Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/40/bfec08-8cbe-4c45-8db1-4d46c6a7010a/1/kVU70fHsFHVZzrq2yQPVxqwVPcs.roa
File:                     kVU70fHsFHVZzrq2yQPVxqwVPcs.roa (raw, json)
Hash identifier:          Pt1rkQh1bV8G8NT9XVHL8LTPk0pG86Phhonyar/XyLI=
Subject key identifier:   91:55:3B:D1:F1:EC:14:75:59:CE:BA:B6:C9:03:D5:C6:AC:15:3D:CB
Certificate issuer:       /CN=25475f5ad9eccff69c35a630dcff2c5a663fd7cf
Certificate serial:       01909BF923AC4EE81B3F5BE5F301340483C3
Authority key identifier: 25:47:5F:5A:D9:EC:CF:F6:9C:35:A6:30:DC:FF:2C:5A:66:3F:D7:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JUdfWtnsz_acNaYw3P8sWmY_188.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/40/bfec08-8cbe-4c45-8db1-4d46c6a7010a/1/kVU70fHsFHVZzrq2yQPVxqwVPcs.roa
Signing time:             Wed 10 Jul 2024 09:28:34 +0000
ROA not before:           Wed 10 Jul 2024 09:28:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     61067
IP address blocks:        185.20.39.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/40/bfec08-8cbe-4c45-8db1-4d46c6a7010a/1/JUdfWtnsz_acNaYw3P8sWmY_188.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/40/bfec08-8cbe-4c45-8db1-4d46c6a7010a/1/JUdfWtnsz_acNaYw3P8sWmY_188.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JUdfWtnsz_acNaYw3P8sWmY_188.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:9b:f9:23:ac:4e:e8:1b:3f:5b:e5:f3:01:34:04:83:c3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=25475f5ad9eccff69c35a630dcff2c5a663fd7cf
        Validity
            Not Before: Jul 10 09:28:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=91553bd1f1ec147559cebab6c903d5c6ac153dcb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:eb:1c:05:1a:e8:af:c6:c2:8c:45:ed:38:e7:2a:
                    50:ea:76:a1:f6:3e:f6:12:29:cf:b4:4d:ed:52:17:
                    7d:43:6a:b6:e4:9e:48:53:2e:41:25:68:d5:80:dd:
                    1a:d0:46:ac:ec:a6:c5:0b:e4:a7:59:16:30:97:71:
                    25:bf:dd:a7:b4:14:a1:e0:a4:5a:44:e6:91:59:9e:
                    0f:12:22:f1:af:dd:99:4d:22:22:88:13:01:76:4f:
                    2c:85:01:07:fc:c4:7c:f9:2f:f4:10:45:f3:e0:47:
                    df:c2:22:71:f1:ea:5d:bf:51:d8:95:dd:12:9b:82:
                    20:aa:28:92:1b:9d:fb:f9:7f:72:f4:b0:5a:28:92:
                    fe:66:e6:da:c3:90:27:37:1c:22:2b:34:07:06:59:
                    9a:27:2a:86:35:40:26:db:6f:6c:a0:ee:af:5c:28:
                    e4:9e:6f:ae:39:68:d9:f3:3a:cc:e9:d1:f6:aa:0d:
                    04:a9:e8:b3:98:95:2b:92:41:5f:1c:40:a3:c2:fb:
                    ae:da:40:7b:b5:ad:66:50:29:2c:f7:1c:25:d9:9d:
                    df:2b:09:d6:be:bc:db:27:94:5d:10:67:3a:89:f7:
                    cc:e6:a8:d3:4e:42:e9:dd:1d:75:a4:2c:a3:e9:43:
                    3a:12:30:21:b8:2e:c2:00:5d:34:ea:94:ba:c5:a7:
                    33:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                91:55:3B:D1:F1:EC:14:75:59:CE:BA:B6:C9:03:D5:C6:AC:15:3D:CB
            X509v3 Authority Key Identifier:
