Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/81/20a5a5-0ba2-4052-beb4-3cc85ad3c190/1/rrUNWOAHpdHgyxxJieb0wNdGaqU.roa
File:                     rrUNWOAHpdHgyxxJieb0wNdGaqU.roa (raw, json)
Hash identifier:          njmYuUZq0RHFa7IUQo8a41jl5mw6uDWyn1XW2onkIz4=
Subject key identifier:   AE:B5:0D:58:E0:07:A5:D1:E0:CB:1C:49:89:E6:F4:C0:D7:46:6A:A5
Certificate issuer:       /CN=18101772248996b87d90840c2d27d62549458173
Certificate serial:       0194221F700FD21E14157BB07879773F84E1
Authority key identifier: 18:10:17:72:24:89:96:B8:7D:90:84:0C:2D:27:D6:25:49:45:81:73
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GBAXciSJlrh9kIQMLSfWJUlFgXM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/81/20a5a5-0ba2-4052-beb4-3cc85ad3c190/1/rrUNWOAHpdHgyxxJieb0wNdGaqU.roa
Signing time:             Wed 01 Jan 2025 13:47:53 +0000
ROA not before:           Wed 01 Jan 2025 13:47:53 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     209411
IP address blocks:        185.114.144.0/23 maxlen: 24
                          209.16.142.0/23 maxlen: 23
                          2a0e:ce40::/29 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/81/20a5a5-0ba2-4052-beb4-3cc85ad3c190/1/GBAXciSJlrh9kIQMLSfWJUlFgXM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/81/20a5a5-0ba2-4052-beb4-3cc85ad3c190/1/GBAXciSJlrh9kIQMLSfWJUlFgXM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GBAXciSJlrh9kIQMLSfWJUlFgXM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 18 Apr 2025 07:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:1f:70:0f:d2:1e:14:15:7b:b0:78:79:77:3f:84:e1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=18101772248996b87d90840c2d27d62549458173
        Validity
            Not Before: Jan  1 13:47:53 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=aeb50d58e007a5d1e0cb1c4989e6f4c0d7466aa5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:eb:98:ea:b8:4b:e0:87:cb:bf:4d:1d:ad:7e:a0:
                    33:f3:6b:e6:e2:7b:68:34:27:c5:6e:fd:42:41:ce:
                    f5:4d:38:7b:1d:a5:54:ec:de:d3:c9:8c:bb:92:61:
                    cc:79:90:ad:69:7a:f6:4b:4f:44:98:df:57:ee:c3:
                    8a:33:ce:de:a9:58:32:98:5d:51:5c:a4:5c:b8:01:
                    0c:a8:49:8c:d9:21:9f:b1:d7:a7:f8:98:24:f1:26:
                    d4:b2:d6:f0:be:d1:80:35:28:b5:c7:a5:1c:64:44:
                    ec:cc:0c:6f:6c:80:fa:d1:03:45:a1:0b:ff:9a:df:
                    cf:27:b8:6f:32:33:5d:d7:aa:8a:68:f8:ad:9f:f9:
                    41:39:26:cd:89:4d:fd:5f:0c:f3:d5:7b:cc:60:d0:
                    b7:23:51:ca:a9:df:33:ba:29:d4:e1:d7:be:5a:58:
                    f9:1d:cb:da:50:fb:d2:68:69:ea:bf:8f:2c:b1:c4:
                    fd:94:42:27:cb:2b:7e:f6:36:06:6e:b7:13:5d:9a:
                    4e:1c:34:12:a2:e4:97:66:5f:51:8c:e8:d8:d3:ef:
                    5e:e7:ef:e6:8a:9f:42:79:f0:2f:6b:56:fe:d3:26:
                    03:3d:4b:61:58:14:0d:dd:3a:a6:4d:98:95:8e:02:
                    76:f1:88:bf:44:ed:b3:35:82:fd:2f:74:e0:84:17:
                    94:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AE:B5:0D:58:E0:07:A5:D1:E0:CB:1C:49:89:E6:F4:C0:D7:46:6A:A5
            X509v3 Authority Key Identifier:
