Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ef/a01ab5-83c0-4e19-9093-79175b151a52/1/K95dcowoWM46l25G6cg3BOInICc.roa
File:                     K95dcowoWM46l25G6cg3BOInICc.roa (raw, json)
Hash identifier:          FwJQGFHNrTbaA2c6WdNnVmYiKoiWwAn5MfYOiuC/b0Y=
Subject key identifier:   2B:DE:5D:72:8C:28:58:CE:3A:97:6E:46:E9:C8:37:04:E2:27:20:27
Certificate issuer:       /CN=06bd30ac3561a1df7fc6b296bf9d29dd5581f1ee
Certificate serial:       019425216BE412F4C441A5A357C5617781E1
Authority key identifier: 06:BD:30:AC:35:61:A1:DF:7F:C6:B2:96:BF:9D:29:DD:55:81:F1:EE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Br0wrDVhod9_xrKWv50p3VWB8e4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ef/a01ab5-83c0-4e19-9093-79175b151a52/1/K95dcowoWM46l25G6cg3BOInICc.roa
Signing time:             Thu 02 Jan 2025 03:48:54 +0000
ROA not before:           Thu 02 Jan 2025 03:48:54 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     50597
IP address blocks:        185.23.152.0/22 maxlen: 22
                          185.23.152.0/24 maxlen: 24
                          185.23.153.0/24 maxlen: 24
                          185.23.154.0/24 maxlen: 24
                          185.23.155.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ef/a01ab5-83c0-4e19-9093-79175b151a52/1/Br0wrDVhod9_xrKWv50p3VWB8e4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ef/a01ab5-83c0-4e19-9093-79175b151a52/1/Br0wrDVhod9_xrKWv50p3VWB8e4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Br0wrDVhod9_xrKWv50p3VWB8e4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 14 Apr 2025 00:01:21 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:21:6b:e4:12:f4:c4:41:a5:a3:57:c5:61:77:81:e1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=06bd30ac3561a1df7fc6b296bf9d29dd5581f1ee
        Validity
            Not Before: Jan  2 03:48:54 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=2bde5d728c2858ce3a976e46e9c83704e2272027
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:bb:81:5a:f7:4f:7e:52:b1:c1:4a:59:4f:e7:
                    a5:51:ed:10:2a:70:59:31:ab:cb:03:80:a7:bf:63:
                    8f:9e:23:16:d9:a9:59:07:09:a4:c2:fe:6f:2e:54:
                    e9:d7:16:42:a2:42:96:73:12:93:35:4e:23:f1:88:
                    b5:a4:8d:5c:34:7e:92:c7:61:4d:1c:c7:85:d3:ff:
                    42:f8:42:29:3e:5b:1d:95:02:4a:ab:d0:c6:2e:37:
                    55:40:be:d0:0f:94:ee:f6:db:e1:c5:c1:ab:90:8d:
                    9b:74:f9:8f:11:9c:d7:bf:ea:ef:d4:83:49:37:48:
                    1f:39:f4:1e:40:6b:cd:67:26:1b:f5:81:f3:36:d7:
                    20:44:c2:cb:38:29:ed:87:a1:07:9f:24:36:1f:67:
                    0c:39:e5:62:5a:62:b3:88:b4:26:f2:e3:9b:37:a7:
                    29:73:7b:fd:76:12:f3:49:5c:4b:71:21:88:95:54:
                    96:4f:d1:57:fd:4f:05:7c:9a:b5:1a:49:fa:6f:8a:
                    07:c8:7a:5e:a9:23:10:53:5b:8b:35:e8:06:70:ca:
                    74:17:71:8f:f8:b7:94:32:04:3f:39:11:a8:8f:d1:
                    49:a2:dc:b3:b1:94:2d:39:25:4e:11:fd:66:7b:8f:
                    60:9e:f5:65:45:cf:2c:d8:57:4b:c9:4f:70:64:2e:
                    d6:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2B:DE:5D:72:8C:28:58:CE:3A:97:6E:46:E9:C8:37:04:E2:27:20:27
