Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bf/d06832-dbdf-4f87-99b8-38d8a78a4862/1/4PjPPpWKgAtzAAOasr7gIk0JbPI.roa
File:                     4PjPPpWKgAtzAAOasr7gIk0JbPI.roa (raw, json)
Hash identifier:          yiKX1aQ5yWrVl7HwLmjfK1M9G+FpWFiXbyU5qVlLbDY=
Subject key identifier:   E0:F8:CF:3E:95:8A:80:0B:73:00:03:9A:B2:BE:E0:22:4D:09:6C:F2
Certificate issuer:       /CN=403f08bbaffa4161843203a8a757ab6e9546b0ce
Certificate serial:       0196AF60ABC0F659333C278AF13E9F54B430
Authority key identifier: 40:3F:08:BB:AF:FA:41:61:84:32:03:A8:A7:57:AB:6E:95:46:B0:CE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/QD8Iu6_6QWGEMgOop1erbpVGsM4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bf/d06832-dbdf-4f87-99b8-38d8a78a4862/1/4PjPPpWKgAtzAAOasr7gIk0JbPI.roa
Signing time:             Thu 08 May 2025 10:11:10 +0000
ROA not before:           Thu 08 May 2025 10:11:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213295
IP address blocks:        185.77.20.0/24 maxlen: 24
                          195.200.234.0/24 maxlen: 24
                          2a10:d0c0::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bf/d06832-dbdf-4f87-99b8-38d8a78a4862/1/QD8Iu6_6QWGEMgOop1erbpVGsM4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bf/d06832-dbdf-4f87-99b8-38d8a78a4862/1/QD8Iu6_6QWGEMgOop1erbpVGsM4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/QD8Iu6_6QWGEMgOop1erbpVGsM4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 15 May 2025 08:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:af:60:ab:c0:f6:59:33:3c:27:8a:f1:3e:9f:54:b4:30
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=403f08bbaffa4161843203a8a757ab6e9546b0ce
        Validity
            Not Before: May  8 10:11:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e0f8cf3e958a800b7300039ab2bee0224d096cf2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:74:6e:54:cc:1f:4d:c2:e0:a6:8b:c7:b3:7d:
                    3a:8d:5f:38:de:ab:54:67:8f:ea:27:46:f0:e8:39:
                    d2:cf:79:a2:b9:50:92:06:29:5b:2c:55:d1:07:36:
                    47:6d:75:7c:4c:b8:d2:54:82:03:cf:8c:36:6a:19:
                    11:aa:5c:f7:8e:23:7a:bb:e9:f7:c9:04:be:f1:bc:
                    bf:d8:52:68:b1:1f:6e:11:83:65:26:6f:a7:69:1d:
                    e1:96:8c:44:0c:29:f7:97:4c:10:af:71:2f:5c:6b:
                    11:e7:bd:a9:92:c9:1f:d2:35:5f:af:2c:69:7a:b7:
                    aa:c4:fb:a1:b6:c2:21:7e:2a:a0:9e:ce:dd:e9:fc:
                    58:57:89:33:d1:b6:f8:19:09:d5:7e:95:68:22:c3:
                    73:ff:46:31:7e:1f:1a:7c:bb:30:a3:c5:04:3a:d6:
                    d0:43:fa:ea:f9:42:70:fe:1b:9e:1e:3f:c1:98:14:
                    9e:a6:9d:1e:31:8e:60:6c:94:54:dc:21:94:6b:ff:
                    1d:3e:7f:f4:5f:95:c4:f5:7c:3d:0c:33:ff:3e:91:
                    1e:02:cd:a1:ba:1b:22:97:77:0e:de:3d:c6:a6:51:
                    65:bb:1f:28:e8:a0:44:f0:37:12:8c:7d:83:19:32:
                    14:2b:be:4d:e9:9f:46:8a:d8:53:55:d3:ca:a1:5d:
                    31:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E0:F8:CF:3E:95:8A:80:0B:73:00:03:9A:B2:BE:E0:22:4D:09:6C:F2
            X509v3 Authority Key Identifier:
                keyid:40:3F:08:BB:AF:FA:41:61:84:32:03:A8:A7:57:AB:6E:95:46:B0:CE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QD8Iu6_6QWGEMgOop1erbpVGsM4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/d06832-dbdf-4f87-99b8-38d8a78a4862/1/4PjPPpWKgAtzAAOasr7gIk0JbPI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/d06832-dbdf-4f87-99b8-38d8a78a4862/1/QD8Iu6_6QWGEMgOop1erbpVGsM4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.77.20.0/24
                  195.200.234.0/24
                IPv6:
                  2a10:d0c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         20:73:78:b4:03:b0:bb:7e:59:77:25:f1:d8:91:f3:70:ec:09:
         0b:00:8a:ca:5d:9a:3d:aa:d5:b3:4d:17:d3:5f:14:15:4b:c2:
         c1:b0:c2:f1:71:63:ef:b0:d4:12:18:3f:5e:30:ae:11:4c:35:
         e8:9f:99:ef:9e:ab:d5:b9:41:ff:0f:df:28:72:7f:70:f6:84:
         bc:fd:f4:c7:13:f0:e7:56:0e:0d:de:25:94:64:2c:e6:40:02:
         26:65:7f:a8:b8:5a:88:dc:ea:73:51:ea:a4:25:25:2d:7b:bf:
         6c:88:6c:36:f7:03:02:d6:20:49:f5:b7:79:2f:5c:18:15:68:
         56:f8:2e:33:9d:5c:d3:7d:4d:c8:f5:ed:75:12:7d:7f:9a:59:
         60:d2:39:5d:67:f8:a7:a3:12:74:bd:f3:16:93:ed:45:d7:75:
         71:9e:78:30:c9:43:36:47:49:09:85:da:05:0d:ef:1d:2a:bc:
         8c:be:61:fd:bf:c2:f2:96:42:db:0f:8b:38:91:d0:7f:60:e2:
         ec:cd:d8:d7:fe:66:5f:e0:f1:2d:65:9b:5c:94:fb:6b:a7:e2:
         ed:a6:45:cd:df:c8:1a:61:4a:31:bd:7b:be:ce:b2:df:73:d5:
         b5:6a:6d:6b:08:48:d2:39:4a:0c:bb:5b:ca:d0:14:7d:c8:04:
         32:02:82:df
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZavYKvA9lkzPCeK8T6fVLQwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQwM2YwOGJiYWZmYTQxNjE4NDMyMDNhOGE3NTdhYjZlOTU0
NmIwY2UwHhcNMjUwNTA4MTAxMTEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMGY4Y2YzZTk1OGE4MDBiNzMwMDAzOWFiMmJlZTAyMjRkMDk2Y2YyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1HRuVMwfTcLgpovHs306jV843qtU
Z4/qJ0bw6DnSz3miuVCSBilbLFXRBzZHbXV8TLjSVIIDz4w2ahkRqlz3jiN6u+n3
yQS+8by/2FJosR9uEYNlJm+naR3hloxEDCn3l0wQr3EvXGsR572pkskf0jVfryxp
ereqxPuhtsIhfiqgns7d6fxYV4kz0bb4GQnVfpVoIsNz/0Yxfh8afLswo8UEOtbQ
Q/rq+UJw/hueHj/BmBSepp0eMY5gbJRU3CGUa/8dPn/0X5XE9Xw9DDP/PpEeAs2h
uhsil3cO3j3GplFlux8o6KBE8DcSjH2DGTIUK75N6Z9GithTVdPKoV0xEQIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFOD4zz6VioALcwADmrK+4CJNCWzyMB8GA1UdIwQY
MBaAFEA/CLuv+kFhhDIDqKdXq26VRrDOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUUQ4SXU2XzZRV0dFTWdPb3AxZXJicFZHc000LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZi9kMDY4MzItZGJkZi00Zjg3LTk5Yjgt
MzhkOGE3OGE0ODYyLzEvNFBqUFBwV0tnQXR6QUFPYXNyN2dJazBKYlBJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZi9kMDY4MzItZGJkZi00Zjg3LTk5YjgtMzhkOGE3OGE0ODYy
LzEvUUQ4SXU2XzZRV0dFTWdPb3AxZXJicFZHc000LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQAuU0UAwQA
w8jqMA0EAgACMAcDBQMqENDAMA0GCSqGSIb3DQEBCwUAA4IBAQAgc3i0A7C7fll3
JfHYkfNw7AkLAIrKXZo9qtWzTRfTXxQVS8LBsMLxcWPvsNQSGD9eMK4RTDXon5nv
nqvVuUH/D98ocn9w9oS8/fTHE/DnVg4N3iWUZCzmQAImZX+ouFqI3OpzUeqkJSUt
e79siGw29wMC1iBJ9bd5L1wYFWhW+C4znVzTfU3I9e11En1/mllg0jldZ/inoxJ0
vfMWk+1F13VxnngwyUM2R0kJhdoFDe8dKryMvmH9v8LylkLbD4s4kdB/YOLszdjX
/mZf4PEtZZtclPtrp+LtpkXN38gaYUoxvXu+zrLfc9W1am1rCEjSOUoMu1vK0BR9
yAQyAoLf
-----END CERTIFICATE-----