Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0d/0357e8-3ea0-4968-9ef9-7d70519b76da/1/ef1K6dC6_lGn3rxGTHxMT8fcB0w.roa
File:                     ef1K6dC6_lGn3rxGTHxMT8fcB0w.roa (raw, json)
Hash identifier:          KYKxli5ZRinkaBImEiWWBBcr8lpZPoWAqbzOeddaU7I=
Subject key identifier:   79:FD:4A:E9:D0:BA:FE:51:A7:DE:BC:46:4C:7C:4C:4F:C7:DC:07:4C
Certificate issuer:       /CN=2dfef2b839ad07786833b1bedca8b0b19203e111
Certificate serial:       01942669D6433F725DB9A0506AB330D8F9EA
Authority key identifier: 2D:FE:F2:B8:39:AD:07:78:68:33:B1:BE:DC:A8:B0:B1:92:03:E1:11
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Lf7yuDmtB3hoM7G-3KiwsZID4RE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0d/0357e8-3ea0-4968-9ef9-7d70519b76da/1/ef1K6dC6_lGn3rxGTHxMT8fcB0w.roa
Signing time:             Thu 02 Jan 2025 09:47:37 +0000
ROA not before:           Thu 02 Jan 2025 09:47:37 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     395793
IP address blocks:        185.145.240.0/24 maxlen: 24
                          185.145.241.0/24 maxlen: 24
                          185.145.242.0/24 maxlen: 24
                          185.145.243.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0d/0357e8-3ea0-4968-9ef9-7d70519b76da/1/Lf7yuDmtB3hoM7G-3KiwsZID4RE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0d/0357e8-3ea0-4968-9ef9-7d70519b76da/1/Lf7yuDmtB3hoM7G-3KiwsZID4RE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Lf7yuDmtB3hoM7G-3KiwsZID4RE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:69:d6:43:3f:72:5d:b9:a0:50:6a:b3:30:d8:f9:ea
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2dfef2b839ad07786833b1bedca8b0b19203e111
        Validity
            Not Before: Jan  2 09:47:37 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=79fd4ae9d0bafe51a7debc464c7c4c4fc7dc074c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:cd:42:58:9c:ca:62:aa:b2:a4:55:d8:0b:7c:
                    a1:a1:9e:87:cc:e7:15:b1:56:1d:a0:79:d7:b1:9e:
                    74:2f:04:89:48:75:77:75:49:bc:ca:f8:c3:d7:85:
                    20:b5:be:26:02:e4:17:dc:45:04:ce:fe:c1:79:dd:
                    94:7e:28:38:09:7a:e7:54:99:d2:9d:65:61:59:2e:
                    be:3b:b7:ed:fa:f8:a5:96:b7:ac:31:3c:22:fa:c7:
                    29:82:3a:0f:3d:31:06:1e:d2:22:f9:b9:d0:9c:28:
                    bd:05:12:a8:21:c4:ab:47:60:4a:a6:60:0c:ab:9f:
                    19:ed:3c:10:00:2c:25:5a:da:39:b5:29:e8:d0:0d:
                    5b:89:cd:23:6f:80:cc:18:94:74:8a:be:db:5e:ed:
                    95:7d:9b:5e:cc:fa:31:de:3a:02:b8:2c:db:ff:18:
                    81:84:c7:5d:79:10:4b:b9:8d:eb:c0:0e:ea:ef:38:
                    d3:b6:4e:50:a2:c2:6d:24:75:27:ee:0d:75:10:6f:
                    a0:41:8c:7b:b4:77:f8:b2:bf:59:28:55:a9:dd:b8:
                    17:26:a3:d9:5b:7b:3c:96:95:18:bc:35:29:ed:6d:
                    ce:b8:e4:4b:c7:d7:dc:24:f4:d2:5f:d4:c2:8e:d0:
                    de:07:1b:6a:33:ba:e9:90:56:02:d9:44:a8:0e:82:
                    c0:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                79:FD:4A:E9:D0:BA:FE:51:A7:DE:BC:46:4C:7C:4C:4F:C7:DC:07:4C
