Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0d/7583cb-d31e-4e03-b14b-b20e28f5188f/1/rZ9vAsmJNNOHqo4MI2omEwhOYCY.roa
File:                     rZ9vAsmJNNOHqo4MI2omEwhOYCY.roa (raw, json)
Hash identifier:          VzlpWQixiHZ9OCMkbuv/OS2n5wRiP2sqImjhqEZvNaE=
Subject key identifier:   AD:9F:6F:02:C9:89:34:D3:87:AA:8E:0C:23:6A:26:13:08:4E:60:26
Certificate issuer:       /CN=3a0b05f40a6916394782302d1b5660737257a48b
Certificate serial:       0194274704242A72605D718B8DD5E99A965A
Authority key identifier: 3A:0B:05:F4:0A:69:16:39:47:82:30:2D:1B:56:60:73:72:57:A4:8B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OgsF9AppFjlHgjAtG1Zgc3JXpIs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0d/7583cb-d31e-4e03-b14b-b20e28f5188f/1/rZ9vAsmJNNOHqo4MI2omEwhOYCY.roa
Signing time:             Thu 02 Jan 2025 13:49:13 +0000
ROA not before:           Thu 02 Jan 2025 13:49:13 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     34388
IP address blocks:        185.1.158.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0d/7583cb-d31e-4e03-b14b-b20e28f5188f/1/OgsF9AppFjlHgjAtG1Zgc3JXpIs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0d/7583cb-d31e-4e03-b14b-b20e28f5188f/1/OgsF9AppFjlHgjAtG1Zgc3JXpIs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OgsF9AppFjlHgjAtG1Zgc3JXpIs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:47:04:24:2a:72:60:5d:71:8b:8d:d5:e9:9a:96:5a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3a0b05f40a6916394782302d1b5660737257a48b
        Validity
            Not Before: Jan  2 13:49:13 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ad9f6f02c98934d387aa8e0c236a2613084e6026
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:6d:0b:ed:c1:67:e6:55:0b:12:6d:d0:4c:6f:
                    6e:e2:8b:e3:71:7c:3f:79:63:1c:3a:a3:95:3b:0b:
                    32:20:1a:b9:68:cc:ac:7a:d4:64:3f:6c:53:b1:97:
                    65:d3:c6:83:92:96:c4:67:c9:4e:7c:a5:a7:0f:3b:
                    af:f3:45:f2:e6:63:fe:61:9b:d1:3a:ee:8b:47:75:
                    12:5e:ac:2c:c9:ee:b9:3c:62:16:a1:ce:15:f6:cd:
                    27:52:6d:91:3f:76:ba:74:40:d9:6d:7a:c3:b0:f0:
                    df:c9:5e:9a:33:bd:ef:15:6d:39:b5:0e:d4:1a:5c:
                    43:c9:af:c7:b0:bd:db:dd:54:0d:15:fa:d7:17:03:
                    03:f5:c2:82:79:5f:9c:08:5a:fe:a5:5a:b3:d5:42:
                    1b:87:f9:cd:96:f5:88:a1:64:d0:0b:b5:77:c1:1e:
                    69:a0:2d:27:09:00:fb:04:c4:70:37:71:39:48:da:
                    ba:4e:d0:75:95:b1:d5:b9:9a:1d:6b:ac:e6:1e:e7:
                    a1:f0:5c:1a:98:fc:b6:c0:10:85:5e:40:32:38:9b:
                    e4:25:e4:b3:fe:c2:01:7d:c4:04:d4:61:f0:38:8c:
                    77:ab:a3:0f:1c:cc:65:e6:9a:62:ac:3e:5a:b9:1f:
                    3e:5c:4a:07:f7:08:1e:08:bd:f7:50:3a:da:58:49:
                    3e:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AD:9F:6F:02:C9:89:34:D3:87:AA:8E:0C:23:6A:26:13:08:4E:60:26
            X509v3 Authority Key Identifier:
