Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fa/57e08c-ca3a-4099-ae74-e7daec194a69/1/AIXPYVOLD4vG7-idW3xSmEYba3M.roa
File:                     AIXPYVOLD4vG7-idW3xSmEYba3M.roa (raw, json)
Hash identifier:          0OO+kwQPJqN6G5I1BOBQWzk/kW2juMQTjTkhmJKwZ20=
Subject key identifier:   00:85:CF:61:53:8B:0F:8B:C6:EF:E8:9D:5B:7C:52:98:46:1B:6B:73
Certificate issuer:       /CN=25776c77f8ebe7094ca007ace1a9c0bfdc2b3aec
Certificate serial:       019423D749073CD484E9410DAB8766825619
Authority key identifier: 25:77:6C:77:F8:EB:E7:09:4C:A0:07:AC:E1:A9:C0:BF:DC:2B:3A:EC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JXdsd_jr5wlMoAes4anAv9wrOuw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fa/57e08c-ca3a-4099-ae74-e7daec194a69/1/AIXPYVOLD4vG7-idW3xSmEYba3M.roa
Signing time:             Wed 01 Jan 2025 21:48:18 +0000
ROA not before:           Wed 01 Jan 2025 21:48:18 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     137280
IP address blocks:        104.166.180.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fa/57e08c-ca3a-4099-ae74-e7daec194a69/1/JXdsd_jr5wlMoAes4anAv9wrOuw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fa/57e08c-ca3a-4099-ae74-e7daec194a69/1/JXdsd_jr5wlMoAes4anAv9wrOuw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JXdsd_jr5wlMoAes4anAv9wrOuw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 18:01:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:d7:49:07:3c:d4:84:e9:41:0d:ab:87:66:82:56:19
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=25776c77f8ebe7094ca007ace1a9c0bfdc2b3aec
        Validity
            Not Before: Jan  1 21:48:18 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0085cf61538b0f8bc6efe89d5b7c5298461b6b73
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:a1:9e:da:b8:14:9b:29:b4:9c:51:9f:79:5d:
                    19:a7:ce:8a:9a:19:6d:4c:cc:15:18:bb:a0:68:47:
                    e2:25:b8:66:d0:23:8c:53:b8:8d:62:2a:a7:02:16:
                    e2:14:62:60:49:76:9b:2f:62:2f:a2:fa:26:5c:59:
                    08:2c:90:22:38:66:36:3a:62:85:cf:66:55:27:15:
                    64:06:d6:ca:3e:26:e3:16:81:69:87:d5:0e:62:94:
                    f3:d8:e2:58:dd:ee:45:26:4e:85:31:80:32:43:85:
                    43:22:fc:dd:69:d8:ed:0a:92:21:32:aa:39:d4:ed:
                    3a:11:77:1a:34:45:2c:19:20:d2:cc:e9:15:1d:cf:
                    75:d5:e7:f4:3d:fb:f2:f4:be:2e:d7:08:7e:2c:43:
                    9c:21:48:85:6f:e5:dc:1f:2c:23:26:aa:cf:a0:f8:
                    61:16:f4:93:b6:e5:78:9b:97:a4:af:64:1c:0b:7e:
                    a4:35:91:8c:fa:c9:af:09:00:fc:54:df:44:6a:4e:
                    1f:90:3b:26:ec:4c:21:96:7a:ce:30:41:dd:19:09:
                    6c:3c:6c:06:22:27:df:83:d9:29:52:23:68:2a:bd:
                    87:dd:1c:4b:ed:cb:cf:0d:95:57:6d:75:c3:35:39:
                    84:11:1a:51:06:e4:86:40:c2:9e:5e:51:cc:8b:46:
                    98:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                00:85:CF:61:53:8B:0F:8B:C6:EF:E8:9D:5B:7C:52:98:46:1B:6B:73
            X509v3 Authority Key Identifier:
                keyid:25:77:6C:77:F8:EB:E7:09:4C:A0:07:AC:E1:A9:C0:BF:DC:2B:3A:EC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JXdsd_jr5wlMoAes4anAv9wrOuw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/57e08c-ca3a-4099-ae74-e7daec194a69/1/AIXPYVOLD4vG7-idW3xSmEYba3M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/57e08c-ca3a-4099-ae74-e7daec194a69/1/JXdsd_jr5wlMoAes4anAv9wrOuw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  104.166.180.0/23

    Signature Algorithm: sha256WithRSAEncryption
         06:70:d4:8c:ad:bb:d1:f6:58:f1:52:18:c2:0f:18:84:16:16:
         c2:ef:ca:3b:2b:86:c9:93:be:c8:91:8b:32:07:41:c6:fd:46:
         4e:8a:ad:e4:bb:58:fd:2c:db:b2:5b:97:02:b4:05:f6:f2:ec:
         ad:5f:d4:d9:66:d3:13:00:2a:59:14:47:ad:02:d6:85:d5:2d:
         b2:6d:6e:98:a8:ca:6a:32:bf:41:92:c4:68:05:eb:aa:25:ff:
         95:c4:68:c5:4e:76:95:07:cc:b8:45:c5:bf:e5:51:28:44:8d:
         1d:d8:df:f2:5d:ab:f4:3a:cc:8d:e9:f0:dc:4b:6a:f3:62:7d:
         e9:e2:a1:97:b2:cd:6c:8c:e8:94:44:4f:1d:29:4e:69:6e:db:
         40:19:42:3c:a6:9e:f6:0b:7f:d5:fd:0d:56:70:0d:e3:aa:60:
         18:ca:92:ee:a9:0c:4d:69:90:62:21:92:c9:fc:d8:22:0a:e4:
         a0:a1:c6:14:ff:8a:d1:c6:a8:65:b5:1c:da:c4:07:8b:37:f2:
         25:98:8e:b6:e7:58:8e:b8:67:62:10:70:24:2b:68:e7:09:a2:
         4b:bd:bb:a4:da:bb:36:f8:94:52:72:08:8a:1f:98:28:ff:be:
         18:05:95:55:e3:47:2a:29:7f:16:24:fa:5e:19:90:01:bf:8d:
         2c:35:0d:d8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQj10kHPNSE6UENq4dmglYZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI1Nzc2Yzc3ZjhlYmU3MDk0Y2EwMDdhY2UxYTljMGJmZGMy
YjNhZWMwHhcNMjUwMTAxMjE0ODE4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMDg1Y2Y2MTUzOGIwZjhiYzZlZmU4OWQ1YjdjNTI5ODQ2MWI2YjczMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp6Ge2rgUmym0nFGfeV0Zp86Kmhlt
TMwVGLugaEfiJbhm0COMU7iNYiqnAhbiFGJgSXabL2IvovomXFkILJAiOGY2OmKF
z2ZVJxVkBtbKPibjFoFph9UOYpTz2OJY3e5FJk6FMYAyQ4VDIvzdadjtCpIhMqo5
1O06EXcaNEUsGSDSzOkVHc911ef0Pfvy9L4u1wh+LEOcIUiFb+XcHywjJqrPoPhh
FvSTtuV4m5ekr2QcC36kNZGM+smvCQD8VN9Eak4fkDsm7EwhlnrOMEHdGQlsPGwG
Iiffg9kpUiNoKr2H3RxL7cvPDZVXbXXDNTmEERpRBuSGQMKeXlHMi0aYlwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFACFz2FTiw+Lxu/onVt8UphGG2tzMB8GA1UdIwQY
MBaAFCV3bHf46+cJTKAHrOGpwL/cKzrsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSlhkc2RfanI1d2xNb0FlczRhbkF2OXdyT3V3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYS81N2UwOGMtY2EzYS00MDk5LWFlNzQt
ZTdkYWVjMTk0YTY5LzEvQUlYUFlWT0xENHZHNy1pZFczeFNtRVliYTNNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYS81N2UwOGMtY2EzYS00MDk5LWFlNzQtZTdkYWVjMTk0YTY5
LzEvSlhkc2RfanI1d2xNb0FlczRhbkF2OXdyT3V3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBaKa0MA0G
CSqGSIb3DQEBCwUAA4IBAQAGcNSMrbvR9ljxUhjCDxiEFhbC78o7K4bJk77IkYsy
B0HG/UZOiq3ku1j9LNuyW5cCtAX28uytX9TZZtMTACpZFEetAtaF1S2ybW6YqMpq
Mr9BksRoBeuqJf+VxGjFTnaVB8y4RcW/5VEoRI0d2N/yXav0OsyN6fDcS2rzYn3p
4qGXss1sjOiURE8dKU5pbttAGUI8pp72C3/V/Q1WcA3jqmAYypLuqQxNaZBiIZLJ
/NgiCuSgocYU/4rRxqhltRzaxAeLN/IlmI6251iOuGdiEHAkK2jnCaJLvbuk2rs2
+JRScgiKH5go/74YBZVV40cqKX8WJPpeGZABv40sNQ3Y
-----END CERTIFICATE-----