Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c4/210211-ffea-47ee-89ba-6cccba9974ec/1/JXn11nJ90d5TiYF9GBYXGMgzBVU.roa
File:                     JXn11nJ90d5TiYF9GBYXGMgzBVU.roa (raw, json)
Hash identifier:          xKanBKZfDLhsfcdAIiMFoN3EiNJRNn6FGvW7wSns+Xk=
Subject key identifier:   25:79:F5:D6:72:7D:D1:DE:53:89:81:7D:18:16:17:18:C8:33:05:55
Certificate issuer:       /CN=c3fb00b220ea784a04683054fcbf4e4b489eb420
Certificate serial:       01941FFA1302DDBC2631E4BC13406E443AB2
Authority key identifier: C3:FB:00:B2:20:EA:78:4A:04:68:30:54:FC:BF:4E:4B:48:9E:B4:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/w_sAsiDqeEoEaDBU_L9OS0ietCA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c4/210211-ffea-47ee-89ba-6cccba9974ec/1/JXn11nJ90d5TiYF9GBYXGMgzBVU.roa
Signing time:             Wed 01 Jan 2025 03:47:50 +0000
ROA not before:           Wed 01 Jan 2025 03:47:50 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     201636
IP address blocks:        185.198.154.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c4/210211-ffea-47ee-89ba-6cccba9974ec/1/w_sAsiDqeEoEaDBU_L9OS0ietCA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c4/210211-ffea-47ee-89ba-6cccba9974ec/1/w_sAsiDqeEoEaDBU_L9OS0ietCA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/w_sAsiDqeEoEaDBU_L9OS0ietCA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:fa:13:02:dd:bc:26:31:e4:bc:13:40:6e:44:3a:b2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c3fb00b220ea784a04683054fcbf4e4b489eb420
        Validity
            Not Before: Jan  1 03:47:50 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=2579f5d6727dd1de5389817d18161718c8330555
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:c9:26:94:d9:43:e7:2a:3d:e0:df:ce:57:bd:
                    94:da:da:51:f3:91:97:a8:8f:28:ce:cf:19:c1:38:
                    17:94:65:4a:c7:44:b1:bd:58:b8:59:ed:74:4c:c0:
                    c9:fb:ea:50:92:c6:c3:ee:24:70:f6:e2:41:3e:15:
                    5c:27:11:c8:9a:40:19:54:1b:34:29:02:2f:d2:1e:
                    95:bb:39:52:ea:cc:a5:07:4c:f8:e8:10:78:aa:8d:
                    63:64:7a:35:89:87:41:17:4a:63:a2:c0:4f:9c:a2:
                    ba:d7:eb:47:30:bd:3e:b4:1e:56:87:5b:22:f2:22:
                    b9:a5:8c:81:6e:ce:3b:de:6a:93:9a:fa:db:a8:6c:
                    78:34:72:6f:de:1d:ae:0f:d6:28:d2:33:ef:87:7b:
                    02:ba:83:41:92:2e:c8:0c:26:07:0d:97:c4:5a:5b:
                    cc:11:38:6e:97:bc:bd:67:b1:62:de:c0:dc:8b:05:
                    f6:34:8b:8e:3b:49:14:e0:af:e6:44:26:e2:ed:dc:
                    5d:d4:2b:df:61:90:d1:40:72:38:cc:be:d4:70:9a:
                    71:a5:c7:cc:4e:04:1d:d8:4e:01:89:e8:f1:be:10:
                    3e:e9:fa:19:97:5c:ad:cb:1b:7b:bc:f6:63:16:6f:
                    c6:54:b5:79:e2:21:04:ec:13:7a:04:40:5b:6a:54:
                    c4:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                25:79:F5:D6:72:7D:D1:DE:53:89:81:7D:18:16:17:18:C8:33:05:55
            X509v3 Authority Key Identifier:
                keyid:C3:FB:00:B2:20:EA:78:4A:04:68:30:54:FC:BF:4E:4B:48:9E:B4:20

