Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ee/eb25b5-71ea-469d-9484-4ea6dfb2e5d3/1/kx9kPAQ67ntw1Xkq0X26moD-pwk.roa
File:                     kx9kPAQ67ntw1Xkq0X26moD-pwk.roa (raw, json)
Hash identifier:          X9S/3YSjUgYxw6y4t3NQ27+L1d2kR0+Z9uu+3WHTnVY=
Subject key identifier:   93:1F:64:3C:04:3A:EE:7B:70:D5:79:2A:D1:7D:BA:9A:80:FE:A7:09
Certificate issuer:       /CN=49af2153f02409a464e4d7461c802d4b8dd10dff
Certificate serial:       01941F8C66243D74874F117707301E3BD0C3
Authority key identifier: 49:AF:21:53:F0:24:09:A4:64:E4:D7:46:1C:80:2D:4B:8D:D1:0D:FF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Sa8hU_AkCaRk5NdGHIAtS43RDf8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ee/eb25b5-71ea-469d-9484-4ea6dfb2e5d3/1/kx9kPAQ67ntw1Xkq0X26moD-pwk.roa
Signing time:             Wed 01 Jan 2025 01:48:02 +0000
ROA not before:           Wed 01 Jan 2025 01:48:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     62282
IP address blocks:        185.140.230.0/24 maxlen: 24
                          185.140.231.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ee/eb25b5-71ea-469d-9484-4ea6dfb2e5d3/1/Sa8hU_AkCaRk5NdGHIAtS43RDf8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ee/eb25b5-71ea-469d-9484-4ea6dfb2e5d3/1/Sa8hU_AkCaRk5NdGHIAtS43RDf8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Sa8hU_AkCaRk5NdGHIAtS43RDf8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 10:02:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:8c:66:24:3d:74:87:4f:11:77:07:30:1e:3b:d0:c3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=49af2153f02409a464e4d7461c802d4b8dd10dff
        Validity
            Not Before: Jan  1 01:48:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=931f643c043aee7b70d5792ad17dba9a80fea709
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:a5:e9:9d:fa:97:66:df:48:89:34:78:d8:b6:
                    6e:28:84:16:ce:5f:f4:a6:08:2c:4b:a8:2d:e3:3e:
                    f0:b3:b1:2c:b3:e7:5f:ed:d0:21:ac:95:6c:8d:c4:
                    24:59:11:9d:0d:da:19:bc:4f:29:77:f4:05:45:93:
                    b7:ae:b3:02:3d:5b:9a:9b:4b:fa:1f:a6:07:7d:dc:
                    9c:e6:08:9c:28:39:0a:de:51:ed:82:df:c1:bb:65:
                    4b:03:40:35:77:46:ae:7b:ca:34:ce:6b:e1:f6:6d:
                    ba:95:24:80:82:97:17:60:ba:af:78:33:1a:bc:bc:
                    42:31:09:1c:04:ab:5c:57:6b:bf:b4:d6:1b:c7:3b:
                    0d:5e:94:eb:ac:cd:4b:cf:25:46:e6:40:89:10:09:
                    18:0b:a3:88:9e:49:2e:56:fe:88:00:4f:35:81:12:
                    93:5a:fb:31:b0:73:75:13:81:71:38:90:22:44:fd:
                    c1:09:28:d1:fb:16:aa:4f:15:98:43:db:47:33:eb:
                    20:40:0c:2b:f4:bd:b1:f8:d1:de:13:98:a6:7b:bb:
                    e5:f0:cf:b6:4b:c1:ba:a8:de:0c:16:1d:98:5c:5a:
                    0a:3b:92:a8:34:09:84:82:33:33:5c:b1:06:4b:d2:
                    92:c8:dc:9a:4c:ed:c7:ef:4e:f3:be:00:e7:47:31:
                    96:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                93:1F:64:3C:04:3A:EE:7B:70:D5:79:2A:D1:7D:BA:9A:80:FE:A7:09
            X509v3 Authority Key Identifier:
