Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b9/4bfd9d-6afc-4bd7-bb43-badafca3944f/1/clXhyQe-LLckpLARmE4B09fLjyw.roa
File:                     clXhyQe-LLckpLARmE4B09fLjyw.roa (raw, json)
Hash identifier:          pbecPMSxuQ5FNWz7fJjCuWiZFYFozOnGtUYlmUh0qZA=
Subject key identifier:   72:55:E1:C9:07:BE:2C:B7:24:A4:B0:11:98:4E:01:D3:D7:CB:8F:2C
Certificate issuer:       /CN=f2262faf4376420024aad72983ac3e87944ea7a5
Certificate serial:       0196B02DC00D924EF047CBF75726974B33C6
Authority key identifier: F2:26:2F:AF:43:76:42:00:24:AA:D7:29:83:AC:3E:87:94:4E:A7:A5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8iYvr0N2QgAkqtcpg6w-h5ROp6U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b9/4bfd9d-6afc-4bd7-bb43-badafca3944f/1/clXhyQe-LLckpLARmE4B09fLjyw.roa
Signing time:             Thu 08 May 2025 13:55:10 +0000
ROA not before:           Thu 08 May 2025 13:55:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     211248
IP address blocks:        185.45.104.0/22 maxlen: 22
                          193.35.44.0/24 maxlen: 24
                          2a04:2a40::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b9/4bfd9d-6afc-4bd7-bb43-badafca3944f/1/8iYvr0N2QgAkqtcpg6w-h5ROp6U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b9/4bfd9d-6afc-4bd7-bb43-badafca3944f/1/8iYvr0N2QgAkqtcpg6w-h5ROp6U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8iYvr0N2QgAkqtcpg6w-h5ROp6U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 11 May 2025 10:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:b0:2d:c0:0d:92:4e:f0:47:cb:f7:57:26:97:4b:33:c6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f2262faf4376420024aad72983ac3e87944ea7a5
        Validity
            Not Before: May  8 13:55:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=7255e1c907be2cb724a4b011984e01d3d7cb8f2c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:de:48:f3:6f:df:ba:63:20:12:40:e8:37:d3:8f:
                    a8:e3:20:ec:93:f5:75:72:bb:3c:30:f4:d3:f1:33:
                    cb:28:41:5c:ed:89:0e:aa:34:87:d5:8d:b5:11:bd:
                    87:31:cf:ae:d7:eb:9e:a6:c9:b6:14:f4:3c:e9:a9:
                    0a:e0:4c:67:14:fb:57:9d:18:f2:43:44:35:e2:59:
                    68:94:07:1c:0e:c1:dc:bf:19:8f:7c:ee:a1:a9:09:
                    e7:f6:98:04:ee:29:02:06:51:96:c4:cd:2c:6c:e8:
                    82:d3:9b:5b:93:9a:07:f4:58:d0:d4:53:c0:33:7e:
                    6d:9f:f3:29:55:6a:1d:bf:5f:52:ce:9e:0b:95:73:
                    c8:96:22:be:5b:08:df:7d:10:b7:a0:3e:65:90:55:
                    a1:b0:54:c7:50:55:ed:df:e8:98:cd:1c:5b:4d:d7:
                    5c:c1:c4:47:32:02:b7:29:ef:43:a1:b9:07:4e:79:
                    4c:4e:ed:29:af:6d:60:f6:6d:1a:21:13:08:f0:24:
                    8c:7b:76:be:8d:57:1d:50:7e:d9:a1:26:8d:44:ec:
                    56:b5:1f:fb:d9:50:5e:35:2d:70:c9:b5:df:77:51:
                    50:f0:eb:17:f9:31:77:64:18:ec:18:12:b5:e6:c1:
                    c8:5c:20:f1:9c:4a:c4:72:94:db:ae:b9:00:2f:7c:
                    50:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                72:55:E1:C9:07:BE:2C:B7:24:A4:B0:11:98:4E:01:D3:D7:CB:8F:2C
            X509v3 Authority Key Identifier:
                keyid:F2:26:2F:AF:43:76:42:00:24:AA:D7:29:83:AC:3E:87:94:4E:A7:A5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8iYvr0N2QgAkqtcpg6w-h5ROp6U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b9/4bfd9d-6afc-4bd7-bb43-badafca3944f/1/clXhyQe-LLckpLARmE4B09fLjyw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b9/4bfd9d-6afc-4bd7-bb43-badafca3944f/1/8iYvr0N2QgAkqtcpg6w-h5ROp6U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.45.104.0/22
                  193.35.44.0/24
                IPv6:
                  2a04:2a40::/29

    Signature Algorithm: sha256WithRSAEncryption
         25:c1:cb:09:bd:a7:27:82:58:28:f7:69:d9:79:3a:26:4d:d8:
         8f:93:23:97:fd:89:15:18:e2:56:d2:bd:25:52:b0:21:69:60:
         90:42:9e:1b:ce:9b:65:77:02:51:a4:be:e2:84:5a:10:bd:1f:
         ea:c9:86:ca:77:92:f1:30:ed:86:90:88:7c:da:72:07:ee:01:
         76:1a:26:ab:e2:4a:cd:0f:59:e9:c5:d8:31:14:15:ac:9f:00:
         ce:c1:72:16:b1:31:a8:bf:09:34:9c:45:3d:31:b9:e2:31:81:
         fe:9a:90:7d:c8:73:74:a5:88:1e:18:08:90:2c:65:53:60:b7:
         b5:75:fc:52:da:12:b9:8e:6f:83:69:f2:47:ca:b3:ba:96:14:
         f9:d5:26:b8:3b:46:d8:71:ab:1c:01:c9:54:97:3a:30:5a:3d:
         8f:8e:72:24:4a:bc:57:5a:d0:30:95:e6:9a:8a:b4:f6:7a:a2:
         ef:bd:88:ae:24:78:0d:b2:47:a2:27:d7:8e:04:bd:55:72:4e:
         ba:41:85:a9:1c:3d:a0:b3:09:9e:ae:97:32:b1:bd:09:8d:b6:
         db:26:82:41:dc:b4:2b:4d:ca:56:7d:59:d9:39:96:b5:48:0a:
         bb:0f:2f:fe:3a:ed:38:e2:83:f6:70:e3:f4:04:39:a0:82:99:
         c7:32:c5:cd
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZawLcANkk7wR8v3VyaXSzPGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYyMjYyZmFmNDM3NjQyMDAyNGFhZDcyOTgzYWMzZTg3OTQ0
ZWE3YTUwHhcNMjUwNTA4MTM1NTEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MjU1ZTFjOTA3YmUyY2I3MjRhNGIwMTE5ODRlMDFkM2Q3Y2I4ZjJjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3kjzb9+6YyASQOg304+o4yDsk/V1
crs8MPTT8TPLKEFc7YkOqjSH1Y21Eb2HMc+u1+uepsm2FPQ86akK4ExnFPtXnRjy
Q0Q14llolAccDsHcvxmPfO6hqQnn9pgE7ikCBlGWxM0sbOiC05tbk5oH9FjQ1FPA
M35tn/MpVWodv19Szp4LlXPIliK+WwjffRC3oD5lkFWhsFTHUFXt3+iYzRxbTddc
wcRHMgK3Ke9DobkHTnlMTu0pr21g9m0aIRMI8CSMe3a+jVcdUH7ZoSaNROxWtR/7
2VBeNS1wybXfd1FQ8OsX+TF3ZBjsGBK15sHIXCDxnErEcpTbrrkAL3xQyQIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFHJV4ckHviy3JKSwEZhOAdPXy48sMB8GA1UdIwQY
MBaAFPImL69DdkIAJKrXKYOsPoeUTqelMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOGlZdnIwTjJRZ0FrcXRjcGc2dy1oNVJPcDZVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOS80YmZkOWQtNmFmYy00YmQ3LWJiNDMt
YmFkYWZjYTM5NDRmLzEvY2xYaHlRZS1MTGNrcExBUm1FNEIwOWZManl3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOS80YmZkOWQtNmFmYy00YmQ3LWJiNDMtYmFkYWZjYTM5NDRm
LzEvOGlZdnIwTjJRZ0FrcXRjcGc2dy1oNVJPcDZVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQCuS1oAwQA
wSMsMA0EAgACMAcDBQMqBCpAMA0GCSqGSIb3DQEBCwUAA4IBAQAlwcsJvacnglgo
92nZeTomTdiPkyOX/YkVGOJW0r0lUrAhaWCQQp4bzptldwJRpL7ihFoQvR/qyYbK
d5LxMO2GkIh82nIH7gF2Giar4krND1npxdgxFBWsnwDOwXIWsTGovwk0nEU9Mbni
MYH+mpB9yHN0pYgeGAiQLGVTYLe1dfxS2hK5jm+DafJHyrO6lhT51Sa4O0bYcasc
AclUlzowWj2PjnIkSrxXWtAwleaairT2eqLvvYiuJHgNskeiJ9eOBL1Vck66QYWp
HD2gswmerpcysb0JjbbbJoJB3LQrTcpWfVnZOZa1SAq7Dy/+Ou044oP2cOP0BDmg
gpnHMsXN
-----END CERTIFICATE-----