Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c5/0cb2f9-8ef9-4eeb-962a-d8b4e0d0d6d5/1/Y7R0jQTyur7PS79n24V95dokJ1E.roa
File:                     Y7R0jQTyur7PS79n24V95dokJ1E.roa (raw, json)
Hash identifier:          kBuKXhAOJMq8DqLXajUVs2ZVCA0WRxqfHOvHHVdd1e0=
Subject key identifier:   63:B4:74:8D:04:F2:BA:BE:CF:4B:BF:67:DB:85:7D:E5:DA:24:27:51
Certificate issuer:       /CN=dc3884021d1b02e8c16b555743dfeb9da8e48e31
Certificate serial:       0194266C1382D2BC37B96D95A666052883F1
Authority key identifier: DC:38:84:02:1D:1B:02:E8:C1:6B:55:57:43:DF:EB:9D:A8:E4:8E:31
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3DiEAh0bAujBa1VXQ9_rnajkjjE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c5/0cb2f9-8ef9-4eeb-962a-d8b4e0d0d6d5/1/Y7R0jQTyur7PS79n24V95dokJ1E.roa
Signing time:             Thu 02 Jan 2025 09:50:04 +0000
ROA not before:           Thu 02 Jan 2025 09:50:04 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     200659
IP address blocks:        185.30.125.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c5/0cb2f9-8ef9-4eeb-962a-d8b4e0d0d6d5/1/3DiEAh0bAujBa1VXQ9_rnajkjjE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c5/0cb2f9-8ef9-4eeb-962a-d8b4e0d0d6d5/1/3DiEAh0bAujBa1VXQ9_rnajkjjE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3DiEAh0bAujBa1VXQ9_rnajkjjE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 17 Apr 2025 13:16:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:6c:13:82:d2:bc:37:b9:6d:95:a6:66:05:28:83:f1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dc3884021d1b02e8c16b555743dfeb9da8e48e31
        Validity
            Not Before: Jan  2 09:50:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=63b4748d04f2babecf4bbf67db857de5da242751
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f7:1a:63:44:dd:5a:7b:12:34:5b:25:26:df:93:
                    7a:29:36:68:66:9d:fd:f8:90:54:d0:6c:ea:85:8b:
                    3f:09:eb:87:53:ca:fd:b2:1f:d6:0e:7d:06:38:32:
                    27:b3:e9:b0:63:da:25:7f:59:34:02:9d:ae:c7:bf:
                    6b:fb:99:7e:90:20:a0:33:7c:9a:91:cc:c3:5b:df:
                    86:54:a6:ee:0f:5b:17:34:10:b6:bf:82:99:65:e1:
                    67:e7:c7:23:49:7d:fa:a6:44:ef:90:10:a0:0c:e8:
                    68:49:5d:ae:23:a0:00:b5:cd:82:61:97:56:e5:82:
                    5e:10:b0:4c:e4:86:a7:bc:41:6a:93:6f:bc:93:50:
                    8b:c0:78:45:69:cd:2c:c8:43:7f:d9:10:58:20:e9:
                    88:3e:5c:06:fd:1a:4b:9b:f5:31:4b:15:1e:07:57:
                    d0:2b:ab:12:53:5c:55:52:4f:d5:f6:59:e8:c5:9a:
                    49:c6:64:34:b2:eb:88:ca:a1:45:4c:e4:c5:d7:74:
                    fa:1e:f8:77:c4:d9:87:65:f8:bf:e8:8f:39:4c:90:
                    5c:2e:98:f7:59:85:79:f2:c6:b2:16:87:5b:fd:e4:
                    84:8a:32:4e:3c:85:ac:73:62:47:6d:f9:bd:13:b6:
                    eb:08:45:53:cb:fe:1e:05:fd:2d:ae:03:3b:3d:c7:
                    fa:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                63:B4:74:8D:04:F2:BA:BE:CF:4B:BF:67:DB:85:7D:E5:DA:24:27:51
            X509v3 Authority Key Identifier:
                keyid:DC:38:84:02:1D:1B:02:E8:C1:6B:55:57:43:DF:EB:9D:A8:E4:8E:31

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3DiEAh0bAujBa1VXQ9_rnajkjjE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/0cb2f9-8ef9-4eeb-962a-d8b4e0d0d6d5/1/Y7R0jQTyur7PS79n24V95dokJ1E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/0cb2f9-8ef9-4eeb-962a-d8b4e0d0d6d5/1/3DiEAh0bAujBa1VXQ9_rnajkjjE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.30.125.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6b:65:67:9d:e9:cd:3a:06:7d:3d:1c:17:27:4d:c9:73:9c:00:
         99:0a:2a:2d:2b:ba:b3:05:f6:e4:86:4d:fa:72:58:71:56:b1:
         a5:5f:5c:93:81:63:d7:07:a4:d9:40:d3:ec:b3:84:dc:bc:09:
         33:05:e1:4c:06:23:57:b8:23:7a:da:68:d8:d0:2d:d3:cb:10:
         9f:42:1c:dd:7d:08:79:3c:44:41:ce:30:7f:07:3f:99:91:3b:
         14:9a:77:fb:3b:5c:48:06:61:91:0d:21:66:6c:fc:fb:28:63:
         e6:fa:b1:03:33:32:b5:46:29:8b:c1:71:dc:2b:08:fc:92:63:
         1f:d7:23:fa:b0:1f:2c:e2:0b:66:84:a3:7b:d9:6c:2e:c2:f5:
         f3:a5:90:4f:d6:97:9e:97:f5:a9:05:82:ea:4a:2a:72:0d:e7:
         2d:41:a6:f5:49:ed:f1:ae:ad:92:0a:76:44:ff:6d:5f:0d:87:
         b6:ff:ac:2b:db:e9:18:66:cd:43:0a:48:7b:14:bf:97:be:d7:
         b7:c7:35:c3:af:be:0d:67:46:a4:53:bd:52:19:ad:92:3f:e1:
         96:09:65:15:0b:2c:38:12:43:5d:be:d5:04:b2:ae:3b:0d:b6:
         a2:71:17:e9:be:6e:3d:38:4a:da:fc:cf:bf:ec:4e:f1:30:7c:
         54:ba:4e:39
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQmbBOC0rw3uW2VpmYFKIPxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRjMzg4NDAyMWQxYjAyZThjMTZiNTU1NzQzZGZlYjlkYThl
NDhlMzEwHhcNMjUwMTAyMDk1MDA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2M2I0NzQ4ZDA0ZjJiYWJlY2Y0YmJmNjdkYjg1N2RlNWRhMjQyNzUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA9xpjRN1aexI0WyUm35N6KTZoZp39
+JBU0GzqhYs/CeuHU8r9sh/WDn0GODIns+mwY9olf1k0Ap2ux79r+5l+kCCgM3ya
kczDW9+GVKbuD1sXNBC2v4KZZeFn58cjSX36pkTvkBCgDOhoSV2uI6AAtc2CYZdW
5YJeELBM5IanvEFqk2+8k1CLwHhFac0syEN/2RBYIOmIPlwG/RpLm/UxSxUeB1fQ
K6sSU1xVUk/V9lnoxZpJxmQ0suuIyqFFTOTF13T6Hvh3xNmHZfi/6I85TJBcLpj3
WYV58sayFodb/eSEijJOPIWsc2JHbfm9E7brCEVTy/4eBf0trgM7Pcf6HwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGO0dI0E8rq+z0u/Z9uFfeXaJCdRMB8GA1UdIwQY
MBaAFNw4hAIdGwLowWtVV0Pf652o5I4xMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM0RpRUFoMGJBdWpCYTFWWFE5X3JuYWprampFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNS8wY2IyZjktOGVmOS00ZWViLTk2MmEt
ZDhiNGUwZDBkNmQ1LzEvWTdSMGpRVHl1cjdQUzc5bjI0Vjk1ZG9rSjFFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNS8wY2IyZjktOGVmOS00ZWViLTk2MmEtZDhiNGUwZDBkNmQ1
LzEvM0RpRUFoMGJBdWpCYTFWWFE5X3JuYWprampFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuR59MA0G
CSqGSIb3DQEBCwUAA4IBAQBrZWed6c06Bn09HBcnTclznACZCiotK7qzBfbkhk36
clhxVrGlX1yTgWPXB6TZQNPss4TcvAkzBeFMBiNXuCN62mjY0C3TyxCfQhzdfQh5
PERBzjB/Bz+ZkTsUmnf7O1xIBmGRDSFmbPz7KGPm+rEDMzK1RimLwXHcKwj8kmMf
1yP6sB8s4gtmhKN72WwuwvXzpZBP1peel/WpBYLqSipyDectQab1Se3xrq2SCnZE
/21fDYe2/6wr2+kYZs1DCkh7FL+Xvte3xzXDr74NZ0akU71SGa2SP+GWCWUVCyw4
EkNdvtUEsq47DbaicRfpvm49OEra/M+/7E7xMHxUuk45
-----END CERTIFICATE-----