Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/39/28d5a7-48f1-4414-a853-d86b4caed11d/1/w-squKUM0pkBXWozorbDSe8zF0U.roa
File:                     w-squKUM0pkBXWozorbDSe8zF0U.roa (raw, json)
Hash identifier:          LdeqPdzvqZ0x54H5/mODQ0shRZ6NKgUzNLLxUs7yuRg=
Subject key identifier:   C3:EB:2A:B8:A5:0C:D2:99:01:5D:6A:33:A2:B6:C3:49:EF:33:17:45
Certificate issuer:       /CN=25a879d628fe5ec8a761c4748679993f9c69f8b4
Certificate serial:       019421444D7E111AC3EE8388722AEE9873A2
Authority key identifier: 25:A8:79:D6:28:FE:5E:C8:A7:61:C4:74:86:79:99:3F:9C:69:F8:B4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Jah51ij-XsinYcR0hnmZP5xp-LQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/39/28d5a7-48f1-4414-a853-d86b4caed11d/1/w-squKUM0pkBXWozorbDSe8zF0U.roa
Signing time:             Wed 01 Jan 2025 09:48:31 +0000
ROA not before:           Wed 01 Jan 2025 09:48:31 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     8437
IP address blocks:        185.245.65.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/39/28d5a7-48f1-4414-a853-d86b4caed11d/1/Jah51ij-XsinYcR0hnmZP5xp-LQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/39/28d5a7-48f1-4414-a853-d86b4caed11d/1/Jah51ij-XsinYcR0hnmZP5xp-LQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Jah51ij-XsinYcR0hnmZP5xp-LQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 18 Apr 2025 16:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:44:4d:7e:11:1a:c3:ee:83:88:72:2a:ee:98:73:a2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=25a879d628fe5ec8a761c4748679993f9c69f8b4
        Validity
            Not Before: Jan  1 09:48:31 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c3eb2ab8a50cd299015d6a33a2b6c349ef331745
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:c2:12:f2:85:58:90:95:15:dd:e5:dd:aa:17:
                    03:f5:1b:1c:9e:ac:78:11:f9:54:77:9c:34:15:4a:
                    6a:1b:31:a0:4e:95:eb:d9:e3:3b:ee:65:0e:6c:fb:
                    bb:ce:20:62:ee:81:00:55:3e:f6:4e:3c:e0:03:8d:
                    05:82:1c:d1:dc:1f:80:d5:49:c1:f4:5e:84:a3:26:
                    e4:64:08:fe:c7:b5:b6:9f:b6:97:48:52:c4:26:28:
                    f1:e4:cd:e9:36:6c:ff:a7:ed:6b:71:06:40:ff:93:
                    d6:68:81:4c:8c:14:81:1c:23:84:55:24:f4:39:42:
                    25:92:ba:10:1b:6d:13:0f:ab:de:54:2a:cc:b3:5f:
                    02:c4:67:a1:d9:1d:9e:9b:63:da:5c:31:a9:ad:81:
                    27:1e:0a:3c:73:7b:21:30:55:1b:f0:91:46:86:26:
                    ba:20:69:ee:c4:eb:38:3e:0b:d7:70:b7:ee:92:38:
                    6d:39:4a:5a:f7:19:ad:61:4f:b6:c2:92:3d:67:9f:
                    a2:98:c1:b9:bb:cd:f0:13:80:d2:e9:62:47:b5:cb:
                    18:46:e0:06:41:30:23:af:f4:54:f8:4f:d3:ad:57:
                    a3:29:24:1e:42:0f:33:4a:58:70:4b:22:0f:81:cd:
                    69:e8:0c:88:dc:ef:75:b7:29:b9:0a:08:9b:75:b3:
                    60:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C3:EB:2A:B8:A5:0C:D2:99:01:5D:6A:33:A2:B6:C3:49:EF:33:17:45
            X509v3 Authority Key Identifier:
                keyid:25:A8:79:D6:28:FE:5E:C8:A7:61:C4:74:86:79:99:3F:9C:69:F8:B4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Jah51ij-XsinYcR0hnmZP5xp-LQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/39/28d5a7-48f1-4414-a853-d86b4caed11d/1/w-squKUM0pkBXWozorbDSe8zF0U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/39/28d5a7-48f1-4414-a853-d86b4caed11d/1/Jah51ij-XsinYcR0hnmZP5xp-LQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.245.65.0/24

    Signature Algorithm: sha256WithRSAEncryption
         90:e6:e2:98:41:a8:f8:ad:dc:6a:b6:f8:6f:9b:86:a9:4e:d9:
         f5:c2:3d:19:73:af:aa:c1:01:35:c8:91:33:7e:23:75:26:04:
         39:b8:51:69:53:0f:aa:c8:3a:4b:45:15:f8:ed:7f:91:93:c8:
         0c:7d:f4:5d:0d:c9:17:20:3a:95:55:e2:0e:1a:0f:60:8c:7b:
         da:55:f8:77:62:fc:da:cd:a6:f0:d2:91:7d:c3:07:97:d2:a6:
         11:1a:e5:65:ec:9b:df:84:98:2d:03:cf:22:e5:32:11:95:04:
         ab:ae:66:a6:41:9d:16:be:8b:2d:be:9c:a2:21:ef:40:b8:91:
         18:67:16:9f:c0:37:4f:00:d5:bc:71:36:ab:2c:37:62:b9:89:
         39:da:81:d7:3b:64:c4:3f:49:8e:0c:cc:2f:50:44:07:ab:bc:
         98:66:2c:c1:0d:f5:74:db:e8:f9:f7:e8:68:4d:69:6f:49:ef:
         49:6d:ab:d5:b9:cb:2a:be:41:43:b0:2f:08:a8:d2:2d:37:b0:
         84:bf:11:43:a4:2f:0a:30:0a:42:9f:3a:bc:89:ed:d0:56:0e:
         50:cd:a0:07:29:c8:da:2e:95:48:4a:f1:5c:fe:78:40:a6:e2:
         dc:a7:78:95:21:15:d8:fb:bb:ae:22:16:11:da:3b:33:bd:3f:
         5c:6b:12:a8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhRE1+ERrD7oOIcirumHOiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI1YTg3OWQ2MjhmZTVlYzhhNzYxYzQ3NDg2Nzk5OTNmOWM2
OWY4YjQwHhcNMjUwMTAxMDk0ODMxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjM2ViMmFiOGE1MGNkMjk5MDE1ZDZhMzNhMmI2YzM0OWVmMzMxNzQ1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoMIS8oVYkJUV3eXdqhcD9Rscnqx4
EflUd5w0FUpqGzGgTpXr2eM77mUObPu7ziBi7oEAVT72TjzgA40FghzR3B+A1UnB
9F6EoybkZAj+x7W2n7aXSFLEJijx5M3pNmz/p+1rcQZA/5PWaIFMjBSBHCOEVST0
OUIlkroQG20TD6veVCrMs18CxGeh2R2em2PaXDGprYEnHgo8c3shMFUb8JFGhia6
IGnuxOs4PgvXcLfukjhtOUpa9xmtYU+2wpI9Z5+imMG5u83wE4DS6WJHtcsYRuAG
QTAjr/RU+E/TrVejKSQeQg8zSlhwSyIPgc1p6AyI3O91tym5CgibdbNgcwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMPrKrilDNKZAV1qM6K2w0nvMxdFMB8GA1UdIwQY
MBaAFCWoedYo/l7Ip2HEdIZ5mT+cafi0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSmFoNTFpai1Yc2luWWNSMGhubVpQNXhwLUxRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zOS8yOGQ1YTctNDhmMS00NDE0LWE4NTMt
ZDg2YjRjYWVkMTFkLzEvdy1zcXVLVU0wcGtCWFdvem9yYkRTZTh6RjBVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zOS8yOGQ1YTctNDhmMS00NDE0LWE4NTMtZDg2YjRjYWVkMTFk
LzEvSmFoNTFpai1Yc2luWWNSMGhubVpQNXhwLUxRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAufVBMA0G
CSqGSIb3DQEBCwUAA4IBAQCQ5uKYQaj4rdxqtvhvm4apTtn1wj0Zc6+qwQE1yJEz
fiN1JgQ5uFFpUw+qyDpLRRX47X+Rk8gMffRdDckXIDqVVeIOGg9gjHvaVfh3Yvza
zabw0pF9wweX0qYRGuVl7JvfhJgtA88i5TIRlQSrrmamQZ0WvostvpyiIe9AuJEY
ZxafwDdPANW8cTarLDdiuYk52oHXO2TEP0mODMwvUEQHq7yYZizBDfV02+j59+ho
TWlvSe9JbavVucsqvkFDsC8IqNItN7CEvxFDpC8KMApCnzq8ie3QVg5QzaAHKcja
LpVISvFc/nhApuLcp3iVIRXY+7uuIhYR2jszvT9caxKo
-----END CERTIFICATE-----