Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c5/ef3e43-7bf7-404f-a9a3-b3e9255d2b3e/1/k0wxotDmupM_OCH-gumYl6-17mo.roa
File:                     k0wxotDmupM_OCH-gumYl6-17mo.roa (raw, json)
Hash identifier:          3uzjcHPmVZPolSBJCFaFe8TY8/nPe+It+9iUZVl84Zw=
Subject key identifier:   93:4C:31:A2:D0:E6:BA:93:3F:38:21:FE:82:E9:98:97:AF:B5:EE:6A
Certificate issuer:       /CN=b8d5b3d379d21162e2b522c43801fb9603988245
Certificate serial:       01942067CA8ECB7367128CBE17AC95B4DDF6
Authority key identifier: B8:D5:B3:D3:79:D2:11:62:E2:B5:22:C4:38:01:FB:96:03:98:82:45
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uNWz03nSEWLitSLEOAH7lgOYgkU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c5/ef3e43-7bf7-404f-a9a3-b3e9255d2b3e/1/k0wxotDmupM_OCH-gumYl6-17mo.roa
Signing time:             Wed 01 Jan 2025 05:47:40 +0000
ROA not before:           Wed 01 Jan 2025 05:47:40 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     42705
IP address blocks:        185.243.128.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c5/ef3e43-7bf7-404f-a9a3-b3e9255d2b3e/1/uNWz03nSEWLitSLEOAH7lgOYgkU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c5/ef3e43-7bf7-404f-a9a3-b3e9255d2b3e/1/uNWz03nSEWLitSLEOAH7lgOYgkU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/uNWz03nSEWLitSLEOAH7lgOYgkU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 13 Apr 2025 23:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:67:ca:8e:cb:73:67:12:8c:be:17:ac:95:b4:dd:f6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b8d5b3d379d21162e2b522c43801fb9603988245
        Validity
            Not Before: Jan  1 05:47:40 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=934c31a2d0e6ba933f3821fe82e99897afb5ee6a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:db:cc:d5:37:af:a6:51:dc:d8:eb:bb:0e:88:fd:
                    0f:12:2c:6c:ae:25:ce:65:7a:2c:fd:ea:47:1f:84:
                    8f:fe:5e:fb:f5:30:4a:a4:2c:27:85:35:84:88:a5:
                    24:62:d4:d0:35:86:cc:c7:c5:4e:d7:a1:91:7d:50:
                    14:71:7b:0d:56:f1:49:77:66:7e:67:7f:e4:8f:7e:
                    b9:1d:c3:3c:87:31:e0:1c:1a:1c:77:ad:9e:fd:25:
                    f6:84:66:e4:35:f7:cd:ba:bc:88:21:01:b9:69:e5:
                    94:58:7f:30:69:74:84:4a:6e:e0:08:61:ac:32:6a:
                    af:29:98:eb:92:cd:ba:b1:66:91:b6:99:6a:e8:88:
                    a6:d6:83:63:47:cb:bb:5a:53:eb:d3:d3:e5:3d:aa:
                    7a:ac:63:26:dc:b5:e0:c0:09:eb:38:cf:7d:6f:0f:
                    13:09:df:1b:e9:89:1a:ea:c4:d3:bf:71:d0:c3:fc:
                    a2:cd:80:88:d8:e6:14:ab:2f:b7:96:65:1c:3f:ad:
                    18:8e:7b:8d:7f:24:1c:d4:33:00:c2:2f:21:2e:c4:
                    c5:28:b9:ba:67:34:d3:29:9c:91:d0:34:20:05:b9:
                    7d:f6:63:ee:77:b6:92:b5:a9:56:9f:df:1c:a2:0c:
                    fd:55:f0:73:4d:c1:8b:74:37:f3:3f:03:58:56:5e:
                    aa:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                93:4C:31:A2:D0:E6:BA:93:3F:38:21:FE:82:E9:98:97:AF:B5:EE:6A
            X509v3 Authority Key Identifier:
                keyid:B8:D5:B3:D3:79:D2:11:62:E2:B5:22:C4:38:01:FB:96:03:98:82:45

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uNWz03nSEWLitSLEOAH7lgOYgkU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/ef3e43-7bf7-404f-a9a3-b3e9255d2b3e/1/k0wxotDmupM_OCH-gumYl6-17mo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/ef3e43-7bf7-404f-a9a3-b3e9255d2b3e/1/uNWz03nSEWLitSLEOAH7lgOYgkU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.243.128.0/24

    Signature Algorithm: sha256WithRSAEncryption
         27:7a:e0:0c:5d:63:de:cb:b6:c2:40:94:dc:21:a9:8e:32:13:
         58:f6:ee:4c:26:4b:d1:44:cf:4f:d3:92:10:bc:de:e6:b4:e2:
         f9:5d:ae:99:f2:66:14:6f:c9:72:51:b5:93:96:8d:97:61:b0:
         6d:15:d8:da:9f:c9:aa:b7:0a:60:59:aa:9f:9c:0f:fa:26:a1:
         18:de:f6:17:7f:ff:8a:59:a9:9a:e2:61:4f:30:ec:a2:b1:75:
         99:21:66:89:3f:b9:3b:7b:24:14:49:21:15:57:57:4e:bb:35:
         34:38:31:18:68:83:86:08:0e:0d:83:c4:73:3c:14:ce:0b:e0:
         47:62:1b:77:8e:a7:21:b0:1b:e7:85:31:e4:eb:a1:89:f5:00:
         b2:6d:21:de:50:01:94:3b:e8:5e:a2:81:d0:43:f4:6e:06:ef:
         34:fe:8c:20:9b:ab:e3:dd:a0:b8:3c:68:b4:0c:45:5f:30:ff:
         b5:91:45:93:b1:3c:6f:43:37:5d:9a:ed:87:a2:8e:4b:e6:47:
         37:9f:79:6b:df:54:26:58:a2:ff:4a:ed:ad:76:97:3c:dc:2b:
         9a:b5:23:23:0c:cf:b8:00:87:05:c8:95:85:29:d7:23:3f:2a:
         63:79:45:db:9f:81:de:41:c9:a0:6f:87:88:51:8c:73:cc:24:
         65:c3:0e:ad
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQgZ8qOy3NnEoy+F6yVtN32MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI4ZDViM2QzNzlkMjExNjJlMmI1MjJjNDM4MDFmYjk2MDM5
ODgyNDUwHhcNMjUwMTAxMDU0NzQwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MzRjMzFhMmQwZTZiYTkzM2YzODIxZmU4MmU5OTg5N2FmYjVlZTZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA28zVN6+mUdzY67sOiP0PEixsriXO
ZXos/epHH4SP/l779TBKpCwnhTWEiKUkYtTQNYbMx8VO16GRfVAUcXsNVvFJd2Z+
Z3/kj365HcM8hzHgHBocd62e/SX2hGbkNffNuryIIQG5aeWUWH8waXSESm7gCGGs
MmqvKZjrks26sWaRtplq6Iim1oNjR8u7WlPr09PlPap6rGMm3LXgwAnrOM99bw8T
Cd8b6Yka6sTTv3HQw/yizYCI2OYUqy+3lmUcP60YjnuNfyQc1DMAwi8hLsTFKLm6
ZzTTKZyR0DQgBbl99mPud7aStalWn98cogz9VfBzTcGLdDfzPwNYVl6qGwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJNMMaLQ5rqTPzgh/oLpmJevte5qMB8GA1UdIwQY
MBaAFLjVs9N50hFi4rUixDgB+5YDmIJFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdU5XejAzblNFV0xpdFNMRU9BSDdsZ09ZZ2tVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNS9lZjNlNDMtN2JmNy00MDRmLWE5YTMt
YjNlOTI1NWQyYjNlLzEvazB3eG90RG11cE1fT0NILWd1bVlsNi0xN21vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNS9lZjNlNDMtN2JmNy00MDRmLWE5YTMtYjNlOTI1NWQyYjNl
LzEvdU5XejAzblNFV0xpdFNMRU9BSDdsZ09ZZ2tVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAufOAMA0G
CSqGSIb3DQEBCwUAA4IBAQAneuAMXWPey7bCQJTcIamOMhNY9u5MJkvRRM9P05IQ
vN7mtOL5Xa6Z8mYUb8lyUbWTlo2XYbBtFdjan8mqtwpgWaqfnA/6JqEY3vYXf/+K
Wama4mFPMOyisXWZIWaJP7k7eyQUSSEVV1dOuzU0ODEYaIOGCA4Ng8RzPBTOC+BH
Yht3jqchsBvnhTHk66GJ9QCybSHeUAGUO+heooHQQ/RuBu80/owgm6vj3aC4PGi0
DEVfMP+1kUWTsTxvQzddmu2Hoo5L5kc3n3lr31QmWKL/Su2tdpc83CuatSMjDM+4
AIcFyJWFKdcjPypjeUXbn4HeQcmgb4eIUYxzzCRlww6t
-----END CERTIFICATE-----