Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/59/884356-7e2a-4c2a-8ff4-3568e1d29d4a/1/xnRx0OSK9TIMFxn1VL8fIU-kDPQ.roa
File:                     xnRx0OSK9TIMFxn1VL8fIU-kDPQ.roa (raw, json)
Hash identifier:          l/e913myQSQUa6e/Y2iqnvi7HmfqzgcIokF4oa8whYM=
Subject key identifier:   C6:74:71:D0:E4:8A:F5:32:0C:17:19:F5:54:BF:1F:21:4F:A4:0C:F4
Certificate issuer:       /CN=767c1766fbbdcff68bbc34a3c6be69a0c8a03ab9
Certificate serial:       01942826822B9146CDCEDEC56905C4DAF1DB
Authority key identifier: 76:7C:17:66:FB:BD:CF:F6:8B:BC:34:A3:C6:BE:69:A0:C8:A0:3A:B9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dnwXZvu9z_aLvDSjxr5poMigOrk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/59/884356-7e2a-4c2a-8ff4-3568e1d29d4a/1/xnRx0OSK9TIMFxn1VL8fIU-kDPQ.roa
Signing time:             Thu 02 Jan 2025 17:53:19 +0000
ROA not before:           Thu 02 Jan 2025 17:53:19 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     19905
IP address blocks:        185.143.40.0/24 maxlen: 24
                          185.143.41.0/24 maxlen: 24
                          185.143.42.0/24 maxlen: 24
                          185.143.43.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/59/884356-7e2a-4c2a-8ff4-3568e1d29d4a/1/dnwXZvu9z_aLvDSjxr5poMigOrk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/59/884356-7e2a-4c2a-8ff4-3568e1d29d4a/1/dnwXZvu9z_aLvDSjxr5poMigOrk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dnwXZvu9z_aLvDSjxr5poMigOrk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 17:00:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:28:26:82:2b:91:46:cd:ce:de:c5:69:05:c4:da:f1:db
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=767c1766fbbdcff68bbc34a3c6be69a0c8a03ab9
        Validity
            Not Before: Jan  2 17:53:19 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c67471d0e48af5320c1719f554bf1f214fa40cf4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:ec:dd:d8:cf:69:7f:f9:f4:98:6c:95:5e:58:
                    f4:a5:ec:29:59:4e:0e:b6:b1:71:79:75:02:66:24:
                    8e:1b:33:0b:45:73:a0:eb:4c:aa:fd:0e:e5:23:00:
                    98:5b:e8:be:a6:df:e8:41:22:e2:e8:49:79:e1:7c:
                    eb:5b:6b:02:eb:fd:25:51:e8:95:3a:6a:51:16:93:
                    dc:ca:bf:0e:05:63:65:e5:ed:68:d2:55:a7:1a:40:
                    74:c0:fc:40:4c:c0:b8:41:b4:07:97:5f:51:08:8b:
                    8a:5a:13:33:84:70:17:78:36:90:bc:b1:01:e3:a8:
                    fe:fe:1e:5e:c3:d1:58:eb:b2:7b:3a:e3:4d:17:a5:
                    b7:af:95:0a:a4:bc:8b:05:65:7f:49:f7:ae:53:20:
                    d9:7d:b7:30:8e:9d:1e:38:05:d1:ac:d9:53:3b:a4:
                    5f:a2:ae:09:3c:e6:7d:1f:a2:96:13:64:48:87:4a:
                    df:bb:9a:03:63:99:8e:46:4a:56:0a:fe:c7:b0:57:
                    12:09:fb:95:e5:97:d1:1b:fd:f1:94:8f:29:8e:5f:
                    cf:4d:6e:01:e5:1b:5c:e1:28:49:55:f4:a7:69:c2:
                    ee:fa:47:16:2f:13:22:74:61:67:d8:33:e3:4d:bd:
                    55:28:b6:6e:36:c3:ca:31:00:18:1c:e2:55:61:ed:
                    4d:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C6:74:71:D0:E4:8A:F5:32:0C:17:19:F5:54:BF:1F:21:4F:A4:0C:F4
