Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/f09ecf-e805-4158-b315-f2be9f6c664c/1/pWxksKtuITWqJYdbSb7vywynyGo.roa
File:                     pWxksKtuITWqJYdbSb7vywynyGo.roa (raw, json)
Hash identifier:          ifo9EMYMRWnHb4Mtrj+m3WxclLbAhEIjgU8iAgHoQsE=
Subject key identifier:   A5:6C:64:B0:AB:6E:21:35:AA:25:87:5B:49:BE:EF:CB:0C:A7:C8:6A
Certificate issuer:       /CN=8d59c4323f767ce4ffc85daad208b90c04fbd3e9
Certificate serial:       0194228D9730EE77622674C4ACD518D13C17
Authority key identifier: 8D:59:C4:32:3F:76:7C:E4:FF:C8:5D:AA:D2:08:B9:0C:04:FB:D3:E9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jVnEMj92fOT_yF2q0gi5DAT70-k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/f09ecf-e805-4158-b315-f2be9f6c664c/1/pWxksKtuITWqJYdbSb7vywynyGo.roa
Signing time:             Wed 01 Jan 2025 15:48:12 +0000
ROA not before:           Wed 01 Jan 2025 15:48:12 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     12978
IP address blocks:        85.153.160.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/f09ecf-e805-4158-b315-f2be9f6c664c/1/jVnEMj92fOT_yF2q0gi5DAT70-k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/f09ecf-e805-4158-b315-f2be9f6c664c/1/jVnEMj92fOT_yF2q0gi5DAT70-k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jVnEMj92fOT_yF2q0gi5DAT70-k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 10 Apr 2025 02:01:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:8d:97:30:ee:77:62:26:74:c4:ac:d5:18:d1:3c:17
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8d59c4323f767ce4ffc85daad208b90c04fbd3e9
        Validity
            Not Before: Jan  1 15:48:12 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a56c64b0ab6e2135aa25875b49beefcb0ca7c86a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e1:c1:6c:85:c0:33:f3:da:ef:3d:ab:3e:ca:89:
                    52:15:24:e1:0e:50:9b:5b:9b:44:ef:48:37:42:02:
                    8e:e5:f0:5b:74:5f:96:d2:e0:4f:ee:8b:b9:cb:02:
                    c7:d1:3f:ff:f7:ea:4b:b1:8f:41:69:d5:7f:fe:35:
                    3c:0e:af:1a:39:2d:6b:86:30:d6:bc:33:bd:4d:c0:
                    4f:6e:e1:09:33:5d:67:46:e7:41:43:65:1a:1a:c0:
                    d8:a1:44:e3:77:d2:25:a5:d1:c2:75:c0:e1:99:82:
                    68:09:b6:d8:5c:d3:b0:3e:34:b1:c4:33:38:ea:c8:
                    f5:dd:98:e8:02:4e:dc:61:07:e0:df:93:c2:39:e0:
                    d5:60:2f:ea:11:0f:94:73:3e:95:39:65:f6:e4:f7:
                    e1:a7:a1:42:25:a8:14:67:21:43:92:fc:2d:8a:bf:
                    9b:7c:e3:52:fa:39:e4:27:d9:bd:ea:3b:58:0d:c7:
                    5f:f5:32:e2:33:36:2f:33:40:8b:7c:61:c3:82:b8:
                    4c:84:69:63:93:fa:f9:e0:81:b1:1e:33:27:d3:b0:
                    7d:05:33:68:dd:51:e8:3f:ba:de:7f:7a:9a:f1:56:
                    92:a6:55:23:06:52:bb:48:0b:ea:30:11:cb:b5:2a:
                    a3:2a:1c:f6:d6:2e:23:f5:56:83:6e:9a:ce:91:92:
                    7b:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A5:6C:64:B0:AB:6E:21:35:AA:25:87:5B:49:BE:EF:CB:0C:A7:C8:6A
            X509v3 Authority Key Identifier:
                keyid:8D:59:C4:32:3F:76:7C:E4:FF:C8:5D:AA:D2:08:B9:0C:04:FB:D3:E9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jVnEMj92fOT_yF2q0gi5DAT70-k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/f09ecf-e805-4158-b315-f2be9f6c664c/1/pWxksKtuITWqJYdbSb7vywynyGo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/f09ecf-e805-4158-b315-f2be9f6c664c/1/jVnEMj92fOT_yF2q0gi5DAT70-k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.153.160.0/24

    Signature Algorithm: sha256WithRSAEncryption
         19:62:2c:f7:82:dd:ef:4d:a7:9f:fc:f6:31:9f:bd:2b:09:6d:
         cb:05:77:d6:7c:d2:57:4d:19:6a:bd:1e:79:56:de:5a:9f:a0:
         a2:bc:97:ce:f7:1d:ff:cb:8b:ae:8b:ff:cc:f1:1d:51:41:b6:
         dc:66:c2:63:20:b3:86:98:f0:6b:f0:61:82:9d:37:27:d8:30:
         aa:e9:df:06:97:6f:71:f4:0b:9f:62:2a:aa:ba:32:37:22:ef:
         36:1d:89:41:a6:3c:e1:79:63:b9:3e:7e:84:7e:b7:63:72:f7:
         1f:b3:ae:f9:09:d6:7b:0a:8b:62:5e:26:2a:79:4a:d1:f6:62:
         6a:eb:96:e4:14:e7:06:96:51:20:9f:f7:98:5d:3d:34:ce:0b:
         d9:a7:93:aa:8a:54:6f:c3:85:ff:20:33:3a:02:4c:01:12:6a:
         e3:29:8b:42:ca:53:f2:86:31:56:ff:6d:b7:0d:7a:61:7a:5f:
         1b:ff:ab:77:9a:70:e4:6f:28:9f:23:ed:ad:3e:62:44:eb:a2:
         6a:9d:90:ad:88:a0:22:41:e6:e6:b3:9f:00:bd:83:16:f5:67:
         e5:5e:cc:8f:3f:1b:79:e8:e2:11:5c:50:6c:bd:91:ab:af:c5:
         15:3f:df:96:81:4b:aa:36:cf:4b:9a:a0:d7:b9:bb:e6:13:81:
         88:84:d1:39
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQijZcw7ndiJnTErNUY0TwXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhkNTljNDMyM2Y3NjdjZTRmZmM4NWRhYWQyMDhiOTBjMDRm
YmQzZTkwHhcNMjUwMTAxMTU0ODEyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNTZjNjRiMGFiNmUyMTM1YWEyNTg3NWI0OWJlZWZjYjBjYTdjODZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4cFshcAz89rvPas+yolSFSThDlCb
W5tE70g3QgKO5fBbdF+W0uBP7ou5ywLH0T//9+pLsY9BadV//jU8Dq8aOS1rhjDW
vDO9TcBPbuEJM11nRudBQ2UaGsDYoUTjd9IlpdHCdcDhmYJoCbbYXNOwPjSxxDM4
6sj13ZjoAk7cYQfg35PCOeDVYC/qEQ+Ucz6VOWX25Pfhp6FCJagUZyFDkvwtir+b
fONS+jnkJ9m96jtYDcdf9TLiMzYvM0CLfGHDgrhMhGljk/r54IGxHjMn07B9BTNo
3VHoP7ref3qa8VaSplUjBlK7SAvqMBHLtSqjKhz21i4j9VaDbprOkZJ7QwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKVsZLCrbiE1qiWHW0m+78sMp8hqMB8GA1UdIwQY
MBaAFI1ZxDI/dnzk/8hdqtIIuQwE+9PpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvalZuRU1qOTJmT1RfeUYycTBnaTVEQVQ3MC1rLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni9mMDllY2YtZTgwNS00MTU4LWIzMTUt
ZjJiZTlmNmM2NjRjLzEvcFd4a3NLdHVJVFdxSllkYlNiN3Z5d3lueUdvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni9mMDllY2YtZTgwNS00MTU4LWIzMTUtZjJiZTlmNmM2NjRj
LzEvalZuRU1qOTJmT1RfeUYycTBnaTVEQVQ3MC1rLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVZmgMA0G
CSqGSIb3DQEBCwUAA4IBAQAZYiz3gt3vTaef/PYxn70rCW3LBXfWfNJXTRlqvR55
Vt5an6CivJfO9x3/y4uui//M8R1RQbbcZsJjILOGmPBr8GGCnTcn2DCq6d8Gl29x
9AufYiqqujI3Iu82HYlBpjzheWO5Pn6Efrdjcvcfs675CdZ7CotiXiYqeUrR9mJq
65bkFOcGllEgn/eYXT00zgvZp5OqilRvw4X/IDM6AkwBEmrjKYtCylPyhjFW/223
DXphel8b/6t3mnDkbyifI+2tPmJE66JqnZCtiKAiQebms58AvYMW9WflXsyPPxt5
6OIRXFBsvZGrr8UVP9+WgUuqNs9LmqDXubvmE4GIhNE5
-----END CERTIFICATE-----