Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/IzK3WhuAPyU0NkQkAynJSI0LzjY.roa
File:                     IzK3WhuAPyU0NkQkAynJSI0LzjY.roa (raw, json)
Hash identifier:          seOc4OVOn90Z4UtYmeC+aEXRAHCPt8RlespD/CU/RX4=
Subject key identifier:   23:32:B7:5A:1B:80:3F:25:34:36:44:24:03:29:C9:48:8D:0B:CE:36
Certificate issuer:       /CN=3e6097698686e1555f51f6c883bc5a58549b2362
Certificate serial:       01955F8C39D5CEB2C43F7EEF1D988C0717BF
Authority key identifier: 3E:60:97:69:86:86:E1:55:5F:51:F6:C8:83:BC:5A:58:54:9B:23:62
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/IzK3WhuAPyU0NkQkAynJSI0LzjY.roa
Signing time:             Tue 04 Mar 2025 05:06:20 +0000
ROA not before:           Tue 04 Mar 2025 05:06:20 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     62425
IP address blocks:        185.121.69.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 13 Mar 2025 21:46:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:5f:8c:39:d5:ce:b2:c4:3f:7e:ef:1d:98:8c:07:17:bf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3e6097698686e1555f51f6c883bc5a58549b2362
        Validity
            Not Before: Mar  4 05:06:20 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=2332b75a1b803f25343644240329c9488d0bce36
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:01:94:5a:08:4c:6d:de:38:a4:92:00:c1:94:
                    11:69:15:94:a8:38:9d:66:0f:9d:67:c8:5b:89:2c:
                    b1:0e:07:be:a9:5b:80:c0:13:f8:31:9a:7a:82:55:
                    bc:01:8b:58:3a:bc:90:a4:87:f6:14:95:f7:a9:f9:
                    86:73:d6:9b:65:29:aa:c7:c8:04:be:1d:df:47:44:
                    ba:3e:c8:d1:b4:e8:15:1d:3f:52:f5:cf:17:f7:04:
                    78:fc:e4:3a:0a:23:c1:ec:9e:78:ae:0a:f5:f3:d5:
                    7e:b3:e0:6b:a1:cb:16:19:ef:a6:9a:38:23:5a:c9:
                    17:b1:91:70:ae:bf:60:d1:5b:b4:43:08:c5:1b:d5:
                    81:91:d1:40:46:0e:fd:f9:bd:6a:be:3c:34:7d:34:
                    4b:f4:9c:f8:ba:b8:dd:60:c0:d1:e0:e8:8e:14:4d:
                    bc:25:16:be:48:61:f9:83:ea:54:dd:3c:53:d8:25:
                    cf:d1:03:21:6d:fa:78:03:6e:ff:ea:07:2a:f1:16:
                    7e:61:1c:a3:30:bf:85:98:8d:29:1e:85:80:f7:b8:
                    06:92:ef:82:02:13:e3:83:93:1d:2c:46:04:3e:43:
                    87:85:b3:1d:9e:65:be:8f:a5:42:85:3d:68:53:00:
                    c3:c9:79:b1:3a:11:b7:e9:17:e2:70:74:78:44:33:
                    73:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                23:32:B7:5A:1B:80:3F:25:34:36:44:24:03:29:C9:48:8D:0B:CE:36
            X509v3 Authority Key Identifier:
                keyid:3E:60:97:69:86:86:E1:55:5F:51:F6:C8:83:BC:5A:58:54:9B:23:62

