Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/40/f2770b-da19-4790-a494-c58e95cd4277/1/IM8VWz4L8uTjG3ZXrmr-hQCDEpU.roa
File:                     IM8VWz4L8uTjG3ZXrmr-hQCDEpU.roa (raw, json)
Hash identifier:          mPn7wlOGgWBcgNZKFj/CLgGSvVpk3XUPtLV9M7i6VUo=
Subject key identifier:   20:CF:15:5B:3E:0B:F2:E4:E3:1B:76:57:AE:6A:FE:85:00:83:12:95
Certificate issuer:       /CN=60325c21d2fafe743398dc1e5574433280110469
Certificate serial:       019426D985EC7D71ACAD654E9A0E9DB517B5
Authority key identifier: 60:32:5C:21:D2:FA:FE:74:33:98:DC:1E:55:74:43:32:80:11:04:69
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YDJcIdL6_nQzmNweVXRDMoARBGk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/40/f2770b-da19-4790-a494-c58e95cd4277/1/IM8VWz4L8uTjG3ZXrmr-hQCDEpU.roa
Signing time:             Thu 02 Jan 2025 11:49:37 +0000
ROA not before:           Thu 02 Jan 2025 11:49:37 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     14618
IP address blocks:        195.10.217.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/40/f2770b-da19-4790-a494-c58e95cd4277/1/YDJcIdL6_nQzmNweVXRDMoARBGk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/40/f2770b-da19-4790-a494-c58e95cd4277/1/YDJcIdL6_nQzmNweVXRDMoARBGk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YDJcIdL6_nQzmNweVXRDMoARBGk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 17:00:53 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:d9:85:ec:7d:71:ac:ad:65:4e:9a:0e:9d:b5:17:b5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=60325c21d2fafe743398dc1e5574433280110469
        Validity
            Not Before: Jan  2 11:49:37 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=20cf155b3e0bf2e4e31b7657ae6afe8500831295
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e9:f1:95:52:3c:15:1f:5b:52:3f:9b:31:af:ee:
                    ba:87:10:4a:1e:42:7a:c9:88:80:e3:ee:6c:3d:ce:
                    dd:28:dd:b9:07:7e:23:13:04:2e:86:8d:7a:d4:85:
                    84:e2:a3:37:4a:f2:6a:d6:ed:59:66:5b:77:48:aa:
                    c8:96:ac:25:49:36:3a:ad:0c:7f:83:78:d7:08:3f:
                    2e:c7:95:86:7f:c4:8e:dc:58:d3:3f:45:0a:af:b2:
                    bb:3e:11:73:41:ae:5a:4b:5a:f4:ba:a0:55:3d:ea:
                    34:18:0c:00:0d:d7:e3:8a:47:f1:3c:4b:26:b9:38:
                    49:d2:df:39:7f:05:46:c7:ee:dd:0d:84:17:4b:80:
                    92:5b:28:6e:40:40:50:18:ff:c0:18:36:0a:56:1e:
                    2f:80:75:05:d7:dc:32:e1:71:26:9b:2a:38:d3:b7:
                    e4:cb:98:3d:3c:ad:72:cc:aa:82:16:6d:f3:57:27:
                    7a:c0:49:ba:2e:34:31:98:fd:d4:c0:70:57:14:2e:
                    85:a4:27:3e:f7:4d:31:b0:98:99:70:c0:26:0c:2b:
                    9b:2c:f2:11:15:71:44:22:51:c1:61:c9:22:10:50:
                    24:77:33:53:72:77:83:82:44:47:48:fc:19:59:5e:
                    1a:d0:06:4f:1d:53:27:24:fe:c5:8e:6a:23:3e:d8:
                    11:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                20:CF:15:5B:3E:0B:F2:E4:E3:1B:76:57:AE:6A:FE:85:00:83:12:95
            X509v3 Authority Key Identifier:
                keyid:60:32:5C:21:D2:FA:FE:74:33:98:DC:1E:55:74:43:32:80:11:04:69

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YDJcIdL6_nQzmNweVXRDMoARBGk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/40/f2770b-da19-4790-a494-c58e95cd4277/1/IM8VWz4L8uTjG3ZXrmr-hQCDEpU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/40/f2770b-da19-4790-a494-c58e95cd4277/1/YDJcIdL6_nQzmNweVXRDMoARBGk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.10.217.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7f:1a:6e:49:75:11:32:19:0b:95:09:ec:6d:54:37:67:2b:0e:
         31:d4:01:9d:bc:6f:ff:18:e3:0c:01:c5:81:09:96:a2:cf:0b:
         8b:9c:f4:5f:f6:32:02:ed:52:74:ff:31:1b:e8:dd:63:14:47:
         38:4f:f1:ef:2b:56:8c:19:3a:bf:4d:c8:3f:bb:e6:03:1a:17:
         ed:8d:5c:44:4b:fc:db:ec:b5:ef:ca:5d:b9:cd:c5:fc:ed:96:
         b2:37:78:3f:0c:f7:66:00:da:6b:58:2f:2d:23:ab:c5:7a:21:
         65:6f:5b:b5:0f:b1:cd:78:24:20:88:49:fb:20:7d:f8:73:41:
         79:97:5d:e7:d9:b6:c4:5e:2f:c8:c8:dd:3a:1e:4a:1b:e4:bf:
         ed:11:30:b7:28:d2:9c:ae:62:14:f1:ef:e3:a9:03:3d:73:da:
         23:43:88:dc:b6:45:d6:ac:a8:bf:bc:6c:c7:bf:78:3c:00:b0:
         d8:6b:f0:a2:02:ff:44:75:dc:91:9c:01:26:37:9c:e4:e5:86:
         4a:8f:c3:f5:32:91:b7:b0:27:34:5a:8f:cd:04:2e:7f:60:a7:
         8f:ad:0e:33:93:78:f0:df:c1:28:2d:a4:87:dc:2a:ea:86:f1:
         2e:b0:c3:90:31:fe:ea:ae:7c:ad:e7:9f:ce:81:0c:c4:6e:8c:
         8c:4e:b9:04
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQm2YXsfXGsrWVOmg6dtRe1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwMzI1YzIxZDJmYWZlNzQzMzk4ZGMxZTU1NzQ0MzMyODAx
MTA0NjkwHhcNMjUwMTAyMTE0OTM3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMGNmMTU1YjNlMGJmMmU0ZTMxYjc2NTdhZTZhZmU4NTAwODMxMjk1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6fGVUjwVH1tSP5sxr+66hxBKHkJ6
yYiA4+5sPc7dKN25B34jEwQuho161IWE4qM3SvJq1u1ZZlt3SKrIlqwlSTY6rQx/
g3jXCD8ux5WGf8SO3FjTP0UKr7K7PhFzQa5aS1r0uqBVPeo0GAwADdfjikfxPEsm
uThJ0t85fwVGx+7dDYQXS4CSWyhuQEBQGP/AGDYKVh4vgHUF19wy4XEmmyo407fk
y5g9PK1yzKqCFm3zVyd6wEm6LjQxmP3UwHBXFC6FpCc+900xsJiZcMAmDCubLPIR
FXFEIlHBYckiEFAkdzNTcneDgkRHSPwZWV4a0AZPHVMnJP7FjmojPtgRqwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCDPFVs+C/Lk4xt2V65q/oUAgxKVMB8GA1UdIwQY
MBaAFGAyXCHS+v50M5jcHlV0QzKAEQRpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWURKY0lkTDZfblF6bU53ZVZYUkRNb0FSQkdrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MC9mMjc3MGItZGExOS00NzkwLWE0OTQt
YzU4ZTk1Y2Q0Mjc3LzEvSU04Vld6NEw4dVRqRzNaWHJtci1oUUNERXBVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MC9mMjc3MGItZGExOS00NzkwLWE0OTQtYzU4ZTk1Y2Q0Mjc3
LzEvWURKY0lkTDZfblF6bU53ZVZYUkRNb0FSQkdrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwwrZMA0G
CSqGSIb3DQEBCwUAA4IBAQB/Gm5JdREyGQuVCextVDdnKw4x1AGdvG//GOMMAcWB
CZaizwuLnPRf9jIC7VJ0/zEb6N1jFEc4T/HvK1aMGTq/Tcg/u+YDGhftjVxES/zb
7LXvyl25zcX87ZayN3g/DPdmANprWC8tI6vFeiFlb1u1D7HNeCQgiEn7IH34c0F5
l13n2bbEXi/IyN06Hkob5L/tETC3KNKcrmIU8e/jqQM9c9ojQ4jctkXWrKi/vGzH
v3g8ALDYa/CiAv9EddyRnAEmN5zk5YZKj8P1MpG3sCc0Wo/NBC5/YKePrQ4zk3jw
38EoLaSH3CrqhvEusMOQMf7qrnyt55/OgQzEboyMTrkE
-----END CERTIFICATE-----