Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/25/f58ac8-53e9-4ca6-acb2-be57d7dfa0de/1/m4ZaNAjryBnKmYGIjG7kzaSGLxY.roa
File:                     m4ZaNAjryBnKmYGIjG7kzaSGLxY.roa (raw, json)
Hash identifier:          aDyxQeVUKQnIdI0z66YQQT1Tvz1bV3tGU371FonrpqU=
Subject key identifier:   9B:86:5A:34:08:EB:C8:19:CA:99:81:88:8C:6E:E4:CD:A4:86:2F:16
Certificate issuer:       /CN=621310302018a387c692146a35efd33a6ed6b1ef
Certificate serial:       01922A8FA0BDA19B927BD0767433205FA26E
Authority key identifier: 62:13:10:30:20:18:A3:87:C6:92:14:6A:35:EF:D3:3A:6E:D6:B1:EF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YhMQMCAYo4fGkhRqNe_TOm7Wse8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/25/f58ac8-53e9-4ca6-acb2-be57d7dfa0de/1/m4ZaNAjryBnKmYGIjG7kzaSGLxY.roa
Signing time:             Wed 25 Sep 2024 19:01:48 +0000
ROA not before:           Wed 25 Sep 2024 19:01:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     42831
IP address blocks:        185.99.20.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/25/f58ac8-53e9-4ca6-acb2-be57d7dfa0de/1/YhMQMCAYo4fGkhRqNe_TOm7Wse8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/25/f58ac8-53e9-4ca6-acb2-be57d7dfa0de/1/YhMQMCAYo4fGkhRqNe_TOm7Wse8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YhMQMCAYo4fGkhRqNe_TOm7Wse8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:2a:8f:a0:bd:a1:9b:92:7b:d0:76:74:33:20:5f:a2:6e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=621310302018a387c692146a35efd33a6ed6b1ef
        Validity
            Not Before: Sep 25 19:01:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9b865a3408ebc819ca9981888c6ee4cda4862f16
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ec:34:cc:30:d9:82:b9:9a:a3:da:b0:47:15:d2:
                    68:ec:6a:48:bb:09:64:fd:33:6b:14:57:4b:be:be:
                    96:46:ed:43:8c:5c:26:25:6a:1b:50:e3:06:34:a9:
                    12:9f:71:09:68:1e:2a:a0:03:ca:1c:25:c8:a5:45:
                    b2:21:00:ba:61:42:f6:3f:42:ce:62:73:de:cb:0c:
                    cd:79:04:96:27:c1:64:91:67:2d:32:9b:73:c2:1a:
                    b8:85:17:26:79:dd:45:73:b2:e7:e6:81:a9:af:2f:
                    84:9a:c0:e8:4f:c3:80:cd:14:07:29:67:f7:2d:40:
                    ff:ac:78:91:99:96:0f:35:a0:cf:fa:77:e8:17:46:
                    7d:70:87:ef:81:55:71:e2:3b:d6:13:89:e8:91:93:
                    3b:e6:2c:cf:da:b6:3f:21:ec:1e:6e:08:8c:85:bf:
                    f4:8f:62:7d:47:fb:b3:10:8f:7a:e6:ff:d8:f4:80:
                    7a:a7:8d:2c:39:4d:fe:46:77:05:0f:71:89:f8:46:
                    be:27:22:ef:52:62:c8:f5:44:d4:f7:57:27:57:7a:
                    db:99:b5:1f:ce:dd:88:6e:b5:52:49:af:16:d3:13:
                    64:b1:fc:c1:0c:cd:4c:7b:30:f1:70:be:5c:5e:7a:
                    97:73:8f:5e:54:06:0e:1a:e8:15:66:2c:8a:6e:15:
                    b4:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9B:86:5A:34:08:EB:C8:19:CA:99:81:88:8C:6E:E4:CD:A4:86:2F:16
            X509v3 Authority Key Identifier:
