Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/de/c2560f-1c4c-4ca3-a63b-304fa18898bf/1/JQloxPoQ9afiJp-IoXzHvRWMpm4.roa
File:                     JQloxPoQ9afiJp-IoXzHvRWMpm4.roa (raw, json)
Hash identifier:          J8Wxq2Z9UXMMHjhsUvukCz7EJtE55wrWEedjgrBy+C4=
Subject key identifier:   25:09:68:C4:FA:10:F5:A7:E2:26:9F:88:A1:7C:C7:BD:15:8C:A6:6E
Certificate issuer:       /CN=c07804766b2353985b9718088b5c679e0c3ea67f
Certificate serial:       019420D6163B2A9389F0ADE74D02208A1B10
Authority key identifier: C0:78:04:76:6B:23:53:98:5B:97:18:08:8B:5C:67:9E:0C:3E:A6:7F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wHgEdmsjU5hblxgIi1xnngw-pn8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/de/c2560f-1c4c-4ca3-a63b-304fa18898bf/1/JQloxPoQ9afiJp-IoXzHvRWMpm4.roa
Signing time:             Wed 01 Jan 2025 07:48:08 +0000
ROA not before:           Wed 01 Jan 2025 07:48:08 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     58059
IP address blocks:        185.154.128.0/24 maxlen: 24
                          185.154.129.0/24 maxlen: 24
                          185.154.130.0/24 maxlen: 24
                          185.154.131.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/de/c2560f-1c4c-4ca3-a63b-304fa18898bf/1/wHgEdmsjU5hblxgIi1xnngw-pn8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/de/c2560f-1c4c-4ca3-a63b-304fa18898bf/1/wHgEdmsjU5hblxgIi1xnngw-pn8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wHgEdmsjU5hblxgIi1xnngw-pn8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 18 Apr 2025 18:56:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:d6:16:3b:2a:93:89:f0:ad:e7:4d:02:20:8a:1b:10
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c07804766b2353985b9718088b5c679e0c3ea67f
        Validity
            Not Before: Jan  1 07:48:08 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=250968c4fa10f5a7e2269f88a17cc7bd158ca66e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:c2:74:d3:69:f0:b1:e3:64:f1:6b:46:af:82:
                    57:ef:16:a0:13:be:9b:14:00:27:d9:5c:0d:47:2c:
                    58:1a:87:4b:c9:98:08:17:70:fc:ea:34:1f:7f:fa:
                    2e:96:a2:88:c8:49:4d:30:5e:05:cd:24:fb:3c:4c:
                    e6:35:02:11:05:4b:2c:62:e1:fb:af:bf:f2:e6:ca:
                    b5:f3:6a:05:99:0d:0d:4c:d4:42:2d:d9:a1:a1:52:
                    0b:78:2a:bf:e4:07:62:38:2e:24:d0:00:ba:28:d7:
                    53:c0:9e:df:72:7a:5d:a6:f4:32:7a:68:71:15:72:
                    a1:fc:ec:d3:2b:4b:61:3e:f0:f0:32:fa:98:db:15:
                    6d:e9:43:3b:f7:ac:db:3f:33:b2:ea:76:86:4f:53:
                    a7:67:fd:0b:0c:81:71:b9:1b:ab:0b:6e:bc:80:e8:
                    11:bb:db:ab:d0:65:44:5f:ec:37:a2:96:67:cd:6a:
                    96:d1:c3:d0:6b:dc:2a:c8:9b:58:ab:5d:11:0c:13:
                    af:32:91:57:a3:69:bb:4c:27:bd:6a:17:57:3b:0f:
                    4f:28:34:26:15:74:a7:b8:db:84:a8:59:06:c6:6f:
                    15:1b:b3:63:38:d4:64:a8:d9:70:4d:d3:4e:50:2e:
                    0e:35:67:7f:22:15:6a:87:39:77:2b:24:41:f9:04:
                    0e:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                25:09:68:C4:FA:10:F5:A7:E2:26:9F:88:A1:7C:C7:BD:15:8C:A6:6E