                keyid:3A:0B:05:F4:0A:69:16:39:47:82:30:2D:1B:56:60:73:72:57:A4:8B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OgsF9AppFjlHgjAtG1Zgc3JXpIs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0d/7583cb-d31e-4e03-b14b-b20e28f5188f/1/rZ9vAsmJNNOHqo4MI2omEwhOYCY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0d/7583cb-d31e-4e03-b14b-b20e28f5188f/1/OgsF9AppFjlHgjAtG1Zgc3JXpIs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.1.158.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1a:25:8a:ab:ff:a5:ba:4c:c5:73:bf:f4:42:33:51:24:a9:54:
         35:44:85:23:44:c6:56:54:20:f1:b5:21:51:e0:c3:02:27:ff:
         31:ed:07:1b:ec:d3:53:1b:86:a9:52:8a:aa:bf:94:4a:63:4a:
         e6:bb:a3:e7:b9:b5:96:e6:2e:e6:24:27:c9:57:b4:21:6e:40:
         e5:e5:68:be:2a:48:1c:6e:47:54:c4:bf:85:20:f6:d3:ee:ce:
         69:72:6f:20:2e:d1:cb:1f:d0:72:d4:9e:99:fc:47:7e:c2:fe:
         74:f6:a8:07:ed:c8:45:e8:7f:16:76:3b:5f:84:b0:23:fd:ee:
         4a:5a:92:c3:c7:26:79:34:58:e8:ba:b9:14:30:3e:cc:f2:58:
         2d:bd:6b:15:c5:07:5f:e0:d1:bc:54:03:b6:5c:ca:94:32:81:
         5e:8a:22:fc:34:16:d5:ea:0a:6c:2c:0b:66:fb:d1:4e:c1:fb:
         56:92:f4:12:f0:39:fd:d5:ee:97:54:60:d7:0d:a0:c0:13:47:
         72:b7:25:fc:cb:7c:bb:bd:1d:a1:2d:e1:f4:40:28:57:5c:a9:
         f6:c3:5b:b3:01:86:47:df:36:95:97:a5:62:1e:e8:61:da:5e:
         43:de:47:a0:d6:3e:62:d7:2e:d2:a0:28:b6:f2:2c:1e:fe:cb:
         ac:cb:93:79
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQnRwQkKnJgXXGLjdXpmpZaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNhMGIwNWY0MGE2OTE2Mzk0NzgyMzAyZDFiNTY2MDczNzI1
N2E0OGIwHhcNMjUwMTAyMTM0OTEzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZDlmNmYwMmM5ODkzNGQzODdhYThlMGMyMzZhMjYxMzA4NGU2MDI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhm0L7cFn5lULEm3QTG9u4ovjcXw/
eWMcOqOVOwsyIBq5aMysetRkP2xTsZdl08aDkpbEZ8lOfKWnDzuv80Xy5mP+YZvR
Ou6LR3USXqwsye65PGIWoc4V9s0nUm2RP3a6dEDZbXrDsPDfyV6aM73vFW05tQ7U
GlxDya/HsL3b3VQNFfrXFwMD9cKCeV+cCFr+pVqz1UIbh/nNlvWIoWTQC7V3wR5p
oC0nCQD7BMRwN3E5SNq6TtB1lbHVuZoda6zmHueh8FwamPy2wBCFXkAyOJvkJeSz
/sIBfcQE1GHwOIx3q6MPHMxl5ppirD5auR8+XEoH9wgeCL33UDraWEk+ZwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFK2fbwLJiTTTh6qODCNqJhMITmAmMB8GA1UdIwQY
MBaAFDoLBfQKaRY5R4IwLRtWYHNyV6SLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT2dzRjlBcHBGamxIZ2pBdEcxWmdjM0pYcElzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZC83NTgzY2ItZDMxZS00ZTAzLWIxNGIt
YjIwZTI4ZjUxODhmLzEvclo5dkFzbUpOTk9IcW80TUkyb21Fd2hPWUNZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZC83NTgzY2ItZDMxZS00ZTAzLWIxNGItYjIwZTI4ZjUxODhm
LzEvT2dzRjlBcHBGamxIZ2pBdEcxWmdjM0pYcElzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuQGeMA0G
CSqGSIb3DQEBCwUAA4IBAQAaJYqr/6W6TMVzv/RCM1EkqVQ1RIUjRMZWVCDxtSFR
4MMCJ/8x7Qcb7NNTG4apUoqqv5RKY0rmu6PnubWW5i7mJCfJV7QhbkDl5Wi+Kkgc
bkdUxL+FIPbT7s5pcm8gLtHLH9By1J6Z/Ed+wv509qgH7chF6H8WdjtfhLAj/e5K
WpLDxyZ5NFjourkUMD7M8lgtvWsVxQdf4NG8VAO2XMqUMoFeiiL8NBbV6gpsLAtm
+9FOwftWkvQS8Dn91e6XVGDXDaDAE0dytyX8y3y7vR2hLeH0QChXXKn2w1uzAYZH
3zaVl6ViHuhh2l5D3keg1j5i1y7SoCi28iwe/susy5N5
-----END CERTIFICATE-----