Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c5/4c6e75-a800-4d4f-8ac7-4eaeb2a23b27/1/m4oaOJvUbTCnMfIaVthxaAca0Fo.roa
File:                     m4oaOJvUbTCnMfIaVthxaAca0Fo.roa (raw, json)
Hash identifier:          63YgwjxraN8fKu5dlPjbo9SecMVJoKvca3zxswMIA4c=
Subject key identifier:   9B:8A:1A:38:9B:D4:6D:30:A7:31:F2:1A:56:D8:71:68:07:1A:D0:5A
Certificate issuer:       /CN=a6e8a25a93792a58b3a2d80fb1aad959e65aeddf
Certificate serial:       0194266B4EB271E651314933F75ED02053E0
Authority key identifier: A6:E8:A2:5A:93:79:2A:58:B3:A2:D8:0F:B1:AA:D9:59:E6:5A:ED:DF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/puiiWpN5KlizotgPsarZWeZa7d8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c5/4c6e75-a800-4d4f-8ac7-4eaeb2a23b27/1/m4oaOJvUbTCnMfIaVthxaAca0Fo.roa
Signing time:             Thu 02 Jan 2025 09:49:14 +0000
ROA not before:           Thu 02 Jan 2025 09:49:14 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     56902
IP address blocks:        185.103.21.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c5/4c6e75-a800-4d4f-8ac7-4eaeb2a23b27/1/puiiWpN5KlizotgPsarZWeZa7d8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c5/4c6e75-a800-4d4f-8ac7-4eaeb2a23b27/1/puiiWpN5KlizotgPsarZWeZa7d8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/puiiWpN5KlizotgPsarZWeZa7d8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 14 Mar 2025 00:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:6b:4e:b2:71:e6:51:31:49:33:f7:5e:d0:20:53:e0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a6e8a25a93792a58b3a2d80fb1aad959e65aeddf
        Validity
            Not Before: Jan  2 09:49:14 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9b8a1a389bd46d30a731f21a56d87168071ad05a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:19:01:a4:f5:93:30:4f:cc:1f:6d:56:2a:80:
                    b6:a4:de:a2:b7:bd:55:10:20:fa:83:68:d4:a8:41:
                    37:29:19:9c:18:b4:a9:35:69:9c:66:68:e7:49:4f:
                    b2:d7:6d:4a:e5:c1:24:e0:86:3a:da:ab:a0:c0:2d:
                    8d:a0:6f:4a:21:4c:f0:80:87:68:ee:f2:d7:7d:ed:
                    f7:c6:28:95:ee:66:bc:c7:7a:7e:54:08:30:e4:81:
                    a5:44:7c:43:2c:61:65:dd:e3:98:07:9a:a3:8e:ec:
                    94:9e:82:f6:a3:d1:c0:3a:ff:df:ee:a7:c3:fc:49:
                    6b:9e:97:b1:e2:a4:a2:a7:e5:2a:2b:db:23:73:71:
                    c8:31:7c:01:cb:0d:0e:06:af:df:84:69:90:3e:53:
                    48:d9:0c:28:8f:84:45:c9:ed:96:cf:3a:57:9b:e4:
                    79:b4:c2:a2:28:01:0d:cd:ef:bb:14:aa:d1:35:2e:
                    d7:9f:f7:97:36:8c:1b:37:61:48:34:ac:24:3e:cd:
                    f9:46:79:cc:4d:42:75:ad:59:e9:ef:51:b3:41:08:
                    b5:fd:d1:59:27:9b:bc:02:1c:76:03:82:5d:ec:3f:
                    33:dc:95:fc:22:c0:72:32:0b:16:85:aa:a1:49:eb:
                    d2:82:12:fa:53:5c:74:5b:26:73:cc:84:07:c6:b5:
                    38:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9B:8A:1A:38:9B:D4:6D:30:A7:31:F2:1A:56:D8:71:68:07:1A:D0:5A
            X509v3 Authority Key Identifier:
                keyid:A6:E8:A2:5A:93:79:2A:58:B3:A2:D8:0F:B1:AA:D9:59:E6:5A:ED:DF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/puiiWpN5KlizotgPsarZWeZa7d8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/4c6e75-a800-4d4f-8ac7-4eaeb2a23b27/1/m4oaOJvUbTCnMfIaVthxaAca0Fo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/4c6e75-a800-4d4f-8ac7-4eaeb2a23b27/1/puiiWpN5KlizotgPsarZWeZa7d8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.103.21.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2a:d0:79:ed:c4:49:77:c0:a4:23:0e:64:ff:8d:62:7b:85:8c:
         0d:56:11:63:55:20:da:45:9c:85:33:23:96:58:ff:44:72:f5:
         a2:41:46:2b:15:1d:e3:ce:aa:e5:52:88:97:df:50:e8:ec:cf:
         88:c1:0b:5d:c5:6f:13:fb:19:ee:75:db:a9:31:a1:d2:77:f2:
         d3:07:ba:4f:db:70:a5:eb:cc:c3:a3:df:bb:8e:14:c1:44:1d:
         3a:23:e3:21:d0:9d:32:fd:c0:47:74:e8:1c:83:3a:98:08:72:
         9a:6f:78:d9:1d:7c:20:d1:73:9d:b8:88:10:30:d7:27:3a:fd:
         3f:e3:bb:75:fa:c9:3f:1b:27:46:18:ba:ac:3c:01:f1:d9:b3:
         c1:21:4a:89:4d:c2:65:27:0b:08:11:8d:72:4e:53:a5:a2:39:
         e7:2b:26:d9:12:11:f0:a3:97:c5:56:5c:6c:d3:62:fa:5e:60:
         77:c8:ad:06:eb:7a:a2:0e:b5:e4:7e:70:04:ef:d6:87:25:c5:
         03:51:f8:ca:4e:07:9c:ca:14:51:aa:23:76:26:25:c2:f9:a9:
         4b:1c:92:f6:85:50:5c:20:9b:85:74:23:d3:cd:49:ef:38:f2:
         8f:43:1b:40:ca:37:0c:e3:87:cc:79:63:a0:db:6c:b9:f6:71:
         12:ac:5c:9d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQma06yceZRMUkz917QIFPgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE2ZThhMjVhOTM3OTJhNThiM2EyZDgwZmIxYWFkOTU5ZTY1
YWVkZGYwHhcNMjUwMTAyMDk0OTE0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YjhhMWEzODliZDQ2ZDMwYTczMWYyMWE1NmQ4NzE2ODA3MWFkMDVhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxRkBpPWTME/MH21WKoC2pN6it71V
ECD6g2jUqEE3KRmcGLSpNWmcZmjnSU+y121K5cEk4IY62qugwC2NoG9KIUzwgIdo
7vLXfe33xiiV7ma8x3p+VAgw5IGlRHxDLGFl3eOYB5qjjuyUnoL2o9HAOv/f7qfD
/Elrnpex4qSip+UqK9sjc3HIMXwByw0OBq/fhGmQPlNI2Qwoj4RFye2WzzpXm+R5
tMKiKAENze+7FKrRNS7Xn/eXNowbN2FINKwkPs35RnnMTUJ1rVnp71GzQQi1/dFZ
J5u8Ahx2A4Jd7D8z3JX8IsByMgsWhaqhSevSghL6U1x0WyZzzIQHxrU4TwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJuKGjib1G0wpzHyGlbYcWgHGtBaMB8GA1UdIwQY
MBaAFKboolqTeSpYs6LYD7Gq2VnmWu3fMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcHVpaVdwTjVLbGl6b3RnUHNhclpXZVphN2Q4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNS80YzZlNzUtYTgwMC00ZDRmLThhYzct
NGVhZWIyYTIzYjI3LzEvbTRvYU9KdlViVENuTWZJYVZ0aHhhQWNhMEZvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNS80YzZlNzUtYTgwMC00ZDRmLThhYzctNGVhZWIyYTIzYjI3
LzEvcHVpaVdwTjVLbGl6b3RnUHNhclpXZVphN2Q4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuWcVMA0G
CSqGSIb3DQEBCwUAA4IBAQAq0HntxEl3wKQjDmT/jWJ7hYwNVhFjVSDaRZyFMyOW
WP9EcvWiQUYrFR3jzqrlUoiX31Do7M+IwQtdxW8T+xnuddupMaHSd/LTB7pP23Cl
68zDo9+7jhTBRB06I+Mh0J0y/cBHdOgcgzqYCHKab3jZHXwg0XOduIgQMNcnOv0/
47t1+sk/GydGGLqsPAHx2bPBIUqJTcJlJwsIEY1yTlOlojnnKybZEhHwo5fFVlxs
02L6XmB3yK0G63qiDrXkfnAE79aHJcUDUfjKTgecyhRRqiN2JiXC+alLHJL2hVBc
IJuFdCPTzUnvOPKPQxtAyjcM44fMeWOg22y59nESrFyd
-----END CERTIFICATE-----