3:3c:32:dc:33:6a:2f:c4:33:c7:a7:50:c7:c2:
         bb:22:1f:bf:4f:23:1c:1a:d7:2b:5e:a1:1b:aa:4a:6f:ee:d8:
         77:bb:9f:a6:26:99:27:2a:84:f3:b1:ae:7b:bd:d4:f6:fe:6f:
         60:e2:eb:9f:0d:3e:46:db:47:fd:87:8e:82:83:68:ea:84:e3:
         9d:f7:76:05:82:ec:8a:b4:75:60:f7:0e:bc:1c:a2:d6:ab:bd:
         f8:b0:3d:0e
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAZQmak+3j8rtn7L4DhSDb2P3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE2Y2RlMTM5YWUwNTczYjBhNGRkYTkzZTc3YjU3ZmYyN2Y5
YmViYTEwHhcNMjUwMTAyMDk0ODA4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NGFmZDg1NTQ5ODhiNWNiM2EyNjhlOGEwNTYzMzMyZGU4NGU5NmQ1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuo19mODcauEJ4vjKrY9BsapPYLpu
HTwiz3/aYAn+54S87YrSvEqiQ6JWyESUp9B52T2NR9zsNXqkgX9w+JTmOqJgU9N7
nrf2imVGr6KVkBgr0Qh2kCR3QHZdjR1i2sRs3i9PH1Jnq2AOIjahPtTwIx+B+8GB
kPnfoy2OHEzM5DPm0kT4aRooifi1sFVY6UdTkbQjtYyALDm0gVrHiX4vDNILQFkB
eGoW6q5zxE9fWJP3BtNLHg0COdcVHKp+IN+6wad5Ex0Z1lwj04y3cjwluLCh/gp2
O11q3xwHboS+24Rvn6o3DtHqjXR6y/tzFpElVtdEqn0hhUVOQE3P/aBN5wIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFHSv2FVJiLXLOiaOigVjMy3oTpbVMB8GA1UdIwQY
MBaAFBbN4TmuBXOwpN2pPne1f/J/m+uhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRnMzaE9hNEZjN0NrM2FrLWQ3Vl84bi1iNjZFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOS8zYzAyZjYtN2M0MS00OWJiLWI5ZGUt
YjY5ZGNlNzU0N2ExLzEvZEtfWVZVbUl0Y3M2Sm82S0JXTXpMZWhPbHRVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hOS8zYzAyZjYtN2M0MS00OWJiLWI5ZGUtYjY5ZGNlNzU0N2Ex
LzEvRnMzaE9hNEZjN0NrM2FrLWQ3Vl84bi1iNjZFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAATAUMAwDBAS5PpAD
BAC5PpIDBATZwiAwDQYJKoZIhvcNAQELBQADggEBAGpqvOxMoMizOfYUH15Xr+/1
msGpszpzxJf4xYFVby7Ma+HOtQzJeFOEIxRKZp4nMVlEpJOal04lW74xutDNPslG
ewi/A7rT2GHBWZUN9/b4O7CJz8LJVdjioJmvlIJ/+lBZhC/P9w7Uvd0F5oZhxJKI
OY8LyajvzvSkV45RnSS2dP/BzRhY/PhpwuFS5c4YerX6phbXS8B0qsa4CK+2RzFi
+C7TVL7jPDLcM2ovxDPHp1DHwrsiH79PIxwa1yteoRuqSm/u2He7n6YmmScqhPOx
rnu91Pb+b2Di658NPkbbR/2HjoKDaOqE4533dgWC7Iq0dWD3DrwcotarvfiwPQ4=
-----END CERTIFICATE-----