Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/25/6add07-e6ad-4dba-9b8b-23e3813651d4/1/w4EgtXymNG4qdDGffeejqhzCwgQ.roa
File:                     w4EgtXymNG4qdDGffeejqhzCwgQ.roa (raw, json)
Hash identifier:          VmcnuEKWSTHxVX4tEucguGz0L6uvVm7W7xv8HWe4KjU=
Subject key identifier:   C3:81:20:B5:7C:A6:34:6E:2A:74:31:9F:7D:E7:A3:AA:1C:C2:C2:04
Certificate issuer:       /CN=aab1db0e00820876dfa20bec9b719aa795acc1de
Certificate serial:       01942067CD17FA5BBF53E95E9BB6B4C2BC8B
Authority key identifier: AA:B1:DB:0E:00:82:08:76:DF:A2:0B:EC:9B:71:9A:A7:95:AC:C1:DE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qrHbDgCCCHbfogvsm3Gap5Wswd4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/25/6add07-e6ad-4dba-9b8b-23e3813651d4/1/w4EgtXymNG4qdDGffeejqhzCwgQ.roa
Signing time:             Wed 01 Jan 2025 05:47:41 +0000
ROA not before:           Wed 01 Jan 2025 05:47:41 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     60783
IP address blocks:        185.25.232.0/24 maxlen: 24
                          2a04:3480::/29 maxlen: 29
                          2a0a:8fc0::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/25/6add07-e6ad-4dba-9b8b-23e3813651d4/1/qrHbDgCCCHbfogvsm3Gap5Wswd4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/25/6add07-e6ad-4dba-9b8b-23e3813651d4/1/qrHbDgCCCHbfogvsm3Gap5Wswd4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qrHbDgCCCHbfogvsm3Gap5Wswd4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 10 Mar 2025 08:01:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:67:cd:17:fa:5b:bf:53:e9:5e:9b:b6:b4:c2:bc:8b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=aab1db0e00820876dfa20bec9b719aa795acc1de
        Validity
            Not Before: Jan  1 05:47:41 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c38120b57ca6346e2a74319f7de7a3aa1cc2c204
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:57:f2:8d:11:a9:23:97:01:dd:9d:d4:67:4a:
                    37:50:6c:8f:bc:3e:8a:30:ec:a2:87:57:bd:dd:57:
                    32:4d:3e:5f:10:27:86:7c:f0:e5:49:89:e8:b4:2d:
                    c7:94:21:71:b0:a9:99:1d:21:86:45:3f:88:20:32:
                    c2:06:3a:8d:82:31:78:aa:a2:a5:5c:07:a1:97:97:
                    ea:01:a9:3b:20:90:17:92:6c:c2:27:f0:b7:92:95:
                    c2:1b:80:08:a3:39:1d:14:70:33:10:8d:d8:aa:77:
                    25:60:02:34:87:67:7f:11:c9:fa:d8:ef:2d:42:0d:
                    90:aa:96:9b:6c:72:9c:dd:a6:de:eb:c4:06:ca:82:
                    76:f2:9b:14:44:07:7a:1f:a4:90:05:e0:fe:ff:0a:
                    32:b9:9d:86:f7:62:b4:8a:36:dd:f7:96:c3:fa:69:
                    0a:98:1a:ac:c2:4d:f2:74:30:2e:69:e1:93:48:91:
                    86:3a:f4:ca:9a:bc:91:ed:d8:61:26:93:0f:9f:c3:
                    81:ea:a3:f3:8c:a8:0a:ae:37:d9:e2:f9:94:1f:23:
                    fa:b0:e4:62:49:71:cd:03:f8:2d:c1:bf:7e:b2:e9:
                    04:b4:c5:2f:29:7e:1b:a3:9c:d9:ec:18:a0:e2:f5:
                    84:c1:5a:32:ad:92:46:19:36:69:16:58:fd:ce:05:
                    aa:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C3:81:20:B5:7C:A6:34:6E:2A:74:31:9F:7D:E7:A3:AA:1C:C2:C2:04
            X509v3 Authority Key Identifier:
                keyid:AA:B1:DB:0E:00:82:08:76:DF:A2:0B:EC:9B:71:9A:A7:95:AC:C1:DE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qrHbDgCCCHbfogvsm3Gap5Wswd4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/25/6add07-e6ad-4dba-9b8b-23e3813651d4/1/w4EgtXymNG4qdDGffeejqhzCwgQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/25/6add07-e6ad-4dba-9b8b-23e3813651d4/1/qrHbDgCCCHbfogvsm3Gap5Wswd4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.25.232.0/24
                IPv6:
                  2a04:3480::/29
                  2a0a:8fc0::/29

    Signature Algorithm: sha256WithRSAEncryption
         8c:d6:72:e1:94:e5:40:02:b2:70:d7:9d:32:88:30:cf:d2:4e:
         5c:48:7d:32:82:25:0e:09:fa:93:68:b9:1b:1e:0f:1e:d5:f4:
         78:c1:38:44:ca:09:83:12:61:76:93:8e:bc:b9:8f:5f:41:86:
         ad:82:33:c8:5b:1e:7a:6d:bb:16:fb:4a:ee:c3:5a:a1:85:55:
         9d:93:e3:7b:3b:b9:e7:46:51:fb:af:a8:a1:72:b5:7b:b2:85:
         f3:81:91:2e:98:45:5b:57:e8:ec:57:d6:61:c3:8e:eb:8e:87:
         b3:6c:47:0b:79:ad:74:6b:50:6a:48:3e:03:80:e7:1d:94:1e:
         cd:5a:81:eb:8b:12:0c:cf:87:85:71:31:cb:da:53:e6:a2:43:
         7e:c1:2c:d2:f4:f7:ce:e1:ad:46:65:f4:4c:d5:47:29:c9:44:
         9e:09:45:37:0c:f2:3b:3d:53:48:8d:42:07:db:3f:17:7e:97:
         10:d5:12:16:b5:f2:67:0d:2d:28:25:7f:74:49:5c:97:0d:c6:
         ff:9e:d5:dc:65:ee:9d:ca:51:89:2c:4d:e0:47:c9:ec:52:86:
         dd:4b:62:fc:9c:f0:23:88:0d:96:db:ca:b6:e5:f8:2f:55:6f:
         98:b8:c9:cc:af:5c:05:26:ab:fa:3c:b5:f5:f3:6d:91:5e:e8:
         49:a5:57:4f
-----BEGIN CERTIFICATE-----
MIIFEzCCA/ugAwIBAgISAZQgZ80X+lu/U+lem7a0wryLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFhYjFkYjBlMDA4MjA4NzZkZmEyMGJlYzliNzE5YWE3OTVh
Y2MxZGUwHhcNMjUwMTAxMDU0NzQxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMzgxMjBiNTdjYTYzNDZlMmE3NDMxOWY3ZGU3YTNhYTFjYzJjMjA0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkVfyjRGpI5cB3Z3UZ0o3UGyPvD6K
MOyih1e93VcyTT5fECeGfPDlSYnotC3HlCFxsKmZHSGGRT+IIDLCBjqNgjF4qqKl
XAehl5fqAak7IJAXkmzCJ/C3kpXCG4AIozkdFHAzEI3YqnclYAI0h2d/Ecn62O8t
Qg2QqpabbHKc3abe68QGyoJ28psURAd6H6SQBeD+/woyuZ2G92K0ijbd95bD+mkK
mBqswk3ydDAuaeGTSJGGOvTKmryR7dhhJpMPn8OB6qPzjKgKrjfZ4vmUHyP6sORi
SXHNA/gtwb9+sukEtMUvKX4bo5zZ7Big4vWEwVoyrZJGGTZpFlj9zgWq2QIDAQAB
o4ICHzCCAhswHQYDVR0OBBYEFMOBILV8pjRuKnQxn33no6ocwsIEMB8GA1UdIwQY
MBaAFKqx2w4Aggh236IL7JtxmqeVrMHeMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcXJIYkRnQ0NDSGJmb2d2c20zR2FwNVdzd2Q0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNS82YWRkMDctZTZhZC00ZGJhLTliOGIt
MjNlMzgxMzY1MWQ0LzEvdzRFZ3RYeW1ORzRxZERHZmZlZWpxaHpDd2dRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNS82YWRkMDctZTZhZC00ZGJhLTliOGItMjNlMzgxMzY1MWQ0
LzEvcXJIYkRnQ0NDSGJmb2d2c20zR2FwNVdzd2Q0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDUGCCsGAQUFBwEHAQH/BCYwJDAMBAIAATAGAwQAuRnoMBQE
AgACMA4DBQMqBDSAAwUDKgqPwDANBgkqhkiG9w0BAQsFAAOCAQEAjNZy4ZTlQAKy
cNedMogwz9JOXEh9MoIlDgn6k2i5Gx4PHtX0eME4RMoJgxJhdpOOvLmPX0GGrYIz
yFseem27FvtK7sNaoYVVnZPjezu550ZR+6+ooXK1e7KF84GRLphFW1fo7FfWYcOO
646Hs2xHC3mtdGtQakg+A4DnHZQezVqB64sSDM+HhXExy9pT5qJDfsEs0vT3zuGt
RmX0TNVHKclEnglFNwzyOz1TSI1CB9s/F36XENUSFrXyZw0tKCV/dElclw3G/57V
3GXuncpRiSxN4EfJ7FKG3Uti/JzwI4gNltvKtuX4L1VvmLjJzK9cBSar+jy19fNt
kV7oSaVXTw==
-----END CERTIFICATE-----