Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/PBj6-9bUbvjdkV_qlt82c10bReA.roa
File:                     PBj6-9bUbvjdkV_qlt82c10bReA.roa (raw, json)
Hash identifier:          WTp3UPXf0BH/5IPzR9HY0LjsOTl6sI3ZFKKbB5qHZsU=
Subject key identifier:   3C:18:FA:FB:D6:D4:6E:F8:DD:91:5F:EA:96:DF:36:73:5D:1B:45:E0
Certificate issuer:       /CN=b1a7b0d8de8251d36d7c83faf6bc7efec73b5034
Certificate serial:       01942747D5A297FC880082401A4DB0188924
Authority key identifier: B1:A7:B0:D8:DE:82:51:D3:6D:7C:83:FA:F6:BC:7E:FE:C7:3B:50:34
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/saew2N6CUdNtfIP69rx-_sc7UDQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/PBj6-9bUbvjdkV_qlt82c10bReA.roa
Signing time:             Thu 02 Jan 2025 13:50:06 +0000
ROA not before:           Thu 02 Jan 2025 13:50:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     51692
IP address blocks:        185.242.225.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/saew2N6CUdNtfIP69rx-_sc7UDQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/saew2N6CUdNtfIP69rx-_sc7UDQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/saew2N6CUdNtfIP69rx-_sc7UDQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 10:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:47:d5:a2:97:fc:88:00:82:40:1a:4d:b0:18:89:24
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b1a7b0d8de8251d36d7c83faf6bc7efec73b5034
        Validity
            Not Before: Jan  2 13:50:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3c18fafbd6d46ef8dd915fea96df36735d1b45e0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:12:f4:51:25:c7:45:bd:63:89:6b:63:80:2a:
                    e3:ba:2f:b4:40:9a:06:0c:67:b0:62:b8:30:85:b1:
                    fa:88:a5:fa:b5:e8:55:26:1a:f4:01:96:d6:9b:54:
                    c2:4b:b1:00:a1:69:16:15:ce:5d:9a:6f:5a:b4:be:
                    63:6c:75:ef:0f:56:ea:a3:9b:df:e5:0d:4b:29:a5:
                    84:1a:90:b3:75:9b:48:d1:4a:33:4b:0b:e4:7d:7b:
                    92:9f:59:5e:e6:02:87:70:59:b8:e8:59:f4:f0:3e:
                    41:a5:a4:89:17:cf:0e:5c:a8:a8:a2:f4:32:32:67:
                    06:4f:86:6b:65:62:3a:54:bb:83:a5:5f:80:0d:ab:
                    cd:c1:28:3c:1e:41:17:87:1e:1f:44:df:7c:c1:01:
                    65:33:82:26:19:28:23:62:98:26:58:84:54:d5:c1:
                    6a:7d:b0:c3:b8:39:26:91:2a:a8:77:a6:c3:23:f5:
                    2d:32:0b:aa:9b:43:a8:bb:f6:83:e4:cb:7f:c4:09:
                    91:d7:5d:2c:a8:61:49:d7:d0:43:57:d4:90:cc:d3:
                    43:f6:ec:58:8b:67:7a:31:b7:24:b4:8b:17:4b:17:
                    bc:0b:a8:21:2f:f3:89:a3:5d:3a:f9:31:09:1f:66:
                    fa:e5:a7:21:47:31:71:d0:84:33:2e:09:86:f0:63:
                    7c:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3C:18:FA:FB:D6:D4:6E:F8:DD:91:5F:EA:96:DF:36:73:5D:1B:45:E0
            X509v3 Authority Key Identifier:
                keyid:B1:A7:B0:D8:DE:82:51:D3:6D:7C:83:FA:F6:BC:7E:FE:C7:3B:50:34

