Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/1-aQ0GnxVrEVlGjWCi3NaYsPkesg.roa
File:                     1-aQ0GnxVrEVlGjWCi3NaYsPkesg.roa (raw, json)
Hash identifier:          +3mk2sWVkE+uaFZ5ZJrtNPPCIQ4hekmcEYuQDX27zMs=
Subject key identifier:   F9:A4:34:1A:7C:55:AC:45:65:1A:35:82:8B:73:5A:62:C3:E4:7A:C8
Certificate issuer:       /CN=f04a58047f37bbc057944bbf8cad8742879592da
Certificate serial:       01958E71FCBA13C2569B34BFED60CC6B5AAF
Authority key identifier: F0:4A:58:04:7F:37:BB:C0:57:94:4B:BF:8C:AD:87:42:87:95:92:DA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/1-aQ0GnxVrEVlGjWCi3NaYsPkesg.roa
Signing time:             Thu 13 Mar 2025 07:39:49 +0000
ROA not before:           Thu 13 Mar 2025 07:39:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     21859
IP address blocks:        155.2.218.0/24 maxlen: 24
                          155.2.219.0/24 maxlen: 24
                          192.253.210.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 12 Apr 2025 14:01:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:8e:71:fc:ba:13:c2:56:9b:34:bf:ed:60:cc:6b:5a:af
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f04a58047f37bbc057944bbf8cad8742879592da
        Validity
            Not Before: Mar 13 07:39:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f9a4341a7c55ac45651a35828b735a62c3e47ac8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:d5:cb:bd:4b:6f:a1:70:7b:5e:44:d7:51:01:
                    f3:f0:c0:e2:77:7b:b2:45:92:bf:99:9b:3b:dd:16:
                    8c:05:4f:3e:b3:54:ea:c5:c9:e7:17:34:6c:87:52:
                    c4:1a:f7:5c:c8:e4:4a:f6:90:e5:d0:00:da:b9:95:
                    15:18:7d:7d:c4:f9:ba:3f:c5:36:06:a2:fc:24:93:
                    df:52:db:3b:63:ea:fb:25:0a:95:eb:c9:82:e4:89:
                    b1:75:b4:82:b3:66:ac:07:cd:47:c0:c9:d6:41:18:
                    00:c8:a0:59:ba:e8:07:25:f3:da:0e:7e:8e:5d:ad:
                    6b:68:28:2e:fd:e5:37:7d:05:43:75:6e:f8:d7:db:
                    b9:a7:ac:50:d0:9a:9b:10:6a:45:9e:81:8e:5b:12:
                    3c:62:44:34:1b:bf:ee:f7:b8:36:99:63:5b:28:2a:
                    19:2f:67:d2:41:93:7d:49:4b:bf:a8:74:02:17:f1:
                    9e:24:a1:07:2f:52:0e:09:2b:cf:74:d0:3d:d6:6f:
                    62:80:32:48:aa:75:82:a7:4d:98:8c:e6:cc:14:64:
                    d3:7d:7f:81:c6:37:8f:41:a0:c6:b7:4a:bb:7b:99:
                    0b:19:69:a7:36:84:97:1a:aa:ba:92:f9:f9:a8:24:
                    3c:42:2f:a0:5f:7b:dd:1d:a8:b2:1b:0d:33:49:fb:
                    b3:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F9:A4:34:1A:7C:55:AC:45:65:1A:35:82:8B:73:5A:62:C3:E4:7A:C8
            X509v3 Authority Key Identifier:
                keyid:F0:4A:58:04:7F:37:BB:C0:57:94:4B:BF:8C:AD:87:42:87:95:92:DA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/1-aQ0GnxVrEVlGjWCi3NaYsPkesg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  155.2.218.0/23