            X509v3 Authority Key Identifier:
                keyid:06:BD:30:AC:35:61:A1:DF:7F:C6:B2:96:BF:9D:29:DD:55:81:F1:EE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Br0wrDVhod9_xrKWv50p3VWB8e4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ef/a01ab5-83c0-4e19-9093-79175b151a52/1/K95dcowoWM46l25G6cg3BOInICc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ef/a01ab5-83c0-4e19-9093-79175b151a52/1/Br0wrDVhod9_xrKWv50p3VWB8e4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.23.152.0/22

    Signature Algorithm: sha256WithRSAEncryption
         49:ce:69:e8:9f:e2:a0:ad:ed:36:2f:94:bf:c8:c2:70:6b:30:
         5d:cd:5d:86:1a:b3:0f:48:60:eb:f0:52:3a:c0:be:d7:fc:d9:
         7c:2d:46:9d:e8:61:d8:52:61:26:f0:c2:90:c2:44:d8:eb:26:
         19:7f:f8:b9:ac:b4:1a:f7:14:30:95:27:c9:56:80:1c:94:13:
         a4:2d:9b:2b:cb:08:f3:63:67:23:d7:bb:ef:97:29:92:67:8c:
         fa:03:70:ea:26:68:8f:f5:cf:ac:a5:90:88:65:83:93:5f:fb:
         4e:5f:65:b1:c6:3e:d1:9e:bd:b7:8d:48:a8:67:b6:2e:f6:44:
         9e:3a:9a:cd:96:ec:aa:e5:3e:6e:22:0b:bd:c4:9d:bc:25:3f:
         11:5b:3d:bf:30:7d:d8:33:c6:82:36:af:3f:53:c7:7f:88:6b:
         b0:a0:f9:f1:e1:f2:e5:f4:a3:9e:e6:82:00:dc:08:ca:75:1d:
         04:44:91:ea:ca:dd:fa:0d:ea:67:dd:1f:85:65:37:68:75:da:
         47:3f:f9:79:62:60:55:c2:dd:f3:27:49:5c:27:dd:e9:b2:36:
         21:45:4a:36:ef:9a:03:dc:a0:cb:93:29:80:57:55:ef:90:53:
         88:e8:1c:a9:15:64:66:e2:14:37:51:90:76:ac:79:dd:58:f0:
         1a:b4:ea:76
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQlIWvkEvTEQaWjV8Vhd4HhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA2YmQzMGFjMzU2MWExZGY3ZmM2YjI5NmJmOWQyOWRkNTU4
MWYxZWUwHhcNMjUwMTAyMDM0ODU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYmRlNWQ3MjhjMjg1OGNlM2E5NzZlNDZlOWM4MzcwNGUyMjcyMDI3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy7uBWvdPflKxwUpZT+elUe0QKnBZ
MavLA4Cnv2OPniMW2alZBwmkwv5vLlTp1xZCokKWcxKTNU4j8Yi1pI1cNH6Sx2FN
HMeF0/9C+EIpPlsdlQJKq9DGLjdVQL7QD5Tu9tvhxcGrkI2bdPmPEZzXv+rv1INJ
N0gfOfQeQGvNZyYb9YHzNtcgRMLLOCnth6EHnyQ2H2cMOeViWmKziLQm8uObN6cp
c3v9dhLzSVxLcSGIlVSWT9FX/U8FfJq1Gkn6b4oHyHpeqSMQU1uLNegGcMp0F3GP
+LeUMgQ/ORGoj9FJotyzsZQtOSVOEf1me49gnvVlRc8s2FdLyU9wZC7WcQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCveXXKMKFjOOpduRunINwTiJyAnMB8GA1UdIwQY
MBaAFAa9MKw1YaHff8aylr+dKd1VgfHuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQnIwd3JEVmhvZDlfeHJLV3Y1MHAzVldCOGU0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZi9hMDFhYjUtODNjMC00ZTE5LTkwOTMt
NzkxNzViMTUxYTUyLzEvSzk1ZGNvd29XTTQ2bDI1RzZjZzNCT0luSUNjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZi9hMDFhYjUtODNjMC00ZTE5LTkwOTMtNzkxNzViMTUxYTUy
LzEvQnIwd3JEVmhvZDlfeHJLV3Y1MHAzVldCOGU0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuReYMA0G
CSqGSIb3DQEBCwUAA4IBAQBJzmnon+Kgre02L5S/yMJwazBdzV2GGrMPSGDr8FI6
wL7X/Nl8LUad6GHYUmEm8MKQwkTY6yYZf/i5rLQa9xQwlSfJVoAclBOkLZsrywjz
Y2cj17vvlymSZ4z6A3DqJmiP9c+spZCIZYOTX/tOX2Wxxj7Rnr23jUioZ7Yu9kSe
OprNluyq5T5uIgu9xJ28JT8RWz2/MH3YM8aCNq8/U8d/iGuwoPnx4fLl9KOe5oIA
3AjKdR0ERJHqyt36Depn3R+FZTdoddpHP/l5YmBVwt3zJ0lcJ93psjYhRUo275oD
3KDLkymAV1XvkFOI6BypFWRm4hQ3UZB2rHndWPAatOp2
-----END CERTIFICATE-----