            X509v3 Authority Key Identifier:
                keyid:76:7C:17:66:FB:BD:CF:F6:8B:BC:34:A3:C6:BE:69:A0:C8:A0:3A:B9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dnwXZvu9z_aLvDSjxr5poMigOrk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/59/884356-7e2a-4c2a-8ff4-3568e1d29d4a/1/xnRx0OSK9TIMFxn1VL8fIU-kDPQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/59/884356-7e2a-4c2a-8ff4-3568e1d29d4a/1/dnwXZvu9z_aLvDSjxr5poMigOrk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.143.40.0/22

    Signature Algorithm: sha256WithRSAEncryption
         6a:61:97:70:0f:c0:bf:d8:4c:59:a6:79:d6:2a:b0:bf:3b:95:
         c4:f5:99:de:d0:27:ef:1e:e4:12:ba:42:61:c3:0b:dc:14:aa:
         81:34:3f:7b:3c:b6:3a:17:22:99:bf:b0:e2:d7:88:4c:e1:6b:
         3f:62:ed:1d:c6:ca:64:fd:e5:6d:93:80:ea:1c:68:65:48:70:
         4e:1e:d6:fb:c0:29:67:c5:4a:1a:a6:6d:a0:ef:8a:29:87:72:
         c2:8a:6a:b1:ea:1b:a7:57:07:3c:df:c6:3a:44:39:53:f5:cd:
         0e:44:59:63:90:9e:c8:98:5c:1e:29:d0:45:47:bf:e0:70:00:
         21:89:13:19:f5:c9:88:9c:c5:a9:2c:a9:bf:87:97:fd:f8:43:
         e6:12:0c:66:f2:98:c6:32:4f:5d:ad:fe:0b:8d:c7:bf:06:05:
         23:8f:1b:c3:8b:01:70:11:8c:60:01:73:96:8c:1b:64:a7:8b:
         99:cc:9f:4b:84:73:dc:6b:96:e8:22:3f:34:51:56:4e:c2:3c:
         9d:d2:a6:1e:a3:a5:5b:ca:95:f0:dc:3d:eb:7e:b2:bb:b9:b6:
         d6:73:77:6d:45:6a:c4:2f:f5:fa:aa:a7:a9:81:c6:fc:80:09:
         bb:f2:23:b0:c0:31:c2:3b:70:61:5f:23:d8:2c:50:ab:d2:0a:
         81:f4:08:26
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQoJoIrkUbNzt7FaQXE2vHbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc2N2MxNzY2ZmJiZGNmZjY4YmJjMzRhM2M2YmU2OWEwYzhh
MDNhYjkwHhcNMjUwMTAyMTc1MzE5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNjc0NzFkMGU0OGFmNTMyMGMxNzE5ZjU1NGJmMWYyMTRmYTQwY2Y0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw+zd2M9pf/n0mGyVXlj0pewpWU4O
trFxeXUCZiSOGzMLRXOg60yq/Q7lIwCYW+i+pt/oQSLi6El54XzrW2sC6/0lUeiV
OmpRFpPcyr8OBWNl5e1o0lWnGkB0wPxATMC4QbQHl19RCIuKWhMzhHAXeDaQvLEB
46j+/h5ew9FY67J7OuNNF6W3r5UKpLyLBWV/SfeuUyDZfbcwjp0eOAXRrNlTO6Rf
oq4JPOZ9H6KWE2RIh0rfu5oDY5mORkpWCv7HsFcSCfuV5ZfRG/3xlI8pjl/PTW4B
5Rtc4ShJVfSnacLu+kcWLxMidGFn2DPjTb1VKLZuNsPKMQAYHOJVYe1NnwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMZ0cdDkivUyDBcZ9VS/HyFPpAz0MB8GA1UdIwQY
MBaAFHZ8F2b7vc/2i7w0o8a+aaDIoDq5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZG53WFp2dTl6X2FMdkRTanhyNXBvTWlnT3JrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OS84ODQzNTYtN2UyYS00YzJhLThmZjQt
MzU2OGUxZDI5ZDRhLzEveG5SeDBPU0s5VElNRnhuMVZMOGZJVS1rRFBRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OS84ODQzNTYtN2UyYS00YzJhLThmZjQtMzU2OGUxZDI5ZDRh
LzEvZG53WFp2dTl6X2FMdkRTanhyNXBvTWlnT3JrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuY8oMA0G
CSqGSIb3DQEBCwUAA4IBAQBqYZdwD8C/2ExZpnnWKrC/O5XE9Zne0CfvHuQSukJh
wwvcFKqBND97PLY6FyKZv7Di14hM4Ws/Yu0dxspk/eVtk4DqHGhlSHBOHtb7wCln
xUoapm2g74oph3LCimqx6hunVwc838Y6RDlT9c0ORFljkJ7ImFweKdBFR7/gcAAh
iRMZ9cmInMWpLKm/h5f9+EPmEgxm8pjGMk9drf4Ljce/BgUjjxvDiwFwEYxgAXOW
jBtkp4uZzJ9LhHPca5boIj80UVZOwjyd0qYeo6VbypXw3D3rfrK7ubbWc3dtRWrE
L/X6qqepgcb8gAm78iOwwDHCO3BhXyPYLFCr0gqB9Agm
-----END CERTIFICATE-----