Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d6/20ccac-33ee-45dc-bc9c-4499e3239f1f/1/g3mWLx3QHER7jvUWO9_K86XjFvg.roa
File:                     g3mWLx3QHER7jvUWO9_K86XjFvg.roa (raw, json)
Hash identifier:          CQjC54kUHdxygPOZtU3D7Ni2Q4FQ2f8Z6SwCWy0D9f0=
Subject key identifier:   83:79:96:2F:1D:D0:1C:44:7B:8E:F5:16:3B:DF:CA:F3:A5:E3:16:F8
Certificate issuer:       /CN=b586a8643633e9874111a8bcf3518a0905f28609
Certificate serial:       0197180E2F92A2441E8867F0D315D3673EC3
Authority key identifier: B5:86:A8:64:36:33:E9:87:41:11:A8:BC:F3:51:8A:09:05:F2:86:09
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tYaoZDYz6YdBEai881GKCQXyhgk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d6/20ccac-33ee-45dc-bc9c-4499e3239f1f/1/g3mWLx3QHER7jvUWO9_K86XjFvg.roa
Signing time:             Wed 28 May 2025 18:01:12 +0000
ROA not before:           Wed 28 May 2025 18:01:12 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     56847
IP address blocks:        185.160.142.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d6/20ccac-33ee-45dc-bc9c-4499e3239f1f/1/tYaoZDYz6YdBEai881GKCQXyhgk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d6/20ccac-33ee-45dc-bc9c-4499e3239f1f/1/tYaoZDYz6YdBEai881GKCQXyhgk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tYaoZDYz6YdBEai881GKCQXyhgk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 09 Jun 2025 03:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:18:0e:2f:92:a2:44:1e:88:67:f0:d3:15:d3:67:3e:c3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b586a8643633e9874111a8bcf3518a0905f28609
        Validity
            Not Before: May 28 18:01:12 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8379962f1dd01c447b8ef5163bdfcaf3a5e316f8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:a8:53:fb:6b:fc:24:36:e5:63:32:33:18:59:
                    9c:b5:9e:72:18:fd:00:06:6a:93:67:e9:fa:39:d0:
                    e8:1f:29:3c:5c:2a:7d:ca:61:ce:c0:37:61:f3:43:
                    45:a4:f1:b8:4d:eb:16:01:2c:6f:66:73:0d:d9:e4:
                    91:e6:82:b6:41:bc:54:8d:ae:72:26:8b:32:0b:c7:
                    9c:9d:4a:46:b0:b5:3b:3f:aa:83:58:1f:00:1c:89:
                    db:6e:40:87:56:e6:8e:44:98:86:27:a3:9c:db:71:
                    bc:43:3b:fa:68:35:f1:23:88:fc:e8:fa:dc:4b:c2:
                    0f:55:47:90:78:4c:da:8b:21:e7:aa:75:ef:65:56:
                    0e:9f:d0:48:f4:73:43:01:9b:e9:c9:f7:76:25:ca:
                    06:6d:d5:68:0b:2e:91:ae:02:d3:da:18:fe:8a:4d:
                    d5:fe:8f:02:2a:71:88:4a:8d:ab:5a:fe:f3:18:0b:
                    01:00:41:da:9a:a4:be:a1:02:47:8b:75:7e:f6:28:
                    26:c6:e5:3e:20:6c:bd:99:48:b3:f3:1a:a6:e0:d5:
                    19:c6:ac:f1:21:b6:32:c7:7e:1c:a3:77:1b:d6:0a:
                    5a:c2:b3:f4:8d:31:de:e6:1c:ae:45:7f:96:8e:34:
                    12:e2:ec:78:42:69:8c:a8:6c:1b:1c:5a:0c:a7:65:
                    e2:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                83:79:96:2F:1D:D0:1C:44:7B:8E:F5:16:3B:DF:CA:F3:A5:E3:16:F8
            X509v3 Authority Key Identifier:
                keyid:B5:86:A8:64:36:33:E9:87:41:11:A8:BC:F3:51:8A:09:05:F2:86:09

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tYaoZDYz6YdBEai881GKCQXyhgk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d6/20ccac-33ee-45dc-bc9c-4499e3239f1f/1/g3mWLx3QHER7jvUWO9_K86XjFvg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d6/20ccac-33ee-45dc-bc9c-4499e3239f1f/1/tYaoZDYz6YdBEai881GKCQXyhgk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.160.142.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8a:16:32:6b:8d:a7:a1:48:b9:d9:57:b9:55:5b:65:13:53:a5:
         20:03:85:79:3d:88:2e:ac:be:c2:6c:96:81:f8:0d:8f:53:78:
         a1:27:13:3b:1c:fe:bc:de:6b:98:c2:ba:20:9c:1a:68:28:90:
         d3:6b:85:d0:1c:05:03:cf:43:f2:4e:cc:65:9a:8e:f7:70:1a:
         87:9d:95:f2:13:a0:39:cf:2b:6d:cd:1b:20:db:dd:05:f4:7e:
         94:aa:bd:68:f5:b3:71:86:37:73:b5:bc:48:f7:b2:89:dc:b7:
         95:d3:70:6e:c3:e2:be:44:ab:2b:87:34:72:e3:74:08:4d:ce:
         98:fb:fb:56:a5:0a:32:46:ac:ac:47:d1:35:89:02:af:96:e5:
         f6:9e:86:61:33:81:27:a7:0e:f4:94:b7:b1:6f:11:74:05:f5:
         a5:d4:97:bd:e1:47:90:76:37:72:b7:4d:00:5c:12:da:09:7b:
         c2:86:01:5d:17:e8:71:12:ae:5c:a2:65:d7:80:82:61:35:17:
         35:bf:3d:9d:28:3f:df:89:4f:53:b7:63:81:36:81:fa:5c:2c:
         91:f5:cc:06:56:b7:75:ab:e0:77:db:58:8e:de:37:d5:4c:dd:
         f5:18:b9:34:69:42:02:ce:2a:58:6d:c6:22:98:d1:e2:8f:32:
         30:2d:45:55
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZcYDi+SokQeiGfw0xXTZz7DMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI1ODZhODY0MzYzM2U5ODc0MTExYThiY2YzNTE4YTA5MDVm
Mjg2MDkwHhcNMjUwNTI4MTgwMTEyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4Mzc5OTYyZjFkZDAxYzQ0N2I4ZWY1MTYzYmRmY2FmM2E1ZTMxNmY4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqqhT+2v8JDblYzIzGFmctZ5yGP0A
BmqTZ+n6OdDoHyk8XCp9ymHOwDdh80NFpPG4TesWASxvZnMN2eSR5oK2QbxUja5y
JosyC8ecnUpGsLU7P6qDWB8AHInbbkCHVuaORJiGJ6Oc23G8Qzv6aDXxI4j86Prc
S8IPVUeQeEzaiyHnqnXvZVYOn9BI9HNDAZvpyfd2JcoGbdVoCy6RrgLT2hj+ik3V
/o8CKnGISo2rWv7zGAsBAEHamqS+oQJHi3V+9igmxuU+IGy9mUiz8xqm4NUZxqzx
IbYyx34co3cb1gpawrP0jTHe5hyuRX+WjjQS4ux4QmmMqGwbHFoMp2XiAwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIN5li8d0BxEe471FjvfyvOl4xb4MB8GA1UdIwQY
MBaAFLWGqGQ2M+mHQRGovPNRigkF8oYJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdFlhb1pEWXo2WWRCRWFpODgxR0tDUVh5aGdrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNi8yMGNjYWMtMzNlZS00NWRjLWJjOWMt
NDQ5OWUzMjM5ZjFmLzEvZzNtV0x4M1FIRVI3anZVV085X0s4NlhqRnZnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNi8yMGNjYWMtMzNlZS00NWRjLWJjOWMtNDQ5OWUzMjM5ZjFm
LzEvdFlhb1pEWXo2WWRCRWFpODgxR0tDUVh5aGdrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuaCOMA0G
CSqGSIb3DQEBCwUAA4IBAQCKFjJrjaehSLnZV7lVW2UTU6UgA4V5PYgurL7CbJaB
+A2PU3ihJxM7HP683muYwrognBpoKJDTa4XQHAUDz0PyTsxlmo73cBqHnZXyE6A5
zyttzRsg290F9H6Uqr1o9bNxhjdztbxI97KJ3LeV03Buw+K+RKsrhzRy43QITc6Y
+/tWpQoyRqysR9E1iQKvluX2noZhM4Enpw70lLexbxF0BfWl1Je94UeQdjdyt00A
XBLaCXvChgFdF+hxEq5comXXgIJhNRc1vz2dKD/fiU9Tt2OBNoH6XCyR9cwGVrd1
q+B321iO3jfVTN31GLk0aUICzipYbcYimNHijzIwLUVV
-----END CERTIFICATE-----