Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/60/9ba504-02af-4972-b0b9-822de9308e01/1/aW93vIod8bw9akpUiGgWH-EgLiE.roa
File:                     aW93vIod8bw9akpUiGgWH-EgLiE.roa (raw, json)
Hash identifier:          qyblENK3boODcPRYexEWYW0qmMFYuF1Qh/Vo8m2KhS0=
Subject key identifier:   69:6F:77:BC:8A:1D:F1:BC:3D:6A:4A:54:88:68:16:1F:E1:20:2E:21
Certificate issuer:       /CN=0e36aad7335f34e4cd829423beb089c4e0a4e874
Certificate serial:       01941F8C0AA5E734F8733FD4AAB121190C31
Authority key identifier: 0E:36:AA:D7:33:5F:34:E4:CD:82:94:23:BE:B0:89:C4:E0:A4:E8:74
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Djaq1zNfNOTNgpQjvrCJxOCk6HQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/60/9ba504-02af-4972-b0b9-822de9308e01/1/aW93vIod8bw9akpUiGgWH-EgLiE.roa
Signing time:             Wed 01 Jan 2025 01:47:39 +0000
ROA not before:           Wed 01 Jan 2025 01:47:39 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     47721
IP address blocks:        185.124.84.0/24 maxlen: 24
                          185.124.85.0/24 maxlen: 24
                          185.124.86.0/24 maxlen: 24
                          185.124.87.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/60/9ba504-02af-4972-b0b9-822de9308e01/1/Djaq1zNfNOTNgpQjvrCJxOCk6HQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/60/9ba504-02af-4972-b0b9-822de9308e01/1/Djaq1zNfNOTNgpQjvrCJxOCk6HQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Djaq1zNfNOTNgpQjvrCJxOCk6HQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 01:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:8c:0a:a5:e7:34:f8:73:3f:d4:aa:b1:21:19:0c:31
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0e36aad7335f34e4cd829423beb089c4e0a4e874
        Validity
            Not Before: Jan  1 01:47:39 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=696f77bc8a1df1bc3d6a4a548868161fe1202e21
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f2:1b:d3:b2:4e:eb:e3:e9:d1:a7:65:84:ee:4c:
                    fd:cb:84:4e:92:73:5f:0c:49:f3:ae:2c:e8:8b:86:
                    59:c6:1f:f1:0d:1f:82:64:4e:e4:7f:24:f4:65:fa:
                    58:34:5b:55:94:88:60:dd:36:96:9d:50:16:e8:f7:
                    a2:95:11:99:5d:68:fe:d0:42:4a:23:9c:d6:c9:88:
                    60:b5:a2:3f:aa:d5:8f:19:58:10:ef:7b:f8:18:36:
                    40:bb:7b:6b:6e:40:23:f6:5a:11:7b:5c:6b:90:0e:
                    4e:2a:be:8f:20:e3:34:58:9d:6a:15:fe:4a:a5:c0:
                    3f:16:df:48:d3:52:e5:18:a5:c6:87:a4:87:05:65:
                    c8:15:32:d9:5e:88:eb:31:d4:0e:54:fc:b5:44:f6:
                    f9:f2:d2:47:37:81:c9:5e:b4:8d:78:6a:25:9b:df:
                    2c:17:eb:41:01:fa:6e:e1:e1:69:de:04:ee:30:04:
                    b1:ba:95:31:ad:6b:ed:30:37:c5:ef:b6:09:29:7d:
                    57:1e:8f:5b:7a:65:2f:cb:32:b3:5f:e6:a4:bd:f5:
                    aa:25:60:cd:d6:f1:a3:dd:55:46:09:9e:66:8c:ba:
                    59:c3:5b:ea:aa:d9:1f:0d:62:78:76:fe:9f:c1:aa:
                    da:b2:fa:0e:4b:a8:14:fe:6a:4c:4e:8f:2e:66:e5:
                    a4:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                69:6F:77:BC:8A:1D:F1:BC:3D:6A:4A:54:88:68:16:1F:E1:20:2E:21
