Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/58/cf028e-757e-4843-a1ea-4c74d332ea58/1/aqOGkykY9Ju12UAZyyt6XVgtms4.roa
File:                     aqOGkykY9Ju12UAZyyt6XVgtms4.roa (raw, json)
Hash identifier:          E4BJpz+NX3TX7uydvegd/qgoqkfPLAjjVrCasy2lcGs=
Subject key identifier:   6A:A3:86:93:29:18:F4:9B:B5:D9:40:19:CB:2B:7A:5D:58:2D:9A:CE
Certificate issuer:       /CN=d959676fe138d4eb2aae19bb6731fee6292d793d
Certificate serial:       019420D647885BE26CD4064C51A9849BEA5A
Authority key identifier: D9:59:67:6F:E1:38:D4:EB:2A:AE:19:BB:67:31:FE:E6:29:2D:79:3D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2Vlnb-E41Osqrhm7ZzH-5ikteT0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/58/cf028e-757e-4843-a1ea-4c74d332ea58/1/aqOGkykY9Ju12UAZyyt6XVgtms4.roa
Signing time:             Wed 01 Jan 2025 07:48:21 +0000
ROA not before:           Wed 01 Jan 2025 07:48:21 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     1299
IP address blocks:        185.103.188.0/24 maxlen: 24
                          185.103.189.0/24 maxlen: 24
                          185.103.190.0/24 maxlen: 24
                          185.103.191.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/58/cf028e-757e-4843-a1ea-4c74d332ea58/1/2Vlnb-E41Osqrhm7ZzH-5ikteT0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/58/cf028e-757e-4843-a1ea-4c74d332ea58/1/2Vlnb-E41Osqrhm7ZzH-5ikteT0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2Vlnb-E41Osqrhm7ZzH-5ikteT0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 13:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:d6:47:88:5b:e2:6c:d4:06:4c:51:a9:84:9b:ea:5a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d959676fe138d4eb2aae19bb6731fee6292d793d
        Validity
            Not Before: Jan  1 07:48:21 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6aa386932918f49bb5d94019cb2b7a5d582d9ace
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:df:a8:8d:d2:c2:d0:c5:a6:4c:75:68:a6:f9:11:
                    6a:b4:65:c8:c1:ba:47:7c:d5:b4:6a:bf:1a:5b:d5:
                    c0:d3:5c:a1:69:b1:af:d6:36:d9:0c:26:c6:2f:40:
                    5a:82:36:b1:b3:6f:e8:de:5f:1b:26:45:5b:da:da:
                    df:06:89:81:df:55:b3:c9:52:91:ee:d8:e8:d9:01:
                    30:fd:f3:85:f6:4a:2d:65:ff:d2:cb:13:d3:04:cf:
                    5e:f0:3c:fe:9c:42:09:0f:9e:eb:74:3f:f3:40:66:
                    94:b8:5d:e5:49:74:0b:44:74:f7:5e:26:06:72:dc:
                    bd:ca:be:67:97:31:3d:e4:a1:16:a7:3f:01:79:71:
                    7e:84:a5:7a:c1:18:05:aa:79:9a:38:17:f2:34:dd:
                    1b:d7:9f:bb:39:1f:7a:6d:57:90:57:24:11:a0:2b:
                    38:84:e8:45:d3:91:10:d5:7c:00:93:28:4d:04:83:
                    b1:b0:7e:93:51:85:c5:e2:03:b2:4d:8d:61:3d:f1:
                    f4:b5:ba:b8:1a:dc:95:f3:71:13:21:42:10:86:1e:
                    ab:3d:d1:bc:00:92:1e:92:1d:8f:4d:94:86:7a:03:
                    80:b1:57:0f:48:dd:c0:05:a0:99:87:e1:d8:cd:7e:
                    aa:33:1c:95:52:e5:cf:28:9b:9a:8f:28:6f:47:c6:
                    68:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6A:A3:86:93:29:18:F4:9B:B5:D9:40:19:CB:2B:7A:5D:58:2D:9A:CE