                  192.253.210.0/24

    Signature Algorithm: sha256WithRSAEncryption
         df:76:82:02:b6:ae:12:79:70:47:06:bc:14:4f:59:b8:a7:ef:
         99:f9:10:b5:41:5c:7f:b1:96:d0:9f:58:69:95:df:1c:74:e4:
         8e:f8:93:35:d8:92:95:31:d2:aa:48:c8:c5:08:72:d6:a5:fa:
         4e:47:20:09:33:31:4b:49:3f:10:31:d2:88:ab:16:fe:26:ca:
         86:e3:fa:0d:15:45:5c:19:20:5d:35:8d:3d:4b:47:8b:41:f0:
         ce:09:23:d3:5f:3e:1e:7d:bb:e2:37:a9:e6:45:b6:dc:b5:bf:
         e5:37:89:e0:02:89:57:a6:17:4b:af:13:b4:d4:7e:43:5d:80:
         eb:20:5c:06:37:b7:e9:51:fc:2a:08:14:ba:d4:20:6b:e6:d9:
         7c:1c:da:b0:77:aa:0d:14:12:b7:03:85:3d:8c:b9:b4:9d:4a:
         61:7e:99:f9:75:2b:01:f1:8a:1d:96:83:21:5a:e4:08:b7:80:
         bd:92:39:16:11:22:ec:6c:de:ab:b4:07:54:7a:ee:72:05:8e:
         74:17:e8:6b:1b:40:13:d2:11:af:63:81:5c:d6:79:8b:dc:6a:
         c8:12:55:72:17:4b:db:43:11:c6:77:2a:68:e1:b7:d6:cc:d2:
         de:c7:8d:36:96:c2:60:9c:2f:ca:ca:c0:3a:ee:d2:4e:91:d0:
         14:b2:c7:f9
-----BEGIN CERTIFICATE-----
MIIFBDCCA+ygAwIBAgISAZWOcfy6E8JWmzS/7WDMa1qvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYwNGE1ODA0N2YzN2JiYzA1Nzk0NGJiZjhjYWQ4NzQyODc5
NTkyZGEwHhcNMjUwMzEzMDczOTQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmOWE0MzQxYTdjNTVhYzQ1NjUxYTM1ODI4YjczNWE2MmMzZTQ3YWM4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjdXLvUtvoXB7XkTXUQHz8MDid3uy
RZK/mZs73RaMBU8+s1TqxcnnFzRsh1LEGvdcyORK9pDl0ADauZUVGH19xPm6P8U2
BqL8JJPfUts7Y+r7JQqV68mC5ImxdbSCs2asB81HwMnWQRgAyKBZuugHJfPaDn6O
Xa1raCgu/eU3fQVDdW7419u5p6xQ0JqbEGpFnoGOWxI8YkQ0G7/u97g2mWNbKCoZ
L2fSQZN9SUu/qHQCF/GeJKEHL1IOCSvPdNA91m9igDJIqnWCp02YjObMFGTTfX+B
xjePQaDGt0q7e5kLGWmnNoSXGqq6kvn5qCQ8Qi+gX3vdHaiyGw0zSfuztQIDAQAB
o4ICEDCCAgwwHQYDVR0OBBYEFPmkNBp8VaxFZRo1gotzWmLD5HrIMB8GA1UdIwQY
MBaAFPBKWAR/N7vAV5RLv4yth0KHlZLaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOEVwWUJIODN1OEJYbEV1X2pLMkhRb2VWa3RvLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni8yYmE5N2UtNTk4Yi00OGRkLThkNTYt
ZjVmYjcxYjlhNTFmLzEvMS1hUTBHbnhWckVWbEdqV0NpM05hWXNQa2VzZy5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNjYvMmJhOTdlLTU5OGItNDhkZC04ZDU2LWY1ZmI3MWI5YTUx
Zi8xLzhFcFlCSDgzdThCWGxFdV9qSzJIUW9lVmt0by5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAlBggrBgEFBQcBBwEB/wQWMBQwEgQCAAEwDAMEAZsC2gME
AMD90jANBgkqhkiG9w0BAQsFAAOCAQEA33aCArauEnlwRwa8FE9ZuKfvmfkQtUFc
f7GW0J9YaZXfHHTkjviTNdiSlTHSqkjIxQhy1qX6TkcgCTMxS0k/EDHSiKsW/ibK
huP6DRVFXBkgXTWNPUtHi0Hwzgkj018+Hn274jep5kW23LW/5TeJ4AKJV6YXS68T
tNR+Q12A6yBcBje36VH8KggUutQga+bZfBzasHeqDRQStwOFPYy5tJ1KYX6Z+XUr
AfGKHZaDIVrkCLeAvZI5FhEi7Gzeq7QHVHrucgWOdBfoaxtAE9IRr2OBXNZ5i9xq
yBJVchdL20MRxncqaOG31szS3seNNpbCYJwvysrAOu7STpHQFLLH+Q==
-----END CERTIFICATE-----