                keyid:49:AF:21:53:F0:24:09:A4:64:E4:D7:46:1C:80:2D:4B:8D:D1:0D:FF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Sa8hU_AkCaRk5NdGHIAtS43RDf8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ee/eb25b5-71ea-469d-9484-4ea6dfb2e5d3/1/kx9kPAQ67ntw1Xkq0X26moD-pwk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ee/eb25b5-71ea-469d-9484-4ea6dfb2e5d3/1/Sa8hU_AkCaRk5NdGHIAtS43RDf8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.140.230.0/23

    Signature Algorithm: sha256WithRSAEncryption
         8f:40:e3:b9:bd:08:97:18:1e:15:e4:a3:e7:b2:87:a1:a5:82:
         fa:26:f7:e3:6e:ba:f9:5c:71:eb:be:3c:26:e1:f1:20:be:59:
         f2:a0:42:92:aa:a6:69:df:0b:75:59:31:78:16:e6:be:28:a7:
         81:4c:c0:16:99:94:0d:13:3b:79:da:ff:b4:36:b7:9b:2e:3b:
         0d:41:d2:d4:ee:2c:fa:af:ed:ef:92:c5:d1:4d:16:82:2e:91:
         5b:13:7f:0d:50:69:ed:e8:c6:4a:a7:4a:e4:27:69:8a:6c:25:
         4c:c7:3b:28:06:a2:06:d5:ff:03:eb:38:39:10:da:b4:21:74:
         d7:0c:cc:e8:29:7f:11:a8:5e:0e:e4:08:56:6d:8f:5f:9c:cc:
         5a:44:57:1d:64:eb:21:e9:cf:de:0a:f5:18:3b:7e:b0:2e:09:
         ad:b1:2c:b2:ce:01:e3:6d:6d:62:ae:dc:79:19:c8:48:25:55:
         fb:c9:1a:61:0b:76:0e:d8:14:fe:cb:0e:d4:65:02:c7:cc:ea:
         c4:c9:e0:d9:f3:33:10:c2:e9:f2:58:ca:3a:56:87:ee:48:e1:
         c4:ab:0e:40:ad:81:ed:f5:db:5c:4b:6e:0d:2e:72:ee:18:77:
         02:25:ff:4a:08:3e:da:07:54:a0:6b:66:2b:9b:fa:39:38:2b:
         e2:24:ae:6d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQfjGYkPXSHTxF3BzAeO9DDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ5YWYyMTUzZjAyNDA5YTQ2NGU0ZDc0NjFjODAyZDRiOGRk
MTBkZmYwHhcNMjUwMTAxMDE0ODAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MzFmNjQzYzA0M2FlZTdiNzBkNTc5MmFkMTdkYmE5YTgwZmVhNzA5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlqXpnfqXZt9IiTR42LZuKIQWzl/0
pggsS6gt4z7ws7Ess+df7dAhrJVsjcQkWRGdDdoZvE8pd/QFRZO3rrMCPVuam0v6
H6YHfdyc5gicKDkK3lHtgt/Bu2VLA0A1d0aue8o0zmvh9m26lSSAgpcXYLqveDMa
vLxCMQkcBKtcV2u/tNYbxzsNXpTrrM1LzyVG5kCJEAkYC6OInkkuVv6IAE81gRKT
WvsxsHN1E4FxOJAiRP3BCSjR+xaqTxWYQ9tHM+sgQAwr9L2x+NHeE5ime7vl8M+2
S8G6qN4MFh2YXFoKO5KoNAmEgjMzXLEGS9KSyNyaTO3H707zvgDnRzGW/wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJMfZDwEOu57cNV5KtF9upqA/qcJMB8GA1UdIwQY
MBaAFEmvIVPwJAmkZOTXRhyALUuN0Q3/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU2E4aFVfQWtDYVJrNU5kR0hJQXRTNDNSRGY4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZS9lYjI1YjUtNzFlYS00NjlkLTk0ODQt
NGVhNmRmYjJlNWQzLzEva3g5a1BBUTY3bnR3MVhrcTBYMjZtb0QtcHdrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZS9lYjI1YjUtNzFlYS00NjlkLTk0ODQtNGVhNmRmYjJlNWQz
LzEvU2E4aFVfQWtDYVJrNU5kR0hJQXRTNDNSRGY4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBuYzmMA0G
CSqGSIb3DQEBCwUAA4IBAQCPQOO5vQiXGB4V5KPnsoehpYL6Jvfjbrr5XHHrvjwm
4fEgvlnyoEKSqqZp3wt1WTF4Fua+KKeBTMAWmZQNEzt52v+0NrebLjsNQdLU7iz6
r+3vksXRTRaCLpFbE38NUGnt6MZKp0rkJ2mKbCVMxzsoBqIG1f8D6zg5ENq0IXTX
DMzoKX8RqF4O5AhWbY9fnMxaRFcdZOsh6c/eCvUYO36wLgmtsSyyzgHjbW1irtx5
GchIJVX7yRphC3YO2BT+yw7UZQLHzOrEyeDZ8zMQwunyWMo6VofuSOHEqw5ArYHt
9dtcS24NLnLuGHcCJf9KCD7aB1Sga2Yrm/o5OCviJK5t
-----END CERTIFICATE-----