Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6a/5a320b-e94f-41c9-82f3-dbf9d41f1798/1/XQHVRGTqM3fRB_j_ijhUwjJs9Ug.roa
File:                     XQHVRGTqM3fRB_j_ijhUwjJs9Ug.roa (raw, json)
Hash identifier:          fKPNzBl0e4tcVAHFnpIZK59mBTOB3H7FeF+MB2XfaW0=
Subject key identifier:   5D:01:D5:44:64:EA:33:77:D1:07:F8:FF:8A:38:54:C2:32:6C:F5:48
Certificate issuer:       /CN=d3e97033a36aa9bcc0c2f167e620d7ca1493cbea
Certificate serial:       019425217D042AFF3726CB8867F3E8FDC876
Authority key identifier: D3:E9:70:33:A3:6A:A9:BC:C0:C2:F1:67:E6:20:D7:CA:14:93:CB:EA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0-lwM6NqqbzAwvFn5iDXyhSTy-o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6a/5a320b-e94f-41c9-82f3-dbf9d41f1798/1/XQHVRGTqM3fRB_j_ijhUwjJs9Ug.roa
Signing time:             Thu 02 Jan 2025 03:48:59 +0000
ROA not before:           Thu 02 Jan 2025 03:48:59 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     59692
IP address blocks:        185.9.185.0/24 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6a/5a320b-e94f-41c9-82f3-dbf9d41f1798/1/0-lwM6NqqbzAwvFn5iDXyhSTy-o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6a/5a320b-e94f-41c9-82f3-dbf9d41f1798/1/0-lwM6NqqbzAwvFn5iDXyhSTy-o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0-lwM6NqqbzAwvFn5iDXyhSTy-o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 07:01:07 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:21:7d:04:2a:ff:37:26:cb:88:67:f3:e8:fd:c8:76
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d3e97033a36aa9bcc0c2f167e620d7ca1493cbea
        Validity
            Not Before: Jan  2 03:48:59 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5d01d54464ea3377d107f8ff8a3854c2326cf548
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:76:3f:90:1e:14:a8:14:10:d8:e0:e3:a7:eb:
                    a2:e3:f6:ef:0c:c9:7e:7d:3d:c8:ab:cb:e3:41:2b:
                    fa:d2:20:5d:25:34:31:f1:67:04:6f:dc:b9:80:e8:
                    90:2a:3e:e2:a6:0a:da:3a:a2:73:af:ba:6a:7b:71:
                    0b:18:12:db:82:41:6f:ef:a6:b8:44:5c:39:c1:c1:
                    78:fd:8d:99:b3:57:c4:e8:4b:4e:f7:0c:01:d2:91:
                    15:07:db:83:f9:d2:7b:d2:39:ed:bd:c5:b9:d4:c6:
                    54:10:3a:a4:73:ee:62:77:ab:fa:6d:b2:9e:ec:95:
                    65:ad:7b:ec:62:39:52:08:a1:b6:21:d5:5d:96:5a:
                    16:79:eb:01:e8:79:b0:80:e0:91:ab:71:44:d4:6e:
                    f8:79:a8:57:46:ce:3e:90:ef:85:8f:2f:1a:f1:20:
                    62:aa:ed:59:1b:11:7a:ed:19:8e:d2:89:4b:44:2c:
                    88:8c:29:a3:2e:39:3a:74:07:48:89:6d:e3:5b:ca:
                    59:54:6c:ed:5c:e0:8c:5d:a1:6a:0d:e3:1e:8b:6a:
                    38:6a:7e:bd:94:20:96:6d:a7:6d:68:08:d4:bd:02:
                    b3:27:1a:ce:ff:f6:e7:d9:76:9a:6f:6d:d1:11:92:
                    cb:eb:af:42:09:cd:55:9b:ed:0d:57:c0:d2:bc:69:
                    e2:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5D:01:D5:44:64:EA:33:77:D1:07:F8:FF:8A:38:54:C2:32:6C:F5:48
            X509v3 Authority Key Identifier:
                keyid:D3:E9:70:33:A3:6A:A9:BC:C0:C2:F1:67:E6:20:D7:CA:14:93:CB:EA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0-lwM6NqqbzAwvFn5iDXyhSTy-o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/5a320b-e94f-41c9-82f3-dbf9d41f1798/1/XQHVRGTqM3fRB_j_ijhUwjJs9Ug.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/5a320b-e94f-41c9-82f3-dbf9d41f1798/1/0-lwM6NqqbzAwvFn5iDXyhSTy-o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.9.185.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0d:0c:81:5b:18:11:ef:46:03:53:7d:3e:45:b3:0a:20:bb:ff:
         59:75:e0:11:ed:c2:dd:20:de:c4:0e:e2:9a:31:5d:c2:5b:85:
         dd:14:a6:51:31:f3:03:98:5a:ea:12:da:1a:a4:09:1c:69:83:
         ab:f1:95:6a:48:d9:ba:57:10:85:8b:61:81:a4:99:3d:32:00:
         1d:30:89:a5:1d:e2:40:dd:76:13:ad:7a:df:ca:14:e2:38:32:
         b0:0e:0c:e4:6b:cd:fa:02:8f:37:cd:4f:56:50:e7:96:55:47:
         62:56:6a:b7:0e:94:cc:9a:df:8b:9a:92:5e:5d:c2:27:4b:c2:
         d9:00:76:7e:d2:dc:5b:07:dc:15:f6:fd:14:40:39:4f:00:f4:
         f8:4c:74:6c:46:87:56:20:97:3f:f6:a7:bd:d2:e1:99:e1:3c:
         51:aa:d8:3a:29:e7:7f:8a:33:d4:c6:f8:f5:0a:74:ed:00:e6:
         f5:4d:b6:fd:a2:3f:2b:6b:dd:b7:4a:eb:43:be:90:5e:d5:0a:
         36:af:7f:dc:96:05:ef:fa:39:f9:a3:1b:20:49:d2:f5:0d:fa:
         84:3f:66:76:cc:13:30:a3:36:76:01:6e:41:05:d7:58:18:93:
         0f:45:73:3d:07:f0:c9:68:ec:06:68:53:96:d3:8e:19:48:ef:
         fb:f4:66:80
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQlIX0EKv83JsuIZ/Po/ch2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQzZTk3MDMzYTM2YWE5YmNjMGMyZjE2N2U2MjBkN2NhMTQ5
M2NiZWEwHhcNMjUwMTAyMDM0ODU5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZDAxZDU0NDY0ZWEzMzc3ZDEwN2Y4ZmY4YTM4NTRjMjMyNmNmNTQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtHY/kB4UqBQQ2ODjp+ui4/bvDMl+
fT3Iq8vjQSv60iBdJTQx8WcEb9y5gOiQKj7ipgraOqJzr7pqe3ELGBLbgkFv76a4
RFw5wcF4/Y2Zs1fE6EtO9wwB0pEVB9uD+dJ70jntvcW51MZUEDqkc+5id6v6bbKe
7JVlrXvsYjlSCKG2IdVdlloWeesB6HmwgOCRq3FE1G74eahXRs4+kO+Fjy8a8SBi
qu1ZGxF67RmO0olLRCyIjCmjLjk6dAdIiW3jW8pZVGztXOCMXaFqDeMei2o4an69
lCCWbadtaAjUvQKzJxrO//bn2Xaab23REZLL669CCc1Vm+0NV8DSvGniGwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFF0B1URk6jN30Qf4/4o4VMIybPVIMB8GA1UdIwQY
MBaAFNPpcDOjaqm8wMLxZ+Yg18oUk8vqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMC1sd002TnFxYnpBd3ZGbjVpRFh5aFNUeS1vLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82YS81YTMyMGItZTk0Zi00MWM5LTgyZjMt
ZGJmOWQ0MWYxNzk4LzEvWFFIVlJHVHFNM2ZSQl9qX2lqaFV3akpzOVVnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82YS81YTMyMGItZTk0Zi00MWM5LTgyZjMtZGJmOWQ0MWYxNzk4
LzEvMC1sd002TnFxYnpBd3ZGbjVpRFh5aFNUeS1vLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuQm5MA0G
CSqGSIb3DQEBCwUAA4IBAQANDIFbGBHvRgNTfT5Fswogu/9ZdeAR7cLdIN7EDuKa
MV3CW4XdFKZRMfMDmFrqEtoapAkcaYOr8ZVqSNm6VxCFi2GBpJk9MgAdMImlHeJA
3XYTrXrfyhTiODKwDgzka836Ao83zU9WUOeWVUdiVmq3DpTMmt+LmpJeXcInS8LZ
AHZ+0txbB9wV9v0UQDlPAPT4THRsRodWIJc/9qe90uGZ4TxRqtg6Ked/ijPUxvj1
CnTtAOb1Tbb9oj8ra923SutDvpBe1Qo2r3/clgXv+jn5oxsgSdL1DfqEP2Z2zBMw
ozZ2AW5BBddYGJMPRXM9B/DJaOwGaFOW044ZSO/79GaA
-----END CERTIFICATE-----