Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/64/db4205-d57c-4ca2-8894-9f9536bb2c37/1/JLeYM1Nb1WkxGedHLrl3D2YAcD0.roa
File:                     JLeYM1Nb1WkxGedHLrl3D2YAcD0.roa (raw, json)
Hash identifier:          kpcTVdbw29GtZxZaBOoPfJn9eSPlvRnFiHJuCzaGNU4=
Subject key identifier:   24:B7:98:33:53:5B:D5:69:31:19:E7:47:2E:B9:77:0F:66:00:70:3D
Certificate issuer:       /CN=1acbdd00d27b8a8befc866caf378f19027684769
Certificate serial:       0194460FF7377D2E80E096C695ABE435B1CE
Authority key identifier: 1A:CB:DD:00:D2:7B:8A:8B:EF:C8:66:CA:F3:78:F1:90:27:68:47:69
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GsvdANJ7iovvyGbK83jxkCdoR2k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/64/db4205-d57c-4ca2-8894-9f9536bb2c37/1/JLeYM1Nb1WkxGedHLrl3D2YAcD0.roa
Signing time:             Wed 08 Jan 2025 13:17:18 +0000
ROA not before:           Wed 08 Jan 2025 13:17:18 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     39605
IP address blocks:        185.128.239.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/64/db4205-d57c-4ca2-8894-9f9536bb2c37/1/GsvdANJ7iovvyGbK83jxkCdoR2k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/64/db4205-d57c-4ca2-8894-9f9536bb2c37/1/GsvdANJ7iovvyGbK83jxkCdoR2k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GsvdANJ7iovvyGbK83jxkCdoR2k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 13:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:46:0f:f7:37:7d:2e:80:e0:96:c6:95:ab:e4:35:b1:ce
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1acbdd00d27b8a8befc866caf378f19027684769
        Validity
            Not Before: Jan  8 13:17:18 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=24b79833535bd5693119e7472eb9770f6600703d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:a3:b6:ed:0b:7c:d0:3b:49:bf:47:77:9f:30:
                    05:3f:81:2e:6d:d6:e1:10:fa:0e:a4:f2:c4:68:32:
                    34:58:8f:14:a1:19:ed:05:54:a6:c2:9a:34:28:5c:
                    e6:8b:49:a6:ff:3f:99:aa:6b:91:c3:f5:a5:82:b7:
                    e5:48:f1:0c:d1:4b:86:b2:55:90:5a:ab:f8:8d:38:
                    4f:11:ed:12:e5:b4:8e:36:26:3e:16:89:78:63:b5:
                    4e:c0:fd:a2:bb:d8:6d:75:ab:3b:0c:67:49:9f:1b:
                    b2:92:48:60:df:e5:c0:85:ef:a3:9b:c2:f6:20:d0:
                    ba:a5:37:14:c1:4b:ed:2e:8c:9b:c4:d8:2f:2d:7d:
                    83:9d:74:a1:c2:c2:17:5c:b5:74:54:e0:8a:1b:fc:
                    e9:18:00:75:dc:f6:6e:86:8d:d2:92:19:bc:5c:45:
                    ae:62:95:56:28:e4:62:c8:7c:65:c7:1e:9f:8d:92:
                    0c:3c:bc:c8:9a:05:1f:d6:31:e7:50:11:3a:64:42:
                    7e:a4:92:d1:a7:92:19:d6:46:9c:5c:41:52:12:dd:
                    e5:19:f9:3c:ca:27:35:0a:a1:15:c9:4a:6b:dc:3a:
                    8f:f2:64:93:c5:c7:1b:ed:fc:32:15:86:0d:98:40:
                    12:65:63:15:3a:10:2f:e3:6f:cb:02:a6:59:16:e2:
                    e0:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                24:B7:98:33:53:5B:D5:69:31:19:E7:47:2E:B9:77:0F:66:00:70:3D
            X509v3 Authority Key Identifier:
                keyid:1A:CB:DD:00:D2:7B:8A:8B:EF:C8:66:CA:F3:78:F1:90:27:68:47:69

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GsvdANJ7iovvyGbK83jxkCdoR2k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/64/db4205-d57c-4ca2-8894-9f9536bb2c37/1/JLeYM1Nb1WkxGedHLrl3D2YAcD0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/64/db4205-d57c-4ca2-8894-9f9536bb2c37/1/GsvdANJ7iovvyGbK83jxkCdoR2k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.128.239.0/24

    Signature Algorithm: sha256WithRSAEncryption
         67:da:8f:9c:61:61:3f:86:f9:70:e8:61:00:01:f6:ff:cf:f0:
         2d:c9:11:89:f8:28:a5:5f:09:7d:33:e1:73:68:e3:e8:ba:2a:
         41:f2:e7:0a:71:6d:f1:f3:b3:48:2d:ef:93:75:1a:37:ab:df:
         fc:fb:f4:9e:f4:8c:18:64:38:61:15:fc:11:b8:50:7e:3c:61:
         26:66:69:95:ff:c6:fd:2d:9d:f7:58:26:1e:59:b1:26:36:b1:
         2d:57:3d:05:5f:c0:59:ab:ab:ee:9d:b7:8b:30:7a:a4:fe:be:
         3e:f5:28:aa:18:01:53:51:3d:d3:c1:e6:02:22:d0:ff:9c:a0:
         0c:0e:66:ae:f3:d4:ac:5d:a2:ca:a8:0e:4a:ca:d8:5e:93:d1:
         49:be:36:c3:4d:fe:16:54:6e:f7:be:af:23:49:d9:98:d9:1c:
         21:4f:23:4c:5e:ec:8d:2b:33:54:c3:c3:1c:4c:f3:1a:c8:87:
         03:fd:f4:68:d5:01:10:30:75:85:4e:b0:97:1f:42:7e:43:a0:
         0a:a6:67:70:a2:dc:b6:e8:a1:82:59:7e:f0:a1:54:88:51:f0:
         cb:6b:96:a5:7b:11:4c:01:ec:bd:7c:6b:14:29:cb:73:95:cc:
         47:50:ea:b6:df:77:14:a1:57:c2:df:9b:d2:a8:c0:8e:0a:0e:
         bb:2a:17:73
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZRGD/c3fS6A4JbGlavkNbHOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFhY2JkZDAwZDI3YjhhOGJlZmM4NjZjYWYzNzhmMTkwMjc2
ODQ3NjkwHhcNMjUwMTA4MTMxNzE4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNGI3OTgzMzUzNWJkNTY5MzExOWU3NDcyZWI5NzcwZjY2MDA3MDNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuaO27Qt80DtJv0d3nzAFP4Eubdbh
EPoOpPLEaDI0WI8UoRntBVSmwpo0KFzmi0mm/z+ZqmuRw/WlgrflSPEM0UuGslWQ
Wqv4jThPEe0S5bSONiY+Fol4Y7VOwP2iu9htdas7DGdJnxuykkhg3+XAhe+jm8L2
INC6pTcUwUvtLoybxNgvLX2DnXShwsIXXLV0VOCKG/zpGAB13PZuho3Skhm8XEWu
YpVWKORiyHxlxx6fjZIMPLzImgUf1jHnUBE6ZEJ+pJLRp5IZ1kacXEFSEt3lGfk8
yic1CqEVyUpr3DqP8mSTxccb7fwyFYYNmEASZWMVOhAv42/LAqZZFuLg2wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCS3mDNTW9VpMRnnRy65dw9mAHA9MB8GA1UdIwQY
MBaAFBrL3QDSe4qL78hmyvN48ZAnaEdpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR3N2ZEFOSjdpb3Z2eUdiSzgzanhrQ2RvUjJrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NC9kYjQyMDUtZDU3Yy00Y2EyLTg4OTQt
OWY5NTM2YmIyYzM3LzEvSkxlWU0xTmIxV2t4R2VkSExybDNEMllBY0QwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NC9kYjQyMDUtZDU3Yy00Y2EyLTg4OTQtOWY5NTM2YmIyYzM3
LzEvR3N2ZEFOSjdpb3Z2eUdiSzgzanhrQ2RvUjJrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuYDvMA0G
CSqGSIb3DQEBCwUAA4IBAQBn2o+cYWE/hvlw6GEAAfb/z/AtyRGJ+CilXwl9M+Fz
aOPouipB8ucKcW3x87NILe+TdRo3q9/8+/Se9IwYZDhhFfwRuFB+PGEmZmmV/8b9
LZ33WCYeWbEmNrEtVz0FX8BZq6vunbeLMHqk/r4+9SiqGAFTUT3TweYCItD/nKAM
Dmau89SsXaLKqA5Kythek9FJvjbDTf4WVG73vq8jSdmY2RwhTyNMXuyNKzNUw8Mc
TPMayIcD/fRo1QEQMHWFTrCXH0J+Q6AKpmdwoty26KGCWX7woVSIUfDLa5alexFM
Aey9fGsUKctzlcxHUOq233cUoVfC35vSqMCOCg67Khdz
-----END CERTIFICATE-----