Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e2/2b4934-4ea2-45c1-ae07-d45ab7df2de1/1/WkmHxNpKrmAzpx_FXkIaqhpVbpg.roa
File:                     WkmHxNpKrmAzpx_FXkIaqhpVbpg.roa (raw, json)
Hash identifier:          +AeFew5fsUdx9Fz3OOuJ7ZKCrATyNvcvfW0fCxc+tvg=
Subject key identifier:   5A:49:87:C4:DA:4A:AE:60:33:A7:1F:C5:5E:42:1A:AA:1A:55:6E:98
Certificate issuer:       /CN=75e05bc21b2a6f1033711ffca6491c6c30ce5a4a
Certificate serial:       0194258F95F9E2A0CEB91A4914460F9595D2
Authority key identifier: 75:E0:5B:C2:1B:2A:6F:10:33:71:1F:FC:A6:49:1C:6C:30:CE:5A:4A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/deBbwhsqbxAzcR_8pkkcbDDOWko.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e2/2b4934-4ea2-45c1-ae07-d45ab7df2de1/1/WkmHxNpKrmAzpx_FXkIaqhpVbpg.roa
Signing time:             Thu 02 Jan 2025 05:49:14 +0000
ROA not before:           Thu 02 Jan 2025 05:49:14 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     202013
IP address blocks:        185.153.170.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e2/2b4934-4ea2-45c1-ae07-d45ab7df2de1/1/deBbwhsqbxAzcR_8pkkcbDDOWko.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e2/2b4934-4ea2-45c1-ae07-d45ab7df2de1/1/deBbwhsqbxAzcR_8pkkcbDDOWko.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/deBbwhsqbxAzcR_8pkkcbDDOWko.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 16:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:8f:95:f9:e2:a0:ce:b9:1a:49:14:46:0f:95:95:d2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=75e05bc21b2a6f1033711ffca6491c6c30ce5a4a
        Validity
            Not Before: Jan  2 05:49:14 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5a4987c4da4aae6033a71fc55e421aaa1a556e98
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:6c:01:5c:f3:d6:57:4a:b4:5d:da:4c:aa:11:
                    f5:c5:38:9a:79:6f:6f:eb:fb:99:09:e1:f9:2c:b7:
                    c2:a5:e6:68:82:59:4f:a1:55:38:e8:4a:5e:d5:98:
                    05:d6:da:33:c9:04:ff:91:2c:a3:d6:83:68:10:f7:
                    c5:58:85:20:3d:77:8f:c5:37:ee:f3:2b:69:d9:3b:
                    e7:a4:6b:82:42:03:07:a1:12:6c:77:a4:50:dd:8d:
                    b4:5c:b8:4d:2a:8e:ec:49:43:4f:ce:fb:66:6e:a4:
                    c4:71:7e:0b:02:1e:e0:8a:2f:71:f1:ed:df:3d:e8:
                    29:c7:dd:cc:32:8f:47:d4:8f:ee:38:50:ab:22:d5:
                    04:d7:84:b0:64:a7:fe:ec:62:90:39:f9:77:42:f9:
                    fd:44:ad:f0:2f:e8:ee:c0:eb:11:d8:bc:9c:85:6d:
                    cc:03:03:a2:44:76:3e:2e:b1:31:45:32:d1:f3:7c:
                    47:14:72:78:57:ef:70:39:ea:6e:76:a4:8d:47:23:
                    77:27:e1:17:8e:00:62:18:29:16:cb:31:79:aa:20:
                    03:aa:ee:ff:95:7c:70:3b:e0:ca:b8:61:04:d9:f4:
                    64:2a:4b:75:95:da:b4:72:e5:bb:83:48:86:a6:79:
                    fe:e8:e9:6c:71:51:74:75:62:9c:e2:74:06:b3:7c:
                    ee:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5A:49:87:C4:DA:4A:AE:60:33:A7:1F:C5:5E:42:1A:AA:1A:55:6E:98
            X509v3 Authority Key Identifier:
                keyid:75:E0:5B:C2:1B:2A:6F:10:33:71:1F:FC:A6:49:1C:6C:30:CE:5A:4A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/deBbwhsqbxAzcR_8pkkcbDDOWko.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/2b4934-4ea2-45c1-ae07-d45ab7df2de1/1/WkmHxNpKrmAzpx_FXkIaqhpVbpg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/2b4934-4ea2-45c1-ae07-d45ab7df2de1/1/deBbwhsqbxAzcR_8pkkcbDDOWko.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.153.170.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3e:41:bd:63:6e:90:e3:34:43:ee:48:7c:05:f6:6b:f1:ca:7e:
         5d:cf:ae:8e:8c:6e:97:e6:29:03:d5:a1:e8:f5:0d:4f:3e:0b:
         b1:74:6d:cc:3e:09:5c:a0:6e:5c:ed:f0:8c:42:b2:d9:ae:28:
         8f:eb:a2:5d:94:99:c3:9f:44:2a:6d:22:ff:08:b5:7c:b4:f7:
         3d:a7:a5:e9:1c:71:af:89:f6:8f:6b:f8:98:1c:ad:b2:24:90:
         dd:42:ea:00:28:36:c2:de:d1:31:2f:71:81:dd:cc:77:d4:72:
         b3:52:06:9f:a5:39:71:0d:fb:50:7c:7a:34:68:de:29:68:73:
         3d:76:fc:32:a5:98:01:3d:b9:bd:cd:67:36:01:e6:58:d4:d8:
         36:00:39:34:fa:95:3c:ac:f8:7c:d9:44:0a:11:d7:d4:99:c3:
         2f:64:45:6e:f4:e8:b3:71:26:a6:b2:93:d6:53:36:f4:f5:b0:
         e6:4c:3a:67:54:81:29:7c:78:94:a7:df:7b:1a:5b:b8:dd:19:
         cc:70:1b:f0:e8:0d:d3:10:80:de:15:7c:12:2c:bc:f2:fb:9b:
         c1:dd:6d:2d:56:1b:3e:5c:12:0f:54:10:69:ce:07:99:ba:27:
         e8:bf:8b:74:25:71:9a:d7:29:b8:6a:fd:11:12:4e:58:07:65:
         29:37:02:b9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQlj5X54qDOuRpJFEYPlZXSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc1ZTA1YmMyMWIyYTZmMTAzMzcxMWZmY2E2NDkxYzZjMzBj
ZTVhNGEwHhcNMjUwMTAyMDU0OTE0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YTQ5ODdjNGRhNGFhZTYwMzNhNzFmYzU1ZTQyMWFhYTFhNTU2ZTk4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmmwBXPPWV0q0XdpMqhH1xTiaeW9v
6/uZCeH5LLfCpeZogllPoVU46Epe1ZgF1tozyQT/kSyj1oNoEPfFWIUgPXePxTfu
8ytp2TvnpGuCQgMHoRJsd6RQ3Y20XLhNKo7sSUNPzvtmbqTEcX4LAh7gii9x8e3f
Pegpx93MMo9H1I/uOFCrItUE14SwZKf+7GKQOfl3Qvn9RK3wL+juwOsR2LychW3M
AwOiRHY+LrExRTLR83xHFHJ4V+9wOepudqSNRyN3J+EXjgBiGCkWyzF5qiADqu7/
lXxwO+DKuGEE2fRkKkt1ldq0cuW7g0iGpnn+6OlscVF0dWKc4nQGs3zuDwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFpJh8TaSq5gM6cfxV5CGqoaVW6YMB8GA1UdIwQY
MBaAFHXgW8IbKm8QM3Ef/KZJHGwwzlpKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZGVCYndoc3FieEF6Y1JfOHBra2NiRERPV2tvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMi8yYjQ5MzQtNGVhMi00NWMxLWFlMDct
ZDQ1YWI3ZGYyZGUxLzEvV2ttSHhOcEtybUF6cHhfRlhrSWFxaHBWYnBnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMi8yYjQ5MzQtNGVhMi00NWMxLWFlMDctZDQ1YWI3ZGYyZGUx
LzEvZGVCYndoc3FieEF6Y1JfOHBra2NiRERPV2tvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuZmqMA0G
CSqGSIb3DQEBCwUAA4IBAQA+Qb1jbpDjNEPuSHwF9mvxyn5dz66OjG6X5ikD1aHo
9Q1PPguxdG3MPglcoG5c7fCMQrLZriiP66JdlJnDn0QqbSL/CLV8tPc9p6XpHHGv
ifaPa/iYHK2yJJDdQuoAKDbC3tExL3GB3cx31HKzUgafpTlxDftQfHo0aN4paHM9
dvwypZgBPbm9zWc2AeZY1Ng2ADk0+pU8rPh82UQKEdfUmcMvZEVu9OizcSamspPW
Uzb09bDmTDpnVIEpfHiUp997Glu43RnMcBvw6A3TEIDeFXwSLLzy+5vB3W0tVhs+
XBIPVBBpzgeZuifov4t0JXGa1ym4av0REk5YB2UpNwK5
-----END CERTIFICATE-----