            X509v3 Authority Key Identifier:
                keyid:D9:59:67:6F:E1:38:D4:EB:2A:AE:19:BB:67:31:FE:E6:29:2D:79:3D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2Vlnb-E41Osqrhm7ZzH-5ikteT0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/58/cf028e-757e-4843-a1ea-4c74d332ea58/1/aqOGkykY9Ju12UAZyyt6XVgtms4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/58/cf028e-757e-4843-a1ea-4c74d332ea58/1/2Vlnb-E41Osqrhm7ZzH-5ikteT0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.103.188.0/22

    Signature Algorithm: sha256WithRSAEncryption
         08:2e:a3:70:c5:12:fa:70:8d:7d:34:03:fd:07:9c:5b:1d:f8:
         17:9e:0c:e2:12:0b:94:75:ef:43:54:9f:7a:1d:e5:2f:db:5e:
         b7:a0:31:cd:9e:53:5f:eb:98:e9:e1:43:34:92:2e:d9:25:e5:
         9d:c9:85:88:ba:78:fa:50:54:1c:53:54:37:c9:6d:08:66:a4:
         90:03:d4:c7:f0:b0:74:cb:2a:b8:1c:6a:a6:dd:16:31:21:cd:
         fd:31:aa:91:ee:db:f8:31:12:83:e7:97:ce:29:85:b8:13:40:
         41:7b:b6:39:40:26:ff:37:d8:82:68:b6:69:c1:3a:15:c1:da:
         83:51:69:cd:03:29:6c:3e:b7:e7:8d:97:30:04:a0:f8:6b:84:
         09:62:ca:e3:8f:34:96:1d:59:22:4f:9a:9d:b6:21:df:86:a0:
         0f:b1:59:55:ca:48:db:74:29:91:68:e1:95:10:82:34:ff:9b:
         47:3c:96:80:7a:21:b5:12:26:49:50:7e:89:7f:11:a6:84:fb:
         5b:71:30:29:55:31:fc:50:d1:ae:b2:64:3b:a6:17:2a:f0:33:
         4c:d2:c6:01:20:d8:5d:e0:95:7b:0f:ed:bb:fe:c1:f7:89:96:
         ce:70:ac:c7:0c:a6:3e:db:b8:35:3f:c8:fa:c4:46:77:6d:f9:
         bb:7b:40:dd
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQg1keIW+Js1AZMUamEm+paMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ5NTk2NzZmZTEzOGQ0ZWIyYWFlMTliYjY3MzFmZWU2Mjky
ZDc5M2QwHhcNMjUwMTAxMDc0ODIxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YWEzODY5MzI5MThmNDliYjVkOTQwMTljYjJiN2E1ZDU4MmQ5YWNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA36iN0sLQxaZMdWim+RFqtGXIwbpH
fNW0ar8aW9XA01yhabGv1jbZDCbGL0Bagjaxs2/o3l8bJkVb2trfBomB31WzyVKR
7tjo2QEw/fOF9kotZf/SyxPTBM9e8Dz+nEIJD57rdD/zQGaUuF3lSXQLRHT3XiYG
cty9yr5nlzE95KEWpz8BeXF+hKV6wRgFqnmaOBfyNN0b15+7OR96bVeQVyQRoCs4
hOhF05EQ1XwAkyhNBIOxsH6TUYXF4gOyTY1hPfH0tbq4GtyV83ETIUIQhh6rPdG8
AJIekh2PTZSGegOAsVcPSN3ABaCZh+HYzX6qMxyVUuXPKJuajyhvR8ZoOQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGqjhpMpGPSbtdlAGcsrel1YLZrOMB8GA1UdIwQY
MBaAFNlZZ2/hONTrKq4Zu2cx/uYpLXk9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMlZsbmItRTQxT3NxcmhtN1p6SC01aWt0ZVQwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OC9jZjAyOGUtNzU3ZS00ODQzLWExZWEt
NGM3NGQzMzJlYTU4LzEvYXFPR2t5a1k5SnUxMlVBWnl5dDZYVmd0bXM0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OC9jZjAyOGUtNzU3ZS00ODQzLWExZWEtNGM3NGQzMzJlYTU4
LzEvMlZsbmItRTQxT3NxcmhtN1p6SC01aWt0ZVQwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuWe8MA0G
CSqGSIb3DQEBCwUAA4IBAQAILqNwxRL6cI19NAP9B5xbHfgXngziEguUde9DVJ96
HeUv2163oDHNnlNf65jp4UM0ki7ZJeWdyYWIunj6UFQcU1Q3yW0IZqSQA9TH8LB0
yyq4HGqm3RYxIc39MaqR7tv4MRKD55fOKYW4E0BBe7Y5QCb/N9iCaLZpwToVwdqD
UWnNAylsPrfnjZcwBKD4a4QJYsrjjzSWHVkiT5qdtiHfhqAPsVlVykjbdCmRaOGV
EII0/5tHPJaAeiG1EiZJUH6JfxGmhPtbcTApVTH8UNGusmQ7phcq8DNM0sYBINhd
4JV7D+27/sH3iZbOcKzHDKY+27g1P8j6xEZ3bfm7e0Dd
-----END CERTIFICATE-----