            X509v3 Authority Key Identifier:
                keyid:2D:FE:F2:B8:39:AD:07:78:68:33:B1:BE:DC:A8:B0:B1:92:03:E1:11

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Lf7yuDmtB3hoM7G-3KiwsZID4RE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0d/0357e8-3ea0-4968-9ef9-7d70519b76da/1/ef1K6dC6_lGn3rxGTHxMT8fcB0w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0d/0357e8-3ea0-4968-9ef9-7d70519b76da/1/Lf7yuDmtB3hoM7G-3KiwsZID4RE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.145.240.0/22

    Signature Algorithm: sha256WithRSAEncryption
         67:66:b6:f5:da:c5:88:68:f1:f4:7f:b3:e5:42:e4:90:39:6a:
         94:8a:0b:7c:47:d8:69:78:84:45:2d:62:eb:91:31:d5:86:20:
         b5:86:93:1c:a8:d8:e6:09:b9:e8:ee:99:87:2f:5d:30:bf:96:
         7e:cd:8d:30:aa:b3:b7:13:6a:69:2b:98:f4:73:0c:cd:b4:32:
         a4:60:5e:31:fc:5c:c8:fe:55:75:d8:3f:c7:38:84:c0:db:99:
         e9:a4:99:7f:fb:ca:ee:66:02:69:9c:6f:32:6f:65:5e:5f:66:
         9f:c2:e1:24:e6:85:9a:d0:94:a2:2f:76:75:63:6f:ad:ea:39:
         d4:92:12:99:e6:1c:34:c7:c9:de:dd:00:c2:7a:04:b0:d7:4f:
         3e:8a:25:5a:28:f9:f7:fd:0b:79:06:63:ba:27:49:17:b1:85:
         29:58:12:80:c9:2f:23:12:93:69:6d:a1:da:8c:4b:83:7d:47:
         9b:69:09:f8:60:27:9c:ee:38:70:7e:6d:e5:6e:35:71:8c:9f:
         13:b8:83:aa:2a:dd:7e:5a:58:d5:57:b7:d9:4d:61:c3:ce:f9:
         ca:b4:bc:09:6a:b6:1d:b6:6c:d7:0e:93:55:60:21:8e:c4:07:
         d1:21:32:ba:9d:66:90:c1:f9:28:f6:73:87:2e:b6:34:51:b4:
         da:56:6b:bc
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQmadZDP3JduaBQarMw2PnqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJkZmVmMmI4MzlhZDA3Nzg2ODMzYjFiZWRjYThiMGIxOTIw
M2UxMTEwHhcNMjUwMTAyMDk0NzM3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3OWZkNGFlOWQwYmFmZTUxYTdkZWJjNDY0YzdjNGM0ZmM3ZGMwNzRjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlM1CWJzKYqqypFXYC3yhoZ6HzOcV
sVYdoHnXsZ50LwSJSHV3dUm8yvjD14Ugtb4mAuQX3EUEzv7Bed2Ufig4CXrnVJnS
nWVhWS6+O7ft+villresMTwi+scpgjoPPTEGHtIi+bnQnCi9BRKoIcSrR2BKpmAM
q58Z7TwQACwlWto5tSno0A1bic0jb4DMGJR0ir7bXu2VfZtezPox3joCuCzb/xiB
hMddeRBLuY3rwA7q7zjTtk5QosJtJHUn7g11EG+gQYx7tHf4sr9ZKFWp3bgXJqPZ
W3s8lpUYvDUp7W3OuORLx9fcJPTSX9TCjtDeBxtqM7rpkFYC2USoDoLAmQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHn9SunQuv5Rp968Rkx8TE/H3AdMMB8GA1UdIwQY
MBaAFC3+8rg5rQd4aDOxvtyosLGSA+ERMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTGY3eXVEbXRCM2hvTTdHLTNLaXdzWklENFJFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZC8wMzU3ZTgtM2VhMC00OTY4LTllZjkt
N2Q3MDUxOWI3NmRhLzEvZWYxSzZkQzZfbEduM3J4R1RIeE1UOGZjQjB3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZC8wMzU3ZTgtM2VhMC00OTY4LTllZjktN2Q3MDUxOWI3NmRh
LzEvTGY3eXVEbXRCM2hvTTdHLTNLaXdzWklENFJFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuZHwMA0G
CSqGSIb3DQEBCwUAA4IBAQBnZrb12sWIaPH0f7PlQuSQOWqUigt8R9hpeIRFLWLr
kTHVhiC1hpMcqNjmCbno7pmHL10wv5Z+zY0wqrO3E2ppK5j0cwzNtDKkYF4x/FzI
/lV12D/HOITA25nppJl/+8ruZgJpnG8yb2VeX2afwuEk5oWa0JSiL3Z1Y2+t6jnU
khKZ5hw0x8ne3QDCegSw108+iiVaKPn3/Qt5BmO6J0kXsYUpWBKAyS8jEpNpbaHa
jEuDfUebaQn4YCec7jhwfm3lbjVxjJ8TuIOqKt1+WljVV7fZTWHDzvnKtLwJarYd
tmzXDpNVYCGOxAfRITK6nWaQwfko9nOHLrY0UbTaVmu8
-----END CERTIFICATE-----