Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/icemuftOlEPNGdhU4yerjRAAFWc.roa
File:                     icemuftOlEPNGdhU4yerjRAAFWc.roa (raw, json)
Hash identifier:          KnLIV9n5nuwyGW2u4U3Zy0jCeK0297aV5PawL8wIcp0=
Subject key identifier:   89:C7:A6:B9:FB:4E:94:43:CD:19:D8:54:E3:27:AB:8D:10:00:15:67
Certificate issuer:       /CN=3e6097698686e1555f51f6c883bc5a58549b2362
Certificate serial:       019687A52B54AFE41196743D2A360C421A34
Authority key identifier: 3E:60:97:69:86:86:E1:55:5F:51:F6:C8:83:BC:5A:58:54:9B:23:62
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/icemuftOlEPNGdhU4yerjRAAFWc.roa
Signing time:             Wed 30 Apr 2025 17:01:10 +0000
ROA not before:           Wed 30 Apr 2025 17:01:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     48678
IP address blocks:        94.249.170.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 08 May 2025 01:00:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:87:a5:2b:54:af:e4:11:96:74:3d:2a:36:0c:42:1a:34
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3e6097698686e1555f51f6c883bc5a58549b2362
        Validity
            Not Before: Apr 30 17:01:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=89c7a6b9fb4e9443cd19d854e327ab8d10001567
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:81:56:b6:6f:b5:e5:ff:59:24:8f:c4:c9:98:6f:
                    7a:31:ba:f5:b8:bd:9f:47:de:40:d9:d9:1f:99:ce:
                    d8:f0:f4:99:c5:4f:97:0e:82:61:1d:69:0c:04:40:
                    ff:5f:56:0d:fa:3a:6e:ce:79:08:1f:1a:95:71:e2:
                    61:1c:ed:72:dd:55:57:3d:a2:bb:ad:81:e3:70:fe:
                    98:bd:f1:b5:80:b0:fb:31:0c:16:e4:82:7e:c0:ef:
                    98:c9:c5:6b:eb:19:2a:a4:80:75:ab:08:1f:c9:06:
                    e2:ea:38:6c:0c:5c:4b:12:f3:4b:fc:a6:cb:e6:52:
                    c1:5b:14:2b:f1:99:0a:db:fd:4f:f6:1e:f0:a9:c7:
                    a1:24:fb:d6:f7:b5:0c:0e:56:63:9b:5b:bf:e5:96:
                    c8:f0:94:08:03:23:6a:3d:99:ae:32:d1:88:4b:28:
                    44:a2:6e:a8:15:43:78:89:fc:a3:4d:d6:8b:69:35:
                    90:d6:40:67:f3:4e:35:76:28:4a:d2:09:94:13:4f:
                    48:32:b2:00:d8:f3:e0:bc:f2:3e:89:3a:56:da:e2:
                    6b:f4:d6:76:2b:7a:e7:07:d4:81:0c:a6:fa:51:75:
                    14:65:b5:5f:ca:e6:67:be:3b:e1:3f:d7:3e:e9:de:
                    11:f0:e5:04:01:66:2c:3e:42:bd:82:d5:5f:dd:9d:
                    72:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                89:C7:A6:B9:FB:4E:94:43:CD:19:D8:54:E3:27:AB:8D:10:00:15:67
            X509v3 Authority Key Identifier:
                keyid:3E:60:97:69:86:86:E1:55:5F:51:F6:C8:83:BC:5A:58:54:9B:23:62

