Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/a8dd9e-71f2-4f77-b575-0d3fce429bde/1/P4RQICIsv2ynDFNy1pTdbhvIXok.roa
File:                     P4RQICIsv2ynDFNy1pTdbhvIXok.roa (raw, json)
Hash identifier:          3BspGo/InWWElD0+8Z5QOqYWItS4j6gIXyuD2KZuZ58=
Subject key identifier:   3F:84:50:20:22:2C:BF:6C:A7:0C:53:72:D6:94:DD:6E:1B:C8:5E:89
Certificate issuer:       /CN=3694fcc6bf6a8740fa7814641fd9d6ec8d862e5f
Certificate serial:       01969BAB339F2E77939BD2E6E86275C054CC
Authority key identifier: 36:94:FC:C6:BF:6A:87:40:FA:78:14:64:1F:D9:D6:EC:8D:86:2E:5F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NpT8xr9qh0D6eBRkH9nW7I2GLl8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/a8dd9e-71f2-4f77-b575-0d3fce429bde/1/P4RQICIsv2ynDFNy1pTdbhvIXok.roa
Signing time:             Sun 04 May 2025 14:20:10 +0000
ROA not before:           Sun 04 May 2025 14:20:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     268581
IP address blocks:        185.194.204.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bc/a8dd9e-71f2-4f77-b575-0d3fce429bde/1/NpT8xr9qh0D6eBRkH9nW7I2GLl8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bc/a8dd9e-71f2-4f77-b575-0d3fce429bde/1/NpT8xr9qh0D6eBRkH9nW7I2GLl8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NpT8xr9qh0D6eBRkH9nW7I2GLl8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 07 May 2025 02:00:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:9b:ab:33:9f:2e:77:93:9b:d2:e6:e8:62:75:c0:54:cc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3694fcc6bf6a8740fa7814641fd9d6ec8d862e5f
        Validity
            Not Before: May  4 14:20:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3f845020222cbf6ca70c5372d694dd6e1bc85e89
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:86:25:73:fe:3a:48:9d:bc:07:8c:2a:56:9d:
                    5a:b2:ca:c0:d7:0c:7a:9c:3b:ee:74:d9:09:f2:1a:
                    ec:2c:2d:1d:cd:e2:4e:55:13:cb:13:0a:72:e5:65:
                    50:8d:3e:86:f5:7b:33:14:c2:76:d4:87:da:5f:fd:
                    2e:e9:4f:29:92:ba:bb:0e:dd:66:0e:bc:7b:e9:2a:
                    47:09:20:49:e0:cc:3a:3c:66:fa:c2:53:a0:ae:42:
                    04:45:b3:db:cf:b4:03:53:da:bd:b5:44:49:2f:b4:
                    47:7d:9a:b5:2f:c4:bb:c6:0b:87:cb:c2:8c:c7:9c:
                    4c:88:3a:a1:43:c7:41:fb:e8:52:9a:ba:68:db:db:
                    b1:e4:21:69:04:d9:05:16:7c:d2:9f:72:6c:3b:86:
                    ae:d3:6d:63:93:e5:a7:50:c2:9a:2b:b1:f8:3b:db:
                    c7:43:0a:e3:f7:63:14:95:40:b5:4b:6c:de:3f:b7:
                    f3:bf:a6:0f:43:07:3e:a8:36:e7:ec:14:a1:e2:75:
                    dd:0d:d0:4c:fb:8d:e0:60:12:39:8c:c6:c1:95:ab:
                    6f:55:6d:41:78:16:6e:2a:3f:7a:25:04:3c:12:0a:
                    d2:00:c4:4b:22:b6:f2:4e:46:05:72:4f:56:ec:4a:
                    91:f3:a3:88:44:c0:2a:48:00:d7:8b:0e:be:64:d6:
                    e2:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3F:84:50:20:22:2C:BF:6C:A7:0C:53:72:D6:94:DD:6E:1B:C8:5E:89
            X509v3 Authority Key Identifier:
                keyid:36:94:FC:C6:BF:6A:87:40:FA:78:14:64:1F:D9:D6:EC:8D:86:2E:5F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NpT8xr9qh0D6eBRkH9nW7I2GLl8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/a8dd9e-71f2-4f77-b575-0d3fce429bde/1/P4RQICIsv2ynDFNy1pTdbhvIXok.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/a8dd9e-71f2-4f77-b575-0d3fce429bde/1/NpT8xr9qh0D6eBRkH9nW7I2GLl8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.194.204.0/23

    Signature Algorithm: sha256WithRSAEncryption
         06:23:07:af:dc:ba:c3:f6:66:9e:b4:ed:00:8e:6b:16:79:f2:
         5f:6d:5d:87:02:a6:dd:cd:0c:bc:85:ef:1d:24:a3:17:4b:f9:
         f0:c7:b6:d2:83:f9:5b:65:83:0e:29:26:3c:17:8a:6d:35:37:
         2d:59:6e:b2:1b:c6:57:f1:dd:4f:6f:e3:f5:76:e1:0e:17:3d:
         54:34:7c:a7:43:dc:c2:22:ab:cc:94:f5:79:99:76:03:8f:87:
         9b:a4:a0:23:c4:bc:0e:4e:86:c2:73:eb:b5:df:4c:f4:b3:2b:
         4d:a0:c5:3e:b8:48:4b:98:f0:e3:61:e9:de:1e:17:51:7a:b6:
         87:b3:6f:9a:6d:87:fa:21:3d:ba:b5:5f:92:9a:f4:b2:35:99:
         b4:1a:a3:a6:ab:67:3f:28:12:27:63:94:3f:1d:7f:dc:38:40:
         cc:82:66:94:91:d9:92:e4:4c:3d:35:7f:fb:9f:20:0e:9f:f4:
         4e:59:25:66:32:66:1f:63:f8:c2:f9:98:1a:62:96:4b:c0:bc:
         c6:47:0f:6c:12:11:bc:40:ec:fc:21:19:86:64:cd:b9:6f:5f:
         1a:32:2a:25:12:ce:11:0e:50:3b:0e:06:f9:a7:f3:bc:79:ba:
         63:82:a3:88:bd:e0:15:fc:b8:91:f3:28:ea:35:5d:3d:9d:a2:
         37:d3:45:7f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZabqzOfLneTm9Lm6GJ1wFTMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2OTRmY2M2YmY2YTg3NDBmYTc4MTQ2NDFmZDlkNmVjOGQ4
NjJlNWYwHhcNMjUwNTA0MTQyMDEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZjg0NTAyMDIyMmNiZjZjYTcwYzUzNzJkNjk0ZGQ2ZTFiYzg1ZTg5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAloYlc/46SJ28B4wqVp1assrA1wx6
nDvudNkJ8hrsLC0dzeJOVRPLEwpy5WVQjT6G9XszFMJ21IfaX/0u6U8pkrq7Dt1m
Drx76SpHCSBJ4Mw6PGb6wlOgrkIERbPbz7QDU9q9tURJL7RHfZq1L8S7xguHy8KM
x5xMiDqhQ8dB++hSmrpo29ux5CFpBNkFFnzSn3JsO4au021jk+WnUMKaK7H4O9vH
Qwrj92MUlUC1S2zeP7fzv6YPQwc+qDbn7BSh4nXdDdBM+43gYBI5jMbBlatvVW1B
eBZuKj96JQQ8EgrSAMRLIrbyTkYFck9W7EqR86OIRMAqSADXiw6+ZNbifQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFD+EUCAiLL9spwxTctaU3W4byF6JMB8GA1UdIwQY
MBaAFDaU/Ma/aodA+ngUZB/Z1uyNhi5fMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnBUOHhyOXFoMEQ2ZUJSa0g5blc3STJHTGw4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy9hOGRkOWUtNzFmMi00Zjc3LWI1NzUt
MGQzZmNlNDI5YmRlLzEvUDRSUUlDSXN2MnluREZOeTFwVGRiaHZJWG9rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy9hOGRkOWUtNzFmMi00Zjc3LWI1NzUtMGQzZmNlNDI5YmRl
LzEvTnBUOHhyOXFoMEQ2ZUJSa0g5blc3STJHTGw4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBucLMMA0G
CSqGSIb3DQEBCwUAA4IBAQAGIwev3LrD9maetO0AjmsWefJfbV2HAqbdzQy8he8d
JKMXS/nwx7bSg/lbZYMOKSY8F4ptNTctWW6yG8ZX8d1Pb+P1duEOFz1UNHynQ9zC
IqvMlPV5mXYDj4ebpKAjxLwOTobCc+u130z0sytNoMU+uEhLmPDjYeneHhdReraH
s2+abYf6IT26tV+SmvSyNZm0GqOmq2c/KBInY5Q/HX/cOEDMgmaUkdmS5Ew9NX/7
nyAOn/ROWSVmMmYfY/jC+ZgaYpZLwLzGRw9sEhG8QOz8IRmGZM25b18aMiolEs4R
DlA7Dgb5p/O8ebpjgqOIveAV/LiR8yjqNV09naI300V/
-----END CERTIFICATE-----