Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/16/099aeb-c713-42f8-91d6-38447855d669/1/pERg8oiWPMLUHsmGEshAuW_aqRs.roa
File:                     pERg8oiWPMLUHsmGEshAuW_aqRs.roa (raw, json)
Hash identifier:          zmESXdehojS6eaz2GF04+HNwgLED8OdvpzfNZhfer0E=
Subject key identifier:   A4:44:60:F2:88:96:3C:C2:D4:1E:C9:86:12:C8:40:B9:6F:DA:A9:1B
Certificate issuer:       /CN=64f47c98440f103825c8ea5074298b18cc113e20
Certificate serial:       0194228DF73BE98B17A99ADD8F1D79A3DA99
Authority key identifier: 64:F4:7C:98:44:0F:10:38:25:C8:EA:50:74:29:8B:18:CC:11:3E:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ZPR8mEQPEDglyOpQdCmLGMwRPiA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/16/099aeb-c713-42f8-91d6-38447855d669/1/pERg8oiWPMLUHsmGEshAuW_aqRs.roa
Signing time:             Wed 01 Jan 2025 15:48:36 +0000
ROA not before:           Wed 01 Jan 2025 15:48:36 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     201063
IP address blocks:        185.3.189.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/16/099aeb-c713-42f8-91d6-38447855d669/1/ZPR8mEQPEDglyOpQdCmLGMwRPiA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/16/099aeb-c713-42f8-91d6-38447855d669/1/ZPR8mEQPEDglyOpQdCmLGMwRPiA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ZPR8mEQPEDglyOpQdCmLGMwRPiA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 15 Apr 2025 23:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:8d:f7:3b:e9:8b:17:a9:9a:dd:8f:1d:79:a3:da:99
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=64f47c98440f103825c8ea5074298b18cc113e20
        Validity
            Not Before: Jan  1 15:48:36 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a44460f288963cc2d41ec98612c840b96fdaa91b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:bf:da:a2:bf:81:3c:0f:5d:3c:8f:99:e5:41:
                    35:fa:a2:c2:66:87:81:60:c1:f0:76:8a:cb:cc:6b:
                    ea:2b:6c:5b:42:c1:29:41:93:d7:5c:97:5d:11:ca:
                    d7:00:79:75:dd:d7:20:39:82:0b:e8:86:df:24:ca:
                    48:8b:02:ce:7e:1d:23:73:d4:0b:b3:27:98:34:f5:
                    2b:d0:d1:96:38:13:98:1f:63:9b:68:37:0c:08:c6:
                    22:72:25:50:56:19:b4:c5:a6:eb:26:02:6f:fb:28:
                    35:1a:18:f7:ea:59:50:14:07:89:38:1f:46:3e:d8:
                    52:04:c9:69:75:d6:2e:05:d0:8d:5a:84:e8:5e:b8:
                    c6:06:ac:44:de:06:86:f7:08:95:5b:2c:27:7e:f3:
                    1f:5f:97:e5:6a:f8:3e:f3:d3:87:18:ed:65:98:a6:
                    6a:0e:fa:07:af:6e:0a:db:24:35:86:5d:b1:b9:5a:
                    b0:aa:ff:8a:70:7a:75:28:57:5b:15:04:31:d9:49:
                    e1:13:a2:b8:43:15:4c:fb:40:8c:0a:1f:0b:98:14:
                    64:8c:33:7b:48:d0:8a:f0:26:f4:4a:20:0e:d1:78:
                    4a:4c:b3:9d:a2:75:69:77:02:8e:e9:6d:25:0a:4b:
                    5d:d9:4a:84:ac:97:66:f6:2f:42:8d:50:e4:c3:d5:
                    28:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A4:44:60:F2:88:96:3C:C2:D4:1E:C9:86:12:C8:40:B9:6F:DA:A9:1B
            X509v3 Authority Key Identifier:
                keyid:64:F4:7C:98:44:0F:10:38:25:C8:EA:50:74:29:8B:18:CC:11:3E:20

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZPR8mEQPEDglyOpQdCmLGMwRPiA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/099aeb-c713-42f8-91d6-38447855d669/1/pERg8oiWPMLUHsmGEshAuW_aqRs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/16/099aeb-c713-42f8-91d6-38447855d669/1/ZPR8mEQPEDglyOpQdCmLGMwRPiA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.3.189.0/24

    Signature Algorithm: sha256WithRSAEncryption
         bd:e0:ba:9c:62:88:54:f5:9d:3a:44:4f:1c:99:b9:5f:ec:f4:
         2f:e3:6a:4e:9e:94:c9:fc:7e:43:0f:0f:2b:d2:6f:69:0b:62:
         67:05:9f:72:31:b5:01:9b:45:71:c1:7a:29:a5:d0:c2:73:d8:
         eb:a5:c4:e1:16:d1:96:52:01:05:29:1f:e5:dd:e9:cd:a3:6f:
         82:5b:fb:93:bc:b5:21:b5:d9:5d:9d:53:d4:80:b7:24:b8:54:
         ad:05:75:fc:4f:9b:35:cb:86:ab:1c:e6:a5:07:13:63:21:33:
         32:95:14:b0:30:d2:21:a3:43:3f:f6:ad:73:0b:dd:51:22:2c:
         29:46:13:54:55:16:88:7b:6d:4b:bc:3d:dd:a3:d8:de:13:cf:
         8b:9a:74:ec:82:81:ac:a8:aa:96:96:d0:30:16:08:a4:29:a0:
         14:e2:77:81:33:90:28:83:6e:ac:8b:e7:c0:fc:9f:53:12:de:
         f4:0e:06:b4:08:e0:70:94:59:7b:1d:5a:2e:98:b4:ae:ba:4a:
         6c:cb:e1:5a:a1:f6:0c:92:e3:37:2e:85:c2:c1:89:02:ae:1c:
         97:76:85:89:6d:13:ce:26:13:b5:31:02:a6:b9:ee:18:db:20:
         79:ea:b0:02:99:17:32:34:cd:a3:aa:b0:da:af:a9:d3:d5:64:
         bb:b2:a7:e5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQijfc76YsXqZrdjx15o9qZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY0ZjQ3Yzk4NDQwZjEwMzgyNWM4ZWE1MDc0Mjk4YjE4Y2Mx
MTNlMjAwHhcNMjUwMTAxMTU0ODM2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNDQ0NjBmMjg4OTYzY2MyZDQxZWM5ODYxMmM4NDBiOTZmZGFhOTFiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlL/aor+BPA9dPI+Z5UE1+qLCZoeB
YMHwdorLzGvqK2xbQsEpQZPXXJddEcrXAHl13dcgOYIL6IbfJMpIiwLOfh0jc9QL
syeYNPUr0NGWOBOYH2ObaDcMCMYiciVQVhm0xabrJgJv+yg1Ghj36llQFAeJOB9G
PthSBMlpddYuBdCNWoToXrjGBqxE3gaG9wiVWywnfvMfX5flavg+89OHGO1lmKZq
DvoHr24K2yQ1hl2xuVqwqv+KcHp1KFdbFQQx2UnhE6K4QxVM+0CMCh8LmBRkjDN7
SNCK8Cb0SiAO0XhKTLOdonVpdwKO6W0lCktd2UqErJdm9i9CjVDkw9UoeQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKREYPKIljzC1B7JhhLIQLlv2qkbMB8GA1UdIwQY
MBaAFGT0fJhEDxA4JcjqUHQpixjMET4gMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWlBSOG1FUVBFRGdseU9wUWRDbUxHTXdSUGlBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNi8wOTlhZWItYzcxMy00MmY4LTkxZDYt
Mzg0NDc4NTVkNjY5LzEvcEVSZzhvaVdQTUxVSHNtR0VzaEF1V19hcVJzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNi8wOTlhZWItYzcxMy00MmY4LTkxZDYtMzg0NDc4NTVkNjY5
LzEvWlBSOG1FUVBFRGdseU9wUWRDbUxHTXdSUGlBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuQO9MA0G
CSqGSIb3DQEBCwUAA4IBAQC94LqcYohU9Z06RE8cmblf7PQv42pOnpTJ/H5DDw8r
0m9pC2JnBZ9yMbUBm0VxwXoppdDCc9jrpcThFtGWUgEFKR/l3enNo2+CW/uTvLUh
tdldnVPUgLckuFStBXX8T5s1y4arHOalBxNjITMylRSwMNIho0M/9q1zC91RIiwp
RhNUVRaIe21LvD3do9jeE8+LmnTsgoGsqKqWltAwFgikKaAU4neBM5Aog26si+fA
/J9TEt70Dga0COBwlFl7HVoumLSuukpsy+FaofYMkuM3LoXCwYkCrhyXdoWJbRPO
JhO1MQKmue4Y2yB56rACmRcyNM2jqrDar6nT1WS7sqfl
-----END CERTIFICATE-----