            X509v3 Authority Key Identifier:
                keyid:0E:36:AA:D7:33:5F:34:E4:CD:82:94:23:BE:B0:89:C4:E0:A4:E8:74

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Djaq1zNfNOTNgpQjvrCJxOCk6HQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/60/9ba504-02af-4972-b0b9-822de9308e01/1/aW93vIod8bw9akpUiGgWH-EgLiE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/60/9ba504-02af-4972-b0b9-822de9308e01/1/Djaq1zNfNOTNgpQjvrCJxOCk6HQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.124.84.0/22

    Signature Algorithm: sha256WithRSAEncryption
         1d:ae:2e:df:6d:f6:24:8a:10:41:af:63:9e:b4:5a:a3:e3:10:
         f8:82:0a:55:e0:3b:f9:3a:2c:e4:e3:88:f5:e5:bd:19:ed:23:
         16:12:0f:cb:1e:86:d3:7f:25:7f:0f:4c:2c:5b:45:4e:b1:3b:
         3d:7e:ce:1d:73:7c:8b:30:2d:0b:88:2b:cc:f8:00:e8:41:90:
         1d:be:b1:8b:c8:1c:a3:9c:61:4b:f8:2f:ba:78:cc:e3:42:79:
         05:4d:7c:f4:f2:31:f4:14:22:7b:94:6d:ff:e9:9c:f2:8c:fc:
         76:59:b5:19:db:5a:0b:c5:93:d9:dc:33:a1:0a:73:f2:7f:b3:
         a8:b6:f1:a1:79:62:84:06:81:67:cb:6a:91:d6:81:f8:a9:0c:
         eb:d5:11:06:35:17:1d:f7:17:d4:0e:fc:c8:f3:52:d2:33:42:
         ed:51:f4:71:5b:a4:0a:08:5f:11:6a:cb:2b:0a:c5:ab:d9:0f:
         9f:7f:b4:dd:45:5b:65:6e:bf:86:a0:01:e5:1e:00:2a:1f:1a:
         96:b3:47:13:82:3e:37:4a:60:15:68:ae:22:73:b4:60:d7:e4:
         7b:47:b6:0b:ee:59:14:0c:74:53:20:03:ae:e8:6b:8c:19:95:
         da:4e:1d:50:d1:54:a4:33:f5:4b:e7:5d:6c:71:71:ed:ee:be:
         36:d0:97:35
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQfjAql5zT4cz/UqrEhGQwxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBlMzZhYWQ3MzM1ZjM0ZTRjZDgyOTQyM2JlYjA4OWM0ZTBh
NGU4NzQwHhcNMjUwMTAxMDE0NzM5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2OTZmNzdiYzhhMWRmMWJjM2Q2YTRhNTQ4ODY4MTYxZmUxMjAyZTIxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8hvTsk7r4+nRp2WE7kz9y4ROknNf
DEnzrizoi4ZZxh/xDR+CZE7kfyT0ZfpYNFtVlIhg3TaWnVAW6PeilRGZXWj+0EJK
I5zWyYhgtaI/qtWPGVgQ73v4GDZAu3trbkAj9loRe1xrkA5OKr6PIOM0WJ1qFf5K
pcA/Ft9I01LlGKXGh6SHBWXIFTLZXojrMdQOVPy1RPb58tJHN4HJXrSNeGolm98s
F+tBAfpu4eFp3gTuMASxupUxrWvtMDfF77YJKX1XHo9bemUvyzKzX+akvfWqJWDN
1vGj3VVGCZ5mjLpZw1vqqtkfDWJ4dv6fwarasvoOS6gU/mpMTo8uZuWkFwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGlvd7yKHfG8PWpKVIhoFh/hIC4hMB8GA1UdIwQY
MBaAFA42qtczXzTkzYKUI76wicTgpOh0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRGphcTF6TmZOT1ROZ3BRanZyQ0p4T0NrNkhRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82MC85YmE1MDQtMDJhZi00OTcyLWIwYjkt
ODIyZGU5MzA4ZTAxLzEvYVc5M3ZJb2Q4Ync5YWtwVWlHZ1dILUVnTGlFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82MC85YmE1MDQtMDJhZi00OTcyLWIwYjktODIyZGU5MzA4ZTAx
LzEvRGphcTF6TmZOT1ROZ3BRanZyQ0p4T0NrNkhRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuXxUMA0G
CSqGSIb3DQEBCwUAA4IBAQAdri7fbfYkihBBr2OetFqj4xD4ggpV4Dv5Oizk44j1
5b0Z7SMWEg/LHobTfyV/D0wsW0VOsTs9fs4dc3yLMC0LiCvM+ADoQZAdvrGLyByj
nGFL+C+6eMzjQnkFTXz08jH0FCJ7lG3/6ZzyjPx2WbUZ21oLxZPZ3DOhCnPyf7Oo
tvGheWKEBoFny2qR1oH4qQzr1REGNRcd9xfUDvzI81LSM0LtUfRxW6QKCF8Rassr
CsWr2Q+ff7TdRVtlbr+GoAHlHgAqHxqWs0cTgj43SmAVaK4ic7Rg1+R7R7YL7lkU
DHRTIAOu6GuMGZXaTh1Q0VSkM/VL511scXHt7r420Jc1
-----END CERTIFICATE-----