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/IzK3WhuAPyU0NkQkAynJSI0LzjY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.121.69.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6b:2e:c3:00:fc:b6:36:9c:9f:02:6d:33:66:c4:c4:17:24:bb:
         8d:6f:88:eb:b3:b7:35:23:77:f6:05:65:9d:9a:3c:e8:2b:6d:
         25:b0:05:ee:8a:4c:60:75:35:f5:88:74:08:44:af:6e:47:64:
         64:f0:11:e7:52:27:a6:25:3b:e5:17:72:12:03:b6:8a:38:e2:
         e3:aa:2c:8c:c1:85:9c:c5:96:32:d2:6a:72:59:d7:2f:c4:ca:
         a5:b2:95:88:6a:a8:fa:c8:02:42:95:ed:d9:01:25:43:4e:44:
         dd:9d:f5:93:58:f2:49:ef:26:09:73:ab:ec:5d:a7:9b:cc:dd:
         0c:a9:5f:e7:1d:5d:d7:b1:ea:05:8d:f7:b9:28:b6:ae:af:13:
         77:90:00:ba:c2:cd:a2:49:f8:9a:e1:63:04:ad:e7:f1:87:6d:
         a9:1e:c1:f8:51:e7:96:54:c7:71:0c:2f:3a:3f:ac:c7:1b:55:
         b5:2e:ea:91:d5:26:10:53:aa:36:6a:f8:37:ef:4d:5b:75:fc:
         28:87:29:2a:ca:28:7d:ba:98:98:f1:78:6d:ab:d8:ab:64:5e:
         be:03:74:a0:d5:a7:16:39:56:8d:ed:ae:34:86:88:46:71:db:
         39:cb:d4:d4:bb:7a:ac:65:96:69:89:bd:76:7b:e4:8c:9c:27:
         6e:3c:8a:90
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZVfjDnVzrLEP37vHZiMBxe/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNlNjA5NzY5ODY4NmUxNTU1ZjUxZjZjODgzYmM1YTU4NTQ5
YjIzNjIwHhcNMjUwMzA0MDUwNjIwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMzMyYjc1YTFiODAzZjI1MzQzNjQ0MjQwMzI5Yzk0ODhkMGJjZTM2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArgGUWghMbd44pJIAwZQRaRWUqDid
Zg+dZ8hbiSyxDge+qVuAwBP4MZp6glW8AYtYOryQpIf2FJX3qfmGc9abZSmqx8gE
vh3fR0S6PsjRtOgVHT9S9c8X9wR4/OQ6CiPB7J54rgr189V+s+BrocsWGe+mmjgj
WskXsZFwrr9g0Vu0QwjFG9WBkdFARg79+b1qvjw0fTRL9Jz4urjdYMDR4OiOFE28
JRa+SGH5g+pU3TxT2CXP0QMhbfp4A27/6gcq8RZ+YRyjML+FmI0pHoWA97gGku+C
AhPjg5MdLEYEPkOHhbMdnmW+j6VChT1oUwDDyXmxOhG36RficHR4RDNzwwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCMyt1obgD8lNDZEJAMpyUiNC842MB8GA1UdIwQY
MBaAFD5gl2mGhuFVX1H2yIO8WlhUmyNiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUG1DWGFZYUc0VlZmVWZiSWc3eGFXRlNiSTJJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMC85NjU4MzctNTJjYi00NmI0LWFlZGIt
ZTFiZDg4ZDNmZDA3LzEvSXpLM1dodUFQeVUwTmtRa0F5bkpTSTBMempZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMC85NjU4MzctNTJjYi00NmI0LWFlZGItZTFiZDg4ZDNmZDA3
LzEvUG1DWGFZYUc0VlZmVWZiSWc3eGFXRlNiSTJJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuXlFMA0G
CSqGSIb3DQEBCwUAA4IBAQBrLsMA/LY2nJ8CbTNmxMQXJLuNb4jrs7c1I3f2BWWd
mjzoK20lsAXuikxgdTX1iHQIRK9uR2Rk8BHnUiemJTvlF3ISA7aKOOLjqiyMwYWc
xZYy0mpyWdcvxMqlspWIaqj6yAJCle3ZASVDTkTdnfWTWPJJ7yYJc6vsXaebzN0M
qV/nHV3XseoFjfe5KLaurxN3kAC6ws2iSfia4WMErefxh22pHsH4UeeWVMdxDC86
P6zHG1W1LuqR1SYQU6o2avg3701bdfwohykqyih9upiY8Xhtq9irZF6+A3Sg1acW
OVaN7a40hohGcds5y9TUu3qsZZZpib12e+SMnCduPIqQ
-----END CERTIFICATE-----