Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/c800c9-51b5-4589-9260-063fcdd3a057/1/iu7nkMMloLMO4qPNzRbpLkYcyro.roa
File:                     iu7nkMMloLMO4qPNzRbpLkYcyro.roa (raw, json)
Hash identifier:          4ANkfNKLh7Z2wCwDamCSoeryHoHgG5FlZVn0i1JfMb0=
Subject key identifier:   8A:EE:E7:90:C3:25:A0:B3:0E:E2:A3:CD:CD:16:E9:2E:46:1C:CA:BA
Certificate issuer:       /CN=7c3c39d1899e699bf5177418ee381489edff4380
Certificate serial:       0194228DBBCC4D80800DDDAE8E29E0452848
Authority key identifier: 7C:3C:39:D1:89:9E:69:9B:F5:17:74:18:EE:38:14:89:ED:FF:43:80
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fDw50YmeaZv1F3QY7jgUie3_Q4A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/c800c9-51b5-4589-9260-063fcdd3a057/1/iu7nkMMloLMO4qPNzRbpLkYcyro.roa
Signing time:             Wed 01 Jan 2025 15:48:21 +0000
ROA not before:           Wed 01 Jan 2025 15:48:21 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     205570
IP address blocks:        185.18.120.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/36/c800c9-51b5-4589-9260-063fcdd3a057/1/fDw50YmeaZv1F3QY7jgUie3_Q4A.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/36/c800c9-51b5-4589-9260-063fcdd3a057/1/fDw50YmeaZv1F3QY7jgUie3_Q4A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fDw50YmeaZv1F3QY7jgUie3_Q4A.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 22:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:8d:bb:cc:4d:80:80:0d:dd:ae:8e:29:e0:45:28:48
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7c3c39d1899e699bf5177418ee381489edff4380
        Validity
            Not Before: Jan  1 15:48:21 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8aeee790c325a0b30ee2a3cdcd16e92e461ccaba
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:c8:0f:a1:de:a4:e4:a2:f7:15:05:ca:47:8d:
                    d8:b6:2c:45:29:57:fa:f2:25:b0:fd:74:67:40:fc:
                    65:55:83:ce:79:a5:66:44:73:f7:b9:19:c0:68:3c:
                    44:d6:9c:0f:c2:cb:d2:05:9d:10:48:19:43:db:f2:
                    4c:e5:c3:56:15:de:9a:53:11:22:c7:78:0c:0a:65:
                    20:98:c8:9b:e5:23:7e:af:eb:5e:10:16:6e:af:fa:
                    f8:d3:a3:ed:14:3c:59:73:57:5e:1e:57:16:25:fb:
                    3d:0a:39:ca:fd:1c:e4:d6:59:6c:5f:39:1a:2b:23:
                    00:f6:f3:92:e4:14:ce:a0:f5:e8:d3:0b:4c:33:71:
                    ed:38:0d:82:a6:45:b6:06:d1:a8:3e:f1:5a:67:82:
                    2a:ef:fa:b7:d0:d0:1a:48:78:6e:69:12:16:20:3f:
                    83:aa:cf:71:a2:21:f9:ee:1f:14:00:69:c5:ec:20:
                    06:b3:36:d4:c2:3a:98:be:7a:c7:a7:b2:f3:d6:fc:
                    2a:b1:80:19:4a:bd:64:7c:1e:d7:75:86:73:76:4b:
                    30:6d:42:49:6a:e9:9a:25:34:5e:ac:21:1e:82:ca:
                    a2:aa:8a:e4:35:bb:2e:73:10:70:20:d0:b0:44:b2:
                    09:8c:3e:2c:74:ad:3f:09:86:a7:15:fe:18:2f:19:
                    ab:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8A:EE:E7:90:C3:25:A0:B3:0E:E2:A3:CD:CD:16:E9:2E:46:1C:CA:BA
            X509v3 Authority Key Identifier:
                keyid:7C:3C:39:D1:89:9E:69:9B:F5:17:74:18:EE:38:14:89:ED:FF:43:80

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fDw50YmeaZv1F3QY7jgUie3_Q4A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/c800c9-51b5-4589-9260-063fcdd3a057/1/iu7nkMMloLMO4qPNzRbpLkYcyro.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/c800c9-51b5-4589-9260-063fcdd3a057/1/fDw50YmeaZv1F3QY7jgUie3_Q4A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.18.120.0/23

    Signature Algorithm: sha256WithRSAEncryption
         3d:77:b1:6e:39:b8:bd:60:41:c0:b8:16:9e:3c:d7:71:6a:7a:
         ed:fa:aa:66:ca:36:cb:57:56:d2:ab:60:9d:8e:f8:ce:e7:81:
         e3:a7:a8:ee:e9:7e:da:fd:3f:be:85:da:b2:fe:9a:fd:23:78:
         07:0f:a3:89:3d:a6:56:31:5b:fb:ff:50:27:40:75:5c:c7:14:
         cf:d0:58:69:7a:3a:da:1f:99:23:fe:23:69:99:8e:7b:42:f5:
         c8:de:03:81:42:81:bc:7d:bc:35:ac:f1:de:1d:5f:58:40:06:
         7c:c2:58:14:cb:93:30:8c:c1:03:40:1b:cd:0b:82:10:f9:2c:
         e7:3c:0b:e9:a7:fe:63:4e:09:8e:4a:90:c4:1c:99:ab:56:eb:
         cf:1c:86:15:83:5b:72:d9:c7:f5:a0:26:43:f1:da:d1:36:e3:
         93:89:c4:30:0b:1e:02:e7:92:89:36:80:e2:61:b8:e5:c9:79:
         44:b1:f0:db:3a:b6:b0:2c:c6:00:99:12:ff:e0:83:45:c4:e7:
         62:7f:6d:74:d6:a9:f3:b8:44:72:db:c5:2a:99:86:8e:4c:d2:
         62:de:81:93:ef:b6:4f:35:51:0d:37:e2:c3:24:48:77:68:95:
         4a:ec:ec:b7:d4:c3:e0:a8:69:df:fb:81:b9:02:7d:3f:fd:bd:
         16:91:f5:c4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQijbvMTYCADd2ujingRShIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdjM2MzOWQxODk5ZTY5OWJmNTE3NzQxOGVlMzgxNDg5ZWRm
ZjQzODAwHhcNMjUwMTAxMTU0ODIxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YWVlZTc5MGMzMjVhMGIzMGVlMmEzY2RjZDE2ZTkyZTQ2MWNjYWJhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArMgPod6k5KL3FQXKR43YtixFKVf6
8iWw/XRnQPxlVYPOeaVmRHP3uRnAaDxE1pwPwsvSBZ0QSBlD2/JM5cNWFd6aUxEi
x3gMCmUgmMib5SN+r+teEBZur/r406PtFDxZc1deHlcWJfs9CjnK/Rzk1llsXzka
KyMA9vOS5BTOoPXo0wtMM3HtOA2CpkW2BtGoPvFaZ4Iq7/q30NAaSHhuaRIWID+D
qs9xoiH57h8UAGnF7CAGszbUwjqYvnrHp7Lz1vwqsYAZSr1kfB7XdYZzdkswbUJJ
aumaJTRerCEegsqiqorkNbsucxBwINCwRLIJjD4sdK0/CYanFf4YLxmrpwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIru55DDJaCzDuKjzc0W6S5GHMq6MB8GA1UdIwQY
MBaAFHw8OdGJnmmb9Rd0GO44FInt/0OAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZkR3NTBZbWVhWnYxRjNRWTdqZ1VpZTNfUTRBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi9jODAwYzktNTFiNS00NTg5LTkyNjAt
MDYzZmNkZDNhMDU3LzEvaXU3bmtNTWxvTE1PNHFQTnpSYnBMa1ljeXJvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi9jODAwYzktNTFiNS00NTg5LTkyNjAtMDYzZmNkZDNhMDU3
LzEvZkR3NTBZbWVhWnYxRjNRWTdqZ1VpZTNfUTRBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBuRJ4MA0G
CSqGSIb3DQEBCwUAA4IBAQA9d7FuObi9YEHAuBaePNdxanrt+qpmyjbLV1bSq2Cd
jvjO54Hjp6ju6X7a/T++hdqy/pr9I3gHD6OJPaZWMVv7/1AnQHVcxxTP0Fhpejra
H5kj/iNpmY57QvXI3gOBQoG8fbw1rPHeHV9YQAZ8wlgUy5MwjMEDQBvNC4IQ+Szn
PAvpp/5jTgmOSpDEHJmrVuvPHIYVg1ty2cf1oCZD8drRNuOTicQwCx4C55KJNoDi
YbjlyXlEsfDbOrawLMYAmRL/4INFxOdif2101qnzuERy28UqmYaOTNJi3oGT77ZP
NVENN+LDJEh3aJVK7Oy31MPgqGnf+4G5An0//b0WkfXE
-----END CERTIFICATE-----