            X509v3 Authority Key Identifier:
                keyid:C0:78:04:76:6B:23:53:98:5B:97:18:08:8B:5C:67:9E:0C:3E:A6:7F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wHgEdmsjU5hblxgIi1xnngw-pn8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/de/c2560f-1c4c-4ca3-a63b-304fa18898bf/1/JQloxPoQ9afiJp-IoXzHvRWMpm4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/de/c2560f-1c4c-4ca3-a63b-304fa18898bf/1/wHgEdmsjU5hblxgIi1xnngw-pn8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.154.128.0/22

    Signature Algorithm: sha256WithRSAEncryption
         9f:9c:5f:7c:73:c6:53:34:b1:63:0d:28:cb:40:cf:38:63:90:
         a9:f6:e9:c0:71:14:b6:07:ec:5a:ee:5e:b0:e6:ea:a0:27:f3:
         4f:f4:9e:01:e1:bb:88:fe:4e:0a:d5:2c:30:90:99:89:43:f4:
         43:61:b3:7d:3f:e1:2a:86:a0:fd:c4:ff:4a:81:9e:22:6e:c3:
         cf:f9:63:73:2f:23:ee:f2:e2:f8:12:c6:52:42:f9:0b:76:04:
         31:28:f8:56:17:79:ae:da:ee:91:aa:11:d3:d1:bf:72:85:da:
         33:51:04:8f:c9:1a:18:2d:44:31:a1:78:7b:c4:c1:7e:f0:b6:
         1c:23:5c:ff:4c:a4:74:c5:dd:33:a6:8e:f8:aa:9e:70:3a:59:
         e3:bb:38:25:d1:49:d4:6b:80:e6:8e:bb:10:d0:87:1c:83:a0:
         22:e2:d2:40:40:1b:94:8f:80:8e:18:7c:e2:15:8d:07:01:b5:
         7f:2c:1f:46:58:b3:7e:da:54:95:69:bc:a5:f9:ef:44:b5:d9:
         bc:24:03:ef:55:91:7f:47:4c:21:21:25:2a:34:e0:12:c2:0e:
         12:dd:17:59:09:81:b8:d0:de:cd:26:b4:5d:21:9a:6c:88:ec:
         af:43:6d:96:43:c1:77:13:75:e0:a5:60:11:ee:91:62:7e:59:
         a5:6a:79:b7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQg1hY7KpOJ8K3nTQIgihsQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMwNzgwNDc2NmIyMzUzOTg1Yjk3MTgwODhiNWM2NzllMGMz
ZWE2N2YwHhcNMjUwMTAxMDc0ODA4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNTA5NjhjNGZhMTBmNWE3ZTIyNjlmODhhMTdjYzdiZDE1OGNhNjZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtcJ002nwseNk8WtGr4JX7xagE76b
FAAn2VwNRyxYGodLyZgIF3D86jQff/oulqKIyElNMF4FzST7PEzmNQIRBUssYuH7
r7/y5sq182oFmQ0NTNRCLdmhoVILeCq/5AdiOC4k0AC6KNdTwJ7fcnpdpvQyemhx
FXKh/OzTK0thPvDwMvqY2xVt6UM796zbPzOy6naGT1OnZ/0LDIFxuRurC268gOgR
u9ur0GVEX+w3opZnzWqW0cPQa9wqyJtYq10RDBOvMpFXo2m7TCe9ahdXOw9PKDQm
FXSnuNuEqFkGxm8VG7NjONRkqNlwTdNOUC4ONWd/IhVqhzl3KyRB+QQOQwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCUJaMT6EPWn4iafiKF8x70VjKZuMB8GA1UdIwQY
MBaAFMB4BHZrI1OYW5cYCItcZ54MPqZ/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd0hnRWRtc2pVNWhibHhnSWkxeG5uZ3ctcG44LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZS9jMjU2MGYtMWM0Yy00Y2EzLWE2M2It
MzA0ZmExODg5OGJmLzEvSlFsb3hQb1E5YWZpSnAtSW9Yekh2UldNcG00LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZS9jMjU2MGYtMWM0Yy00Y2EzLWE2M2ItMzA0ZmExODg5OGJm
LzEvd0hnRWRtc2pVNWhibHhnSWkxeG5uZ3ctcG44LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuZqAMA0G
CSqGSIb3DQEBCwUAA4IBAQCfnF98c8ZTNLFjDSjLQM84Y5Cp9unAcRS2B+xa7l6w
5uqgJ/NP9J4B4buI/k4K1SwwkJmJQ/RDYbN9P+EqhqD9xP9KgZ4ibsPP+WNzLyPu
8uL4EsZSQvkLdgQxKPhWF3mu2u6RqhHT0b9yhdozUQSPyRoYLUQxoXh7xMF+8LYc
I1z/TKR0xd0zpo74qp5wOlnjuzgl0UnUa4DmjrsQ0Iccg6Ai4tJAQBuUj4COGHzi
FY0HAbV/LB9GWLN+2lSVabyl+e9Etdm8JAPvVZF/R0whISUqNOASwg4S3RdZCYG4
0N7NJrRdIZpsiOyvQ22WQ8F3E3XgpWAR7pFiflmlanm3
-----END CERTIFICATE-----