Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/aa6629-d149-4197-a315-d21071ef735b/1/lk0kW7gk9ebgkGZx0Y9lnDT0qkU.roa
File:                     lk0kW7gk9ebgkGZx0Y9lnDT0qkU.roa (raw, json)
Hash identifier:          KKVHW+qOMxsEq18HrCF5l6cv0zEMRLM/HtsywpIiJQg=
Subject key identifier:   96:4D:24:5B:B8:24:F5:E6:E0:90:66:71:D1:8F:65:9C:34:F4:AA:45
Certificate issuer:       /CN=fa3d0bc11b29da44ad57304c3f8568870a019c24
Certificate serial:       01977800A8FC97FD46473FCFEB49432E9A39
Authority key identifier: FA:3D:0B:C1:1B:29:DA:44:AD:57:30:4C:3F:85:68:87:0A:01:9C:24
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-j0LwRsp2kStVzBMP4VohwoBnCQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/aa6629-d149-4197-a315-d21071ef735b/1/lk0kW7gk9ebgkGZx0Y9lnDT0qkU.roa
Signing time:             Mon 16 Jun 2025 09:09:58 +0000
ROA not before:           Mon 16 Jun 2025 09:09:58 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     0
IP address blocks:        185.118.12.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/aa6629-d149-4197-a315-d21071ef735b/1/1-j0LwRsp2kStVzBMP4VohwoBnCQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/aa6629-d149-4197-a315-d21071ef735b/1/1-j0LwRsp2kStVzBMP4VohwoBnCQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-j0LwRsp2kStVzBMP4VohwoBnCQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 03 Jul 2025 23:01:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:78:00:a8:fc:97:fd:46:47:3f:cf:eb:49:43:2e:9a:39
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fa3d0bc11b29da44ad57304c3f8568870a019c24
        Validity
            Not Before: Jun 16 09:09:58 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=964d245bb824f5e6e0906671d18f659c34f4aa45
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:0f:18:e4:1d:70:c5:34:02:a0:57:da:23:81:
                    67:b8:8e:5f:63:82:5b:69:85:a2:be:d1:0a:d9:88:
                    28:b1:fe:a1:de:51:68:be:5d:d2:dc:b4:2c:98:c8:
                    ad:4e:1a:2c:fd:8f:fd:58:80:c5:ce:a5:6e:67:7b:
                    5b:c9:a9:48:54:57:6a:08:f2:f3:58:22:b5:16:71:
                    7b:25:02:49:34:ef:02:97:d6:71:06:30:22:9b:fa:
                    a5:15:5f:46:75:02:ac:70:29:cd:f6:e0:95:00:28:
                    fe:a3:3a:74:30:f9:9c:f2:bf:c5:07:9e:5d:b9:40:
                    33:85:79:ec:65:d4:89:29:f0:69:a8:f7:5c:c7:6f:
                    49:20:46:57:57:e2:32:56:be:10:a5:30:b6:b5:4b:
                    62:05:99:22:6d:f1:9f:e1:81:ca:c1:d1:2f:e4:ef:
                    ba:00:16:aa:45:60:61:40:69:81:d9:a1:51:9f:ca:
                    e3:97:49:d5:7d:de:4d:d7:af:72:8a:d4:b2:11:16:
                    a2:24:e8:44:fe:6e:45:63:01:91:0a:bf:4b:1a:ad:
                    91:0a:aa:e5:94:46:33:13:cc:f2:e3:c0:0e:ae:b9:
                    dd:08:5d:68:bf:9b:d4:87:fc:c7:28:c5:f7:96:31:
                    ef:d7:77:36:0b:05:96:fc:99:86:0f:b8:75:63:0d:
                    b2:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                96:4D:24:5B:B8:24:F5:E6:E0:90:66:71:D1:8F:65:9C:34:F4:AA:45
            X509v3 Authority Key Identifier:
                keyid:FA:3D:0B:C1:1B:29:DA:44:AD:57:30:4C:3F:85:68:87:0A:01:9C:24

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-j0LwRsp2kStVzBMP4VohwoBnCQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/aa6629-d149-4197-a315-d21071ef735b/1/lk0kW7gk9ebgkGZx0Y9lnDT0qkU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/aa6629-d149-4197-a315-d21071ef735b/1/1-j0LwRsp2kStVzBMP4VohwoBnCQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.118.12.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5f:c0:cb:d5:ee:5a:97:13:72:5f:ab:ba:e1:a0:23:44:f1:70:
         00:6a:62:24:a1:d7:92:b5:6c:73:83:c2:c0:11:88:3a:a6:21:
         d3:c9:4f:e9:18:6e:df:4e:1c:3a:f0:d1:b9:1a:36:95:a7:a3:
         c0:46:c3:b9:13:ec:17:15:10:42:58:b3:4e:00:5b:bc:3d:0a:
         02:0f:68:5f:1b:2e:15:b5:85:ea:61:92:ad:5e:cc:5c:80:0a:
         cd:a0:3c:bc:51:dc:00:de:75:bb:3d:01:f8:64:7d:86:71:26:
         6c:ce:6d:23:b9:f0:9a:4e:ca:65:4a:8b:1a:14:03:de:70:1e:
         4d:5b:9f:41:d7:7c:26:2f:64:fc:3f:d3:00:13:55:7e:af:bd:
         65:5d:e2:d4:44:3c:92:00:32:2e:9d:ce:98:fe:f5:4d:80:fa:
         a4:85:67:05:65:e1:19:1f:0c:7e:58:4d:31:4c:f3:69:a6:f0:
         0e:55:54:22:c2:0e:ec:9a:7d:41:6c:5a:2b:37:d8:e5:ab:78:
         a1:29:66:e4:71:6c:d9:74:f5:ce:7c:0f:14:99:34:26:31:49:
         dc:a0:7d:64:c9:7c:dd:54:26:df:22:e7:56:4a:8f:4a:32:32:
         6f:5c:89:96:33:f7:2b:13:e3:91:98:24:de:71:e5:44:ca:90:
         5b:17:67:93
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZd4AKj8l/1GRz/P60lDLpo5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZhM2QwYmMxMWIyOWRhNDRhZDU3MzA0YzNmODU2ODg3MGEw
MTljMjQwHhcNMjUwNjE2MDkwOTU4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NjRkMjQ1YmI4MjRmNWU2ZTA5MDY2NzFkMThmNjU5YzM0ZjRhYTQ1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtg8Y5B1wxTQCoFfaI4FnuI5fY4Jb
aYWivtEK2Ygosf6h3lFovl3S3LQsmMitThos/Y/9WIDFzqVuZ3tbyalIVFdqCPLz
WCK1FnF7JQJJNO8Cl9ZxBjAim/qlFV9GdQKscCnN9uCVACj+ozp0MPmc8r/FB55d
uUAzhXnsZdSJKfBpqPdcx29JIEZXV+IyVr4QpTC2tUtiBZkibfGf4YHKwdEv5O+6
ABaqRWBhQGmB2aFRn8rjl0nVfd5N169yitSyERaiJOhE/m5FYwGRCr9LGq2RCqrl
lEYzE8zy48AOrrndCF1ov5vUh/zHKMX3ljHv13c2CwWW/JmGD7h1Yw2yIwIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFJZNJFu4JPXm4JBmcdGPZZw09KpFMB8GA1UdIwQY
MBaAFPo9C8EbKdpErVcwTD+FaIcKAZwkMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1qMEx3UnNwMmtTdFZ6Qk1QNFZvaHdvQm5DUS5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYzMvYWE2NjI5LWQxNDktNDE5Ny1hMzE1
LWQyMTA3MWVmNzM1Yi8xL2xrMGtXN2drOWViZ2tHWngwWTlsbkRUMHFrVS5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvYzMvYWE2NjI5LWQxNDktNDE5Ny1hMzE1LWQyMTA3MWVmNzM1
Yi8xLzEtajBMd1JzcDJrU3RWekJNUDRWb2h3b0JuQ1EuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAC5dgww
DQYJKoZIhvcNAQELBQADggEBAF/Ay9XuWpcTcl+ruuGgI0TxcABqYiSh15K1bHOD
wsARiDqmIdPJT+kYbt9OHDrw0bkaNpWno8BGw7kT7BcVEEJYs04AW7w9CgIPaF8b
LhW1hephkq1ezFyACs2gPLxR3ADedbs9AfhkfYZxJmzObSO58JpOymVKixoUA95w
Hk1bn0HXfCYvZPw/0wATVX6vvWVd4tREPJIAMi6dzpj+9U2A+qSFZwVl4RkfDH5Y
TTFM82mm8A5VVCLCDuyafUFsWis32OWreKEpZuRxbNl09c58DxSZNCYxSdygfWTJ
fN1UJt8i51ZKj0oyMm9ciZYz9ysT45GYJN5x5UTKkFsXZ5M=
-----END CERTIFICATE-----