Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b8/3b8f3b-ebf0-4cb7-a49b-a8585849be14/1/JmhavQCJc5YnIlopAxHIw2DUMUU.roa
File:                     JmhavQCJc5YnIlopAxHIw2DUMUU.roa (raw, json)
Hash identifier:          v4gVDRFKxyXMWebq6LZbmBqGUeq2Q/D6ShHZHU8b8+s=
Subject key identifier:   26:68:5A:BD:00:89:73:96:27:22:5A:29:03:11:C8:C3:60:D4:31:45
Certificate issuer:       /CN=1220dd2b92da284c63cec46f6f6a41c013a9c881
Certificate serial:       019423D6B596B548F09D8D384F91ED1BBE44
Authority key identifier: 12:20:DD:2B:92:DA:28:4C:63:CE:C4:6F:6F:6A:41:C0:13:A9:C8:81
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/EiDdK5LaKExjzsRvb2pBwBOpyIE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b8/3b8f3b-ebf0-4cb7-a49b-a8585849be14/1/JmhavQCJc5YnIlopAxHIw2DUMUU.roa
Signing time:             Wed 01 Jan 2025 21:47:41 +0000
ROA not before:           Wed 01 Jan 2025 21:47:41 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     134176
IP address blocks:        185.243.42.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b8/3b8f3b-ebf0-4cb7-a49b-a8585849be14/1/EiDdK5LaKExjzsRvb2pBwBOpyIE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b8/3b8f3b-ebf0-4cb7-a49b-a8585849be14/1/EiDdK5LaKExjzsRvb2pBwBOpyIE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/EiDdK5LaKExjzsRvb2pBwBOpyIE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 01:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:d6:b5:96:b5:48:f0:9d:8d:38:4f:91:ed:1b:be:44
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1220dd2b92da284c63cec46f6f6a41c013a9c881
        Validity
            Not Before: Jan  1 21:47:41 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=26685abd0089739627225a290311c8c360d43145
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:d5:4e:05:4d:9d:0e:98:f2:e3:5d:f8:c9:89:
                    83:8f:94:14:a2:91:f8:d2:04:cb:cd:6c:12:31:a9:
                    26:3d:d8:a4:d7:24:39:7d:56:27:1a:75:15:38:bd:
                    52:e6:16:e7:1c:62:fd:ca:94:9f:12:43:87:28:f1:
                    66:34:9c:9a:5f:f6:6f:63:53:ff:2e:d7:02:50:98:
                    8a:48:b1:d3:be:6d:19:5c:17:bb:2f:f1:4b:fb:b0:
                    68:3f:a0:fc:4b:75:43:f4:ea:4a:73:7d:15:42:c4:
                    ab:d1:73:69:c7:c8:18:7f:88:fa:c0:c1:8f:08:e5:
                    f5:e7:aa:d5:1b:23:f3:5a:0c:dc:9f:6f:2d:57:4c:
                    ee:8f:81:ab:26:bc:9c:2e:9d:40:13:8f:b7:d4:f6:
                    84:36:1d:77:94:c5:94:cb:5d:9d:19:a8:63:65:b4:
                    97:f9:9a:e4:43:b6:20:b2:8a:00:70:7d:26:0d:fb:
                    eb:b7:95:a1:2d:a5:38:b2:c1:ac:dc:6c:32:15:3f:
                    f0:97:90:c7:2d:4e:fe:56:6d:83:34:40:a6:29:99:
                    38:44:19:f4:68:7f:83:f7:a4:f1:43:d8:98:c1:68:
                    3d:2d:39:91:75:d8:38:0c:7d:67:a0:64:e6:3a:52:
                    e6:0d:05:49:fc:38:20:5e:a4:ea:1c:a2:0f:dd:55:
                    dc:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                26:68:5A:BD:00:89:73:96:27:22:5A:29:03:11:C8:C3:60:D4:31:45
            X509v3 Authority Key Identifier:
                keyid:12:20:DD:2B:92:DA:28:4C:63:CE:C4:6F:6F:6A:41:C0:13:A9:C8:81

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EiDdK5LaKExjzsRvb2pBwBOpyIE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/3b8f3b-ebf0-4cb7-a49b-a8585849be14/1/JmhavQCJc5YnIlopAxHIw2DUMUU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/3b8f3b-ebf0-4cb7-a49b-a8585849be14/1/EiDdK5LaKExjzsRvb2pBwBOpyIE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.243.42.0/24

    Signature Algorithm: sha256WithRSAEncryption
         76:9c:c7:c9:f3:de:27:63:17:be:58:29:a0:dd:ee:ae:b8:96:
         46:3c:02:0c:8e:74:56:bb:ba:5a:28:f8:3b:d1:a3:63:d9:2a:
         58:8d:df:59:95:cf:79:09:ba:28:e7:cd:34:46:fe:9d:ba:25:
         4c:af:87:f1:4c:fd:c0:38:a9:f5:ab:bc:04:e2:95:e1:37:28:
         c6:25:f5:6a:0d:59:77:63:f4:c7:2f:ae:0f:f1:d7:ad:d8:22:
         08:6e:8b:3b:2e:12:dc:c0:20:d3:0e:86:b6:0e:06:6d:64:b6:
         11:4f:8a:ae:de:21:f7:41:57:00:7d:91:3f:53:d2:00:58:3b:
         36:7b:f7:28:99:e8:27:db:7b:3f:7c:17:07:db:50:67:09:31:
         62:ca:c3:0b:fc:6f:e5:1e:2c:2d:5e:d9:1c:47:de:19:75:c8:
         9a:8a:66:87:0a:18:05:5e:59:bd:2e:64:7b:fa:75:3b:85:55:
         d5:6f:e5:52:d9:65:96:ce:7d:7b:1f:fb:52:87:10:c6:56:2b:
         ac:f2:cb:f6:e8:ac:9b:2d:04:4b:89:26:b6:43:ae:2e:7a:f7:
         43:1e:5f:04:c7:5a:88:67:56:bf:2c:8d:dd:24:fd:e6:05:a1:
         e0:5b:30:fd:81:95:3f:2e:be:9d:79:86:f3:5e:11:94:f8:38:
         be:08:12:f3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQj1rWWtUjwnY04T5HtG75EMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEyMjBkZDJiOTJkYTI4NGM2M2NlYzQ2ZjZmNmE0MWMwMTNh
OWM4ODEwHhcNMjUwMTAxMjE0NzQxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNjY4NWFiZDAwODk3Mzk2MjcyMjVhMjkwMzExYzhjMzYwZDQzMTQ1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2tVOBU2dDpjy4134yYmDj5QUopH4
0gTLzWwSMakmPdik1yQ5fVYnGnUVOL1S5hbnHGL9ypSfEkOHKPFmNJyaX/ZvY1P/
LtcCUJiKSLHTvm0ZXBe7L/FL+7BoP6D8S3VD9OpKc30VQsSr0XNpx8gYf4j6wMGP
COX156rVGyPzWgzcn28tV0zuj4GrJrycLp1AE4+31PaENh13lMWUy12dGahjZbSX
+ZrkQ7YgsooAcH0mDfvrt5WhLaU4ssGs3GwyFT/wl5DHLU7+Vm2DNECmKZk4RBn0
aH+D96TxQ9iYwWg9LTmRddg4DH1noGTmOlLmDQVJ/DggXqTqHKIP3VXcZwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCZoWr0AiXOWJyJaKQMRyMNg1DFFMB8GA1UdIwQY
MBaAFBIg3SuS2ihMY87Eb29qQcATqciBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRWlEZEs1TGFLRXhqenNSdmIycEJ3Qk9weUlFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOC8zYjhmM2ItZWJmMC00Y2I3LWE0OWIt
YTg1ODU4NDliZTE0LzEvSm1oYXZRQ0pjNVluSWxvcEF4SEl3MkRVTVVVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOC8zYjhmM2ItZWJmMC00Y2I3LWE0OWItYTg1ODU4NDliZTE0
LzEvRWlEZEs1TGFLRXhqenNSdmIycEJ3Qk9weUlFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAufMqMA0G
CSqGSIb3DQEBCwUAA4IBAQB2nMfJ894nYxe+WCmg3e6uuJZGPAIMjnRWu7paKPg7
0aNj2SpYjd9Zlc95Cboo5800Rv6duiVMr4fxTP3AOKn1q7wE4pXhNyjGJfVqDVl3
Y/THL64P8det2CIIbos7LhLcwCDTDoa2DgZtZLYRT4qu3iH3QVcAfZE/U9IAWDs2
e/comegn23s/fBcH21BnCTFiysML/G/lHiwtXtkcR94ZdciaimaHChgFXlm9LmR7
+nU7hVXVb+VS2WWWzn17H/tShxDGVius8sv26KybLQRLiSa2Q64uevdDHl8Ex1qI
Z1a/LI3dJP3mBaHgWzD9gZU/Lr6deYbzXhGU+Di+CBLz
-----END CERTIFICATE-----