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/saew2N6CUdNtfIP69rx-_sc7UDQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/PBj6-9bUbvjdkV_qlt82c10bReA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/saew2N6CUdNtfIP69rx-_sc7UDQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.242.225.0/24

    Signature Algorithm: sha256WithRSAEncryption
         bc:3e:56:0d:67:6c:b0:f9:24:bf:60:b4:52:10:b0:fb:72:73:
         21:15:82:da:64:41:50:fe:97:1f:54:83:94:cb:b3:0a:90:8a:
         da:48:33:13:6c:ed:a9:70:a1:63:3a:26:9e:8d:2c:14:00:65:
         9f:97:f5:b2:d9:9b:b2:80:fc:b0:8f:aa:cc:49:ee:a7:11:ce:
         1d:ed:d0:6b:9e:2d:e4:59:24:58:18:23:40:4d:5b:9f:38:99:
         66:8b:fa:11:73:b5:68:4b:58:cc:16:d9:e8:cc:8a:11:9f:14:
         55:4c:15:cb:5b:24:c1:dc:74:16:54:7f:da:cd:0a:24:0a:0f:
         05:81:8f:04:a2:24:e9:92:e8:7b:87:15:07:6b:e7:b2:71:bf:
         9c:e3:f8:2d:3e:f5:69:57:38:c3:03:93:eb:28:1e:cf:44:bc:
         ff:01:d3:21:9f:9b:62:cd:3f:88:95:2b:19:69:a4:a9:b5:27:
         64:37:be:7a:ea:c4:46:b2:b1:45:26:8a:fa:7f:67:34:1c:68:
         1a:74:cd:69:5f:a2:e0:8e:97:ec:07:07:32:26:79:45:44:13:
         67:a2:82:91:29:76:c1:a5:35:90:1d:3a:ba:9c:ea:40:ad:22:
         bd:52:59:15:62:38:66:0c:4c:f1:2b:d1:af:12:2c:1b:aa:f5:
         a9:99:15:3e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQnR9Wil/yIAIJAGk2wGIkkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIxYTdiMGQ4ZGU4MjUxZDM2ZDdjODNmYWY2YmM3ZWZlYzcz
YjUwMzQwHhcNMjUwMTAyMTM1MDA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYzE4ZmFmYmQ2ZDQ2ZWY4ZGQ5MTVmZWE5NmRmMzY3MzVkMWI0NWUwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtRL0USXHRb1jiWtjgCrjui+0QJoG
DGewYrgwhbH6iKX6tehVJhr0AZbWm1TCS7EAoWkWFc5dmm9atL5jbHXvD1bqo5vf
5Q1LKaWEGpCzdZtI0UozSwvkfXuSn1le5gKHcFm46Fn08D5BpaSJF88OXKioovQy
MmcGT4ZrZWI6VLuDpV+ADavNwSg8HkEXhx4fRN98wQFlM4ImGSgjYpgmWIRU1cFq
fbDDuDkmkSqod6bDI/UtMguqm0Oou/aD5Mt/xAmR110sqGFJ19BDV9SQzNND9uxY
i2d6MbcktIsXSxe8C6ghL/OJo106+TEJH2b65achRzFx0IQzLgmG8GN8dwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDwY+vvW1G743ZFf6pbfNnNdG0XgMB8GA1UdIwQY
MBaAFLGnsNjeglHTbXyD+va8fv7HO1A0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc2FldzJONkNVZE50ZklQNjlyeC1fc2M3VURRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNy9mMTM0YzgtZjgxNC00YjcxLTk1N2It
Mzk0YWNkMjFmMzliLzEvUEJqNi05YlVidmpka1ZfcWx0ODJjMTBiUmVBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNy9mMTM0YzgtZjgxNC00YjcxLTk1N2ItMzk0YWNkMjFmMzli
LzEvc2FldzJONkNVZE50ZklQNjlyeC1fc2M3VURRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAufLhMA0G
CSqGSIb3DQEBCwUAA4IBAQC8PlYNZ2yw+SS/YLRSELD7cnMhFYLaZEFQ/pcfVIOU
y7MKkIraSDMTbO2pcKFjOiaejSwUAGWfl/Wy2ZuygPywj6rMSe6nEc4d7dBrni3k
WSRYGCNATVufOJlmi/oRc7VoS1jMFtnozIoRnxRVTBXLWyTB3HQWVH/azQokCg8F
gY8EoiTpkuh7hxUHa+eycb+c4/gtPvVpVzjDA5PrKB7PRLz/AdMhn5tizT+IlSsZ
aaSptSdkN7566sRGsrFFJor6f2c0HGgadM1pX6LgjpfsBwcyJnlFRBNnooKRKXbB
pTWQHTq6nOpArSK9UlkVYjhmDEzxK9GvEiwbqvWpmRU+
-----END CERTIFICATE-----