Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/37/d8b009-d923-4bff-a82f-e8b70aa442fd/1/amXQGDZKy47wA0u5iNrCG12G65E.roa
File:                     amXQGDZKy47wA0u5iNrCG12G65E.roa (raw, json)
Hash identifier:          1n+UabIeiKZ85p6BFII330KVf+1vpRK87qkxEEsolHs=
Subject key identifier:   6A:65:D0:18:36:4A:CB:8E:F0:03:4B:B9:88:DA:C2:1B:5D:86:EB:91
Certificate issuer:       /CN=25a3f511d0095606a525084ae460836dc5d24397
Certificate serial:       0194221FF83699B0126565AE8A6BE7EEFFB2
Authority key identifier: 25:A3:F5:11:D0:09:56:06:A5:25:08:4A:E4:60:83:6D:C5:D2:43:97
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JaP1EdAJVgalJQhK5GCDbcXSQ5c.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/37/d8b009-d923-4bff-a82f-e8b70aa442fd/1/amXQGDZKy47wA0u5iNrCG12G65E.roa
Signing time:             Wed 01 Jan 2025 13:48:27 +0000
ROA not before:           Wed 01 Jan 2025 13:48:27 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     60608
IP address blocks:        185.28.120.0/24 maxlen: 24
                          185.28.121.0/24 maxlen: 24
                          185.28.122.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/37/d8b009-d923-4bff-a82f-e8b70aa442fd/1/JaP1EdAJVgalJQhK5GCDbcXSQ5c.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/37/d8b009-d923-4bff-a82f-e8b70aa442fd/1/JaP1EdAJVgalJQhK5GCDbcXSQ5c.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JaP1EdAJVgalJQhK5GCDbcXSQ5c.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:1f:f8:36:99:b0:12:65:65:ae:8a:6b:e7:ee:ff:b2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=25a3f511d0095606a525084ae460836dc5d24397
        Validity
            Not Before: Jan  1 13:48:27 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6a65d018364acb8ef0034bb988dac21b5d86eb91
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:c5:63:26:06:05:6f:0a:57:47:b8:a8:31:8d:
                    65:5f:eb:c3:32:0c:88:2b:c9:28:dd:a1:b1:a2:c2:
                    a3:89:cf:79:f8:af:3e:40:b6:2d:f6:b9:40:f3:81:
                    79:bf:e7:ea:84:fc:45:f8:13:03:53:5a:f6:df:c1:
                    dc:c6:f4:bb:88:04:da:53:13:f9:ad:48:76:6e:7b:
                    10:d7:a2:dd:65:0b:e8:a7:e1:ef:2f:ad:c9:1f:8b:
                    cb:13:3c:f3:10:5a:6a:2f:e3:87:cf:d6:b8:b8:0f:
                    12:c9:c1:cf:e1:dc:cf:56:fd:03:d6:f4:c4:95:d7:
                    f7:63:b7:ce:79:99:ac:ff:2f:be:a4:b6:60:87:04:
                    04:93:37:6a:5d:1d:59:78:6d:5b:1a:33:09:2c:cd:
                    29:b2:b8:09:50:2a:e4:9a:17:08:d7:e0:15:d1:95:
                    59:4f:73:bf:3e:b7:5c:ee:6f:36:28:33:5a:ae:95:
                    3a:7f:ea:17:f8:be:53:f2:90:49:91:93:b0:1e:d4:
                    d9:c8:e9:e9:68:40:06:a9:0c:8e:0b:69:ff:6d:26:
                    ec:be:6b:86:75:1d:d3:51:ef:a8:5f:af:f4:d6:ed:
                    76:9d:86:a5:91:41:53:38:4a:82:1d:cb:56:a8:c2:
                    48:39:c2:4c:99:3b:a6:21:20:7d:02:bd:cb:97:c1:
                    59:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6A:65:D0:18:36:4A:CB:8E:F0:03:4B:B9:88:DA:C2:1B:5D:86:EB:91
            X509v3 Authority Key Identifier:
                keyid:25:A3:F5:11:D0:09:56:06:A5:25:08:4A:E4:60:83:6D:C5:D2:43:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JaP1EdAJVgalJQhK5GCDbcXSQ5c.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/37/d8b009-d923-4bff-a82f-e8b70aa442fd/1/amXQGDZKy47wA0u5iNrCG12G65E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/37/d8b009-d923-4bff-a82f-e8b70aa442fd/1/JaP1EdAJVgalJQhK5GCDbcXSQ5c.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.28.120.0-185.28.122.255

    Signature Algorithm: sha256WithRSAEncryption
         d0:45:f7:3e:89:9c:bd:f9:2f:db:85:20:1d:c4:8e:78:2a:7e:
         60:25:72:f4:d4:8e:5c:8b:1c:d0:33:73:bd:fa:cb:a4:3b:9d:
         d8:f7:97:c0:76:db:fd:e0:53:6e:50:30:30:95:d0:8a:de:dd:
         e0:d5:5a:df:d1:63:32:9d:1c:d4:ff:af:bc:24:c2:ad:a4:a1:
         ca:8a:c3:cb:f0:2d:11:67:57:4a:50:35:d8:05:a2:02:f2:c1:
         26:2d:96:ec:a1:aa:6b:03:4e:c8:96:1b:6c:21:5e:49:70:f8:
         69:4b:92:f4:f9:86:83:be:fa:4c:7a:de:75:ba:28:98:e8:1f:
         0a:2b:e9:37:a0:3e:47:98:10:99:de:3d:17:13:ac:50:8f:94:
         e1:4c:ac:0c:c4:3a:ff:d7:6c:b9:2e:7a:a4:38:b6:dc:95:67:
         f3:48:f3:30:7b:74:0d:63:17:86:f0:53:ea:aa:39:95:7e:77:
         ef:60:38:e7:36:1b:18:ca:ac:ab:9c:c8:6b:2f:fe:16:90:c4:
         3e:0d:01:b3:6e:1a:0f:27:d7:af:3c:98:e2:80:53:58:4b:9a:
         7f:2b:c1:d0:4a:d9:10:c0:96:bc:d6:59:aa:1e:c1:eb:07:14:
         b0:7b:63:45:c7:01:ee:c6:8e:dd:b7:db:99:54:dd:f5:7f:19:
         5e:ec:33:5e
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZQiH/g2mbASZWWuimvn7v+yMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI1YTNmNTExZDAwOTU2MDZhNTI1MDg0YWU0NjA4MzZkYzVk
MjQzOTcwHhcNMjUwMTAxMTM0ODI3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YTY1ZDAxODM2NGFjYjhlZjAwMzRiYjk4OGRhYzIxYjVkODZlYjkxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApcVjJgYFbwpXR7ioMY1lX+vDMgyI
K8ko3aGxosKjic95+K8+QLYt9rlA84F5v+fqhPxF+BMDU1r238HcxvS7iATaUxP5
rUh2bnsQ16LdZQvop+HvL63JH4vLEzzzEFpqL+OHz9a4uA8SycHP4dzPVv0D1vTE
ldf3Y7fOeZms/y++pLZghwQEkzdqXR1ZeG1bGjMJLM0psrgJUCrkmhcI1+AV0ZVZ
T3O/Prdc7m82KDNarpU6f+oX+L5T8pBJkZOwHtTZyOnpaEAGqQyOC2n/bSbsvmuG
dR3TUe+oX6/01u12nYalkUFTOEqCHctWqMJIOcJMmTumISB9Ar3Ll8FZ5QIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFGpl0Bg2SsuO8ANLuYjawhtdhuuRMB8GA1UdIwQY
MBaAFCWj9RHQCVYGpSUISuRgg23F0kOXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSmFQMUVkQUpWZ2FsSlFoSzVHQ0RiY1hTUTVjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNy9kOGIwMDktZDkyMy00YmZmLWE4MmYt
ZThiNzBhYTQ0MmZkLzEvYW1YUUdEWkt5NDd3QTB1NWlOckNHMTJHNjVFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNy9kOGIwMDktZDkyMy00YmZmLWE4MmYtZThiNzBhYTQ0MmZk
LzEvSmFQMUVkQUpWZ2FsSlFoSzVHQ0RiY1hTUTVjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBAO5HHgD
BAC5HHowDQYJKoZIhvcNAQELBQADggEBANBF9z6JnL35L9uFIB3EjngqfmAlcvTU
jlyLHNAzc736y6Q7ndj3l8B22/3gU25QMDCV0Ire3eDVWt/RYzKdHNT/r7wkwq2k
ocqKw8vwLRFnV0pQNdgFogLywSYtluyhqmsDTsiWG2whXklw+GlLkvT5hoO++kx6
3nW6KJjoHwor6TegPkeYEJnePRcTrFCPlOFMrAzEOv/XbLkueqQ4ttyVZ/NI8zB7
dA1jF4bwU+qqOZV+d+9gOOc2GxjKrKucyGsv/haQxD4NAbNuGg8n1688mOKAU1hL
mn8rwdBK2RDAlrzWWaoewesHFLB7Y0XHAe7Gjt2325lU3fV/GV7sM14=
-----END CERTIFICATE-----