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/icemuftOlEPNGdhU4yerjRAAFWc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.249.170.0/24

    Signature Algorithm: sha256WithRSAEncryption
         50:0b:a8:17:a0:26:93:0f:e4:5c:78:13:8c:38:2b:51:64:60:
         85:4b:21:f6:8f:74:56:70:96:bc:6a:2f:ee:56:cb:27:15:62:
         c4:56:48:52:56:e3:30:0b:7f:45:bc:fc:4c:87:ee:77:70:73:
         f8:5f:a0:9b:12:05:20:19:db:8f:f4:10:08:42:06:cc:e3:07:
         d7:c9:88:43:31:6e:13:73:08:6e:1a:0d:ab:1b:f4:d9:12:3c:
         a1:9e:c0:fd:e9:73:cb:e1:04:1a:ad:72:91:f9:f9:ae:ca:35:
         ba:97:f4:98:b7:47:67:69:31:90:2b:66:81:29:bc:30:aa:d5:
         13:7c:6f:96:da:54:2a:c0:2f:b4:9d:a8:13:2c:c9:58:35:78:
         8e:49:71:cc:a8:65:71:b0:17:b5:02:4f:a1:a4:55:fb:f0:98:
         f5:0f:6c:85:bb:ec:f3:62:a0:96:7e:bf:c3:52:5d:bc:5c:2f:
         a1:ad:83:ee:91:8c:80:5e:40:4b:5b:aa:dd:22:be:75:ec:05:
         b1:14:c8:62:7b:13:2c:57:84:54:2a:35:d8:4d:43:e2:e1:b5:
         fd:c1:0c:98:51:87:e6:e0:17:43:95:8a:76:ac:89:fa:f3:70:
         30:01:2f:29:35:64:19:e0:9f:ca:1a:f4:80:46:80:c0:25:3d:
         8f:1a:98:5e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZaHpStUr+QRlnQ9KjYMQho0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNlNjA5NzY5ODY4NmUxNTU1ZjUxZjZjODgzYmM1YTU4NTQ5
YjIzNjIwHhcNMjUwNDMwMTcwMTEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4OWM3YTZiOWZiNGU5NDQzY2QxOWQ4NTRlMzI3YWI4ZDEwMDAxNTY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgVa2b7Xl/1kkj8TJmG96Mbr1uL2f
R95A2dkfmc7Y8PSZxU+XDoJhHWkMBED/X1YN+jpuznkIHxqVceJhHO1y3VVXPaK7
rYHjcP6YvfG1gLD7MQwW5IJ+wO+YycVr6xkqpIB1qwgfyQbi6jhsDFxLEvNL/KbL
5lLBWxQr8ZkK2/1P9h7wqcehJPvW97UMDlZjm1u/5ZbI8JQIAyNqPZmuMtGISyhE
om6oFUN4ifyjTdaLaTWQ1kBn8041dihK0gmUE09IMrIA2PPgvPI+iTpW2uJr9NZ2
K3rnB9SBDKb6UXUUZbVfyuZnvjvhP9c+6d4R8OUEAWYsPkK9gtVf3Z1yOQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFInHprn7TpRDzRnYVOMnq40QABVnMB8GA1UdIwQY
MBaAFD5gl2mGhuFVX1H2yIO8WlhUmyNiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUG1DWGFZYUc0VlZmVWZiSWc3eGFXRlNiSTJJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMC85NjU4MzctNTJjYi00NmI0LWFlZGIt
ZTFiZDg4ZDNmZDA3LzEvaWNlbXVmdE9sRVBOR2RoVTR5ZXJqUkFBRldjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMC85NjU4MzctNTJjYi00NmI0LWFlZGItZTFiZDg4ZDNmZDA3
LzEvUG1DWGFZYUc0VlZmVWZiSWc3eGFXRlNiSTJJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXvmqMA0G
CSqGSIb3DQEBCwUAA4IBAQBQC6gXoCaTD+RceBOMOCtRZGCFSyH2j3RWcJa8ai/u
VssnFWLEVkhSVuMwC39FvPxMh+53cHP4X6CbEgUgGduP9BAIQgbM4wfXyYhDMW4T
cwhuGg2rG/TZEjyhnsD96XPL4QQarXKR+fmuyjW6l/SYt0dnaTGQK2aBKbwwqtUT
fG+W2lQqwC+0nagTLMlYNXiOSXHMqGVxsBe1Ak+hpFX78Jj1D2yFu+zzYqCWfr/D
Ul28XC+hrYPukYyAXkBLW6rdIr517AWxFMhiexMsV4RUKjXYTUPi4bX9wQyYUYfm
4BdDlYp2rIn683AwAS8pNWQZ4J/KGvSARoDAJT2PGphe
-----END CERTIFICATE-----