Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3a/320395-70c0-4002-a362-ed3e98c656e1/1/0nvhqw7aFiUkSIOiOEerDMnQ_ZQ.roa
File:                     0nvhqw7aFiUkSIOiOEerDMnQ_ZQ.roa (raw, json)
Hash identifier:          HMe62SGaPYEENwRxXbOtER7G/ZP8W5TpI/QjfFDw0sg=
Subject key identifier:   D2:7B:E1:AB:0E:DA:16:25:24:48:83:A2:38:47:AB:0C:C9:D0:FD:94
Certificate issuer:       /CN=8568407047a62e648300c5182a29353ff58eb05f
Certificate serial:       01942825A1B0D8A8E402032010859C54EBB3
Authority key identifier: 85:68:40:70:47:A6:2E:64:83:00:C5:18:2A:29:35:3F:F5:8E:B0:5F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hWhAcEemLmSDAMUYKik1P_WOsF8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3a/320395-70c0-4002-a362-ed3e98c656e1/1/0nvhqw7aFiUkSIOiOEerDMnQ_ZQ.roa
Signing time:             Thu 02 Jan 2025 17:52:22 +0000
ROA not before:           Thu 02 Jan 2025 17:52:22 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     60609
IP address blocks:        185.232.48.0/24 maxlen: 24
                          185.232.49.0/24 maxlen: 24
                          185.232.50.0/24 maxlen: 24
                          185.232.51.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3a/320395-70c0-4002-a362-ed3e98c656e1/1/hWhAcEemLmSDAMUYKik1P_WOsF8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3a/320395-70c0-4002-a362-ed3e98c656e1/1/hWhAcEemLmSDAMUYKik1P_WOsF8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hWhAcEemLmSDAMUYKik1P_WOsF8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 14 Mar 2025 00:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:28:25:a1:b0:d8:a8:e4:02:03:20:10:85:9c:54:eb:b3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8568407047a62e648300c5182a29353ff58eb05f
        Validity
            Not Before: Jan  2 17:52:22 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d27be1ab0eda1625244883a23847ab0cc9d0fd94
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:4f:6c:a6:6b:26:fd:ce:72:d4:62:17:21:17:
                    ae:40:bc:42:47:fa:a3:64:ce:73:0b:ce:df:69:59:
                    da:6e:e4:ad:4d:08:db:30:fe:a0:ad:88:37:1e:4c:
                    2f:1e:90:ff:36:92:e9:7c:d3:08:0a:a3:55:84:10:
                    c9:6c:75:23:fd:26:6d:ba:33:03:ba:71:4d:ea:84:
                    73:73:0c:58:07:81:2c:e7:d1:1d:02:50:1a:37:ec:
                    8a:7b:d8:b4:cb:69:80:84:93:2f:e5:47:9b:9c:e1:
                    ff:19:ab:f9:52:72:8a:df:21:80:24:cb:f9:ee:71:
                    cf:eb:06:bb:3b:05:e3:a2:b6:4d:fc:3c:32:3e:84:
                    48:f3:ec:2c:76:5d:e9:cb:9b:cf:2c:dc:e7:f4:10:
                    6b:1d:84:7e:13:0b:61:1b:09:53:2f:b4:33:21:5c:
                    c5:92:7d:30:12:6f:3d:3b:db:aa:90:bb:38:65:d5:
                    51:ae:97:2c:8e:da:c4:19:fd:0e:c7:a8:aa:49:59:
                    2f:15:6b:7f:20:ba:c9:a3:c3:02:9f:ee:eb:1d:02:
                    94:1b:e8:41:62:84:03:2c:20:56:ed:97:53:69:22:
                    18:57:a0:58:55:61:07:40:a4:4e:ef:e0:b0:9a:de:
                    3d:10:47:e7:d7:69:b7:0c:c0:16:fe:59:10:cb:15:
                    40:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D2:7B:E1:AB:0E:DA:16:25:24:48:83:A2:38:47:AB:0C:C9:D0:FD:94
