Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/34/1c084c-982d-4098-af42-3425b125eaa7/1/nEtni_xbFe8uMKn7lNre_DGe-iI.roa
File:                     nEtni_xbFe8uMKn7lNre_DGe-iI.roa (raw, json)
Hash identifier:          H6QijqDmjL6blsOSOiprWmtN5FAUxeo34Tfbyral+Co=
Subject key identifier:   9C:4B:67:8B:FC:5B:15:EF:2E:30:A9:FB:94:DA:DE:FC:31:9E:FA:22
Certificate issuer:       /CN=0d722e4513a39678d8ab23b2d649775340518cb9
Certificate serial:       019428267160895E65BC28E4DB4C54BF7ACB
Authority key identifier: 0D:72:2E:45:13:A3:96:78:D8:AB:23:B2:D6:49:77:53:40:51:8C:B9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DXIuRROjlnjYqyOy1kl3U0BRjLk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/34/1c084c-982d-4098-af42-3425b125eaa7/1/nEtni_xbFe8uMKn7lNre_DGe-iI.roa
Signing time:             Thu 02 Jan 2025 17:53:15 +0000
ROA not before:           Thu 02 Jan 2025 17:53:15 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     20473
IP address blocks:        185.21.253.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/34/1c084c-982d-4098-af42-3425b125eaa7/1/DXIuRROjlnjYqyOy1kl3U0BRjLk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/34/1c084c-982d-4098-af42-3425b125eaa7/1/DXIuRROjlnjYqyOy1kl3U0BRjLk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DXIuRROjlnjYqyOy1kl3U0BRjLk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 11:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:28:26:71:60:89:5e:65:bc:28:e4:db:4c:54:bf:7a:cb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0d722e4513a39678d8ab23b2d649775340518cb9
        Validity
            Not Before: Jan  2 17:53:15 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9c4b678bfc5b15ef2e30a9fb94dadefc319efa22
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:43:f8:7e:8e:96:e7:c3:cd:ad:2b:df:c1:b6:
                    47:fa:6f:c0:ac:80:24:98:81:ad:ae:f6:92:88:e8:
                    b5:37:f7:9c:0e:cf:ee:b1:6f:cb:95:dd:e0:e9:7d:
                    f6:74:be:4d:bf:a9:23:56:3b:49:35:d8:d9:f5:2c:
                    5e:68:a0:c7:df:49:6a:1f:da:1d:6a:c9:c2:06:52:
                    14:17:5d:fd:4b:f3:15:de:1f:e4:67:7f:8e:ca:dd:
                    a9:ad:1d:45:0e:86:c7:e2:c2:e2:ed:09:52:a8:d1:
                    04:f0:a7:81:2b:2f:26:c6:64:52:02:ea:39:5a:dc:
                    07:fd:c2:21:07:69:f5:26:84:ed:e2:74:77:cc:aa:
                    38:04:67:45:d4:85:18:ce:01:fe:b2:d0:da:bb:1d:
                    12:d1:5a:05:af:42:ff:fd:dd:ab:3d:1a:34:bc:ac:
                    18:85:72:19:eb:0f:07:16:68:12:10:b1:67:a6:f3:
                    c7:ea:8d:b6:8e:59:05:32:fc:a5:8b:5b:d3:a1:cb:
                    45:0a:04:9f:26:b3:8d:14:f2:a8:e3:fd:cf:ac:36:
                    d8:7a:a4:e6:1e:78:65:53:4c:b8:bb:6d:16:0e:88:
                    53:80:66:c4:d2:a4:66:eb:a3:3a:c2:9b:10:fc:fe:
                    54:02:c4:34:cb:0a:ae:34:d8:2a:32:09:ed:74:4e:
                    83:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9C:4B:67:8B:FC:5B:15:EF:2E:30:A9:FB:94:DA:DE:FC:31:9E:FA:22
            X509v3 Authority Key Identifier:
                keyid:0D:72:2E:45:13:A3:96:78:D8:AB:23:B2:D6:49:77:53:40:51:8C:B9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DXIuRROjlnjYqyOy1kl3U0BRjLk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/34/1c084c-982d-4098-af42-3425b125eaa7/1/nEtni_xbFe8uMKn7lNre_DGe-iI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/34/1c084c-982d-4098-af42-3425b125eaa7/1/DXIuRROjlnjYqyOy1kl3U0BRjLk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.21.253.0/24

    Signature Algorithm: sha256WithRSAEncryption
         09:64:73:4b:90:49:31:a2:81:d0:f2:cb:db:e2:52:fd:04:c0:
         7b:a3:59:eb:8c:0a:bb:9d:52:e3:32:41:5d:93:ec:b9:3a:bd:
         f1:64:59:3f:b3:3f:af:11:f8:3f:ad:aa:6d:fb:ba:81:51:b7:
         fc:ee:91:b3:5d:95:e1:12:02:bc:a9:ed:4b:ee:a4:d5:57:9c:
         f8:58:a1:f4:00:b5:b7:91:f1:09:b2:84:1e:c4:0e:92:bb:c8:
         28:b2:97:fd:2c:f2:44:13:89:14:9e:48:70:83:58:9a:cc:fe:
         5f:de:61:2f:e7:65:3c:8f:17:02:7b:00:bd:93:79:ba:56:6b:
         f0:f5:fa:a7:20:01:2e:b2:e1:96:bf:c1:77:92:3e:36:0d:2b:
         cc:85:ba:b2:1c:cf:e5:60:e2:fd:19:93:59:67:6b:90:2d:ce:
         55:76:00:e2:b9:95:25:e8:75:3f:c1:93:6f:44:86:6e:ab:8f:
         d7:35:7a:56:9c:01:16:9e:d9:e4:24:c2:85:e8:59:66:cd:8d:
         b6:73:f3:dc:01:17:3d:5c:47:ca:2f:89:4c:95:45:17:3a:a1:
         90:a2:3a:dc:83:8b:98:59:66:fa:b6:df:6b:cf:2e:16:c9:68:
         45:78:9f:c8:d7:6f:85:8a:ab:04:9e:87:6a:6a:50:41:7c:92:
         9e:59:56:7b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQoJnFgiV5lvCjk20xUv3rLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBkNzIyZTQ1MTNhMzk2NzhkOGFiMjNiMmQ2NDk3NzUzNDA1
MThjYjkwHhcNMjUwMTAyMTc1MzE1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YzRiNjc4YmZjNWIxNWVmMmUzMGE5ZmI5NGRhZGVmYzMxOWVmYTIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxkP4fo6W58PNrSvfwbZH+m/ArIAk
mIGtrvaSiOi1N/ecDs/usW/Lld3g6X32dL5Nv6kjVjtJNdjZ9SxeaKDH30lqH9od
asnCBlIUF139S/MV3h/kZ3+Oyt2prR1FDobH4sLi7QlSqNEE8KeBKy8mxmRSAuo5
WtwH/cIhB2n1JoTt4nR3zKo4BGdF1IUYzgH+stDaux0S0VoFr0L//d2rPRo0vKwY
hXIZ6w8HFmgSELFnpvPH6o22jlkFMvyli1vToctFCgSfJrONFPKo4/3PrDbYeqTm
HnhlU0y4u20WDohTgGbE0qRm66M6wpsQ/P5UAsQ0ywquNNgqMgntdE6DhwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJxLZ4v8WxXvLjCp+5Ta3vwxnvoiMB8GA1UdIwQY
MBaAFA1yLkUTo5Z42KsjstZJd1NAUYy5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRFhJdVJST2psbmpZcXlPeTFrbDNVMEJSakxrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNC8xYzA4NGMtOTgyZC00MDk4LWFmNDIt
MzQyNWIxMjVlYWE3LzEvbkV0bmlfeGJGZTh1TUtuN2xOcmVfREdlLWlJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNC8xYzA4NGMtOTgyZC00MDk4LWFmNDItMzQyNWIxMjVlYWE3
LzEvRFhJdVJST2psbmpZcXlPeTFrbDNVMEJSakxrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuRX9MA0G
CSqGSIb3DQEBCwUAA4IBAQAJZHNLkEkxooHQ8svb4lL9BMB7o1nrjAq7nVLjMkFd
k+y5Or3xZFk/sz+vEfg/rapt+7qBUbf87pGzXZXhEgK8qe1L7qTVV5z4WKH0ALW3
kfEJsoQexA6Su8gospf9LPJEE4kUnkhwg1iazP5f3mEv52U8jxcCewC9k3m6Vmvw
9fqnIAEusuGWv8F3kj42DSvMhbqyHM/lYOL9GZNZZ2uQLc5VdgDiuZUl6HU/wZNv
RIZuq4/XNXpWnAEWntnkJMKF6FlmzY22c/PcARc9XEfKL4lMlUUXOqGQojrcg4uY
WWb6tt9rzy4WyWhFeJ/I12+FiqsEnodqalBBfJKeWVZ7
-----END CERTIFICATE-----