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/w_sAsiDqeEoEaDBU_L9OS0ietCA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c4/210211-ffea-47ee-89ba-6cccba9974ec/1/JXn11nJ90d5TiYF9GBYXGMgzBVU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c4/210211-ffea-47ee-89ba-6cccba9974ec/1/w_sAsiDqeEoEaDBU_L9OS0ietCA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.198.154.0/24

    Signature Algorithm: sha256WithRSAEncryption
         09:63:e0:14:46:74:0f:6b:6e:da:5a:ec:f5:02:00:ef:c7:0f:
         41:cb:1e:43:41:45:a5:39:f9:f0:e0:23:68:aa:fc:e9:db:24:
         57:9c:dc:09:7e:d5:e2:6e:55:0f:2e:7f:a7:72:d4:44:de:85:
         0e:62:bf:ad:ab:ae:72:81:1f:dc:81:cf:c5:0b:50:eb:8c:4d:
         94:fb:8b:2b:49:a2:fb:bc:b2:fa:c1:83:93:51:79:8c:22:4b:
         d8:b8:c2:cf:eb:b4:d7:cd:21:c5:95:1b:ae:09:27:32:0b:6f:
         9a:22:c5:b6:5f:9e:da:8b:f7:11:78:7b:e3:8e:83:40:b0:be:
         65:cd:67:c7:3b:69:7f:65:a8:a6:a8:b6:17:e0:35:66:33:6b:
         c0:42:27:58:47:c7:35:3f:01:f9:de:50:d1:0f:8c:81:17:8c:
         f6:11:84:ee:94:f9:30:41:76:ed:6e:ba:21:23:3f:6e:67:20:
         93:62:5f:41:c6:20:10:e8:09:06:8b:66:d0:7a:d5:81:a6:d8:
         41:16:23:ce:dc:21:22:7a:9a:db:fc:2f:19:e6:51:67:f3:36:
         d8:40:f7:ad:ef:29:df:2d:00:29:c0:cb:7e:87:21:10:fa:5f:
         89:6e:23:74:92:ee:4a:72:67:ae:50:92:b2:fb:86:d9:df:03:
         d2:3e:53:c3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQf+hMC3bwmMeS8E0BuRDqyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMzZmIwMGIyMjBlYTc4NGEwNDY4MzA1NGZjYmY0ZTRiNDg5
ZWI0MjAwHhcNMjUwMTAxMDM0NzUwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNTc5ZjVkNjcyN2RkMWRlNTM4OTgxN2QxODE2MTcxOGM4MzMwNTU1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp8kmlNlD5yo94N/OV72U2tpR85GX
qI8ozs8ZwTgXlGVKx0SxvVi4We10TMDJ++pQksbD7iRw9uJBPhVcJxHImkAZVBs0
KQIv0h6VuzlS6sylB0z46BB4qo1jZHo1iYdBF0pjosBPnKK61+tHML0+tB5Wh1si
8iK5pYyBbs473mqTmvrbqGx4NHJv3h2uD9Yo0jPvh3sCuoNBki7IDCYHDZfEWlvM
EThul7y9Z7Fi3sDciwX2NIuOO0kU4K/mRCbi7dxd1CvfYZDRQHI4zL7UcJpxpcfM
TgQd2E4BiejxvhA+6foZl1ytyxt7vPZjFm/GVLV54iEE7BN6BEBbalTE/QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCV59dZyfdHeU4mBfRgWFxjIMwVVMB8GA1UdIwQY
MBaAFMP7ALIg6nhKBGgwVPy/TktInrQgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd19zQXNpRHFlRW9FYURCVV9MOU9TMGlldENBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNC8yMTAyMTEtZmZlYS00N2VlLTg5YmEt
NmNjY2JhOTk3NGVjLzEvSlhuMTFuSjkwZDVUaVlGOUdCWVhHTWd6QlZVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNC8yMTAyMTEtZmZlYS00N2VlLTg5YmEtNmNjY2JhOTk3NGVj
LzEvd19zQXNpRHFlRW9FYURCVV9MOU9TMGlldENBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAucaaMA0G
CSqGSIb3DQEBCwUAA4IBAQAJY+AURnQPa27aWuz1AgDvxw9Byx5DQUWlOfnw4CNo
qvzp2yRXnNwJftXiblUPLn+nctRE3oUOYr+tq65ygR/cgc/FC1DrjE2U+4srSaL7
vLL6wYOTUXmMIkvYuMLP67TXzSHFlRuuCScyC2+aIsW2X57ai/cReHvjjoNAsL5l
zWfHO2l/ZaimqLYX4DVmM2vAQidYR8c1PwH53lDRD4yBF4z2EYTulPkwQXbtbroh
Iz9uZyCTYl9BxiAQ6AkGi2bQetWBpthBFiPO3CEieprb/C8Z5lFn8zbYQPet7ynf
LQApwMt+hyEQ+l+JbiN0ku5KcmeuUJKy+4bZ3wPSPlPD
-----END CERTIFICATE-----