Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/da/8e291a-b655-46e4-bdc3-ef5ba54adb59/1/ikBv5b5jvUgLHCzEElZRpG0xhaQ.roa
File:                     ikBv5b5jvUgLHCzEElZRpG0xhaQ.roa (raw, json)
Hash identifier:          gqu/sWjZphbSMNC/g5mms3lw1LEITcFb3ZdY4tecg1U=
Subject key identifier:   8A:40:6F:E5:BE:63:BD:48:0B:1C:2C:C4:12:56:51:A4:6D:31:85:A4
Certificate issuer:       /CN=20b4873842a904f1a697201393e7ba626842f4af
Certificate serial:       019623BF26CD36C47F1C0453F83E6103AF4B
Authority key identifier: 20:B4:87:38:42:A9:04:F1:A6:97:20:13:93:E7:BA:62:68:42:F4:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ILSHOEKpBPGmlyATk-e6YmhC9K8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/da/8e291a-b655-46e4-bdc3-ef5ba54adb59/1/ikBv5b5jvUgLHCzEElZRpG0xhaQ.roa
Signing time:             Fri 11 Apr 2025 07:27:31 +0000
ROA not before:           Fri 11 Apr 2025 07:27:31 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     50333
IP address blocks:        85.255.240.0/20 maxlen: 20
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/da/8e291a-b655-46e4-bdc3-ef5ba54adb59/1/ILSHOEKpBPGmlyATk-e6YmhC9K8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/da/8e291a-b655-46e4-bdc3-ef5ba54adb59/1/ILSHOEKpBPGmlyATk-e6YmhC9K8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ILSHOEKpBPGmlyATk-e6YmhC9K8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 24 Apr 2025 07:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:23:bf:26:cd:36:c4:7f:1c:04:53:f8:3e:61:03:af:4b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=20b4873842a904f1a697201393e7ba626842f4af
        Validity
            Not Before: Apr 11 07:27:31 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8a406fe5be63bd480b1c2cc4125651a46d3185a4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:41:03:6d:e8:39:cf:84:7f:42:13:7a:cf:fb:
                    83:57:e7:83:c4:43:7a:0d:4b:53:96:28:e4:bc:46:
                    fa:3e:74:c0:1e:08:e8:b7:3d:d3:b2:d1:d0:c1:57:
                    bb:29:06:c5:f5:5d:2c:2b:c2:25:72:a2:73:57:9f:
                    ee:14:03:b2:c1:6d:84:cf:4c:da:ac:e0:45:2e:72:
                    59:09:85:53:02:42:e7:7e:6b:d3:37:99:51:40:a8:
                    b0:b9:f0:c4:b8:2d:33:da:97:f6:22:f5:1f:b6:54:
                    73:55:2a:0d:16:3c:c0:e8:22:5d:6a:6a:49:6a:7d:
                    f7:fd:85:36:60:8b:71:8e:b3:ab:d4:38:93:e9:74:
                    91:7d:23:c7:67:d8:f1:6c:91:e7:ff:6a:c1:73:38:
                    68:1d:24:49:df:fe:90:e3:92:47:42:06:5e:d0:0d:
                    45:97:8e:75:07:96:05:6d:f1:ab:ff:06:9c:e8:f2:
                    9a:ab:e5:99:e5:1c:06:73:95:9d:1e:90:61:1a:20:
                    b4:bc:ca:c6:cb:bc:fc:a0:bc:ed:8c:97:ea:c4:a3:
                    f9:b1:99:43:e9:66:15:fd:95:00:d4:0f:5c:be:4d:
                    4a:19:fb:2c:90:df:67:e2:67:cf:20:06:ae:4f:d1:
                    f8:12:03:2d:d1:e5:a6:37:d0:81:51:48:6d:dc:9b:
                    cb:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8A:40:6F:E5:BE:63:BD:48:0B:1C:2C:C4:12:56:51:A4:6D:31:85:A4
            X509v3 Authority Key Identifier:
                keyid:20:B4:87:38:42:A9:04:F1:A6:97:20:13:93:E7:BA:62:68:42:F4:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ILSHOEKpBPGmlyATk-e6YmhC9K8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/da/8e291a-b655-46e4-bdc3-ef5ba54adb59/1/ikBv5b5jvUgLHCzEElZRpG0xhaQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/da/8e291a-b655-46e4-bdc3-ef5ba54adb59/1/ILSHOEKpBPGmlyATk-e6YmhC9K8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.255.240.0/20

    Signature Algorithm: sha256WithRSAEncryption
         77:22:26:8a:0b:0e:8f:bf:70:4d:03:fe:1e:f9:06:91:ba:57:
         fd:89:34:29:1c:24:fb:a8:17:02:ff:47:98:cf:c6:a7:fe:f4:
         02:2c:cd:14:c1:1a:28:91:31:ba:1d:7a:1a:0a:5c:35:df:09:
         2a:37:87:50:c9:fc:b2:8d:fe:2b:ee:be:6c:04:89:1f:3f:c1:
         45:e3:fa:fa:d2:40:59:96:5b:0e:7a:c6:42:af:fd:f0:56:8e:
         9d:dd:b7:ea:93:2d:3f:bb:98:ea:b9:17:f4:cb:09:a4:41:d1:
         d7:e2:d2:1e:53:6b:b3:fb:c9:2b:09:af:a5:b5:5c:cd:6e:fa:
         e4:f5:8c:4d:0c:82:51:07:00:58:e9:73:90:2a:47:fc:ef:65:
         38:46:44:33:65:7d:49:25:4d:49:53:b6:34:7e:34:c4:86:84:
         2e:71:a6:d8:b1:e7:ec:15:ba:53:71:c7:3c:7c:c9:a9:c5:20:
         75:94:01:50:64:81:b3:80:c1:37:a2:eb:72:86:1e:19:2f:14:
         b8:d6:0a:b1:e4:e4:ee:f1:19:83:91:a7:25:b6:7f:6d:e5:cc:
         0a:c9:a3:41:2b:ef:d2:c3:eb:86:36:7f:a0:b3:2d:8a:60:24:
         22:a1:a0:f7:0e:b7:52:9c:43:34:7e:f7:ad:30:30:dd:87:b0:
         fb:c4:00:90
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZYjvybNNsR/HART+D5hA69LMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIwYjQ4NzM4NDJhOTA0ZjFhNjk3MjAxMzkzZTdiYTYyNjg0
MmY0YWYwHhcNMjUwNDExMDcyNzMxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YTQwNmZlNWJlNjNiZDQ4MGIxYzJjYzQxMjU2NTFhNDZkMzE4NWE0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxkEDbeg5z4R/QhN6z/uDV+eDxEN6
DUtTlijkvEb6PnTAHgjotz3TstHQwVe7KQbF9V0sK8IlcqJzV5/uFAOywW2Ez0za
rOBFLnJZCYVTAkLnfmvTN5lRQKiwufDEuC0z2pf2IvUftlRzVSoNFjzA6CJdampJ
an33/YU2YItxjrOr1DiT6XSRfSPHZ9jxbJHn/2rBczhoHSRJ3/6Q45JHQgZe0A1F
l451B5YFbfGr/wac6PKaq+WZ5RwGc5WdHpBhGiC0vMrGy7z8oLztjJfqxKP5sZlD
6WYV/ZUA1A9cvk1KGfsskN9n4mfPIAauT9H4EgMt0eWmN9CBUUht3JvLDwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIpAb+W+Y71ICxwsxBJWUaRtMYWkMB8GA1UdIwQY
MBaAFCC0hzhCqQTxppcgE5PnumJoQvSvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSUxTSE9FS3BCUEdtbHlBVGstZTZZbWhDOUs4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYS84ZTI5MWEtYjY1NS00NmU0LWJkYzMt
ZWY1YmE1NGFkYjU5LzEvaWtCdjViNWp2VWdMSEN6RUVsWlJwRzB4aGFRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYS84ZTI5MWEtYjY1NS00NmU0LWJkYzMtZWY1YmE1NGFkYjU5
LzEvSUxTSE9FS3BCUEdtbHlBVGstZTZZbWhDOUs4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQEVf/wMA0G
CSqGSIb3DQEBCwUAA4IBAQB3IiaKCw6Pv3BNA/4e+QaRulf9iTQpHCT7qBcC/0eY
z8an/vQCLM0UwRookTG6HXoaClw13wkqN4dQyfyyjf4r7r5sBIkfP8FF4/r60kBZ
llsOesZCr/3wVo6d3bfqky0/u5jquRf0ywmkQdHX4tIeU2uz+8krCa+ltVzNbvrk
9YxNDIJRBwBY6XOQKkf872U4RkQzZX1JJU1JU7Y0fjTEhoQucabYsefsFbpTccc8
fMmpxSB1lAFQZIGzgME3outyhh4ZLxS41gqx5OTu8RmDkacltn9t5cwKyaNBK+/S
w+uGNn+gsy2KYCQioaD3DrdSnEM0fvetMDDdh7D7xACQ
-----END CERTIFICATE-----