Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9e/9e16c1-310f-410c-b341-41d82329f26d/1/irZgQBJdGnmucTekqqp2deRaSYE.roa
File:                     irZgQBJdGnmucTekqqp2deRaSYE.roa (raw, json)
Hash identifier:          exMITnVVS0zVwAaCFgSt1eOayd7B5fiXvzvzStQ9hxA=
Subject key identifier:   8A:B6:60:40:12:5D:1A:79:AE:71:37:A4:AA:AA:76:75:E4:5A:49:81
Certificate issuer:       /CN=c24d5bd3ceeaab0786ce151a3178dadc107bf280
Certificate serial:       019566C2D787910E2DEA00A0BF14248E3863
Authority key identifier: C2:4D:5B:D3:CE:EA:AB:07:86:CE:15:1A:31:78:DA:DC:10:7B:F2:80
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wk1b087qqweGzhUaMXja3BB78oA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9e/9e16c1-310f-410c-b341-41d82329f26d/1/irZgQBJdGnmucTekqqp2deRaSYE.roa
Signing time:             Wed 05 Mar 2025 14:43:20 +0000
ROA not before:           Wed 05 Mar 2025 14:43:20 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     34748
IP address blocks:        185.10.43.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9e/9e16c1-310f-410c-b341-41d82329f26d/1/wk1b087qqweGzhUaMXja3BB78oA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9e/9e16c1-310f-410c-b341-41d82329f26d/1/wk1b087qqweGzhUaMXja3BB78oA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wk1b087qqweGzhUaMXja3BB78oA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 22 Apr 2025 10:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:66:c2:d7:87:91:0e:2d:ea:00:a0:bf:14:24:8e:38:63
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c24d5bd3ceeaab0786ce151a3178dadc107bf280
        Validity
            Not Before: Mar  5 14:43:20 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8ab66040125d1a79ae7137a4aaaa7675e45a4981
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:29:a8:5a:c5:cf:3c:00:10:0b:cb:35:f7:15:
                    91:39:77:64:b4:da:bf:77:6d:ab:7b:bd:36:bb:f7:
                    da:f6:d1:dc:1c:2d:87:a4:28:64:1e:7c:c0:6a:12:
                    80:6f:1a:79:a2:8b:d8:52:a4:5d:b4:00:bb:38:be:
                    84:15:8f:11:67:bb:d2:b3:1b:a4:62:46:57:59:fe:
                    a4:ba:32:9e:02:36:9d:b8:35:bc:67:50:c0:70:e1:
                    cf:41:4c:bb:62:6f:d5:1e:af:fe:d2:84:d5:4f:6f:
                    1b:e6:a9:e9:a9:f7:a2:e3:7a:18:8a:5a:dc:98:6a:
                    9c:e9:08:eb:10:85:a0:e9:d9:1c:6a:cf:5e:ee:e9:
                    09:22:34:ff:f4:ff:ee:51:64:64:44:3b:31:c8:3c:
                    7f:c8:d2:de:20:b7:5c:2c:a8:7b:4d:e6:b2:a2:31:
                    4b:4b:53:b8:99:3c:fb:c8:ac:cd:4f:39:fd:e1:78:
                    bb:4c:ae:7c:56:32:65:40:a0:6b:1a:1a:4c:d6:cc:
                    ac:91:00:28:aa:4f:ec:5e:4f:de:b7:9f:7b:31:94:
                    b2:2b:01:63:fb:21:e3:a6:3a:15:9e:e7:b3:11:bb:
                    f3:c6:78:e2:ec:18:43:fe:aa:dc:1c:c8:a5:18:0c:
                    f6:f4:82:a5:42:eb:ce:af:30:14:8c:1c:2b:92:3b:
                    0a:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8A:B6:60:40:12:5D:1A:79:AE:71:37:A4:AA:AA:76:75:E4:5A:49:81
            X509v3 Authority Key Identifier:
                keyid:C2:4D:5B:D3:CE:EA:AB:07:86:CE:15:1A:31:78:DA:DC:10:7B:F2:80

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wk1b087qqweGzhUaMXja3BB78oA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9e/9e16c1-310f-410c-b341-41d82329f26d/1/irZgQBJdGnmucTekqqp2deRaSYE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9e/9e16c1-310f-410c-b341-41d82329f26d/1/wk1b087qqweGzhUaMXja3BB78oA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.10.43.0/24

    Signature Algorithm: sha256WithRSAEncryption
         19:bc:ea:f8:5f:9d:a7:a6:b0:56:72:7e:cc:84:63:1e:ea:2f:
         96:87:2e:0e:37:c5:6c:6c:05:c1:45:4e:2f:cc:d3:b7:71:9f:
         e6:cd:56:84:0a:ca:a6:3c:ee:b3:2f:da:c9:8f:6d:3f:f6:50:
         b6:08:27:5f:8d:c3:1c:7a:21:47:c4:ea:09:f9:8e:06:ec:cc:
         a8:bc:0e:d0:b2:f4:1c:d1:2f:4c:2a:e6:b1:4c:1f:2d:20:cf:
         eb:22:24:d3:b7:6f:dc:3a:38:ee:34:55:32:7c:7e:fe:3e:f9:
         1b:e5:f7:54:b9:7a:25:cb:b8:7b:52:1b:f9:ab:b3:11:ab:ae:
         33:d8:8b:d8:cf:b7:f0:67:f1:c0:2f:57:68:a1:6d:7f:8a:48:
         16:6c:45:fe:92:a7:bd:a8:cc:39:c4:31:38:59:c7:8e:fc:5c:
         e9:28:d5:32:7d:4a:2e:c1:a1:78:e8:df:d0:70:b5:a4:94:67:
         3a:7a:08:d7:1c:26:16:ec:9a:e4:af:65:bf:b7:b4:9f:1c:0a:
         7a:6b:ee:c9:b6:48:ac:2f:0e:d7:30:4c:7e:57:f7:cb:15:35:
         ad:43:e6:81:0f:9c:57:b8:bf:c3:c0:a2:b4:45:92:89:e4:b7:
         7c:22:01:ee:61:c5:51:8b:6b:7c:63:60:2c:f3:d4:47:99:83:
         5a:d8:44:33
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZVmwteHkQ4t6gCgvxQkjjhjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMyNGQ1YmQzY2VlYWFiMDc4NmNlMTUxYTMxNzhkYWRjMTA3
YmYyODAwHhcNMjUwMzA1MTQ0MzIwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YWI2NjA0MDEyNWQxYTc5YWU3MTM3YTRhYWFhNzY3NWU0NWE0OTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuSmoWsXPPAAQC8s19xWROXdktNq/
d22re702u/fa9tHcHC2HpChkHnzAahKAbxp5oovYUqRdtAC7OL6EFY8RZ7vSsxuk
YkZXWf6kujKeAjaduDW8Z1DAcOHPQUy7Ym/VHq/+0oTVT28b5qnpqfei43oYilrc
mGqc6QjrEIWg6dkcas9e7ukJIjT/9P/uUWRkRDsxyDx/yNLeILdcLKh7TeayojFL
S1O4mTz7yKzNTzn94Xi7TK58VjJlQKBrGhpM1syskQAoqk/sXk/et597MZSyKwFj
+yHjpjoVnuezEbvzxnji7BhD/qrcHMilGAz29IKlQuvOrzAUjBwrkjsKnQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIq2YEASXRp5rnE3pKqqdnXkWkmBMB8GA1UdIwQY
MBaAFMJNW9PO6qsHhs4VGjF42twQe/KAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd2sxYjA4N3Fxd2VHemhVYU1YamEzQkI3OG9BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85ZS85ZTE2YzEtMzEwZi00MTBjLWIzNDEt
NDFkODIzMjlmMjZkLzEvaXJaZ1FCSmRHbm11Y1Rla3FxcDJkZVJhU1lFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85ZS85ZTE2YzEtMzEwZi00MTBjLWIzNDEtNDFkODIzMjlmMjZk
LzEvd2sxYjA4N3Fxd2VHemhVYU1YamEzQkI3OG9BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuQorMA0G
CSqGSIb3DQEBCwUAA4IBAQAZvOr4X52nprBWcn7MhGMe6i+Why4ON8VsbAXBRU4v
zNO3cZ/mzVaECsqmPO6zL9rJj20/9lC2CCdfjcMceiFHxOoJ+Y4G7MyovA7QsvQc
0S9MKuaxTB8tIM/rIiTTt2/cOjjuNFUyfH7+Pvkb5fdUuXoly7h7Uhv5q7MRq64z
2IvYz7fwZ/HAL1dooW1/ikgWbEX+kqe9qMw5xDE4WceO/FzpKNUyfUouwaF46N/Q
cLWklGc6egjXHCYW7Jrkr2W/t7SfHAp6a+7JtkisLw7XMEx+V/fLFTWtQ+aBD5xX
uL/DwKK0RZKJ5Ld8IgHuYcVRi2t8Y2As89RHmYNa2EQz
-----END CERTIFICATE-----