Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b2/fb5910-fe14-4453-8c9c-83bf70b1fd6b/1/BjXm0XT4BTtEmIMPFFa63S__K7c.roa
File:                     BjXm0XT4BTtEmIMPFFa63S__K7c.roa (raw, json)
Hash identifier:          ETSjvpbNZrkoFW+0i09JYHs/YF4PfB7NXGdhRYyZxZs=
Subject key identifier:   06:35:E6:D1:74:F8:05:3B:44:98:83:0F:14:56:BA:DD:2F:FF:2B:B7
Certificate issuer:       /CN=a3608d6b0e80a6430fb6af43fae168a0e8011fee
Certificate serial:       01942747A9DA921B234BFA923946A622ABDC
Authority key identifier: A3:60:8D:6B:0E:80:A6:43:0F:B6:AF:43:FA:E1:68:A0:E8:01:1F:EE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/o2CNaw6ApkMPtq9D-uFooOgBH-4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b2/fb5910-fe14-4453-8c9c-83bf70b1fd6b/1/BjXm0XT4BTtEmIMPFFa63S__K7c.roa
Signing time:             Thu 02 Jan 2025 13:49:55 +0000
ROA not before:           Thu 02 Jan 2025 13:49:55 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     14618
IP address blocks:        185.125.141.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b2/fb5910-fe14-4453-8c9c-83bf70b1fd6b/1/o2CNaw6ApkMPtq9D-uFooOgBH-4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b2/fb5910-fe14-4453-8c9c-83bf70b1fd6b/1/o2CNaw6ApkMPtq9D-uFooOgBH-4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/o2CNaw6ApkMPtq9D-uFooOgBH-4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 19:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:47:a9:da:92:1b:23:4b:fa:92:39:46:a6:22:ab:dc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a3608d6b0e80a6430fb6af43fae168a0e8011fee
        Validity
            Not Before: Jan  2 13:49:55 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0635e6d174f8053b4498830f1456badd2fff2bb7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:8e:6e:45:07:35:1f:85:2c:eb:9c:59:5a:c9:
                    b9:22:0f:52:4b:e1:9b:a5:8e:4f:63:52:92:94:63:
                    dd:35:86:d1:14:33:f0:e1:f5:75:be:d7:e6:01:1b:
                    33:0c:3b:ae:bf:c9:e5:06:da:bc:14:47:cb:45:22:
                    00:d2:d2:97:ca:65:19:08:e1:0a:58:6e:17:fb:c0:
                    33:d7:0b:02:d2:e6:b2:ed:fe:d6:29:d0:61:e3:5d:
                    f5:b0:9a:34:92:ee:59:f5:14:d1:c6:a5:66:43:90:
                    99:c1:53:58:88:85:47:06:bd:67:fd:f1:2f:55:f3:
                    3a:6e:b9:cc:10:25:1e:c9:30:3c:a9:fa:46:0e:61:
                    c8:1d:7e:95:b0:d0:61:8a:9d:d8:dc:81:4e:e2:10:
                    7c:f1:9b:7f:b6:94:70:22:f4:f9:3c:b5:f4:66:2b:
                    b9:ca:ca:bd:fa:10:6d:ac:ec:5f:cc:44:ee:80:b9:
                    44:12:b9:0a:67:9e:84:04:b2:cd:f4:e4:e5:ef:cc:
                    65:2d:83:d3:a5:f2:67:82:09:55:e7:92:88:0d:81:
                    80:46:b9:c9:a7:35:8c:37:6f:85:0e:89:24:b9:aa:
                    e2:d0:16:73:af:1b:e4:28:fa:2b:f4:77:5b:70:f2:
                    47:cb:db:8e:80:28:4c:c2:15:4d:50:b3:cf:62:fe:
                    d1:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                06:35:E6:D1:74:F8:05:3B:44:98:83:0F:14:56:BA:DD:2F:FF:2B:B7
            X509v3 Authority Key Identifier:
                keyid:A3:60:8D:6B:0E:80:A6:43:0F:B6:AF:43:FA:E1:68:A0:E8:01:1F:EE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/o2CNaw6ApkMPtq9D-uFooOgBH-4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/fb5910-fe14-4453-8c9c-83bf70b1fd6b/1/BjXm0XT4BTtEmIMPFFa63S__K7c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/fb5910-fe14-4453-8c9c-83bf70b1fd6b/1/o2CNaw6ApkMPtq9D-uFooOgBH-4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.125.141.0/24

    Signature Algorithm: sha256WithRSAEncryption
         52:80:70:de:de:98:5c:b4:15:17:6a:27:9a:46:ce:4a:32:4b:
         19:ab:f0:52:a4:6b:e8:58:aa:f1:33:b6:12:8a:e7:52:f4:e8:
         e1:cb:59:f5:a3:9a:80:f4:34:41:1b:e9:92:75:0d:99:24:27:
         ef:2b:c4:e0:55:96:20:31:3b:d3:5a:8b:bf:1c:62:8d:04:d0:
         65:48:c5:41:ad:84:2c:bb:1d:ca:c6:e5:07:8c:29:cc:4d:84:
         10:9c:7b:73:b7:60:f9:9c:88:ef:ab:f6:4b:4a:cd:3a:8c:8d:
         ed:4d:38:d1:db:c6:f5:71:41:0c:ed:3b:91:20:0d:7f:31:a8:
         fa:2f:ef:2f:42:57:8c:18:68:fd:35:ba:c4:cc:71:f1:de:4e:
         84:51:bb:95:f4:00:6f:06:a1:bd:52:f4:71:bd:8d:f8:a5:8e:
         af:70:d0:c3:25:2a:2f:d6:ab:c2:db:5e:92:d1:59:c9:f1:32:
         dc:4b:2d:9a:dd:e7:51:60:4e:3b:92:c5:f4:4c:03:ab:3b:60:
         bd:4c:dd:66:ce:49:c9:5e:0a:8b:70:3b:01:c0:4e:9f:8e:da:
         cd:2a:89:b6:58:66:68:20:7c:d0:14:6b:33:a2:06:c4:99:e7:
         04:16:e8:bb:44:37:cb:2c:80:26:d7:9f:c0:7f:26:b8:b5:e9:
         32:57:28:5a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQnR6nakhsjS/qSOUamIqvcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEzNjA4ZDZiMGU4MGE2NDMwZmI2YWY0M2ZhZTE2OGEwZTgw
MTFmZWUwHhcNMjUwMTAyMTM0OTU1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNjM1ZTZkMTc0ZjgwNTNiNDQ5ODgzMGYxNDU2YmFkZDJmZmYyYmI3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxY5uRQc1H4Us65xZWsm5Ig9SS+Gb
pY5PY1KSlGPdNYbRFDPw4fV1vtfmARszDDuuv8nlBtq8FEfLRSIA0tKXymUZCOEK
WG4X+8Az1wsC0uay7f7WKdBh4131sJo0ku5Z9RTRxqVmQ5CZwVNYiIVHBr1n/fEv
VfM6brnMECUeyTA8qfpGDmHIHX6VsNBhip3Y3IFO4hB88Zt/tpRwIvT5PLX0Ziu5
ysq9+hBtrOxfzETugLlEErkKZ56EBLLN9OTl78xlLYPTpfJngglV55KIDYGARrnJ
pzWMN2+FDokkuari0BZzrxvkKPor9HdbcPJHy9uOgChMwhVNULPPYv7RkQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAY15tF0+AU7RJiDDxRWut0v/yu3MB8GA1UdIwQY
MBaAFKNgjWsOgKZDD7avQ/rhaKDoAR/uMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbzJDTmF3NkFwa01QdHE5RC11Rm9vT2dCSC00LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMi9mYjU5MTAtZmUxNC00NDUzLThjOWMt
ODNiZjcwYjFmZDZiLzEvQmpYbTBYVDRCVHRFbUlNUEZGYTYzU19fSzdjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMi9mYjU5MTAtZmUxNC00NDUzLThjOWMtODNiZjcwYjFmZDZi
LzEvbzJDTmF3NkFwa01QdHE5RC11Rm9vT2dCSC00LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuX2NMA0G
CSqGSIb3DQEBCwUAA4IBAQBSgHDe3phctBUXaieaRs5KMksZq/BSpGvoWKrxM7YS
iudS9Ojhy1n1o5qA9DRBG+mSdQ2ZJCfvK8TgVZYgMTvTWou/HGKNBNBlSMVBrYQs
ux3KxuUHjCnMTYQQnHtzt2D5nIjvq/ZLSs06jI3tTTjR28b1cUEM7TuRIA1/Maj6
L+8vQleMGGj9NbrEzHHx3k6EUbuV9ABvBqG9UvRxvY34pY6vcNDDJSov1qvC216S
0VnJ8TLcSy2a3edRYE47ksX0TAOrO2C9TN1mzknJXgqLcDsBwE6fjtrNKom2WGZo
IHzQFGszogbEmecEFui7RDfLLIAm15/Afya4tekyVyha
-----END CERTIFICATE-----