                keyid:25:47:5F:5A:D9:EC:CF:F6:9C:35:A6:30:DC:FF:2C:5A:66:3F:D7:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JUdfWtnsz_acNaYw3P8sWmY_188.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/40/bfec08-8cbe-4c45-8db1-4d46c6a7010a/1/kVU70fHsFHVZzrq2yQPVxqwVPcs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/40/bfec08-8cbe-4c45-8db1-4d46c6a7010a/1/JUdfWtnsz_acNaYw3P8sWmY_188.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.20.39.0/24

    Signature Algorithm: sha256WithRSAEncryption
         96:e7:39:36:5d:f3:b1:fa:07:a2:b7:79:53:cc:52:5a:2e:f6:
         52:5f:75:c7:d8:08:82:43:55:e3:a6:e6:ae:e2:52:6d:84:21:
         52:fb:95:90:25:f3:fb:fa:92:0c:fb:15:dc:b7:f4:f0:66:df:
         2f:40:66:5a:2a:2b:f9:78:18:6a:3e:5a:3c:ea:6e:54:16:a8:
         f5:7c:20:75:ca:96:53:bf:30:c2:9c:6c:7f:a8:3c:ca:0a:1e:
         d9:af:65:9d:70:23:90:f0:86:e0:29:3a:6d:48:91:e1:87:42:
         1c:32:e2:17:6a:ba:38:84:69:80:64:ea:76:41:6a:ae:2f:dd:
         cd:f6:d7:56:66:9d:54:ed:bf:dd:c1:4b:c0:a4:3f:66:52:16:
         ca:e8:a1:77:47:5b:7d:48:8b:69:ba:fe:c4:7a:96:e3:d3:67:
         b4:ad:12:3b:a2:69:22:1b:df:2b:4f:80:95:68:8e:c4:74:7b:
         e8:56:d4:12:75:6f:71:79:7d:3f:00:76:ac:da:ec:00:43:ae:
         2e:e2:c2:fd:4b:5f:20:d5:4e:5e:84:72:2a:2c:37:eb:0b:3d:
         44:17:71:bb:7e:ee:6d:02:4a:0e:ca:98:cb:58:e7:ab:28:3d:
         b3:58:b8:61:ef:de:a0:24:10:c2:7f:05:94:1f:54:ea:6b:e3:
         0f:b8:99:75
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZCb+SOsTugbP1vl8wE0BIPDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI1NDc1ZjVhZDllY2NmZjY5YzM1YTYzMGRjZmYyYzVhNjYz
ZmQ3Y2YwHhcNMjQwNzEwMDkyODM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MTU1M2JkMWYxZWMxNDc1NTljZWJhYjZjOTAzZDVjNmFjMTUzZGNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6xwFGuivxsKMRe045ypQ6nah9j72
EinPtE3tUhd9Q2q25J5IUy5BJWjVgN0a0Eas7KbFC+SnWRYwl3Elv92ntBSh4KRa
ROaRWZ4PEiLxr92ZTSIiiBMBdk8shQEH/MR8+S/0EEXz4EffwiJx8epdv1HYld0S
m4IgqiiSG537+X9y9LBaKJL+Zubaw5AnNxwiKzQHBlmaJyqGNUAm229soO6vXCjk
nm+uOWjZ8zrM6dH2qg0EqeizmJUrkkFfHECjwvuu2kB7ta1mUCks9xwl2Z3fKwnW
vrzbJ5RdEGc6iffM5qjTTkLp3R11pCyj6UM6EjAhuC7CAF006pS6xaczSQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJFVO9Hx7BR1Wc66tskD1casFT3LMB8GA1UdIwQY
MBaAFCVHX1rZ7M/2nDWmMNz/LFpmP9fPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSlVkZld0bnN6X2FjTmFZdzNQOHNXbVlfMTg4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MC9iZmVjMDgtOGNiZS00YzQ1LThkYjEt
NGQ0NmM2YTcwMTBhLzEva1ZVNzBmSHNGSFZaenJxMnlRUFZ4cXdWUGNzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MC9iZmVjMDgtOGNiZS00YzQ1LThkYjEtNGQ0NmM2YTcwMTBh
LzEvSlVkZld0bnN6X2FjTmFZdzNQOHNXbVlfMTg4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuRQnMA0G
CSqGSIb3DQEBCwUAA4IBAQCW5zk2XfOx+geit3lTzFJaLvZSX3XH2AiCQ1Xjpuau
4lJthCFS+5WQJfP7+pIM+xXct/TwZt8vQGZaKiv5eBhqPlo86m5UFqj1fCB1ypZT
vzDCnGx/qDzKCh7Zr2WdcCOQ8IbgKTptSJHhh0IcMuIXaro4hGmAZOp2QWquL93N
9tdWZp1U7b/dwUvApD9mUhbK6KF3R1t9SItpuv7Eepbj02e0rRI7omkiG98rT4CV
aI7EdHvoVtQSdW9xeX0/AHas2uwAQ64u4sL9S18g1U5ehHIqLDfrCz1EF3G7fu5t
AkoOypjLWOerKD2zWLhh796gJBDCfwWUH1Tqa+MPuJl1
-----END CERTIFICATE-----