Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/09/3bae86-a8fc-43e6-801a-bca80e47c573/1/B0VOGqgWvciGn9lsPPPNtDMM_cE.roa
File:                     B0VOGqgWvciGn9lsPPPNtDMM_cE.roa (raw, json)
Hash identifier:          H0LM3F0MCvrmnF+41NjCVulojTYy2eQ3Qd3O1jXQklA=
Subject key identifier:   07:45:4E:1A:A8:16:BD:C8:86:9F:D9:6C:3C:F3:CD:B4:33:0C:FD:C1
Certificate issuer:       /CN=8d281989c3b6e58fdc9534ee7eb3e260d1d87749
Certificate serial:       019426D945672F2C40DCB3AABA9DFF3E60F9
Authority key identifier: 8D:28:19:89:C3:B6:E5:8F:DC:95:34:EE:7E:B3:E2:60:D1:D8:77:49
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jSgZicO25Y_clTTufrPiYNHYd0k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/09/3bae86-a8fc-43e6-801a-bca80e47c573/1/B0VOGqgWvciGn9lsPPPNtDMM_cE.roa
Signing time:             Thu 02 Jan 2025 11:49:20 +0000
ROA not before:           Thu 02 Jan 2025 11:49:20 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     43754
IP address blocks:        185.166.115.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/09/3bae86-a8fc-43e6-801a-bca80e47c573/1/jSgZicO25Y_clTTufrPiYNHYd0k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/09/3bae86-a8fc-43e6-801a-bca80e47c573/1/jSgZicO25Y_clTTufrPiYNHYd0k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jSgZicO25Y_clTTufrPiYNHYd0k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 10 Apr 2025 23:00:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:d9:45:67:2f:2c:40:dc:b3:aa:ba:9d:ff:3e:60:f9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8d281989c3b6e58fdc9534ee7eb3e260d1d87749
        Validity
            Not Before: Jan  2 11:49:20 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=07454e1aa816bdc8869fd96c3cf3cdb4330cfdc1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:6a:bf:07:09:3b:44:bd:ae:9f:ba:18:c1:ad:
                    d2:f2:97:8d:d0:60:a3:af:95:c6:9a:a3:b8:65:9b:
                    4b:12:f8:82:47:9f:0b:48:64:d2:85:48:57:77:e5:
                    7c:7f:00:0d:65:6d:ab:c6:38:68:60:f3:d6:3c:ce:
                    c5:01:f1:8e:9f:2d:be:b2:88:70:07:0c:e6:ac:96:
                    ba:cb:48:9e:cc:4b:21:a3:58:b6:b9:b2:b3:5e:d8:
                    29:bc:0c:18:77:63:9f:f0:8f:79:07:ad:da:1a:db:
                    7b:09:78:78:c7:75:ff:6d:47:e3:82:3c:1d:0b:89:
                    44:f6:44:84:3a:f2:90:d2:ce:a1:94:4d:be:9b:a8:
                    6e:b5:22:f3:47:32:8e:f1:8b:d3:13:b9:cf:6e:f2:
                    87:0d:c1:49:df:4d:8b:c9:3e:7c:89:fd:71:39:f4:
                    9e:49:88:8a:90:fc:b4:ff:98:15:a5:25:65:f5:f8:
                    b0:a0:b1:4b:1d:5f:82:92:c6:80:c9:8e:aa:27:b3:
                    6b:93:a9:d9:24:85:4e:c1:b0:77:d8:0d:e0:c2:03:
                    b5:8f:17:1b:9c:17:89:0a:57:d4:70:37:16:fe:14:
                    b5:7a:9c:08:9d:68:0c:ae:bc:b6:ba:5f:88:2f:eb:
                    bb:88:7e:59:a8:0d:d4:ec:92:35:ef:5e:c1:67:8a:
                    1a:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                07:45:4E:1A:A8:16:BD:C8:86:9F:D9:6C:3C:F3:CD:B4:33:0C:FD:C1
            X509v3 Authority Key Identifier:
                keyid:8D:28:19:89:C3:B6:E5:8F:DC:95:34:EE:7E:B3:E2:60:D1:D8:77:49

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jSgZicO25Y_clTTufrPiYNHYd0k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/09/3bae86-a8fc-43e6-801a-bca80e47c573/1/B0VOGqgWvciGn9lsPPPNtDMM_cE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/09/3bae86-a8fc-43e6-801a-bca80e47c573/1/jSgZicO25Y_clTTufrPiYNHYd0k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.166.115.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a2:f2:23:3f:34:5c:9f:98:34:55:00:3e:dc:4d:a6:f6:7b:fd:
         53:50:88:f7:37:fd:24:90:ac:f6:5c:6c:e7:e2:60:b7:de:5d:
         e8:90:45:35:7d:d0:32:88:f2:4e:67:a5:81:c6:ab:86:0c:47:
         e6:b3:f3:46:ee:c8:79:cf:9e:20:53:2e:8a:81:d5:ec:51:1f:
         dc:f6:49:aa:b2:d0:69:68:1f:f3:9e:0b:8d:a8:79:1f:26:0a:
         03:1a:08:1d:d7:8d:db:90:98:ee:dd:f7:85:55:9f:d1:17:86:
         6c:d4:d4:b4:ce:06:f8:92:9e:8a:35:44:74:9a:ee:ec:c7:1b:
         0c:8f:40:f4:9c:e9:8c:9a:44:03:55:75:85:3f:b4:00:10:8c:
         4d:42:9c:9b:a3:16:e1:91:77:d7:3d:6e:59:4d:39:c4:ee:b3:
         1e:ae:c6:c5:49:5f:f9:b3:ac:a8:d3:dd:4b:b8:42:b6:e9:60:
         fc:d5:b6:03:d2:03:58:cb:a1:e8:30:12:3d:7b:ee:07:b4:19:
         1d:34:6e:40:96:53:4d:38:b8:f1:1f:a5:08:94:57:1e:80:9b:
         07:44:a5:b5:07:4d:09:b6:29:15:63:1e:23:be:bc:06:54:2c:
         88:08:c2:61:47:a8:1a:39:f3:69:9d:e6:bf:f5:91:b5:6a:1b:
         b3:55:db:70
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQm2UVnLyxA3LOqup3/PmD5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhkMjgxOTg5YzNiNmU1OGZkYzk1MzRlZTdlYjNlMjYwZDFk
ODc3NDkwHhcNMjUwMTAyMTE0OTIwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNzQ1NGUxYWE4MTZiZGM4ODY5ZmQ5NmMzY2YzY2RiNDMzMGNmZGMxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl2q/Bwk7RL2un7oYwa3S8peN0GCj
r5XGmqO4ZZtLEviCR58LSGTShUhXd+V8fwANZW2rxjhoYPPWPM7FAfGOny2+sohw
BwzmrJa6y0iezEsho1i2ubKzXtgpvAwYd2Of8I95B63aGtt7CXh4x3X/bUfjgjwd
C4lE9kSEOvKQ0s6hlE2+m6hutSLzRzKO8YvTE7nPbvKHDcFJ302LyT58if1xOfSe
SYiKkPy0/5gVpSVl9fiwoLFLHV+CksaAyY6qJ7Nrk6nZJIVOwbB32A3gwgO1jxcb
nBeJClfUcDcW/hS1epwInWgMrry2ul+IL+u7iH5ZqA3U7JI1717BZ4oaYQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAdFThqoFr3Ihp/ZbDzzzbQzDP3BMB8GA1UdIwQY
MBaAFI0oGYnDtuWP3JU07n6z4mDR2HdJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvalNnWmljTzI1WV9jbFRUdWZyUGlZTkhZZDBrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOS8zYmFlODYtYThmYy00M2U2LTgwMWEt
YmNhODBlNDdjNTczLzEvQjBWT0dxZ1d2Y2lHbjlsc1BQUE50RE1NX2NFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOS8zYmFlODYtYThmYy00M2U2LTgwMWEtYmNhODBlNDdjNTcz
LzEvalNnWmljTzI1WV9jbFRUdWZyUGlZTkhZZDBrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuaZzMA0G
CSqGSIb3DQEBCwUAA4IBAQCi8iM/NFyfmDRVAD7cTab2e/1TUIj3N/0kkKz2XGzn
4mC33l3okEU1fdAyiPJOZ6WBxquGDEfms/NG7sh5z54gUy6KgdXsUR/c9kmqstBp
aB/znguNqHkfJgoDGggd143bkJju3feFVZ/RF4Zs1NS0zgb4kp6KNUR0mu7sxxsM
j0D0nOmMmkQDVXWFP7QAEIxNQpyboxbhkXfXPW5ZTTnE7rMersbFSV/5s6yo091L
uEK26WD81bYD0gNYy6HoMBI9e+4HtBkdNG5AllNNOLjxH6UIlFcegJsHRKW1B00J
tikVYx4jvrwGVCyICMJhR6gaOfNpnea/9ZG1ahuzVdtw
-----END CERTIFICATE-----