Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/24c4f6-21ee-4b6b-a945-98f8ccd5db8d/1/RkTNkNwXGcwxNDKoWngjGCoOsDo.roa
File:                     RkTNkNwXGcwxNDKoWngjGCoOsDo.roa (raw, json)
Hash identifier:          viD+EdaDQpdhn8ySGbMtrRw2kQFtzdWhY2WYnHuwvTY=
Subject key identifier:   46:44:CD:90:DC:17:19:CC:31:34:32:A8:5A:78:23:18:2A:0E:B0:3A
Certificate issuer:       /CN=1527455ea7fce17cfd0431985258d13e06bfa735
Certificate serial:       0194258FABDF669622F4ADF0575891E20165
Authority key identifier: 15:27:45:5E:A7:FC:E1:7C:FD:04:31:98:52:58:D1:3E:06:BF:A7:35
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/FSdFXqf84Xz9BDGYUljRPga_pzU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/13/24c4f6-21ee-4b6b-a945-98f8ccd5db8d/1/RkTNkNwXGcwxNDKoWngjGCoOsDo.roa
Signing time:             Thu 02 Jan 2025 05:49:20 +0000
ROA not before:           Thu 02 Jan 2025 05:49:20 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     14618
IP address blocks:        185.95.174.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/13/24c4f6-21ee-4b6b-a945-98f8ccd5db8d/1/FSdFXqf84Xz9BDGYUljRPga_pzU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/13/24c4f6-21ee-4b6b-a945-98f8ccd5db8d/1/FSdFXqf84Xz9BDGYUljRPga_pzU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/FSdFXqf84Xz9BDGYUljRPga_pzU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 19:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:8f:ab:df:66:96:22:f4:ad:f0:57:58:91:e2:01:65
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1527455ea7fce17cfd0431985258d13e06bfa735
        Validity
            Not Before: Jan  2 05:49:20 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4644cd90dc1719cc313432a85a7823182a0eb03a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:e6:8a:b1:10:6e:fd:c7:23:d5:82:15:dd:cc:
                    43:fa:fd:f8:9f:96:72:bd:49:3c:9c:46:e4:52:a3:
                    51:e4:57:2b:f9:e4:fe:ed:96:f6:cd:90:a0:ec:a2:
                    99:b8:44:40:83:ab:6f:20:66:a5:1d:7a:db:30:0e:
                    9f:29:6d:19:52:4a:f9:84:39:58:d3:4f:da:d7:41:
                    9e:34:ee:24:47:25:32:ac:5f:f8:ed:c4:66:07:d1:
                    3a:d2:0c:08:d6:54:6f:7d:f6:bd:86:c0:1d:69:88:
                    8e:27:dc:cc:cb:6f:07:55:64:1d:a7:84:c9:1e:15:
                    91:bc:0f:26:3f:ba:69:49:88:66:18:63:4c:48:3c:
                    37:57:81:df:81:79:b8:0b:7b:84:4c:a2:d2:d3:f6:
                    20:3f:d5:61:e6:dd:ae:21:1b:bc:e8:c0:3c:4b:19:
                    68:af:63:81:68:fd:a4:95:16:6b:e1:43:9a:53:ca:
                    26:c7:c3:d8:68:98:65:aa:f1:f2:f9:4d:2f:d0:c6:
                    fd:23:9d:e2:bb:24:32:d9:1d:08:a6:0c:4c:65:68:
                    7c:70:c7:f5:97:05:fc:28:ea:07:a5:9f:f0:70:7a:
                    c6:cb:db:ca:26:9b:a8:61:af:a8:84:2c:bd:af:ab:
                    e8:f4:2b:1f:5a:d8:99:a6:b6:b4:cf:52:e4:88:7c:
                    c8:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                46:44:CD:90:DC:17:19:CC:31:34:32:A8:5A:78:23:18:2A:0E:B0:3A
            X509v3 Authority Key Identifier:
