Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c1/195f3d-a851-455a-9b0f-d70cd97f4857/1/RVJ3nIJEBcWZXpWb3MnSUCFA2iY.roa
File:                     RVJ3nIJEBcWZXpWb3MnSUCFA2iY.roa (raw, json)
Hash identifier:          M8lbfWsAGSkoDl5BWQQZtTG7pQkMrZk5UuquwmgmkYY=
Subject key identifier:   45:52:77:9C:82:44:05:C5:99:5E:95:9B:DC:C9:D2:50:21:40:DA:26
Certificate issuer:       /CN=65bdcff77bf060d5da12de45e2072e1cff4560a7
Certificate serial:       019422FB13A22FC123DF9DA35FC5E9E1D232
Authority key identifier: 65:BD:CF:F7:7B:F0:60:D5:DA:12:DE:45:E2:07:2E:1C:FF:45:60:A7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Zb3P93vwYNXaEt5F4gcuHP9FYKc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c1/195f3d-a851-455a-9b0f-d70cd97f4857/1/RVJ3nIJEBcWZXpWb3MnSUCFA2iY.roa
Signing time:             Wed 01 Jan 2025 17:47:47 +0000
ROA not before:           Wed 01 Jan 2025 17:47:47 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     8896
IP address blocks:        185.41.241.0/24 maxlen: 24
                          185.152.33.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c1/195f3d-a851-455a-9b0f-d70cd97f4857/1/Zb3P93vwYNXaEt5F4gcuHP9FYKc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c1/195f3d-a851-455a-9b0f-d70cd97f4857/1/Zb3P93vwYNXaEt5F4gcuHP9FYKc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Zb3P93vwYNXaEt5F4gcuHP9FYKc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 16 Apr 2025 13:00:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:fb:13:a2:2f:c1:23:df:9d:a3:5f:c5:e9:e1:d2:32
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=65bdcff77bf060d5da12de45e2072e1cff4560a7
        Validity
            Not Before: Jan  1 17:47:47 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4552779c824405c5995e959bdcc9d2502140da26
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:b5:64:8d:f4:6b:00:48:82:8e:6e:ac:5a:e3:
                    95:33:81:ef:4f:9c:d7:69:a8:32:8c:2f:8a:35:9c:
                    df:73:73:e5:b9:1b:f1:66:bd:ec:b5:a2:59:77:40:
                    11:80:6d:34:6e:3d:f7:bc:af:c1:c5:04:2c:23:0c:
                    a3:74:c1:98:75:36:70:af:d2:ff:c2:c8:07:32:8d:
                    9b:59:2d:df:78:88:d5:63:60:76:16:f6:f6:80:12:
                    52:14:71:0c:e2:17:da:f9:63:c6:7f:70:ac:a0:87:
                    80:1b:52:65:88:f0:52:61:f5:14:50:37:62:dd:c5:
                    38:9e:8c:b0:24:26:43:bf:ae:91:0e:6a:e9:20:49:
                    0b:65:87:1f:05:97:53:eb:7c:bf:72:f7:01:b1:c7:
                    93:58:26:db:5b:ef:e5:84:be:c2:ca:be:a9:14:76:
                    82:4f:d0:3e:59:ef:f6:28:12:21:9c:f5:18:d6:f7:
                    f7:57:a8:98:5c:96:82:4f:37:28:70:ee:37:ba:64:
                    a4:f0:44:26:68:7f:e0:fa:a3:61:0b:db:92:97:b2:
                    c2:3b:25:50:ed:1d:ba:cf:24:6c:6c:b0:cd:c7:cd:
                    a7:89:7a:c4:ed:a1:00:2a:2b:7c:74:b8:95:81:bf:
                    98:e7:45:1f:72:0e:f5:a4:e1:34:92:27:0b:e6:7f:
                    ab:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                45:52:77:9C:82:44:05:C5:99:5E:95:9B:DC:C9:D2:50:21:40:DA:26
            X509v3 Authority Key Identifier:
                keyid:65:BD:CF:F7:7B:F0:60:D5:DA:12:DE:45:E2:07:2E:1C:FF:45:60:A7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Zb3P93vwYNXaEt5F4gcuHP9FYKc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c1/195f3d-a851-455a-9b0f-d70cd97f4857/1/RVJ3nIJEBcWZXpWb3MnSUCFA2iY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c1/195f3d-a851-455a-9b0f-d70cd97f4857/1/Zb3P93vwYNXaEt5F4gcuHP9FYKc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.41.241.0/24
                  185.152.33.0/24

    Signature Algorithm: sha256WithRSAEncryption
         87:14:96:2f:9e:9c:49:cc:86:3b:db:e3:41:db:5c:72:a0:24:
         49:00:44:1d:38:ac:38:c9:bc:9b:84:ba:e2:27:4c:6f:80:22:
         c2:2f:c9:8c:c2:57:75:5f:bf:ab:38:79:45:00:a0:4b:f3:f3:
         e7:1a:22:17:d3:19:4f:5c:62:75:61:e2:3d:4a:e4:11:4e:fc:
         38:ba:f9:d8:c3:14:16:73:87:85:2c:a5:48:e3:c7:4d:30:ad:
         da:31:f0:38:18:07:28:c4:54:fe:73:18:e7:b5:b7:b9:27:22:
         94:fb:ba:96:19:e2:21:92:73:2d:00:7e:1a:ae:bf:0c:d1:74:
         5a:e8:89:0c:ce:dc:98:51:a3:65:69:f9:74:b4:61:69:b3:3d:
         1b:83:85:74:54:54:e0:a3:df:ef:17:5d:1d:d9:2c:a3:68:17:
         af:13:a0:a2:8e:c9:6f:4c:9d:5e:0f:c3:cf:e0:fa:c6:66:37:
         9d:ff:7b:bd:d0:ff:ee:8c:6c:9a:34:13:7c:1f:b5:1d:0f:52:
         e0:3e:31:77:6b:27:b5:42:fa:24:63:f3:19:98:7d:55:44:f2:
         66:57:5a:d1:fc:ca:e7:6b:08:c0:df:21:75:44:1e:b7:c5:ad:
         10:ef:fa:7d:63:76:6e:8a:df:46:6f:d5:42:79:53:73:43:11:
         b9:43:78:54
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQi+xOiL8Ej352jX8Xp4dIyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY1YmRjZmY3N2JmMDYwZDVkYTEyZGU0NWUyMDcyZTFjZmY0
NTYwYTcwHhcNMjUwMTAxMTc0NzQ3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NTUyNzc5YzgyNDQwNWM1OTk1ZTk1OWJkY2M5ZDI1MDIxNDBkYTI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtbVkjfRrAEiCjm6sWuOVM4HvT5zX
aagyjC+KNZzfc3PluRvxZr3staJZd0ARgG00bj33vK/BxQQsIwyjdMGYdTZwr9L/
wsgHMo2bWS3feIjVY2B2Fvb2gBJSFHEM4hfa+WPGf3CsoIeAG1JliPBSYfUUUDdi
3cU4noywJCZDv66RDmrpIEkLZYcfBZdT63y/cvcBsceTWCbbW+/lhL7Cyr6pFHaC
T9A+We/2KBIhnPUY1vf3V6iYXJaCTzcocO43umSk8EQmaH/g+qNhC9uSl7LCOyVQ
7R26zyRsbLDNx82niXrE7aEAKit8dLiVgb+Y50Ufcg71pOE0kicL5n+rcQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFEVSd5yCRAXFmV6Vm9zJ0lAhQNomMB8GA1UdIwQY
MBaAFGW9z/d78GDV2hLeReIHLhz/RWCnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWmIzUDkzdndZTlhhRXQ1RjRnY3VIUDlGWUtjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMS8xOTVmM2QtYTg1MS00NTVhLTliMGYt
ZDcwY2Q5N2Y0ODU3LzEvUlZKM25JSkVCY1daWHBXYjNNblNVQ0ZBMmlZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMS8xOTVmM2QtYTg1MS00NTVhLTliMGYtZDcwY2Q5N2Y0ODU3
LzEvWmIzUDkzdndZTlhhRXQ1RjRnY3VIUDlGWUtjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAuSnxAwQA
uZghMA0GCSqGSIb3DQEBCwUAA4IBAQCHFJYvnpxJzIY72+NB21xyoCRJAEQdOKw4
ybybhLriJ0xvgCLCL8mMwld1X7+rOHlFAKBL8/PnGiIX0xlPXGJ1YeI9SuQRTvw4
uvnYwxQWc4eFLKVI48dNMK3aMfA4GAcoxFT+cxjntbe5JyKU+7qWGeIhknMtAH4a
rr8M0XRa6IkMztyYUaNlafl0tGFpsz0bg4V0VFTgo9/vF10d2SyjaBevE6Cijslv
TJ1eD8PP4PrGZjed/3u90P/ujGyaNBN8H7UdD1LgPjF3aye1QvokY/MZmH1VRPJm
V1rR/MrnawjA3yF1RB63xa0Q7/p9Y3Zuit9Gb9VCeVNzQxG5Q3hU
-----END CERTIFICATE-----