Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e2/45ac0f-383a-4eb4-b188-996189f9ce14/1/A0RJOA3D0QS8jyOdklsxwozEZks.roa
File:                     A0RJOA3D0QS8jyOdklsxwozEZks.roa (raw, json)
Hash identifier:          sW0q/KPoEvaj+bjphgSA1v3RGwifbXQZawO4nY7ko3U=
Subject key identifier:   03:44:49:38:0D:C3:D1:04:BC:8F:23:9D:92:5B:31:C2:8C:C4:66:4B
Certificate issuer:       /CN=09f0dcceb74f1185acd97aeeaac25dda5e9b0936
Certificate serial:       019427B59AB62F3EF6DFD7781FBA47324A60
Authority key identifier: 09:F0:DC:CE:B7:4F:11:85:AC:D9:7A:EE:AA:C2:5D:DA:5E:9B:09:36
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CfDczrdPEYWs2XruqsJd2l6bCTY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e2/45ac0f-383a-4eb4-b188-996189f9ce14/1/A0RJOA3D0QS8jyOdklsxwozEZks.roa
Signing time:             Thu 02 Jan 2025 15:50:00 +0000
ROA not before:           Thu 02 Jan 2025 15:50:00 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     29286
IP address blocks:        82.205.185.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e2/45ac0f-383a-4eb4-b188-996189f9ce14/1/CfDczrdPEYWs2XruqsJd2l6bCTY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e2/45ac0f-383a-4eb4-b188-996189f9ce14/1/CfDczrdPEYWs2XruqsJd2l6bCTY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CfDczrdPEYWs2XruqsJd2l6bCTY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 07:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:b5:9a:b6:2f:3e:f6:df:d7:78:1f:ba:47:32:4a:60
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=09f0dcceb74f1185acd97aeeaac25dda5e9b0936
        Validity
            Not Before: Jan  2 15:50:00 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=034449380dc3d104bc8f239d925b31c28cc4664b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:71:72:7e:f0:b4:f2:ab:e4:b8:ed:05:42:96:
                    41:e1:89:54:7f:a1:a1:d0:0e:46:7c:4a:e5:fe:9d:
                    78:fb:61:36:48:fa:bd:eb:e4:53:13:e7:bf:f0:00:
                    c6:96:a4:34:96:7d:64:79:92:83:39:89:46:be:4b:
                    27:1c:b0:ff:a2:c7:ee:26:d2:61:5b:a4:f9:7b:19:
                    54:05:50:92:99:9a:ef:8a:06:fe:9a:81:a1:df:22:
                    a4:b5:ea:3f:c4:73:ea:48:fb:eb:d2:6b:1c:76:34:
                    eb:84:87:51:16:04:15:b2:8d:21:68:d6:41:24:e4:
                    da:12:aa:2e:bc:02:b3:e0:31:c0:47:e7:48:88:25:
                    2f:75:67:18:39:e0:a4:a0:e3:c8:a3:06:1e:1a:39:
                    41:a2:57:87:23:6d:5e:85:7c:ea:ea:1b:4f:93:9c:
                    c6:48:1e:7c:9c:bb:ea:6c:66:22:10:20:e7:c5:03:
                    fb:03:9a:06:70:6e:d0:d8:74:4c:6a:5a:84:80:b4:
                    96:99:e0:43:bb:50:81:a1:04:09:6f:99:54:9e:a8:
                    95:42:f5:da:81:c3:c5:cf:72:f6:67:9f:a5:91:83:
                    1e:c0:f2:a9:04:14:65:98:de:4c:7e:ea:b9:d9:be:
                    6e:17:4c:a8:ab:39:4a:3b:d7:6c:f2:35:6f:5f:88:
                    dc:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                03:44:49:38:0D:C3:D1:04:BC:8F:23:9D:92:5B:31:C2:8C:C4:66:4B
            X509v3 Authority Key Identifier:
                keyid:09:F0:DC:CE:B7:4F:11:85:AC:D9:7A:EE:AA:C2:5D:DA:5E:9B:09:36

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CfDczrdPEYWs2XruqsJd2l6bCTY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/45ac0f-383a-4eb4-b188-996189f9ce14/1/A0RJOA3D0QS8jyOdklsxwozEZks.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/45ac0f-383a-4eb4-b188-996189f9ce14/1/CfDczrdPEYWs2XruqsJd2l6bCTY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.205.185.0/24

    Signature Algorithm: sha256WithRSAEncryption
         80:2e:8a:73:c5:27:02:1d:49:50:51:b1:8c:74:a3:7e:17:ea:
         31:05:4e:91:62:3f:c9:76:7e:6f:0c:f7:62:19:07:ec:6b:c5:
         2f:d2:fd:b1:d5:8f:06:09:28:1f:0b:15:5c:e1:08:30:6b:21:
         62:87:f9:d8:6f:4c:50:90:ff:d0:fe:4f:74:88:09:c7:6b:81:
         0a:89:64:83:77:3c:1d:48:6d:7c:a2:03:43:8c:8c:0d:4e:8a:
         be:9e:87:63:45:42:e0:4f:38:68:d2:e3:02:72:8d:2d:71:8e:
         18:56:ac:c1:db:34:2c:48:cb:9c:c6:f1:41:ab:f9:a5:fa:42:
         3b:09:22:bb:47:84:aa:8e:9d:f9:64:d5:6c:ec:e9:1f:18:16:
         f4:3f:db:27:31:45:0e:5e:4f:24:fa:97:03:81:58:74:13:7e:
         87:20:0f:61:b3:c7:41:65:46:b1:a6:a7:da:1e:9e:d4:67:9a:
         71:d6:26:d4:38:39:54:96:95:27:86:6e:8f:d0:a2:a1:e8:59:
         e2:19:0e:00:d8:9c:6a:78:9f:e8:9e:58:c4:7a:f8:e6:27:f6:
         05:2c:d1:ee:34:d7:4c:cf:27:1a:58:4b:17:76:7f:86:2e:6b:
         f6:42:71:c4:1e:20:21:46:27:4e:d0:45:82:36:de:91:80:7a:
         4b:bc:ff:af
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQntZq2Lz7239d4H7pHMkpgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA5ZjBkY2NlYjc0ZjExODVhY2Q5N2FlZWFhYzI1ZGRhNWU5
YjA5MzYwHhcNMjUwMTAyMTU1MDAwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMzQ0NDkzODBkYzNkMTA0YmM4ZjIzOWQ5MjViMzFjMjhjYzQ2NjRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApXFyfvC08qvkuO0FQpZB4YlUf6Gh
0A5GfErl/p14+2E2SPq96+RTE+e/8ADGlqQ0ln1keZKDOYlGvksnHLD/osfuJtJh
W6T5exlUBVCSmZrvigb+moGh3yKkteo/xHPqSPvr0mscdjTrhIdRFgQVso0haNZB
JOTaEqouvAKz4DHAR+dIiCUvdWcYOeCkoOPIowYeGjlBoleHI21ehXzq6htPk5zG
SB58nLvqbGYiECDnxQP7A5oGcG7Q2HRMalqEgLSWmeBDu1CBoQQJb5lUnqiVQvXa
gcPFz3L2Z5+lkYMewPKpBBRlmN5Mfuq52b5uF0yoqzlKO9ds8jVvX4jcvwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFANESTgNw9EEvI8jnZJbMcKMxGZLMB8GA1UdIwQY
MBaAFAnw3M63TxGFrNl67qrCXdpemwk2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ2ZEY3pyZFBFWVdzMlhydXFzSmQybDZiQ1RZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMi80NWFjMGYtMzgzYS00ZWI0LWIxODgt
OTk2MTg5ZjljZTE0LzEvQTBSSk9BM0QwUVM4anlPZGtsc3h3b3pFWmtzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMi80NWFjMGYtMzgzYS00ZWI0LWIxODgtOTk2MTg5ZjljZTE0
LzEvQ2ZEY3pyZFBFWVdzMlhydXFzSmQybDZiQ1RZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUs25MA0G
CSqGSIb3DQEBCwUAA4IBAQCALopzxScCHUlQUbGMdKN+F+oxBU6RYj/Jdn5vDPdi
GQfsa8Uv0v2x1Y8GCSgfCxVc4QgwayFih/nYb0xQkP/Q/k90iAnHa4EKiWSDdzwd
SG18ogNDjIwNToq+nodjRULgTzho0uMCco0tcY4YVqzB2zQsSMucxvFBq/ml+kI7
CSK7R4Sqjp35ZNVs7OkfGBb0P9snMUUOXk8k+pcDgVh0E36HIA9hs8dBZUaxpqfa
Hp7UZ5px1ibUODlUlpUnhm6P0KKh6FniGQ4A2JxqeJ/onljEevjmJ/YFLNHuNNdM
zycaWEsXdn+GLmv2QnHEHiAhRidO0EWCNt6RgHpLvP+v
-----END CERTIFICATE-----