Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9c/12eaad-8a45-4789-bab5-726057a1f2a4/1/xKw0dDtDXHesKiPEnWMkqMwKQqU.roa
File:                     xKw0dDtDXHesKiPEnWMkqMwKQqU.roa (raw, json)
Hash identifier:          In0MXbRHMQVNu/IqxrNBQwkaV8+yvAml6NVYh5A2I70=
Subject key identifier:   C4:AC:34:74:3B:43:5C:77:AC:2A:23:C4:9D:63:24:A8:CC:0A:42:A5
Certificate issuer:       /CN=1c06a82bb115d7393e39fd58b73bbf20f6cd0b1f
Certificate serial:       01941FFA0840D7A555591E2FD3A698F4F2E5
Authority key identifier: 1C:06:A8:2B:B1:15:D7:39:3E:39:FD:58:B7:3B:BF:20:F6:CD:0B:1F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HAaoK7EV1zk-Of1Ytzu_IPbNCx8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9c/12eaad-8a45-4789-bab5-726057a1f2a4/1/xKw0dDtDXHesKiPEnWMkqMwKQqU.roa
Signing time:             Wed 01 Jan 2025 03:47:47 +0000
ROA not before:           Wed 01 Jan 2025 03:47:47 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     20517
IP address blocks:        185.20.254.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9c/12eaad-8a45-4789-bab5-726057a1f2a4/1/HAaoK7EV1zk-Of1Ytzu_IPbNCx8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9c/12eaad-8a45-4789-bab5-726057a1f2a4/1/HAaoK7EV1zk-Of1Ytzu_IPbNCx8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HAaoK7EV1zk-Of1Ytzu_IPbNCx8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 09:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:fa:08:40:d7:a5:55:59:1e:2f:d3:a6:98:f4:f2:e5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1c06a82bb115d7393e39fd58b73bbf20f6cd0b1f
        Validity
            Not Before: Jan  1 03:47:47 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c4ac34743b435c77ac2a23c49d6324a8cc0a42a5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:3e:9e:86:b4:fb:68:fd:6b:ad:04:d0:a9:b8:
                    7e:19:08:f1:47:38:53:9b:e8:cc:21:19:88:64:ac:
                    95:f3:b1:ce:b4:43:66:2e:f0:76:23:48:26:58:fa:
                    df:1a:79:fb:5a:ec:94:d0:ee:a0:14:d2:cd:5e:a4:
                    f6:04:4e:8a:ab:d5:a2:a3:76:d8:e5:9d:25:de:a3:
                    c6:bf:b8:7c:fd:be:05:68:56:d8:d6:37:99:aa:c7:
                    d7:55:bd:6b:0a:83:69:fe:08:dd:f5:91:11:82:a0:
                    dd:68:c0:fb:90:92:32:53:fe:9e:01:a8:75:c0:d0:
                    f5:f3:51:85:52:cd:85:61:cc:87:c6:be:54:59:14:
                    0d:6c:12:6d:87:c9:47:ab:89:08:72:23:7a:b2:0c:
                    46:fa:07:bf:23:ba:e9:4e:d3:17:d3:c5:31:af:da:
                    5b:a2:4a:55:e3:5e:28:98:a8:7c:a7:db:8c:3a:e9:
                    de:2e:4d:65:76:96:d1:0d:92:20:90:91:11:78:51:
                    0e:b9:76:29:a3:fe:ec:75:05:af:57:52:fa:05:d0:
                    75:37:59:0f:4a:45:19:11:99:39:e1:1c:07:ea:c5:
                    45:59:bd:a0:45:9e:11:b7:0a:f5:dd:7c:14:2f:c4:
                    3e:ed:3f:3c:49:cc:d1:e8:ea:05:9f:bf:46:d7:fe:
                    66:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C4:AC:34:74:3B:43:5C:77:AC:2A:23:C4:9D:63:24:A8:CC:0A:42:A5
            X509v3 Authority Key Identifier:
                keyid:1C:06:A8:2B:B1:15:D7:39:3E:39:FD:58:B7:3B:BF:20:F6:CD:0B:1F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HAaoK7EV1zk-Of1Ytzu_IPbNCx8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9c/12eaad-8a45-4789-bab5-726057a1f2a4/1/xKw0dDtDXHesKiPEnWMkqMwKQqU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9c/12eaad-8a45-4789-bab5-726057a1f2a4/1/HAaoK7EV1zk-Of1Ytzu_IPbNCx8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.20.254.0/24

    Signature Algorithm: sha256WithRSAEncryption
         85:e1:b2:b9:ab:a9:6e:fb:86:52:f6:cd:08:a9:2d:8e:19:7c:
         d2:40:2f:fe:f7:f0:82:64:d3:83:f6:23:ba:b7:70:5f:0d:a3:
         f4:59:d7:e4:94:99:ea:b1:88:2a:2f:e7:30:73:46:ab:2b:b9:
         5c:82:c2:aa:90:10:f7:3d:68:7c:7c:0d:6e:6d:d0:32:be:4e:
         4b:2f:2a:a4:d6:63:a5:92:50:4c:f1:05:65:e0:86:53:11:06:
         ab:c5:36:73:27:9b:86:78:60:e3:7c:59:15:ae:db:bb:2b:eb:
         85:3e:dd:d8:f8:8f:2e:fe:62:67:47:6c:ef:86:96:41:a6:20:
         d3:85:a6:66:b1:2e:05:02:e8:86:5e:f1:45:40:e4:93:bf:4f:
         c1:f7:0d:86:6a:7f:be:c8:48:06:24:26:b1:d7:da:cb:d1:79:
         b7:34:1a:f0:c6:0a:4c:d4:a5:58:10:f4:52:e1:26:73:84:aa:
         08:c0:fd:bc:6a:1d:77:39:73:e4:3f:be:aa:54:0d:64:ab:ee:
         a0:86:8b:f2:7c:5f:49:25:f0:b6:6f:32:da:28:2b:4f:2e:ba:
         78:2e:d2:f5:62:c8:30:5a:c6:03:65:ca:0a:b7:ef:14:3c:e6:
         0c:62:d9:ed:44:95:8d:93:ea:16:d2:80:8a:76:76:4b:a2:a3:
         10:78:be:10
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQf+ghA16VVWR4v06aY9PLlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjMDZhODJiYjExNWQ3MzkzZTM5ZmQ1OGI3M2JiZjIwZjZj
ZDBiMWYwHhcNMjUwMTAxMDM0NzQ3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNGFjMzQ3NDNiNDM1Yzc3YWMyYTIzYzQ5ZDYzMjRhOGNjMGE0MmE1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoj6ehrT7aP1rrQTQqbh+GQjxRzhT
m+jMIRmIZKyV87HOtENmLvB2I0gmWPrfGnn7WuyU0O6gFNLNXqT2BE6Kq9Wio3bY
5Z0l3qPGv7h8/b4FaFbY1jeZqsfXVb1rCoNp/gjd9ZERgqDdaMD7kJIyU/6eAah1
wND181GFUs2FYcyHxr5UWRQNbBJth8lHq4kIciN6sgxG+ge/I7rpTtMX08Uxr9pb
okpV414omKh8p9uMOuneLk1ldpbRDZIgkJEReFEOuXYpo/7sdQWvV1L6BdB1N1kP
SkUZEZk54RwH6sVFWb2gRZ4Rtwr13XwUL8Q+7T88SczR6OoFn79G1/5mxQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMSsNHQ7Q1x3rCojxJ1jJKjMCkKlMB8GA1UdIwQY
MBaAFBwGqCuxFdc5Pjn9WLc7vyD2zQsfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEFhb0s3RVYxemstT2YxWXR6dV9JUGJOQ3g4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Yy8xMmVhYWQtOGE0NS00Nzg5LWJhYjUt
NzI2MDU3YTFmMmE0LzEveEt3MGREdERYSGVzS2lQRW5XTWtxTXdLUXFVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Yy8xMmVhYWQtOGE0NS00Nzg5LWJhYjUtNzI2MDU3YTFmMmE0
LzEvSEFhb0s3RVYxemstT2YxWXR6dV9JUGJOQ3g4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuRT+MA0G
CSqGSIb3DQEBCwUAA4IBAQCF4bK5q6lu+4ZS9s0IqS2OGXzSQC/+9/CCZNOD9iO6
t3BfDaP0WdfklJnqsYgqL+cwc0arK7lcgsKqkBD3PWh8fA1ubdAyvk5LLyqk1mOl
klBM8QVl4IZTEQarxTZzJ5uGeGDjfFkVrtu7K+uFPt3Y+I8u/mJnR2zvhpZBpiDT
haZmsS4FAuiGXvFFQOSTv0/B9w2Gan++yEgGJCax19rL0Xm3NBrwxgpM1KVYEPRS
4SZzhKoIwP28ah13OXPkP76qVA1kq+6ghovyfF9JJfC2bzLaKCtPLrp4LtL1Ysgw
WsYDZcoKt+8UPOYMYtntRJWNk+oW0oCKdnZLoqMQeL4Q
-----END CERTIFICATE-----