Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/83/7b1c55-ddd0-4281-8378-4dd04346abc3/1/IMZsLst-i3zLkfnvqryos4hVmUw.roa
File:                     IMZsLst-i3zLkfnvqryos4hVmUw.roa (raw, json)
Hash identifier:          i5YfMzxIGSy0m8WqoPL2plr7dDe0Vlfs7aCvCgRQqk8=
Subject key identifier:   20:C6:6C:2E:CB:7E:8B:7C:CB:91:F9:EF:AA:BC:A8:B3:88:55:99:4C
Certificate issuer:       /CN=3aba1172472ea80265d12982967de0a8b0bc5901
Certificate serial:       01974E9BB9588095371199960C822C9EC1E9
Authority key identifier: 3A:BA:11:72:47:2E:A8:02:65:D1:29:82:96:7D:E0:A8:B0:BC:59:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OroRckcuqAJl0SmCln3gqLC8WQE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/83/7b1c55-ddd0-4281-8378-4dd04346abc3/1/IMZsLst-i3zLkfnvqryos4hVmUw.roa
Signing time:             Sun 08 Jun 2025 08:15:17 +0000
ROA not before:           Sun 08 Jun 2025 08:15:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213724
IP address blocks:        185.243.154.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/83/7b1c55-ddd0-4281-8378-4dd04346abc3/1/OroRckcuqAJl0SmCln3gqLC8WQE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/83/7b1c55-ddd0-4281-8378-4dd04346abc3/1/OroRckcuqAJl0SmCln3gqLC8WQE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OroRckcuqAJl0SmCln3gqLC8WQE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 13 Jun 2025 11:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:4e:9b:b9:58:80:95:37:11:99:96:0c:82:2c:9e:c1:e9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3aba1172472ea80265d12982967de0a8b0bc5901
        Validity
            Not Before: Jun  8 08:15:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=20c66c2ecb7e8b7ccb91f9efaabca8b38855994c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f4:c4:e8:cf:48:9e:2d:c1:9f:f1:40:b5:d2:a2:
                    7f:49:b2:b0:16:38:4b:a1:f2:af:ed:88:ec:02:7d:
                    38:9c:d8:8a:6b:94:65:fb:d9:62:34:a6:01:17:40:
                    7b:81:a1:53:aa:ad:f7:f6:ee:f7:dd:96:ab:d6:b6:
                    d4:66:af:5d:fb:63:10:7f:27:28:b1:4f:4c:a9:3d:
                    09:f4:e2:f2:28:16:a4:57:31:60:54:2e:12:45:bc:
                    eb:11:9c:21:93:14:32:24:30:73:52:1d:ad:c7:61:
                    bd:ef:1d:08:35:37:29:a6:11:0f:4b:95:85:40:72:
                    2a:ce:da:07:2c:02:b6:3a:0f:76:af:d0:1f:bb:48:
                    3c:35:8f:29:c8:da:69:0f:3b:d7:39:5a:e5:df:36:
                    e5:9f:4d:e3:7a:2c:8a:02:bd:d6:40:c0:00:e3:ec:
                    f6:ce:28:13:ff:67:8a:9d:19:fb:a5:a2:98:b3:68:
                    c7:20:e4:00:5c:78:04:1d:da:e2:7c:43:8f:97:c5:
                    a1:5d:57:b9:27:ee:2e:f7:5b:5f:ac:3f:e3:96:7a:
                    be:64:61:26:e6:3d:4d:e8:f1:2c:56:df:36:7c:47:
                    2e:6b:3e:0f:0e:d6:df:15:c0:58:c9:58:83:7c:c0:
                    2d:5b:94:dc:e2:92:88:c0:16:a9:47:e5:da:dc:96:
                    85:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                20:C6:6C:2E:CB:7E:8B:7C:CB:91:F9:EF:AA:BC:A8:B3:88:55:99:4C
            X509v3 Authority Key Identifier:
                keyid:3A:BA:11:72:47:2E:A8:02:65:D1:29:82:96:7D:E0:A8:B0:BC:59:01

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OroRckcuqAJl0SmCln3gqLC8WQE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/83/7b1c55-ddd0-4281-8378-4dd04346abc3/1/IMZsLst-i3zLkfnvqryos4hVmUw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/83/7b1c55-ddd0-4281-8378-4dd04346abc3/1/OroRckcuqAJl0SmCln3gqLC8WQE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.243.154.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0d:c1:15:4a:89:27:4d:ba:e0:72:d3:54:6b:18:14:9c:d9:a4:
         69:25:1e:7a:20:32:8a:c7:87:0b:98:e4:b7:6c:29:ee:ef:bc:
         46:d6:60:c9:27:b1:77:4a:fb:f1:65:50:1b:ea:ae:2b:be:48:
         1f:0b:54:1f:d3:fb:e7:0a:93:81:d0:83:bc:e0:68:39:bd:3f:
         b8:dc:22:b5:fc:7f:03:99:e1:ee:a7:50:02:c4:5d:27:41:99:
         35:2a:6f:6f:e4:c3:09:45:30:27:ea:97:5a:b7:47:e7:f5:96:
         a1:3f:d8:66:aa:16:8b:12:89:91:c3:9c:8b:8f:b8:7a:35:78:
         e8:4e:36:4b:c2:f9:f1:2e:af:71:4d:c4:ee:e3:19:c2:82:bb:
         01:da:ba:ff:05:31:0c:ca:90:c0:37:bd:79:1f:14:cf:6e:33:
         36:6b:3b:70:93:b3:07:b7:56:b9:26:ff:a6:9e:4a:6e:ac:48:
         3a:46:de:1c:c6:66:38:31:ca:d2:7b:7d:8d:fc:28:e7:57:9a:
         4d:99:e1:59:c1:13:e6:28:0e:7e:47:6e:65:73:ff:8a:0f:71:
         ab:48:90:b8:bc:3a:26:db:83:24:83:5b:71:87:b2:ac:be:8c:
         2a:2e:d8:27:48:8f:11:17:ef:f3:b6:89:ea:99:f3:e2:b2:3e:
         79:b5:20:33
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZdOm7lYgJU3EZmWDIIsnsHpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNhYmExMTcyNDcyZWE4MDI2NWQxMjk4Mjk2N2RlMGE4YjBi
YzU5MDEwHhcNMjUwNjA4MDgxNTE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMGM2NmMyZWNiN2U4YjdjY2I5MWY5ZWZhYWJjYThiMzg4NTU5OTRjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA9MToz0ieLcGf8UC10qJ/SbKwFjhL
ofKv7YjsAn04nNiKa5Rl+9liNKYBF0B7gaFTqq339u733Zar1rbUZq9d+2MQfyco
sU9MqT0J9OLyKBakVzFgVC4SRbzrEZwhkxQyJDBzUh2tx2G97x0INTcpphEPS5WF
QHIqztoHLAK2Og92r9Afu0g8NY8pyNppDzvXOVrl3zbln03jeiyKAr3WQMAA4+z2
zigT/2eKnRn7paKYs2jHIOQAXHgEHdrifEOPl8WhXVe5J+4u91tfrD/jlnq+ZGEm
5j1N6PEsVt82fEcuaz4PDtbfFcBYyViDfMAtW5Tc4pKIwBapR+Xa3JaF3wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCDGbC7Lfot8y5H576q8qLOIVZlMMB8GA1UdIwQY
MBaAFDq6EXJHLqgCZdEpgpZ94KiwvFkBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT3JvUmNrY3VxQUpsMFNtQ2xuM2dxTEM4V1FFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84My83YjFjNTUtZGRkMC00MjgxLTgzNzgt
NGRkMDQzNDZhYmMzLzEvSU1ac0xzdC1pM3pMa2ZudnFyeW9zNGhWbVV3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84My83YjFjNTUtZGRkMC00MjgxLTgzNzgtNGRkMDQzNDZhYmMz
LzEvT3JvUmNrY3VxQUpsMFNtQ2xuM2dxTEM4V1FFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAufOaMA0G
CSqGSIb3DQEBCwUAA4IBAQANwRVKiSdNuuBy01RrGBSc2aRpJR56IDKKx4cLmOS3
bCnu77xG1mDJJ7F3SvvxZVAb6q4rvkgfC1Qf0/vnCpOB0IO84Gg5vT+43CK1/H8D
meHup1ACxF0nQZk1Km9v5MMJRTAn6pdat0fn9ZahP9hmqhaLEomRw5yLj7h6NXjo
TjZLwvnxLq9xTcTu4xnCgrsB2rr/BTEMypDAN715HxTPbjM2aztwk7MHt1a5Jv+m
nkpurEg6Rt4cxmY4McrSe32N/CjnV5pNmeFZwRPmKA5+R25lc/+KD3GrSJC4vDom
24Mkg1txh7KsvowqLtgnSI8RF+/ztonqmfPisj55tSAz
-----END CERTIFICATE-----