            X509v3 Authority Key Identifier:
                keyid:85:68:40:70:47:A6:2E:64:83:00:C5:18:2A:29:35:3F:F5:8E:B0:5F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hWhAcEemLmSDAMUYKik1P_WOsF8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/320395-70c0-4002-a362-ed3e98c656e1/1/0nvhqw7aFiUkSIOiOEerDMnQ_ZQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/320395-70c0-4002-a362-ed3e98c656e1/1/hWhAcEemLmSDAMUYKik1P_WOsF8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.232.48.0/22

    Signature Algorithm: sha256WithRSAEncryption
         59:eb:ff:aa:90:e3:12:56:7f:02:60:1a:40:d7:0a:5a:c6:2a:
         18:b1:ae:26:57:e3:94:d4:50:fe:c1:1a:19:34:bf:f0:70:38:
         23:45:35:9a:9e:26:6c:dd:7a:e4:48:58:50:4a:5e:bd:b9:d3:
         80:53:9a:bf:34:0c:45:9d:57:09:de:98:b5:fc:93:c8:16:df:
         ad:6f:45:bd:22:54:7a:67:03:ac:0f:43:4d:03:c4:5e:43:f1:
         de:d3:60:ef:9a:c7:8a:66:21:56:8f:81:4b:60:57:6f:45:4c:
         af:b3:fb:6a:3f:84:d3:53:1d:53:90:07:21:37:24:73:a3:fa:
         74:a7:b7:8a:f0:47:98:1b:98:da:9e:3c:f1:b2:20:7b:1a:1f:
         22:4b:10:3a:d2:ce:55:ad:71:6f:01:c7:df:b1:29:b5:59:da:
         df:ef:e1:8b:db:64:28:94:92:0a:f0:67:81:e3:49:47:f0:2c:
         74:c3:f1:2c:e0:2d:62:57:7b:54:69:13:60:3a:a4:d8:dd:57:
         62:6d:67:2c:cb:e6:6f:65:72:03:5b:f6:98:f3:c3:79:48:d5:
         e4:39:e9:80:b5:15:7e:b6:b0:d6:43:2c:f4:62:c7:ec:bf:ef:
         71:e8:19:28:8d:c8:8e:1b:44:e5:d4:17:e5:65:94:a1:e0:1e:
         6d:41:a9:07
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQoJaGw2KjkAgMgEIWcVOuzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg1Njg0MDcwNDdhNjJlNjQ4MzAwYzUxODJhMjkzNTNmZjU4
ZWIwNWYwHhcNMjUwMTAyMTc1MjIyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMjdiZTFhYjBlZGExNjI1MjQ0ODgzYTIzODQ3YWIwY2M5ZDBmZDk0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApU9spmsm/c5y1GIXIReuQLxCR/qj
ZM5zC87faVnabuStTQjbMP6grYg3HkwvHpD/NpLpfNMICqNVhBDJbHUj/SZtujMD
unFN6oRzcwxYB4Es59EdAlAaN+yKe9i0y2mAhJMv5UebnOH/Gav5UnKK3yGAJMv5
7nHP6wa7OwXjorZN/DwyPoRI8+wsdl3py5vPLNzn9BBrHYR+EwthGwlTL7QzIVzF
kn0wEm89O9uqkLs4ZdVRrpcsjtrEGf0Ox6iqSVkvFWt/ILrJo8MCn+7rHQKUG+hB
YoQDLCBW7ZdTaSIYV6BYVWEHQKRO7+Cwmt49EEfn12m3DMAW/lkQyxVAdwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNJ74asO2hYlJEiDojhHqwzJ0P2UMB8GA1UdIwQY
MBaAFIVoQHBHpi5kgwDFGCopNT/1jrBfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaFdoQWNFZW1MbVNEQU1VWUtpazFQX1dPc0Y4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYS8zMjAzOTUtNzBjMC00MDAyLWEzNjIt
ZWQzZTk4YzY1NmUxLzEvMG52aHF3N2FGaVVrU0lPaU9FZXJETW5RX1pRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYS8zMjAzOTUtNzBjMC00MDAyLWEzNjItZWQzZTk4YzY1NmUx
LzEvaFdoQWNFZW1MbVNEQU1VWUtpazFQX1dPc0Y4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuegwMA0G
CSqGSIb3DQEBCwUAA4IBAQBZ6/+qkOMSVn8CYBpA1wpaxioYsa4mV+OU1FD+wRoZ
NL/wcDgjRTWaniZs3XrkSFhQSl69udOAU5q/NAxFnVcJ3pi1/JPIFt+tb0W9IlR6
ZwOsD0NNA8ReQ/He02DvmseKZiFWj4FLYFdvRUyvs/tqP4TTUx1TkAchNyRzo/p0
p7eK8EeYG5janjzxsiB7Gh8iSxA60s5VrXFvAcffsSm1Wdrf7+GL22QolJIK8GeB
40lH8Cx0w/Es4C1iV3tUaRNgOqTY3VdibWcsy+ZvZXIDW/aY88N5SNXkOemAtRV+
trDWQyz0Ysfsv+9x6BkojciOG0Tl1BflZZSh4B5tQakH
-----END CERTIFICATE-----