Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9c/71a97c-35f4-4f21-a43a-7396e42b1830/1/rJhQc64vZyQK9s6luNANsgKcie4.roa
File:                     rJhQc64vZyQK9s6luNANsgKcie4.roa (raw, json)
Hash identifier:          Wbhd0vQIHlwhZqfDUEHqh+EPALpqB/xJq31v2DZm/Wc=
Subject key identifier:   AC:98:50:73:AE:2F:67:24:0A:F6:CE:A5:B8:D0:0D:B2:02:9C:89:EE
Certificate issuer:       /CN=a18f02d5ebc9e8b9521af7132b12cb6bb65693c6
Certificate serial:       0196AB548B1E14D01FB20AA9A49DFE33AF08
Authority key identifier: A1:8F:02:D5:EB:C9:E8:B9:52:1A:F7:13:2B:12:CB:6B:B6:56:93:C6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/oY8C1evJ6LlSGvcTKxLLa7ZWk8Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9c/71a97c-35f4-4f21-a43a-7396e42b1830/1/rJhQc64vZyQK9s6luNANsgKcie4.roa
Signing time:             Wed 07 May 2025 15:19:26 +0000
ROA not before:           Wed 07 May 2025 15:19:26 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     216257
IP address blocks:        185.176.20.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9c/71a97c-35f4-4f21-a43a-7396e42b1830/1/oY8C1evJ6LlSGvcTKxLLa7ZWk8Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9c/71a97c-35f4-4f21-a43a-7396e42b1830/1/oY8C1evJ6LlSGvcTKxLLa7ZWk8Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/oY8C1evJ6LlSGvcTKxLLa7ZWk8Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 15 May 2025 08:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:ab:54:8b:1e:14:d0:1f:b2:0a:a9:a4:9d:fe:33:af:08
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a18f02d5ebc9e8b9521af7132b12cb6bb65693c6
        Validity
            Not Before: May  7 15:19:26 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ac985073ae2f67240af6cea5b8d00db2029c89ee
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:f3:13:c5:20:e9:75:70:1b:32:33:b1:fd:65:
                    15:0f:1f:83:b8:96:c3:c3:e4:55:d6:be:a0:bd:a8:
                    51:bd:31:90:ae:ac:e7:cc:0a:31:75:8c:8b:7d:a8:
                    5b:1a:e4:37:b0:b7:4d:24:f2:ee:66:d3:45:8a:7b:
                    99:e6:be:25:28:76:ca:e1:bc:ed:d5:2f:a3:08:c8:
                    8f:1a:2c:2c:69:44:f9:68:60:23:04:98:f7:6b:f5:
                    42:fe:0b:74:f8:cc:dd:ed:36:d2:33:8c:d5:16:4c:
                    4e:bd:f6:02:ec:31:c1:cc:05:93:93:12:06:9d:15:
                    75:07:21:34:40:2e:fe:d6:a8:c4:33:eb:3a:bc:14:
                    05:5c:b6:d0:1d:e5:93:fc:a6:f3:31:a9:de:29:4b:
                    ed:17:99:c5:fe:00:e9:00:04:45:70:a1:74:f4:0a:
                    08:49:e6:1e:e0:42:f7:47:06:38:e4:9b:9c:09:d6:
                    ab:b6:ae:18:42:f6:17:b3:3f:39:b9:32:85:1f:ac:
                    b1:78:f5:b9:de:83:bf:c8:3a:ec:cd:33:6e:48:a7:
                    00:97:80:6f:45:4a:a0:83:d1:48:26:b6:4b:55:1e:
                    07:8f:3f:5d:71:6e:d3:41:66:7f:86:1d:9b:37:93:
                    e8:32:1d:e7:b0:1d:55:9e:79:e1:85:69:6d:26:8d:
                    9b:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AC:98:50:73:AE:2F:67:24:0A:F6:CE:A5:B8:D0:0D:B2:02:9C:89:EE
            X509v3 Authority Key Identifier:
                keyid:A1:8F:02:D5:EB:C9:E8:B9:52:1A:F7:13:2B:12:CB:6B:B6:56:93:C6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/oY8C1evJ6LlSGvcTKxLLa7ZWk8Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9c/71a97c-35f4-4f21-a43a-7396e42b1830/1/rJhQc64vZyQK9s6luNANsgKcie4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9c/71a97c-35f4-4f21-a43a-7396e42b1830/1/oY8C1evJ6LlSGvcTKxLLa7ZWk8Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.176.20.0/22

    Signature Algorithm: sha256WithRSAEncryption
         0e:64:73:39:97:12:6a:24:13:b2:ad:b6:1a:82:a6:41:25:88:
         c6:08:e1:c9:14:e7:d2:21:71:41:6b:94:e3:10:08:57:f1:a9:
         2f:35:36:65:a2:1b:89:20:10:00:47:03:a7:29:f4:86:bd:29:
         bd:8b:34:eb:9b:21:ef:7e:37:f3:66:c7:9a:e6:74:90:a3:bf:
         56:c3:2d:f1:11:2b:dc:91:93:66:90:7c:1f:37:10:2c:5d:2a:
         5b:ad:a9:bc:17:3f:6e:5b:79:da:36:3c:ea:53:8f:1e:70:8b:
         5b:f1:05:8a:39:9b:ae:4f:dc:2d:a8:8e:92:cb:27:0e:96:d3:
         5a:d3:72:b6:df:92:ff:95:1d:aa:cb:0d:8b:c9:a4:26:7b:9b:
         ef:ea:67:ba:6e:88:89:e2:6e:d5:59:55:d7:2f:06:9a:98:a8:
         2f:0a:6e:c8:fe:f1:2b:46:ff:a4:98:8a:79:13:ac:a7:34:88:
         f1:2d:79:32:c6:bb:54:10:67:ff:1b:dc:75:bd:88:06:d3:16:
         b8:9d:2d:f3:d7:33:e6:9d:92:b2:b9:f1:2b:3e:18:d6:3e:2d:
         37:9f:75:15:26:1b:2b:be:82:a0:23:16:66:f6:74:10:15:d8:
         f8:f4:d7:df:28:2c:f0:7e:c3:fc:3e:e2:f6:0b:f6:97:b5:26:
         bb:ce:d2:ab
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZarVIseFNAfsgqppJ3+M68IMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGExOGYwMmQ1ZWJjOWU4Yjk1MjFhZjcxMzJiMTJjYjZiYjY1
NjkzYzYwHhcNMjUwNTA3MTUxOTI2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYzk4NTA3M2FlMmY2NzI0MGFmNmNlYTViOGQwMGRiMjAyOWM4OWVlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtvMTxSDpdXAbMjOx/WUVDx+DuJbD
w+RV1r6gvahRvTGQrqznzAoxdYyLfahbGuQ3sLdNJPLuZtNFinuZ5r4lKHbK4bzt
1S+jCMiPGiwsaUT5aGAjBJj3a/VC/gt0+Mzd7TbSM4zVFkxOvfYC7DHBzAWTkxIG
nRV1ByE0QC7+1qjEM+s6vBQFXLbQHeWT/KbzManeKUvtF5nF/gDpAARFcKF09AoI
SeYe4EL3RwY45JucCdartq4YQvYXsz85uTKFH6yxePW53oO/yDrszTNuSKcAl4Bv
RUqgg9FIJrZLVR4Hjz9dcW7TQWZ/hh2bN5PoMh3nsB1VnnnhhWltJo2bFwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKyYUHOuL2ckCvbOpbjQDbICnInuMB8GA1UdIwQY
MBaAFKGPAtXryei5Uhr3EysSy2u2VpPGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb1k4QzFldko2TGxTR3ZjVEt4TExhN1pXazhZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Yy83MWE5N2MtMzVmNC00ZjIxLWE0M2Et
NzM5NmU0MmIxODMwLzEvckpoUWM2NHZaeVFLOXM2bHVOQU5zZ0tjaWU0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Yy83MWE5N2MtMzVmNC00ZjIxLWE0M2EtNzM5NmU0MmIxODMw
LzEvb1k4QzFldko2TGxTR3ZjVEt4TExhN1pXazhZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCubAUMA0G
CSqGSIb3DQEBCwUAA4IBAQAOZHM5lxJqJBOyrbYagqZBJYjGCOHJFOfSIXFBa5Tj
EAhX8akvNTZlohuJIBAARwOnKfSGvSm9izTrmyHvfjfzZsea5nSQo79Wwy3xESvc
kZNmkHwfNxAsXSpbram8Fz9uW3naNjzqU48ecItb8QWKOZuuT9wtqI6SyycOltNa
03K235L/lR2qyw2LyaQme5vv6me6boiJ4m7VWVXXLwaamKgvCm7I/vErRv+kmIp5
E6ynNIjxLXkyxrtUEGf/G9x1vYgG0xa4nS3z1zPmnZKyufErPhjWPi03n3UVJhsr
voKgIxZm9nQQFdj49NffKCzwfsP8PuL2C/aXtSa7ztKr
-----END CERTIFICATE-----