Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/34/1c084c-982d-4098-af42-3425b125eaa7/1/snhgZyKIl81SdGEMa8SNezN2B-8.roa
File:                     snhgZyKIl81SdGEMa8SNezN2B-8.roa (raw, json)
Hash identifier:          q+Juob+GqX3pjwEyROSsOIkH/g4f1ysryJqAil4DeqU=
Subject key identifier:   B2:78:60:67:22:88:97:CD:52:74:61:0C:6B:C4:8D:7B:33:76:07:EF
Certificate issuer:       /CN=0d722e4513a39678d8ab23b2d649775340518cb9
Certificate serial:       01944C0ABC429F132CE9AA178A1AE28E2308
Authority key identifier: 0D:72:2E:45:13:A3:96:78:D8:AB:23:B2:D6:49:77:53:40:51:8C:B9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DXIuRROjlnjYqyOy1kl3U0BRjLk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/34/1c084c-982d-4098-af42-3425b125eaa7/1/snhgZyKIl81SdGEMa8SNezN2B-8.roa
Signing time:             Thu 09 Jan 2025 17:09:19 +0000
ROA not before:           Thu 09 Jan 2025 17:09:19 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     31715
IP address blocks:        185.21.254.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/34/1c084c-982d-4098-af42-3425b125eaa7/1/DXIuRROjlnjYqyOy1kl3U0BRjLk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/34/1c084c-982d-4098-af42-3425b125eaa7/1/DXIuRROjlnjYqyOy1kl3U0BRjLk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DXIuRROjlnjYqyOy1kl3U0BRjLk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 11:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:4c:0a:bc:42:9f:13:2c:e9:aa:17:8a:1a:e2:8e:23:08
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0d722e4513a39678d8ab23b2d649775340518cb9
        Validity
            Not Before: Jan  9 17:09:19 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b2786067228897cd5274610c6bc48d7b337607ef
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:4a:6e:c8:c7:35:ba:b2:2f:c5:11:25:39:ce:
                    7f:3b:13:66:45:d6:d0:a6:c3:83:28:bc:90:93:7f:
                    fa:a7:5e:01:26:eb:e4:5e:10:1e:c3:e4:a0:d5:76:
                    ca:0e:a3:49:e1:f2:09:6d:bf:b6:f4:3a:c1:5f:46:
                    c1:1f:e5:8a:07:ff:ed:6e:11:55:54:b1:75:5b:a2:
                    53:e8:cd:fc:7b:39:f9:97:4b:03:77:5f:3e:75:07:
                    12:32:6d:ed:40:c5:10:80:5d:2e:42:a8:9f:b8:96:
                    94:38:e3:c1:b6:05:2a:23:8d:bf:58:39:3d:ed:58:
                    ba:4d:24:56:73:3d:cb:6e:76:c1:7f:07:17:71:d4:
                    25:8b:3b:af:e1:eb:19:c8:19:c7:c7:a9:2b:82:9e:
                    f2:e7:73:62:c6:7a:7c:2f:af:60:dd:b6:c7:87:7b:
                    49:87:16:9d:61:21:36:72:75:67:60:aa:00:46:e4:
                    b5:f5:53:4e:24:e5:02:4d:90:89:ff:c9:33:1c:f4:
                    b6:43:9a:ec:58:8c:ec:7d:f1:37:36:64:7e:ca:14:
                    69:ea:c1:69:2c:a2:b0:6d:0e:61:0d:af:1b:a0:1a:
                    24:1a:e4:33:b0:a4:2e:c4:30:af:7d:d3:f9:dc:1a:
                    7a:82:b5:54:eb:2e:1e:68:fe:4b:2e:87:80:30:73:
                    96:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B2:78:60:67:22:88:97:CD:52:74:61:0C:6B:C4:8D:7B:33:76:07:EF
            X509v3 Authority Key Identifier:
                keyid:0D:72:2E:45:13:A3:96:78:D8:AB:23:B2:D6:49:77:53:40:51:8C:B9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DXIuRROjlnjYqyOy1kl3U0BRjLk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/34/1c084c-982d-4098-af42-3425b125eaa7/1/snhgZyKIl81SdGEMa8SNezN2B-8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/34/1c084c-982d-4098-af42-3425b125eaa7/1/DXIuRROjlnjYqyOy1kl3U0BRjLk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.21.254.0/24

    Signature Algorithm: sha256WithRSAEncryption
         04:97:a7:f8:06:38:eb:1a:f5:9c:fc:13:35:f0:91:bc:62:75:
         a0:af:76:0a:ab:18:da:65:9d:bf:60:a9:e0:6b:39:e4:6b:0c:
         29:f4:91:82:04:46:e4:33:f6:5f:9c:44:5b:f6:e3:4c:14:ec:
         d2:c6:16:40:d8:13:68:dc:0d:7d:67:cc:e1:49:e4:dc:19:1f:
         e9:0a:cd:f2:a7:f0:2f:b4:87:37:1d:bf:e0:b9:53:4c:01:c4:
         9b:6c:fa:9d:cc:f9:9c:c7:91:4d:a8:95:c9:01:a4:42:5b:2c:
         94:91:f9:d3:84:0c:a7:c3:88:cd:e2:b2:b6:6b:13:8d:cf:1d:
         25:5a:df:e8:db:71:fc:f6:e7:80:f6:f8:5b:61:95:2a:7d:78:
         95:82:16:fb:fb:c6:bb:15:d7:83:fa:3f:0e:1d:46:b8:1e:e6:
         e3:92:3e:4a:9d:f7:d1:fc:64:dc:10:6f:2e:c3:29:14:7a:d6:
         49:f8:b6:78:cc:80:ce:81:8f:de:ce:8b:58:95:a5:e3:ea:af:
         07:be:83:34:cf:0d:92:c0:d4:0d:9f:55:72:f3:c7:67:77:a9:
         2f:18:b5:a4:f2:33:f5:44:b2:e3:11:d8:34:20:18:5c:33:a2:
         ec:82:13:35:c4:8b:0d:9f:98:24:71:36:37:c0:68:ef:96:57:
         de:db:28:63
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZRMCrxCnxMs6aoXihrijiMIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBkNzIyZTQ1MTNhMzk2NzhkOGFiMjNiMmQ2NDk3NzUzNDA1
MThjYjkwHhcNMjUwMTA5MTcwOTE5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMjc4NjA2NzIyODg5N2NkNTI3NDYxMGM2YmM0OGQ3YjMzNzYwN2VmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs0puyMc1urIvxRElOc5/OxNmRdbQ
psODKLyQk3/6p14BJuvkXhAew+Sg1XbKDqNJ4fIJbb+29DrBX0bBH+WKB//tbhFV
VLF1W6JT6M38ezn5l0sDd18+dQcSMm3tQMUQgF0uQqifuJaUOOPBtgUqI42/WDk9
7Vi6TSRWcz3LbnbBfwcXcdQlizuv4esZyBnHx6krgp7y53Nixnp8L69g3bbHh3tJ
hxadYSE2cnVnYKoARuS19VNOJOUCTZCJ/8kzHPS2Q5rsWIzsffE3NmR+yhRp6sFp
LKKwbQ5hDa8boBokGuQzsKQuxDCvfdP53Bp6grVU6y4eaP5LLoeAMHOWuQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLJ4YGciiJfNUnRhDGvEjXszdgfvMB8GA1UdIwQY
MBaAFA1yLkUTo5Z42KsjstZJd1NAUYy5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRFhJdVJST2psbmpZcXlPeTFrbDNVMEJSakxrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNC8xYzA4NGMtOTgyZC00MDk4LWFmNDIt
MzQyNWIxMjVlYWE3LzEvc25oZ1p5S0lsODFTZEdFTWE4U05lek4yQi04LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNC8xYzA4NGMtOTgyZC00MDk4LWFmNDItMzQyNWIxMjVlYWE3
LzEvRFhJdVJST2psbmpZcXlPeTFrbDNVMEJSakxrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuRX+MA0G
CSqGSIb3DQEBCwUAA4IBAQAEl6f4BjjrGvWc/BM18JG8YnWgr3YKqxjaZZ2/YKng
aznkawwp9JGCBEbkM/ZfnERb9uNMFOzSxhZA2BNo3A19Z8zhSeTcGR/pCs3yp/Av
tIc3Hb/guVNMAcSbbPqdzPmcx5FNqJXJAaRCWyyUkfnThAynw4jN4rK2axONzx0l
Wt/o23H89ueA9vhbYZUqfXiVghb7+8a7FdeD+j8OHUa4Hubjkj5KnffR/GTcEG8u
wykUetZJ+LZ4zIDOgY/ezotYlaXj6q8HvoM0zw2SwNQNn1Vy88dnd6kvGLWk8jP1
RLLjEdg0IBhcM6LsghM1xIsNn5gkcTY3wGjvllfe2yhj
-----END CERTIFICATE-----