                keyid:15:27:45:5E:A7:FC:E1:7C:FD:04:31:98:52:58:D1:3E:06:BF:A7:35

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/FSdFXqf84Xz9BDGYUljRPga_pzU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/24c4f6-21ee-4b6b-a945-98f8ccd5db8d/1/RkTNkNwXGcwxNDKoWngjGCoOsDo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/13/24c4f6-21ee-4b6b-a945-98f8ccd5db8d/1/FSdFXqf84Xz9BDGYUljRPga_pzU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.95.174.0/24

    Signature Algorithm: sha256WithRSAEncryption
         11:7e:e6:fb:50:1c:fc:09:7f:9c:70:b8:1f:da:f5:d3:65:e6:
         d5:dd:b9:97:88:9b:37:00:bb:7e:de:9d:31:26:30:d8:99:86:
         37:99:40:4e:78:eb:7f:1a:35:de:bd:da:e8:42:25:df:38:04:
         90:b2:6a:b8:49:c4:18:47:50:b0:86:25:fe:f9:db:7d:ed:a0:
         9b:93:c3:d7:17:36:37:cf:83:14:27:ac:f0:dc:cf:06:cf:5a:
         ff:ac:b3:da:cf:23:29:24:fa:5c:26:79:07:d1:0f:f2:2c:10:
         18:51:d9:9e:07:77:ee:8c:9e:3e:39:cd:d5:22:93:2a:17:0b:
         65:5f:55:be:96:d0:21:58:26:36:5b:d8:04:fc:b6:20:dd:63:
         72:c1:a5:1e:18:b2:61:4d:80:4d:6b:0c:88:51:97:37:6f:69:
         1f:d3:4d:58:a3:36:32:3a:bb:e2:65:1c:dd:0e:66:1e:3c:33:
         d3:d0:76:13:d4:76:dc:b5:55:ae:a0:2e:e5:b0:6f:44:43:d4:
         74:00:13:3a:e7:5f:09:07:de:6b:26:0a:d0:28:6a:01:25:d5:
         5c:bc:49:ee:d8:c6:a5:f6:ef:1a:95:b2:a1:b1:37:2b:8d:9e:
         89:d9:41:35:16:09:49:69:cd:bf:32:f5:21:fd:fc:52:8c:6d:
         de:49:16:d3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQlj6vfZpYi9K3wV1iR4gFlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE1Mjc0NTVlYTdmY2UxN2NmZDA0MzE5ODUyNThkMTNlMDZi
ZmE3MzUwHhcNMjUwMTAyMDU0OTIwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NjQ0Y2Q5MGRjMTcxOWNjMzEzNDMyYTg1YTc4MjMxODJhMGViMDNhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyOaKsRBu/ccj1YIV3cxD+v34n5Zy
vUk8nEbkUqNR5Fcr+eT+7Zb2zZCg7KKZuERAg6tvIGalHXrbMA6fKW0ZUkr5hDlY
00/a10GeNO4kRyUyrF/47cRmB9E60gwI1lRvffa9hsAdaYiOJ9zMy28HVWQdp4TJ
HhWRvA8mP7ppSYhmGGNMSDw3V4HfgXm4C3uETKLS0/YgP9Vh5t2uIRu86MA8Sxlo
r2OBaP2klRZr4UOaU8omx8PYaJhlqvHy+U0v0Mb9I53iuyQy2R0IpgxMZWh8cMf1
lwX8KOoHpZ/wcHrGy9vKJpuoYa+ohCy9r6vo9CsfWtiZpra0z1LkiHzIMQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEZEzZDcFxnMMTQyqFp4IxgqDrA6MB8GA1UdIwQY
MBaAFBUnRV6n/OF8/QQxmFJY0T4Gv6c1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRlNkRlhxZjg0WHo5QkRHWVVsalJQZ2FfcHpVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy8yNGM0ZjYtMjFlZS00YjZiLWE5NDUt
OThmOGNjZDVkYjhkLzEvUmtUTmtOd1hHY3d4TkRLb1duZ2pHQ29Pc0RvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMy8yNGM0ZjYtMjFlZS00YjZiLWE5NDUtOThmOGNjZDVkYjhk
LzEvRlNkRlhxZjg0WHo5QkRHWVVsalJQZ2FfcHpVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuV+uMA0G
CSqGSIb3DQEBCwUAA4IBAQARfub7UBz8CX+ccLgf2vXTZebV3bmXiJs3ALt+3p0x
JjDYmYY3mUBOeOt/GjXevdroQiXfOASQsmq4ScQYR1CwhiX++dt97aCbk8PXFzY3
z4MUJ6zw3M8Gz1r/rLPazyMpJPpcJnkH0Q/yLBAYUdmeB3fujJ4+Oc3VIpMqFwtl
X1W+ltAhWCY2W9gE/LYg3WNywaUeGLJhTYBNawyIUZc3b2kf001YozYyOrviZRzd
DmYePDPT0HYT1HbctVWuoC7lsG9EQ9R0ABM6518JB95rJgrQKGoBJdVcvEnu2Mal
9u8albKhsTcrjZ6J2UE1FglJac2/MvUh/fxSjG3eSRbT
-----END CERTIFICATE-----