Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d9/9e49ff-4264-4647-95a4-8037965693a2/1/0WfJoxMemQt8nwlwlbf0-N5ZBgI.roa
File:                     0WfJoxMemQt8nwlwlbf0-N5ZBgI.roa (raw, json)
Hash identifier:          lHb75yOft9Kv2xRvC1d+Vx96c+J/4+jIL8gOSIRqeFs=
Subject key identifier:   D1:67:C9:A3:13:1E:99:0B:7C:9F:09:70:95:B7:F4:F8:DE:59:06:02
Certificate issuer:       /CN=20b5100e798fab7577bf725ac9569ea80e6c2a04
Certificate serial:       019426D9E6643844E3CD2CBE3A08B6A28649
Authority key identifier: 20:B5:10:0E:79:8F:AB:75:77:BF:72:5A:C9:56:9E:A8:0E:6C:2A:04
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ILUQDnmPq3V3v3JayVaeqA5sKgQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d9/9e49ff-4264-4647-95a4-8037965693a2/1/0WfJoxMemQt8nwlwlbf0-N5ZBgI.roa
Signing time:             Thu 02 Jan 2025 11:50:01 +0000
ROA not before:           Thu 02 Jan 2025 11:50:01 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     205019
IP address blocks:        185.70.100.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d9/9e49ff-4264-4647-95a4-8037965693a2/1/ILUQDnmPq3V3v3JayVaeqA5sKgQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d9/9e49ff-4264-4647-95a4-8037965693a2/1/ILUQDnmPq3V3v3JayVaeqA5sKgQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ILUQDnmPq3V3v3JayVaeqA5sKgQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 22:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:d9:e6:64:38:44:e3:cd:2c:be:3a:08:b6:a2:86:49
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=20b5100e798fab7577bf725ac9569ea80e6c2a04
        Validity
            Not Before: Jan  2 11:50:01 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d167c9a3131e990b7c9f097095b7f4f8de590602
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:bc:76:82:28:60:26:09:9a:ea:7c:09:54:10:
                    46:91:0b:37:ed:91:ad:be:7e:3b:6c:64:9a:36:e8:
                    40:23:5b:5b:b3:04:d5:a9:50:96:d7:da:ae:db:82:
                    30:df:a6:11:55:12:1c:14:45:2d:ce:b5:c3:90:b1:
                    65:c7:b8:17:22:ed:49:c7:9d:ed:63:b7:b8:fe:bf:
                    35:74:30:48:10:a0:02:0c:85:b6:af:80:d2:70:d4:
                    a1:72:45:01:ea:4a:8a:db:d1:b5:1e:b6:4e:52:a3:
                    f4:e5:fc:7c:46:04:64:df:1e:0d:9e:62:d9:37:56:
                    97:e4:19:21:ca:02:ad:e7:1d:0d:d0:57:3b:01:3a:
                    8a:2b:be:76:bd:89:af:8a:2a:8f:93:e0:13:fe:1f:
                    9c:0d:09:56:aa:ee:17:13:74:1d:55:64:8b:4b:be:
                    7c:18:67:c3:37:19:78:f9:4e:f1:ca:c6:b9:9e:8a:
                    75:79:3d:f0:60:99:83:5b:29:dc:2a:ef:1d:83:33:
                    c2:70:25:6e:bb:08:22:05:0f:d3:81:58:a2:b4:c3:
                    9f:4c:ea:b1:a9:3c:0f:da:a2:e2:d1:99:6f:12:38:
                    26:fa:0e:8c:08:be:b1:9f:d8:14:75:79:b1:b9:90:
                    07:7f:bd:cb:9a:22:c7:91:c8:e3:95:52:de:f8:3d:
                    9a:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D1:67:C9:A3:13:1E:99:0B:7C:9F:09:70:95:B7:F4:F8:DE:59:06:02
            X509v3 Authority Key Identifier:
                keyid:20:B5:10:0E:79:8F:AB:75:77:BF:72:5A:C9:56:9E:A8:0E:6C:2A:04

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ILUQDnmPq3V3v3JayVaeqA5sKgQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/9e49ff-4264-4647-95a4-8037965693a2/1/0WfJoxMemQt8nwlwlbf0-N5ZBgI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/9e49ff-4264-4647-95a4-8037965693a2/1/ILUQDnmPq3V3v3JayVaeqA5sKgQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.70.100.0/24

    Signature Algorithm: sha256WithRSAEncryption
         66:57:c5:1f:bd:09:b6:1b:67:f3:e3:16:5e:73:44:38:ca:04:
         d3:9d:e6:b7:38:b4:88:31:a7:95:50:8f:f3:f7:54:41:be:92:
         4b:21:a6:cf:19:b2:ed:c6:e6:79:0a:97:54:92:5b:50:70:6e:
         57:76:ee:43:58:09:c5:d5:b7:68:2f:f0:e3:09:63:76:d1:b0:
         10:d1:2f:f6:63:75:77:f0:68:7e:fa:41:fd:be:56:ed:c3:a6:
         35:1c:f3:b3:c7:51:50:a6:57:3d:ca:3d:bc:31:b5:83:58:10:
         2e:5f:90:13:e9:9b:95:a2:9d:6d:39:b5:31:00:b4:76:2e:20:
         2c:23:f9:7a:53:f6:d7:13:c8:09:6e:ff:c8:7c:02:3b:cd:8b:
         57:ee:e2:cd:fc:c2:02:df:9a:30:28:5c:43:07:e8:b4:35:6f:
         a0:32:a9:2d:a2:af:70:58:2f:ef:d7:d3:2d:dd:e5:05:b4:64:
         a1:43:d2:84:b9:44:15:0b:40:33:6f:e2:ee:b5:59:eb:ed:38:
         a6:7a:65:fb:b0:ba:4d:10:72:89:00:1d:52:56:5a:54:8c:18:
         94:7e:cc:19:81:57:a3:0a:eb:32:12:4e:4d:19:8e:94:6a:7c:
         d4:66:63:49:39:7c:6b:d9:b2:3e:35:2d:dc:1b:29:47:cb:86:
         73:75:86:60
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQm2eZkOETjzSy+Ogi2ooZJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIwYjUxMDBlNzk4ZmFiNzU3N2JmNzI1YWM5NTY5ZWE4MGU2
YzJhMDQwHhcNMjUwMTAyMTE1MDAxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMTY3YzlhMzEzMWU5OTBiN2M5ZjA5NzA5NWI3ZjRmOGRlNTkwNjAyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn7x2gihgJgma6nwJVBBGkQs37ZGt
vn47bGSaNuhAI1tbswTVqVCW19qu24Iw36YRVRIcFEUtzrXDkLFlx7gXIu1Jx53t
Y7e4/r81dDBIEKACDIW2r4DScNShckUB6kqK29G1HrZOUqP05fx8RgRk3x4NnmLZ
N1aX5BkhygKt5x0N0Fc7ATqKK752vYmviiqPk+AT/h+cDQlWqu4XE3QdVWSLS758
GGfDNxl4+U7xysa5nop1eT3wYJmDWyncKu8dgzPCcCVuuwgiBQ/TgViitMOfTOqx
qTwP2qLi0ZlvEjgm+g6MCL6xn9gUdXmxuZAHf73LmiLHkcjjlVLe+D2aCQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNFnyaMTHpkLfJ8JcJW39PjeWQYCMB8GA1UdIwQY
MBaAFCC1EA55j6t1d79yWslWnqgObCoEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSUxVUURubVBxM1YzdjNKYXlWYWVxQTVzS2dRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kOS85ZTQ5ZmYtNDI2NC00NjQ3LTk1YTQt
ODAzNzk2NTY5M2EyLzEvMFdmSm94TWVtUXQ4bndsd2xiZjAtTjVaQmdJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kOS85ZTQ5ZmYtNDI2NC00NjQ3LTk1YTQtODAzNzk2NTY5M2Ey
LzEvSUxVUURubVBxM1YzdjNKYXlWYWVxQTVzS2dRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuUZkMA0G
CSqGSIb3DQEBCwUAA4IBAQBmV8UfvQm2G2fz4xZec0Q4ygTTnea3OLSIMaeVUI/z
91RBvpJLIabPGbLtxuZ5CpdUkltQcG5Xdu5DWAnF1bdoL/DjCWN20bAQ0S/2Y3V3
8Gh++kH9vlbtw6Y1HPOzx1FQplc9yj28MbWDWBAuX5AT6ZuVop1tObUxALR2LiAs
I/l6U/bXE8gJbv/IfAI7zYtX7uLN/MIC35owKFxDB+i0NW+gMqktoq9wWC/v19Mt
3eUFtGShQ9KEuUQVC0Azb+LutVnr7TimemX7sLpNEHKJAB1SVlpUjBiUfswZgVej
CusyEk5NGY6UanzUZmNJOXxr2bI+NS3cGylHy4ZzdYZg
-----END CERTIFICATE-----