Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/57/6105ad-8304-49f4-a0de-1c5bde2c14f4/1/cOlZtxVwhbHabVyYeMsf0xgakZ0.roa
File:                     cOlZtxVwhbHabVyYeMsf0xgakZ0.roa (raw, json)
Hash identifier:          uIR5H6BRh5Mk2t2T3SL+SrC3qaOMSafUrXEBQ3YOqwU=
Subject key identifier:   70:E9:59:B7:15:70:85:B1:DA:6D:5C:98:78:CB:1F:D3:18:1A:91:9D
Certificate issuer:       /CN=10d7038b83eb247fc65bdad0195b86246f8f3006
Certificate serial:       019428283C0750CAB06438BBB96B53142CB5
Authority key identifier: 10:D7:03:8B:83:EB:24:7F:C6:5B:DA:D0:19:5B:86:24:6F:8F:30:06
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ENcDi4PrJH_GW9rQGVuGJG-PMAY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/57/6105ad-8304-49f4-a0de-1c5bde2c14f4/1/cOlZtxVwhbHabVyYeMsf0xgakZ0.roa
Signing time:             Thu 02 Jan 2025 17:55:12 +0000
ROA not before:           Thu 02 Jan 2025 17:55:12 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     42244
IP address blocks:        185.115.140.0/24 maxlen: 24
                          185.115.142.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/57/6105ad-8304-49f4-a0de-1c5bde2c14f4/1/ENcDi4PrJH_GW9rQGVuGJG-PMAY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/57/6105ad-8304-49f4-a0de-1c5bde2c14f4/1/ENcDi4PrJH_GW9rQGVuGJG-PMAY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ENcDi4PrJH_GW9rQGVuGJG-PMAY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 09 Apr 2025 08:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:28:28:3c:07:50:ca:b0:64:38:bb:b9:6b:53:14:2c:b5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=10d7038b83eb247fc65bdad0195b86246f8f3006
        Validity
            Not Before: Jan  2 17:55:12 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=70e959b7157085b1da6d5c9878cb1fd3181a919d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:d2:6b:4e:57:78:9e:cd:56:33:b9:ef:4e:de:
                    00:b2:20:03:52:84:7b:2b:84:d9:76:46:f1:e5:4c:
                    33:b5:7f:1c:dc:08:72:de:4f:6b:e4:d7:e6:ef:32:
                    10:9e:69:d7:9b:dc:74:3b:80:4d:4a:f6:6a:91:a4:
                    45:05:fa:26:5c:fd:56:6c:2d:7a:e9:58:8b:22:92:
                    1c:e0:21:76:f9:3f:5f:29:81:fe:e8:8c:0b:c3:0f:
                    9d:02:e4:83:a0:5e:2b:a1:fb:0f:27:d3:35:85:e2:
                    fb:ea:a9:e2:73:42:1f:c4:30:19:9c:11:82:6b:78:
                    16:3c:f8:8e:bf:ef:11:98:1d:e7:fb:50:ea:4f:93:
                    b5:75:c7:19:ce:6a:d7:8e:8d:67:97:d3:cd:17:e7:
                    6c:b8:5e:21:e4:38:0f:06:1d:ec:ab:49:38:49:d9:
                    e0:0c:57:0d:98:f9:5b:39:b4:97:83:ac:a2:77:29:
                    8f:55:30:52:4e:81:bd:e3:13:cd:c3:03:4a:ab:be:
                    fd:3b:8a:6b:70:60:ba:cd:6b:d2:e8:e8:37:84:9e:
                    ef:f3:82:e2:f7:3b:a0:8c:02:97:2c:be:00:cd:be:
                    9c:e4:12:03:f1:8c:13:1f:80:45:4a:44:db:92:cc:
                    94:6e:9a:be:cb:df:8a:6b:98:8b:f2:75:4c:25:a7:
                    f1:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                70:E9:59:B7:15:70:85:B1:DA:6D:5C:98:78:CB:1F:D3:18:1A:91:9D
            X509v3 Authority Key Identifier:
                keyid:10:D7:03:8B:83:EB:24:7F:C6:5B:DA:D0:19:5B:86:24:6F:8F:30:06

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ENcDi4PrJH_GW9rQGVuGJG-PMAY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/57/6105ad-8304-49f4-a0de-1c5bde2c14f4/1/cOlZtxVwhbHabVyYeMsf0xgakZ0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/57/6105ad-8304-49f4-a0de-1c5bde2c14f4/1/ENcDi4PrJH_GW9rQGVuGJG-PMAY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.115.140.0/24
                  185.115.142.0/24

    Signature Algorithm: sha256WithRSAEncryption
         64:c6:45:a5:c1:7b:bc:80:7e:1a:8a:99:69:b6:86:70:c7:ec:
         f8:38:50:09:12:31:a4:bc:15:ec:0b:a4:7c:91:ac:cb:53:df:
         92:85:f0:20:ed:3f:47:d5:6d:3e:43:93:0a:9c:60:2e:2a:39:
         58:8a:e9:04:00:02:f5:23:d7:0f:20:af:6f:73:cb:17:7c:41:
         42:b8:9c:1b:b2:31:5b:bf:ea:81:7b:9d:75:42:5d:b4:b0:35:
         d0:64:5d:24:8c:c0:22:7b:e5:e2:24:b3:09:59:2f:93:ab:28:
         12:9b:fb:70:c2:22:91:26:cf:13:01:34:8b:b2:a5:30:56:15:
         73:98:ff:97:72:39:9e:b9:1f:66:df:e6:d5:00:3b:64:6d:f3:
         7e:78:b8:b4:e4:61:ff:e9:d6:d5:e1:08:f9:34:c0:d3:f4:20:
         f3:31:cd:43:2a:8b:10:98:b5:1e:35:73:72:a7:85:fe:01:8d:
         91:fb:7d:b7:75:a4:3e:22:51:58:53:8e:ae:ae:67:3e:37:2a:
         01:5a:d3:b8:14:9d:53:4d:b4:3c:c4:4a:7d:37:c7:c3:c5:cd:
         21:1e:0d:2d:d1:36:98:df:f8:ce:21:1c:82:fe:82:a7:82:66:
         43:9a:d4:d3:a7:68:2d:c4:c1:c7:b6:d9:f3:94:39:95:f1:c8:
         98:16:c6:6a
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQoKDwHUMqwZDi7uWtTFCy1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEwZDcwMzhiODNlYjI0N2ZjNjViZGFkMDE5NWI4NjI0NmY4
ZjMwMDYwHhcNMjUwMTAyMTc1NTEyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MGU5NTliNzE1NzA4NWIxZGE2ZDVjOTg3OGNiMWZkMzE4MWE5MTlkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoNJrTld4ns1WM7nvTt4AsiADUoR7
K4TZdkbx5UwztX8c3Ahy3k9r5Nfm7zIQnmnXm9x0O4BNSvZqkaRFBfomXP1WbC16
6ViLIpIc4CF2+T9fKYH+6IwLww+dAuSDoF4rofsPJ9M1heL76qnic0IfxDAZnBGC
a3gWPPiOv+8RmB3n+1DqT5O1dccZzmrXjo1nl9PNF+dsuF4h5DgPBh3sq0k4Sdng
DFcNmPlbObSXg6yidymPVTBSToG94xPNwwNKq779O4prcGC6zWvS6Og3hJ7v84Li
9zugjAKXLL4Azb6c5BID8YwTH4BFSkTbksyUbpq+y9+Ka5iL8nVMJafx1wIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFHDpWbcVcIWx2m1cmHjLH9MYGpGdMB8GA1UdIwQY
MBaAFBDXA4uD6yR/xlva0BlbhiRvjzAGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRU5jRGk0UHJKSF9HVzlyUUdWdUdKRy1QTUFZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Ny82MTA1YWQtODMwNC00OWY0LWEwZGUt
MWM1YmRlMmMxNGY0LzEvY09sWnR4VndoYkhhYlZ5WWVNc2YweGdha1owLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Ny82MTA1YWQtODMwNC00OWY0LWEwZGUtMWM1YmRlMmMxNGY0
LzEvRU5jRGk0UHJKSF9HVzlyUUdWdUdKRy1QTUFZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAuXOMAwQA
uXOOMA0GCSqGSIb3DQEBCwUAA4IBAQBkxkWlwXu8gH4aiplptoZwx+z4OFAJEjGk
vBXsC6R8kazLU9+ShfAg7T9H1W0+Q5MKnGAuKjlYiukEAAL1I9cPIK9vc8sXfEFC
uJwbsjFbv+qBe511Ql20sDXQZF0kjMAie+XiJLMJWS+TqygSm/twwiKRJs8TATSL
sqUwVhVzmP+XcjmeuR9m3+bVADtkbfN+eLi05GH/6dbV4Qj5NMDT9CDzMc1DKosQ
mLUeNXNyp4X+AY2R+323daQ+IlFYU46urmc+NyoBWtO4FJ1TTbQ8xEp9N8fDxc0h
Hg0t0TaY3/jOIRyC/oKngmZDmtTTp2gtxMHHttnzlDmV8ciYFsZq
-----END CERTIFICATE-----