Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b6/1d5b0b-4b05-402c-8265-efcfba9907dc/1/c_JtXmASLLY7ujsvHCfih7ECTNg.roa
File:                     c_JtXmASLLY7ujsvHCfih7ECTNg.roa (raw, json)
Hash identifier:          1qfucHT+uH8sg+/aZR1jxJdxxkrgfBRkspkr/XTrja4=
Subject key identifier:   73:F2:6D:5E:60:12:2C:B6:3B:BA:3B:2F:1C:27:E2:87:B1:02:4C:D8
Certificate issuer:       /CN=39f7c7498fd9c9f28680495162b9eb76ad47c603
Certificate serial:       019420D6638FDAB221617C65E932CF69E526
Authority key identifier: 39:F7:C7:49:8F:D9:C9:F2:86:80:49:51:62:B9:EB:76:AD:47:C6:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OffHSY_ZyfKGgElRYrnrdq1HxgM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b6/1d5b0b-4b05-402c-8265-efcfba9907dc/1/c_JtXmASLLY7ujsvHCfih7ECTNg.roa
Signing time:             Wed 01 Jan 2025 07:48:28 +0000
ROA not before:           Wed 01 Jan 2025 07:48:28 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     48918
IP address blocks:        185.250.108.0/24 maxlen: 24
                          185.250.110.0/24 maxlen: 24
                          2a0c:c40::/32 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b6/1d5b0b-4b05-402c-8265-efcfba9907dc/1/OffHSY_ZyfKGgElRYrnrdq1HxgM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b6/1d5b0b-4b05-402c-8265-efcfba9907dc/1/OffHSY_ZyfKGgElRYrnrdq1HxgM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OffHSY_ZyfKGgElRYrnrdq1HxgM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 19:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:d6:63:8f:da:b2:21:61:7c:65:e9:32:cf:69:e5:26
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=39f7c7498fd9c9f28680495162b9eb76ad47c603
        Validity
            Not Before: Jan  1 07:48:28 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=73f26d5e60122cb63bba3b2f1c27e287b1024cd8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e1:14:60:55:d6:89:b8:04:96:ed:6a:45:a5:2a:
                    da:27:13:a5:d7:6f:02:20:43:5b:09:de:23:3e:fe:
                    50:84:ab:c5:42:1e:23:84:5a:0c:94:7c:2b:99:64:
                    c0:fe:85:9d:7b:8f:50:4b:07:3b:5f:6f:61:4b:6b:
                    11:93:d6:95:72:db:27:ae:71:58:6a:2d:3f:f7:b5:
                    79:9a:0c:8b:e0:22:54:f0:f5:c2:da:22:3d:09:95:
                    ec:a2:4c:a6:f0:91:72:6c:0b:29:7c:0b:89:1d:5e:
                    59:62:06:5d:75:94:0c:71:2a:58:07:ae:dd:fe:72:
                    7d:57:42:cf:51:e1:93:0b:0d:6d:b0:25:64:41:9a:
                    02:6f:7d:ad:9d:80:6c:b3:a9:d4:b3:8a:5b:b8:43:
                    18:cd:0d:c3:c7:50:64:15:b0:5d:3b:47:7d:a4:3e:
                    b5:d7:8b:af:8e:1f:97:4f:28:d0:dc:98:2c:56:8b:
                    48:4f:43:35:60:5e:52:92:71:69:b1:e6:b9:54:64:
                    7c:36:91:28:48:b3:bb:fb:be:fa:93:cd:92:53:65:
                    0c:f2:79:5d:03:b6:38:3e:2d:9a:57:5d:ff:ad:a2:
                    81:90:d8:c7:7b:77:58:3f:bb:c5:cd:72:e5:77:d5:
                    64:a0:a5:85:c7:e1:f1:6a:92:d3:8f:a3:24:16:e7:
                    11:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                73:F2:6D:5E:60:12:2C:B6:3B:BA:3B:2F:1C:27:E2:87:B1:02:4C:D8
            X509v3 Authority Key Identifier:
                keyid:39:F7:C7:49:8F:D9:C9:F2:86:80:49:51:62:B9:EB:76:AD:47:C6:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OffHSY_ZyfKGgElRYrnrdq1HxgM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b6/1d5b0b-4b05-402c-8265-efcfba9907dc/1/c_JtXmASLLY7ujsvHCfih7ECTNg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b6/1d5b0b-4b05-402c-8265-efcfba9907dc/1/OffHSY_ZyfKGgElRYrnrdq1HxgM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.250.108.0/24
                  185.250.110.0/24
                IPv6:
                  2a0c:c40::/32

    Signature Algorithm: sha256WithRSAEncryption
         4c:0a:70:25:8d:62:15:c2:5c:b1:f5:62:e9:80:f8:18:aa:06:
         bb:5b:55:a5:71:cc:26:ee:77:c8:b1:5f:54:97:9c:b3:b3:a6:
         00:8b:f7:18:3a:3a:d7:f4:5b:17:70:53:5d:04:94:eb:b3:cf:
         c7:ed:44:03:c3:5c:50:ec:61:f1:67:35:ac:ad:20:9b:6b:65:
         76:91:0b:b4:f1:a5:fc:d1:41:e6:3a:dc:1a:39:ea:96:d0:26:
         c7:0e:b4:9c:70:e3:33:c9:1c:a8:3e:cd:35:87:e8:ea:8c:40:
         a1:a5:fa:77:00:29:4c:c6:37:15:e3:ab:ec:35:5b:a3:6b:26:
         08:65:91:7b:bd:c6:b6:04:0f:a1:7f:99:12:57:0a:fc:34:cb:
         ea:80:97:07:5c:ad:61:bf:6f:b4:7c:b2:2c:ca:89:c8:85:c7:
         4c:ed:d4:fb:fc:cc:ba:f3:99:de:bd:33:cf:33:71:8d:ed:72:
         76:41:cf:5f:e1:ff:cb:ca:07:cb:75:a9:86:39:01:56:d4:bc:
         5d:be:df:32:e6:2b:49:88:f6:b6:d8:89:ef:d5:fe:9d:0f:7d:
         0c:ab:0f:0e:e9:c9:15:2b:bb:71:e9:62:9f:81:5c:83:4c:c4:
         96:f8:42:53:71:cf:b9:d4:d9:b2:bc:96:d4:28:ba:4a:04:63:
         72:e9:9c:15
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZQg1mOP2rIhYXxl6TLPaeUmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM5ZjdjNzQ5OGZkOWM5ZjI4NjgwNDk1MTYyYjllYjc2YWQ0
N2M2MDMwHhcNMjUwMTAxMDc0ODI4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3M2YyNmQ1ZTYwMTIyY2I2M2JiYTNiMmYxYzI3ZTI4N2IxMDI0Y2Q4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4RRgVdaJuASW7WpFpSraJxOl128C
IENbCd4jPv5QhKvFQh4jhFoMlHwrmWTA/oWde49QSwc7X29hS2sRk9aVctsnrnFY
ai0/97V5mgyL4CJU8PXC2iI9CZXsokym8JFybAspfAuJHV5ZYgZddZQMcSpYB67d
/nJ9V0LPUeGTCw1tsCVkQZoCb32tnYBss6nUs4pbuEMYzQ3Dx1BkFbBdO0d9pD61
14uvjh+XTyjQ3JgsVotIT0M1YF5SknFpsea5VGR8NpEoSLO7+776k82SU2UM8nld
A7Y4Pi2aV13/raKBkNjHe3dYP7vFzXLld9VkoKWFx+HxapLTj6MkFucRCwIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFHPybV5gEiy2O7o7Lxwn4oexAkzYMB8GA1UdIwQY
MBaAFDn3x0mP2cnyhoBJUWK563atR8YDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT2ZmSFNZX1p5ZktHZ0VsUllybnJkcTFIeGdNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNi8xZDViMGItNGIwNS00MDJjLTgyNjUt
ZWZjZmJhOTkwN2RjLzEvY19KdFhtQVNMTFk3dWpzdkhDZmloN0VDVE5nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNi8xZDViMGItNGIwNS00MDJjLTgyNjUtZWZjZmJhOTkwN2Rj
LzEvT2ZmSFNZX1p5ZktHZ0VsUllybnJkcTFIeGdNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQAufpsAwQA
ufpuMA0EAgACMAcDBQAqDAxAMA0GCSqGSIb3DQEBCwUAA4IBAQBMCnAljWIVwlyx
9WLpgPgYqga7W1Wlccwm7nfIsV9Ul5yzs6YAi/cYOjrX9FsXcFNdBJTrs8/H7UQD
w1xQ7GHxZzWsrSCba2V2kQu08aX80UHmOtwaOeqW0CbHDrSccOMzyRyoPs01h+jq
jEChpfp3AClMxjcV46vsNVujayYIZZF7vca2BA+hf5kSVwr8NMvqgJcHXK1hv2+0
fLIsyonIhcdM7dT7/My685nevTPPM3GN7XJ2Qc9f4f/LygfLdamGOQFW1Lxdvt8y
5itJiPa22Inv1f6dD30Mqw8O6ckVK7tx6WKfgVyDTMSW+EJTcc+51NmyvJbUKLpK
BGNy6ZwV
-----END CERTIFICATE-----