Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/7494bf-8acd-4e43-86ce-e7c8cf3af5de/1/tCDe7wPjFadsHNNfvUOgDucY0uQ.roa
File:                     tCDe7wPjFadsHNNfvUOgDucY0uQ.roa (raw, json)
Hash identifier:          BMf/pb8712weiBqMIzsz+9w0GyVgsUYRF3OPa//jU1U=
Subject key identifier:   B4:20:DE:EF:03:E3:15:A7:6C:1C:D3:5F:BD:43:A0:0E:E7:18:D2:E4
Certificate issuer:       /CN=e1477072b91af5c3f3bfe69743243e7cda3ae879
Certificate serial:       019421B23F4E7F7AACC57FF16E32D2D457BE
Authority key identifier: E1:47:70:72:B9:1A:F5:C3:F3:BF:E6:97:43:24:3E:7C:DA:3A:E8:79
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4Udwcrka9cPzv-aXQyQ-fNo66Hk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/7494bf-8acd-4e43-86ce-e7c8cf3af5de/1/tCDe7wPjFadsHNNfvUOgDucY0uQ.roa
Signing time:             Wed 01 Jan 2025 11:48:37 +0000
ROA not before:           Wed 01 Jan 2025 11:48:37 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     135391
IP address blocks:        185.145.235.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/03/7494bf-8acd-4e43-86ce-e7c8cf3af5de/1/4Udwcrka9cPzv-aXQyQ-fNo66Hk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/03/7494bf-8acd-4e43-86ce-e7c8cf3af5de/1/4Udwcrka9cPzv-aXQyQ-fNo66Hk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4Udwcrka9cPzv-aXQyQ-fNo66Hk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 14 Apr 2025 20:01:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:b2:3f:4e:7f:7a:ac:c5:7f:f1:6e:32:d2:d4:57:be
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e1477072b91af5c3f3bfe69743243e7cda3ae879
        Validity
            Not Before: Jan  1 11:48:37 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b420deef03e315a76c1cd35fbd43a00ee718d2e4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:62:f8:f8:78:84:26:33:2e:34:54:87:55:cf:
                    4d:c2:bd:e0:6c:9a:fe:52:b7:dd:4a:f6:4f:33:e4:
                    e1:cc:79:84:da:d6:65:1c:16:75:a6:a5:0a:af:95:
                    a8:93:ff:6c:3c:d0:59:dc:ce:0b:34:12:c7:c2:1b:
                    90:61:7c:26:9a:7a:11:ce:c3:05:06:a0:10:8c:d4:
                    63:71:22:b3:3c:ac:5f:ed:83:ab:cd:71:46:ac:4b:
                    7d:d8:72:ca:d8:d8:12:2f:ff:c1:29:13:91:c7:30:
                    d9:70:d0:8e:4c:27:58:ca:d6:d3:00:eb:3b:2d:a4:
                    b1:71:c9:99:05:fc:d7:5c:22:9f:db:d8:03:f4:07:
                    c8:a6:97:0b:67:54:2a:b7:2f:07:25:de:1d:2f:d4:
                    d9:77:f8:c1:56:1b:28:52:c8:36:a0:89:d4:8f:f5:
                    92:e8:fe:f0:d0:1d:56:6c:66:0a:45:47:a4:86:e2:
                    22:cb:f5:08:f0:cf:a9:a4:57:e4:0b:36:fc:24:26:
                    ec:79:ad:27:7f:2b:1b:24:2f:f6:dd:ce:7b:7a:30:
                    39:76:fd:6a:7f:f7:21:4b:cf:d7:44:33:73:99:e9:
                    5f:d0:ee:6d:35:5e:2b:5c:39:ac:5a:83:e6:80:c7:
                    bd:cb:45:16:9c:ce:67:5c:18:ad:cf:20:de:a1:8b:
                    51:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B4:20:DE:EF:03:E3:15:A7:6C:1C:D3:5F:BD:43:A0:0E:E7:18:D2:E4
            X509v3 Authority Key Identifier:
                keyid:E1:47:70:72:B9:1A:F5:C3:F3:BF:E6:97:43:24:3E:7C:DA:3A:E8:79

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4Udwcrka9cPzv-aXQyQ-fNo66Hk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/7494bf-8acd-4e43-86ce-e7c8cf3af5de/1/tCDe7wPjFadsHNNfvUOgDucY0uQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/7494bf-8acd-4e43-86ce-e7c8cf3af5de/1/4Udwcrka9cPzv-aXQyQ-fNo66Hk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.145.235.0/24

    Signature Algorithm: sha256WithRSAEncryption
         65:c1:cf:ea:79:8f:23:88:10:bc:2f:2a:8b:38:8c:ae:a6:75:
         23:d4:59:12:67:e5:17:1d:59:18:5e:be:49:19:50:88:56:81:
         1f:55:40:96:0f:11:8f:19:3d:e2:dd:0e:09:ee:fc:8e:d1:bf:
         96:b3:0c:f9:1b:96:0d:dd:3a:9d:bd:75:ce:88:07:4c:b3:87:
         db:ba:a0:67:f3:90:5d:58:f3:5d:8b:32:1f:c9:02:69:8e:a4:
         e7:be:1a:f9:ad:d6:8d:6b:f5:06:17:db:d3:af:e1:d9:10:6a:
         a1:7f:f3:76:0f:a3:af:b5:cb:df:9a:a2:1f:05:c6:33:66:33:
         0b:80:ad:c4:ad:10:43:42:8e:c2:99:8d:e9:a7:84:56:23:fb:
         41:e3:3c:17:72:ca:b5:04:37:43:f2:cb:dc:54:4e:ee:cb:12:
         20:dc:f1:fc:fa:d3:0f:27:75:59:6c:5f:a5:3c:4f:c5:76:37:
         f4:a3:02:78:e4:76:3e:13:3e:88:fc:e5:6f:43:f2:d0:74:9c:
         b4:c9:6a:5f:d5:4d:cf:e5:43:1e:6c:c3:da:52:be:52:f5:54:
         70:c6:d9:a7:cf:9d:ec:61:49:d7:65:42:8d:d4:49:12:ed:7a:
         ec:87:ed:e0:6c:63:ed:d1:32:0e:1a:ca:b3:65:2c:6a:cc:30:
         21:e0:d7:44
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhsj9Of3qsxX/xbjLS1Fe+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUxNDc3MDcyYjkxYWY1YzNmM2JmZTY5NzQzMjQzZTdjZGEz
YWU4NzkwHhcNMjUwMTAxMTE0ODM3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNDIwZGVlZjAzZTMxNWE3NmMxY2QzNWZiZDQzYTAwZWU3MThkMmU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2WL4+HiEJjMuNFSHVc9Nwr3gbJr+
UrfdSvZPM+ThzHmE2tZlHBZ1pqUKr5Wok/9sPNBZ3M4LNBLHwhuQYXwmmnoRzsMF
BqAQjNRjcSKzPKxf7YOrzXFGrEt92HLK2NgSL//BKRORxzDZcNCOTCdYytbTAOs7
LaSxccmZBfzXXCKf29gD9AfIppcLZ1Qqty8HJd4dL9TZd/jBVhsoUsg2oInUj/WS
6P7w0B1WbGYKRUekhuIiy/UI8M+ppFfkCzb8JCbsea0nfysbJC/23c57ejA5dv1q
f/chS8/XRDNzmelf0O5tNV4rXDmsWoPmgMe9y0UWnM5nXBitzyDeoYtR0wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLQg3u8D4xWnbBzTX71DoA7nGNLkMB8GA1UdIwQY
MBaAFOFHcHK5GvXD87/ml0MkPnzaOuh5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNFVkd2Nya2E5Y1B6di1hWFF5US1mTm82NkhrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy83NDk0YmYtOGFjZC00ZTQzLTg2Y2Ut
ZTdjOGNmM2FmNWRlLzEvdENEZTd3UGpGYWRzSE5OZnZVT2dEdWNZMHVRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy83NDk0YmYtOGFjZC00ZTQzLTg2Y2UtZTdjOGNmM2FmNWRl
LzEvNFVkd2Nya2E5Y1B6di1hWFF5US1mTm82NkhrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuZHrMA0G
CSqGSIb3DQEBCwUAA4IBAQBlwc/qeY8jiBC8LyqLOIyupnUj1FkSZ+UXHVkYXr5J
GVCIVoEfVUCWDxGPGT3i3Q4J7vyO0b+Wswz5G5YN3TqdvXXOiAdMs4fbuqBn85Bd
WPNdizIfyQJpjqTnvhr5rdaNa/UGF9vTr+HZEGqhf/N2D6OvtcvfmqIfBcYzZjML
gK3ErRBDQo7CmY3pp4RWI/tB4zwXcsq1BDdD8svcVE7uyxIg3PH8+tMPJ3VZbF+l
PE/Fdjf0owJ45HY+Ez6I/OVvQ/LQdJy0yWpf1U3P5UMebMPaUr5S9VRwxtmnz53s
YUnXZUKN1EkS7Xrsh+3gbGPt0TIOGsqzZSxqzDAh4NdE
-----END CERTIFICATE-----