Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5c/bfb423-da69-4265-95e5-f47ae7ddaec0/1/RkLlZjAasSrGiOmklIx_O-q25zk.roa
File:                     RkLlZjAasSrGiOmklIx_O-q25zk.roa (raw, json)
Hash identifier:          Gwgv1/PPnszGyK+vUndl8BVc2mtdNprpDuh7CKowocQ=
Subject key identifier:   46:42:E5:66:30:1A:B1:2A:C6:88:E9:A4:94:8C:7F:3B:EA:B6:E7:39
Certificate issuer:       /CN=69ca7c17232db063491cfa585203369ffbeb76ed
Certificate serial:       019421B1F5F6AAD9E8560C2344ED6EEFA40F
Authority key identifier: 69:CA:7C:17:23:2D:B0:63:49:1C:FA:58:52:03:36:9F:FB:EB:76:ED
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/acp8FyMtsGNJHPpYUgM2n_vrdu0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5c/bfb423-da69-4265-95e5-f47ae7ddaec0/1/RkLlZjAasSrGiOmklIx_O-q25zk.roa
Signing time:             Wed 01 Jan 2025 11:48:18 +0000
ROA not before:           Wed 01 Jan 2025 11:48:18 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     201668
IP address blocks:        185.65.252.0/24 maxlen: 24
                          185.65.253.0/24 maxlen: 24
                          185.65.254.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5c/bfb423-da69-4265-95e5-f47ae7ddaec0/1/acp8FyMtsGNJHPpYUgM2n_vrdu0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5c/bfb423-da69-4265-95e5-f47ae7ddaec0/1/acp8FyMtsGNJHPpYUgM2n_vrdu0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/acp8FyMtsGNJHPpYUgM2n_vrdu0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 07:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:b1:f5:f6:aa:d9:e8:56:0c:23:44:ed:6e:ef:a4:0f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=69ca7c17232db063491cfa585203369ffbeb76ed
        Validity
            Not Before: Jan  1 11:48:18 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4642e566301ab12ac688e9a4948c7f3beab6e739
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:eb:e8:5f:e0:c4:4f:a9:a8:d8:79:0c:3c:04:
                    61:24:c0:8f:fc:10:ed:44:ec:1d:8d:07:6a:fc:37:
                    b3:60:ab:e9:b0:13:43:d9:57:5f:ff:20:fe:5e:57:
                    8c:96:c7:27:63:eb:2e:f6:2f:eb:65:0e:7b:31:95:
                    59:b2:79:ae:b9:34:47:ad:97:3b:22:c8:e2:f5:50:
                    c9:13:be:c4:a8:d2:5a:ef:94:33:ae:85:2c:56:c7:
                    02:ea:ad:20:17:88:10:b5:7e:27:d3:5b:00:27:27:
                    9b:4f:2b:fc:87:88:18:7a:5e:17:92:98:06:cd:b0:
                    af:30:d0:93:70:50:0e:dc:50:12:ab:85:da:da:58:
                    c4:8f:86:35:7f:74:6e:80:80:74:be:6a:3f:db:21:
                    c5:03:12:3b:2b:73:77:e8:6c:4b:a8:1d:c2:c6:b5:
                    24:02:af:40:13:f7:b4:7e:ad:7e:1e:8c:52:13:ef:
                    56:af:d7:70:e8:54:4a:61:f8:2e:f6:4f:79:c7:67:
                    14:07:ca:39:cf:0c:6b:d5:ba:d5:8e:15:8b:b4:b3:
                    78:85:d3:99:d2:67:36:a6:c6:b9:4b:36:e7:1f:e4:
                    b7:78:28:3a:c3:f7:f3:23:bc:a0:d9:b8:1b:93:f7:
                    2e:2c:c0:59:8f:19:eb:cd:66:2f:d9:75:72:48:31:
                    37:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                46:42:E5:66:30:1A:B1:2A:C6:88:E9:A4:94:8C:7F:3B:EA:B6:E7:39
            X509v3 Authority Key Identifier:
                keyid:69:CA:7C:17:23:2D:B0:63:49:1C:FA:58:52:03:36:9F:FB:EB:76:ED

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/acp8FyMtsGNJHPpYUgM2n_vrdu0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5c/bfb423-da69-4265-95e5-f47ae7ddaec0/1/RkLlZjAasSrGiOmklIx_O-q25zk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5c/bfb423-da69-4265-95e5-f47ae7ddaec0/1/acp8FyMtsGNJHPpYUgM2n_vrdu0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.65.252.0-185.65.254.255

    Signature Algorithm: sha256WithRSAEncryption
         31:60:be:3f:68:3a:1a:2c:df:64:c5:3f:dd:e4:f4:8e:ef:67:
         75:3b:c0:e3:78:1b:79:f9:01:c1:1f:1e:aa:69:dd:9a:89:e9:
         0b:22:ff:38:f8:23:ea:39:ba:88:5a:87:21:42:ad:f3:0c:cd:
         b5:09:3e:41:54:d6:de:5c:2d:df:05:19:94:98:67:fc:ad:15:
         18:de:e7:e7:4c:21:64:56:c7:de:7b:b9:04:84:bd:0d:f1:89:
         06:57:7b:86:75:96:62:c9:1e:7b:29:19:b3:cc:5d:aa:8d:4b:
         c6:b4:dc:ea:31:49:ae:6d:5b:ce:81:9d:20:47:94:d0:04:34:
         29:94:6a:b2:ad:3e:d9:04:24:a0:bc:8e:33:6c:0c:c2:b9:84:
         40:17:f3:9a:63:a7:59:f7:5a:b8:95:d1:4e:a7:50:af:62:53:
         7e:76:77:51:93:2e:c4:5c:cd:fb:5e:58:c5:23:c3:1c:02:34:
         0b:3e:07:59:41:45:69:b6:89:4a:10:25:58:35:e7:7c:5d:7d:
         5d:cc:f3:22:49:2c:b5:ad:01:16:51:8f:4e:59:9f:d8:b9:98:
         18:e9:bf:00:51:9e:1e:30:78:57:3e:16:eb:a2:5b:6c:44:fa:
         c1:a3:69:16:99:c4:ce:77:79:5f:7f:bc:c8:89:0f:5a:9f:d4:
         d8:e1:2d:16
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZQhsfX2qtnoVgwjRO1u76QPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY5Y2E3YzE3MjMyZGIwNjM0OTFjZmE1ODUyMDMzNjlmZmJl
Yjc2ZWQwHhcNMjUwMTAxMTE0ODE4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NjQyZTU2NjMwMWFiMTJhYzY4OGU5YTQ5NDhjN2YzYmVhYjZlNzM5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArevoX+DET6mo2HkMPARhJMCP/BDt
ROwdjQdq/DezYKvpsBND2Vdf/yD+XleMlscnY+su9i/rZQ57MZVZsnmuuTRHrZc7
Isji9VDJE77EqNJa75QzroUsVscC6q0gF4gQtX4n01sAJyebTyv8h4gYel4XkpgG
zbCvMNCTcFAO3FASq4Xa2ljEj4Y1f3RugIB0vmo/2yHFAxI7K3N36GxLqB3CxrUk
Aq9AE/e0fq1+HoxSE+9Wr9dw6FRKYfgu9k95x2cUB8o5zwxr1brVjhWLtLN4hdOZ
0mc2psa5SzbnH+S3eCg6w/fzI7yg2bgbk/cuLMBZjxnrzWYv2XVySDE3vwIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFEZC5WYwGrEqxojppJSMfzvqtuc5MB8GA1UdIwQY
MBaAFGnKfBcjLbBjSRz6WFIDNp/763btMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYWNwOEZ5TXRzR05KSFBwWVVnTTJuX3ZyZHUwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yy9iZmI0MjMtZGE2OS00MjY1LTk1ZTUt
ZjQ3YWU3ZGRhZWMwLzEvUmtMbFpqQWFzU3JHaU9ta2xJeF9PLXEyNXprLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yy9iZmI0MjMtZGE2OS00MjY1LTk1ZTUtZjQ3YWU3ZGRhZWMw
LzEvYWNwOEZ5TXRzR05KSFBwWVVnTTJuX3ZyZHUwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBAK5QfwD
BAC5Qf4wDQYJKoZIhvcNAQELBQADggEBADFgvj9oOhos32TFP93k9I7vZ3U7wON4
G3n5AcEfHqpp3ZqJ6Qsi/zj4I+o5uohahyFCrfMMzbUJPkFU1t5cLd8FGZSYZ/yt
FRje5+dMIWRWx957uQSEvQ3xiQZXe4Z1lmLJHnspGbPMXaqNS8a03OoxSa5tW86B
nSBHlNAENCmUarKtPtkEJKC8jjNsDMK5hEAX85pjp1n3WriV0U6nUK9iU352d1GT
LsRczfteWMUjwxwCNAs+B1lBRWm2iUoQJVg153xdfV3M8yJJLLWtARZRj05Zn9i5
mBjpvwBRnh4weFc+FuuiW2xE+sGjaRaZxM53eV9/vMiJD1qf1NjhLRY=
-----END CERTIFICATE-----