                keyid:62:13:10:30:20:18:A3:87:C6:92:14:6A:35:EF:D3:3A:6E:D6:B1:EF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YhMQMCAYo4fGkhRqNe_TOm7Wse8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/25/f58ac8-53e9-4ca6-acb2-be57d7dfa0de/1/m4ZaNAjryBnKmYGIjG7kzaSGLxY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/25/f58ac8-53e9-4ca6-acb2-be57d7dfa0de/1/YhMQMCAYo4fGkhRqNe_TOm7Wse8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.99.20.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3f:1d:e8:2d:fa:fe:c0:19:a5:18:e9:62:a6:51:b2:20:58:82:
         63:7f:30:8b:e6:f6:80:5e:a6:8c:dd:7e:68:c4:a3:38:37:9a:
         68:6a:bc:cd:dc:3a:df:5d:53:5a:e6:90:0d:ee:55:4d:84:e8:
         f8:42:e5:aa:d7:68:99:e2:9e:5d:61:95:24:46:bb:ab:fb:94:
         cd:5d:c7:00:ef:c9:33:c4:bb:7a:de:0f:e3:4e:1d:e7:aa:78:
         73:28:26:9c:0d:5f:91:6d:b4:6b:f8:6f:eb:24:bc:32:6a:94:
         cd:46:a0:dc:5c:c5:e9:b9:a7:98:94:b8:2b:48:df:01:32:fc:
         c2:4d:5c:48:fd:c7:33:ec:37:bd:91:29:44:a0:53:38:c1:1c:
         ee:5f:28:e6:96:7c:c7:d6:44:ac:60:b7:c5:b2:d0:16:a3:9c:
         b7:41:ad:bb:48:85:c7:10:e9:1d:f9:60:11:27:86:23:da:1f:
         06:07:02:e1:17:cd:b3:a2:c1:e2:bf:6b:31:58:69:9d:de:79:
         ac:bc:56:9a:ed:79:4c:fb:40:51:95:8b:5f:e2:9b:10:54:e5:
         6b:40:15:9c:a9:ea:ac:cf:ab:9a:ea:66:9d:6c:43:10:70:dd:
         ca:89:f1:ae:e1:a5:f5:ca:d6:af:c9:15:85:f7:5e:74:4a:65:
         04:de:b8:a9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZIqj6C9oZuSe9B2dDMgX6JuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYyMTMxMDMwMjAxOGEzODdjNjkyMTQ2YTM1ZWZkMzNhNmVk
NmIxZWYwHhcNMjQwOTI1MTkwMTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5Yjg2NWEzNDA4ZWJjODE5Y2E5OTgxODg4YzZlZTRjZGE0ODYyZjE2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7DTMMNmCuZqj2rBHFdJo7GpIuwlk
/TNrFFdLvr6WRu1DjFwmJWobUOMGNKkSn3EJaB4qoAPKHCXIpUWyIQC6YUL2P0LO
YnPeywzNeQSWJ8FkkWctMptzwhq4hRcmed1Fc7Ln5oGpry+EmsDoT8OAzRQHKWf3
LUD/rHiRmZYPNaDP+nfoF0Z9cIfvgVVx4jvWE4nokZM75izP2rY/IewebgiMhb/0
j2J9R/uzEI965v/Y9IB6p40sOU3+RncFD3GJ+Ea+JyLvUmLI9UTU91cnV3rbmbUf
zt2IbrVSSa8W0xNksfzBDM1MezDxcL5cXnqXc49eVAYOGugVZiyKbhW0gQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJuGWjQI68gZypmBiIxu5M2khi8WMB8GA1UdIwQY
MBaAFGITEDAgGKOHxpIUajXv0zpu1rHvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWWhNUU1DQVlvNGZHa2hScU5lX1RPbTdXc2U4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNS9mNThhYzgtNTNlOS00Y2E2LWFjYjIt
YmU1N2Q3ZGZhMGRlLzEvbTRaYU5BanJ5Qm5LbVlHSWpHN2t6YVNHTHhZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNS9mNThhYzgtNTNlOS00Y2E2LWFjYjItYmU1N2Q3ZGZhMGRl
LzEvWWhNUU1DQVlvNGZHa2hScU5lX1RPbTdXc2U4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuWMUMA0G
CSqGSIb3DQEBCwUAA4IBAQA/Hegt+v7AGaUY6WKmUbIgWIJjfzCL5vaAXqaM3X5o
xKM4N5poarzN3DrfXVNa5pAN7lVNhOj4QuWq12iZ4p5dYZUkRrur+5TNXccA78kz
xLt63g/jTh3nqnhzKCacDV+RbbRr+G/rJLwyapTNRqDcXMXpuaeYlLgrSN8BMvzC
TVxI/ccz7De9kSlEoFM4wRzuXyjmlnzH1kSsYLfFstAWo5y3Qa27SIXHEOkd+WAR
J4Yj2h8GBwLhF82zosHiv2sxWGmd3nmsvFaa7XlM+0BRlYtf4psQVOVrQBWcqeqs
z6ua6madbEMQcN3KifGu4aX1ytavyRWF9150SmUE3rip
-----END CERTIFICATE-----