                keyid:18:10:17:72:24:89:96:B8:7D:90:84:0C:2D:27:D6:25:49:45:81:73

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GBAXciSJlrh9kIQMLSfWJUlFgXM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/81/20a5a5-0ba2-4052-beb4-3cc85ad3c190/1/rrUNWOAHpdHgyxxJieb0wNdGaqU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/81/20a5a5-0ba2-4052-beb4-3cc85ad3c190/1/GBAXciSJlrh9kIQMLSfWJUlFgXM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.114.144.0/23
                  209.16.142.0/23
                IPv6:
                  2a0e:ce40::/29

    Signature Algorithm: sha256WithRSAEncryption
         8f:36:44:8e:7a:6e:6b:29:3e:cd:9d:9f:a9:3c:6d:9f:b2:2a:
         0e:63:e5:ee:8c:e9:ca:98:b8:b2:27:82:be:93:2b:10:04:a1:
         99:a1:3a:72:c3:05:d4:f7:fe:86:b5:ce:f1:1a:58:e7:a9:cd:
         ec:ec:90:a1:5f:8f:14:49:01:1b:34:6f:5f:ca:75:57:8f:28:
         60:0c:0d:2d:b0:a7:01:8e:19:e6:b4:ee:43:05:2c:3f:38:e6:
         d0:8d:1f:af:b2:5f:40:55:bd:04:22:85:0c:22:9b:6d:b9:81:
         d9:8f:41:37:90:43:0c:e1:27:53:6d:fd:a4:0f:1b:e5:56:b1:
         ab:2d:9f:1b:00:00:14:41:a0:29:7a:a5:94:36:fb:83:70:52:
         e6:29:86:f4:77:84:4c:c1:c9:1b:ce:c7:e6:25:cd:cf:80:73:
         c4:dc:b8:96:49:b1:47:c5:e1:80:19:f5:dc:2f:7e:fd:66:a4:
         97:f5:21:1e:f9:b1:7c:12:a3:82:e6:ea:a8:53:64:57:3d:42:
         6a:f1:81:b6:7d:e3:81:65:30:56:89:38:7a:f2:25:f1:12:55:
         53:b3:50:a5:a8:5f:10:5d:5f:45:be:cd:a1:0e:72:8b:32:9f:
         8d:ce:ff:2c:c4:22:82:7d:2a:f7:4e:1b:34:41:aa:b9:d6:cf:
         9e:57:d3:8c
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZQiH3AP0h4UFXuweHl3P4ThMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE4MTAxNzcyMjQ4OTk2Yjg3ZDkwODQwYzJkMjdkNjI1NDk0
NTgxNzMwHhcNMjUwMTAxMTM0NzUzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZWI1MGQ1OGUwMDdhNWQxZTBjYjFjNDk4OWU2ZjRjMGQ3NDY2YWE1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA65jquEvgh8u/TR2tfqAz82vm4nto
NCfFbv1CQc71TTh7HaVU7N7TyYy7kmHMeZCtaXr2S09EmN9X7sOKM87eqVgymF1R
XKRcuAEMqEmM2SGfsden+Jgk8SbUstbwvtGANSi1x6UcZETszAxvbID60QNFoQv/
mt/PJ7hvMjNd16qKaPitn/lBOSbNiU39Xwzz1XvMYNC3I1HKqd8zuinU4de+Wlj5
HcvaUPvSaGnqv48sscT9lEInyyt+9jYGbrcTXZpOHDQSouSXZl9RjOjY0+9e5+/m
ip9CefAva1b+0yYDPUthWBQN3TqmTZiVjgJ28Yi/RO2zNYL9L3TghBeUlQIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFK61DVjgB6XR4MscSYnm9MDXRmqlMB8GA1UdIwQY
MBaAFBgQF3IkiZa4fZCEDC0n1iVJRYFzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR0JBWGNpU0pscmg5a0lRTUxTZldKVWxGZ1hNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MS8yMGE1YTUtMGJhMi00MDUyLWJlYjQt
M2NjODVhZDNjMTkwLzEvcnJVTldPQUhwZEhneXh4SmllYjB3TmRHYXFVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MS8yMGE1YTUtMGJhMi00MDUyLWJlYjQtM2NjODVhZDNjMTkw
LzEvR0JBWGNpU0pscmg5a0lRTUxTZldKVWxGZ1hNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQBuXKQAwQB
0RCOMA0EAgACMAcDBQMqDs5AMA0GCSqGSIb3DQEBCwUAA4IBAQCPNkSOem5rKT7N
nZ+pPG2fsioOY+XujOnKmLiyJ4K+kysQBKGZoTpywwXU9/6Gtc7xGljnqc3s7JCh
X48USQEbNG9fynVXjyhgDA0tsKcBjhnmtO5DBSw/OObQjR+vsl9AVb0EIoUMIptt
uYHZj0E3kEMM4SdTbf2kDxvlVrGrLZ8bAAAUQaApeqWUNvuDcFLmKYb0d4RMwckb
zsfmJc3PgHPE3LiWSbFHxeGAGfXcL379ZqSX9SEe+bF8EqOC5uqoU2RXPUJq8YG2
feOBZTBWiTh68iXxElVTs1ClqF8QXV9Fvs2hDnKLMp+Nzv8sxCKCfSr3Ths0Qaq5
1s+eV9OM
-----END CERTIFICATE-----