Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/81/9cfea1-d82a-4755-810e-f1853d10e610/1/wGmLy9fCHGSdb1IR1hi3jtBm_nU.roa
File:                     wGmLy9fCHGSdb1IR1hi3jtBm_nU.roa (raw, json)
Hash identifier:          EtrSnLCCgz0LzD/1buNZsptNBEqMbZQGIw+M8iextIM=
Subject key identifier:   C0:69:8B:CB:D7:C2:1C:64:9D:6F:52:11:D6:18:B7:8E:D0:66:FE:75
Certificate issuer:       /CN=df2c15cf72fcdb8596b7c6489b15a6b720c14eb5
Certificate serial:       01941FFA7BD6F8566B4BBDAACF47A6D1BEFD
Authority key identifier: DF:2C:15:CF:72:FC:DB:85:96:B7:C6:48:9B:15:A6:B7:20:C1:4E:B5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3ywVz3L824WWt8ZImxWmtyDBTrU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/81/9cfea1-d82a-4755-810e-f1853d10e610/1/wGmLy9fCHGSdb1IR1hi3jtBm_nU.roa
Signing time:             Wed 01 Jan 2025 03:48:16 +0000
ROA not before:           Wed 01 Jan 2025 03:48:16 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     44294
IP address blocks:        185.239.25.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/81/9cfea1-d82a-4755-810e-f1853d10e610/1/3ywVz3L824WWt8ZImxWmtyDBTrU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/81/9cfea1-d82a-4755-810e-f1853d10e610/1/3ywVz3L824WWt8ZImxWmtyDBTrU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3ywVz3L824WWt8ZImxWmtyDBTrU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 22 Apr 2025 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:fa:7b:d6:f8:56:6b:4b:bd:aa:cf:47:a6:d1:be:fd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df2c15cf72fcdb8596b7c6489b15a6b720c14eb5
        Validity
            Not Before: Jan  1 03:48:16 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c0698bcbd7c21c649d6f5211d618b78ed066fe75
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:ff:40:16:fb:ce:9a:a4:d6:a1:16:a2:3a:00:
                    e3:a2:20:34:01:63:df:c6:f0:b6:23:c1:df:85:90:
                    5f:ad:31:17:37:4f:5c:68:c0:17:5c:d7:fc:c5:52:
                    d5:ad:fb:ad:ad:a5:40:97:c9:34:5a:ed:d6:b4:7f:
                    80:ae:b4:5d:d9:6b:12:0b:49:0a:75:bf:97:1a:77:
                    07:ec:9c:5e:17:c9:6a:2f:ee:69:77:25:6b:58:15:
                    37:b0:37:7f:8d:c0:c2:6c:25:0a:57:98:1e:0d:f8:
                    59:a5:6f:32:5c:1d:3d:de:29:a1:af:13:67:07:39:
                    b1:70:f3:02:f9:40:5c:16:42:2d:d3:5f:ed:4e:f0:
                    92:40:87:19:bb:0d:28:f4:9d:1f:c2:eb:57:15:c2:
                    bb:1f:1d:0e:2c:3f:df:7e:a4:7d:6f:0b:92:e9:a6:
                    4f:49:32:c7:5b:c8:44:b0:ec:56:e2:73:32:44:bc:
                    f0:f2:10:14:84:13:c2:cd:03:12:59:4c:b4:34:d4:
                    1e:a4:fd:51:4e:16:11:cc:25:f9:ae:77:d4:95:43:
                    66:08:52:a4:69:2c:53:43:08:f9:ff:32:ef:cc:58:
                    6c:9d:91:fa:c6:7b:95:14:e8:2b:de:2a:34:d7:39:
                    07:3e:4d:96:8b:ba:59:67:f7:1e:a1:d9:fa:2a:75:
                    18:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C0:69:8B:CB:D7:C2:1C:64:9D:6F:52:11:D6:18:B7:8E:D0:66:FE:75
            X509v3 Authority Key Identifier:
                keyid:DF:2C:15:CF:72:FC:DB:85:96:B7:C6:48:9B:15:A6:B7:20:C1:4E:B5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3ywVz3L824WWt8ZImxWmtyDBTrU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/81/9cfea1-d82a-4755-810e-f1853d10e610/1/wGmLy9fCHGSdb1IR1hi3jtBm_nU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/81/9cfea1-d82a-4755-810e-f1853d10e610/1/3ywVz3L824WWt8ZImxWmtyDBTrU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.239.25.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5e:e4:c0:07:6a:78:71:1c:81:1f:1b:3f:02:d4:eb:4c:59:f7:
         6e:3d:78:4a:c9:22:3a:52:60:b3:5e:60:90:34:9d:9e:0b:e3:
         90:b8:bd:f1:27:79:7f:9e:63:79:b7:c8:11:16:21:fc:de:f6:
         15:e9:6c:76:73:37:d5:73:b8:76:4c:e6:0f:72:45:61:90:43:
         75:63:e6:5e:32:13:2f:c7:9c:1f:ae:06:da:ab:29:53:34:d0:
         5b:ba:b5:bf:2c:f1:d7:3b:da:77:d2:ad:3c:c3:a3:e6:08:8c:
         20:ef:bb:c3:7c:69:77:cf:73:a2:61:96:e2:8a:fc:a0:fe:6d:
         5f:84:a7:f1:5f:b2:d1:95:b2:80:cc:0d:98:25:7e:97:dd:0d:
         34:11:95:83:db:19:c9:4a:df:a8:77:54:d0:88:63:7e:77:0f:
         0f:e4:77:f6:2e:d8:9b:7b:a3:d2:7b:17:43:5b:7e:79:fc:9c:
         49:3f:a9:92:f2:e8:39:0d:63:46:2c:4f:2a:d5:29:61:d9:df:
         0a:eb:f8:2f:49:8d:ca:10:cc:cd:3a:c8:22:6f:ba:30:50:27:
         ed:e4:d3:15:76:63:66:18:34:6e:be:03:5c:53:fd:34:e0:ec:
         6d:7d:6b:a6:d6:70:7a:0c:f5:1d:87:42:28:75:ca:5b:a6:80:
         1c:f9:61:70
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQf+nvW+FZrS72qz0em0b79MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRmMmMxNWNmNzJmY2RiODU5NmI3YzY0ODliMTVhNmI3MjBj
MTRlYjUwHhcNMjUwMTAxMDM0ODE2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMDY5OGJjYmQ3YzIxYzY0OWQ2ZjUyMTFkNjE4Yjc4ZWQwNjZmZTc1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAif9AFvvOmqTWoRaiOgDjoiA0AWPf
xvC2I8HfhZBfrTEXN09caMAXXNf8xVLVrfutraVAl8k0Wu3WtH+ArrRd2WsSC0kK
db+XGncH7JxeF8lqL+5pdyVrWBU3sDd/jcDCbCUKV5geDfhZpW8yXB093imhrxNn
BzmxcPMC+UBcFkIt01/tTvCSQIcZuw0o9J0fwutXFcK7Hx0OLD/ffqR9bwuS6aZP
STLHW8hEsOxW4nMyRLzw8hAUhBPCzQMSWUy0NNQepP1RThYRzCX5rnfUlUNmCFKk
aSxTQwj5/zLvzFhsnZH6xnuVFOgr3io01zkHPk2Wi7pZZ/ceodn6KnUYRQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMBpi8vXwhxknW9SEdYYt47QZv51MB8GA1UdIwQY
MBaAFN8sFc9y/NuFlrfGSJsVprcgwU61MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM3l3VnozTDgyNFdXdDhaSW14V210eURCVHJVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MS85Y2ZlYTEtZDgyYS00NzU1LTgxMGUt
ZjE4NTNkMTBlNjEwLzEvd0dtTHk5ZkNIR1NkYjFJUjFoaTNqdEJtX25VLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MS85Y2ZlYTEtZDgyYS00NzU1LTgxMGUtZjE4NTNkMTBlNjEw
LzEvM3l3VnozTDgyNFdXdDhaSW14V210eURCVHJVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAue8ZMA0G
CSqGSIb3DQEBCwUAA4IBAQBe5MAHanhxHIEfGz8C1OtMWfduPXhKySI6UmCzXmCQ
NJ2eC+OQuL3xJ3l/nmN5t8gRFiH83vYV6Wx2czfVc7h2TOYPckVhkEN1Y+ZeMhMv
x5wfrgbaqylTNNBburW/LPHXO9p30q08w6PmCIwg77vDfGl3z3OiYZbiivyg/m1f
hKfxX7LRlbKAzA2YJX6X3Q00EZWD2xnJSt+od1TQiGN+dw8P5Hf2Ltibe6PSexdD
W355/JxJP6mS8ug5DWNGLE8q1Slh2d8K6/gvSY3KEMzNOsgib7owUCft5NMVdmNm
GDRuvgNcU/004OxtfWum1nB6DPUdh0IodcpbpoAc+WFw
-----END CERTIFICATE-----