Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d7/257932-c18f-411d-9b6f-6d42257c8f6b/1/sMIvEGgdBdZC0ifsu9Gkafw6woE.roa
File:                     sMIvEGgdBdZC0ifsu9Gkafw6woE.roa (raw, json)
Hash identifier:          iKp2tkAQc6Y6Q0ADEwAX11UEBz8QCxtuHKm3ZBghjNo=
Subject key identifier:   B0:C2:2F:10:68:1D:05:D6:42:D2:27:EC:BB:D1:A4:69:FC:3A:C2:81
Certificate issuer:       /CN=a96e2341d783e5934f87d05c473fc6d2b30d9d45
Certificate serial:       01942143F7B61E6C7B1F4132FBD4CD1FDB32
Authority key identifier: A9:6E:23:41:D7:83:E5:93:4F:87:D0:5C:47:3F:C6:D2:B3:0D:9D:45
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qW4jQdeD5ZNPh9BcRz_G0rMNnUU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d7/257932-c18f-411d-9b6f-6d42257c8f6b/1/sMIvEGgdBdZC0ifsu9Gkafw6woE.roa
Signing time:             Wed 01 Jan 2025 09:48:09 +0000
ROA not before:           Wed 01 Jan 2025 09:48:09 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     34373
IP address blocks:        185.82.152.0/23 maxlen: 24
                          185.171.163.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d7/257932-c18f-411d-9b6f-6d42257c8f6b/1/qW4jQdeD5ZNPh9BcRz_G0rMNnUU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d7/257932-c18f-411d-9b6f-6d42257c8f6b/1/qW4jQdeD5ZNPh9BcRz_G0rMNnUU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qW4jQdeD5ZNPh9BcRz_G0rMNnUU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 08 May 2025 18:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:43:f7:b6:1e:6c:7b:1f:41:32:fb:d4:cd:1f:db:32
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a96e2341d783e5934f87d05c473fc6d2b30d9d45
        Validity
            Not Before: Jan  1 09:48:09 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b0c22f10681d05d642d227ecbbd1a469fc3ac281
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:3e:b5:b8:ad:2d:15:36:52:00:e3:08:76:4b:
                    4f:59:27:c5:60:cb:3a:2d:92:79:56:8e:22:b7:98:
                    23:32:79:9a:ce:59:c9:cf:25:7e:48:39:a2:09:ba:
                    32:a2:13:33:0f:f4:06:7e:da:62:62:ef:68:f6:b9:
                    a6:f5:b6:f1:15:ae:02:3e:fd:b9:8a:bc:e9:67:5f:
                    f3:98:a9:7b:4e:13:d8:3e:21:7b:ed:58:2c:bc:30:
                    1d:57:c8:e4:d7:9d:86:c8:fa:c4:7f:22:6f:20:c8:
                    8f:e4:1a:81:8c:15:71:a1:87:f7:8e:fd:ec:87:a7:
                    0c:a7:cc:af:13:1f:d0:c8:19:5a:65:64:0d:49:27:
                    38:d4:27:4f:f3:ec:31:13:aa:04:20:56:ed:7f:95:
                    90:e8:2a:6b:b4:81:94:ea:fa:06:56:3b:0a:c6:38:
                    de:58:c3:db:25:7a:08:06:f1:f0:d3:cf:9a:b6:da:
                    91:6c:2b:1d:d8:5b:8e:b0:fb:aa:82:11:a6:83:dc:
                    1e:96:46:d2:b5:a8:5d:8c:aa:13:e4:c3:cd:11:eb:
                    bc:5f:67:40:41:43:45:35:8d:14:ea:6f:73:7b:e0:
                    fa:9d:d9:c9:ec:2e:56:36:c7:33:9a:18:e8:ed:82:
                    75:e9:d9:92:42:1a:85:1a:cb:ed:43:34:b4:13:12:
                    5b:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B0:C2:2F:10:68:1D:05:D6:42:D2:27:EC:BB:D1:A4:69:FC:3A:C2:81
            X509v3 Authority Key Identifier:
                keyid:A9:6E:23:41:D7:83:E5:93:4F:87:D0:5C:47:3F:C6:D2:B3:0D:9D:45

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qW4jQdeD5ZNPh9BcRz_G0rMNnUU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d7/257932-c18f-411d-9b6f-6d42257c8f6b/1/sMIvEGgdBdZC0ifsu9Gkafw6woE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d7/257932-c18f-411d-9b6f-6d42257c8f6b/1/qW4jQdeD5ZNPh9BcRz_G0rMNnUU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.82.152.0/23
                  185.171.163.0/24

    Signature Algorithm: sha256WithRSAEncryption
         bb:84:03:60:2f:2e:4c:df:f1:21:4c:4f:7c:c0:8b:41:11:44:
         69:2a:1b:fd:4a:76:50:a0:76:2b:9b:4a:24:6f:e0:e0:ac:27:
         41:94:1b:71:57:3e:3e:8c:39:0d:42:49:d5:31:a3:74:e9:5c:
         9a:8b:c4:ca:20:d3:f7:c2:b6:b7:70:c2:7a:da:01:b5:cd:dc:
         c8:29:d5:3d:73:6f:9e:cb:d6:69:ab:b1:0f:58:9b:e9:bb:82:
         a9:a2:08:d0:7f:70:72:e2:55:51:f4:cc:35:45:e4:5d:da:9b:
         bb:bd:8f:bc:98:5e:07:95:4e:93:b1:a9:89:5e:4e:51:7b:6b:
         ad:91:a3:83:48:ae:3d:e0:7e:42:f0:4c:5f:63:b4:12:d2:1e:
         ee:b7:e1:14:0d:eb:24:ff:0e:29:40:76:ba:be:94:c4:4a:3d:
         9b:35:43:7b:3a:ac:b3:75:29:7a:c0:2d:86:a2:0f:d8:3f:30:
         f7:65:a6:2c:d9:36:18:23:e0:1b:3f:61:ed:b1:7c:d5:ab:b2:
         85:e4:98:2b:2e:d3:5a:ce:9e:45:5c:e4:fb:2a:ca:89:4d:bc:
         7c:9c:7c:0a:8b:08:64:ca:79:75:41:ab:67:1b:ca:46:dc:bb:
         f6:30:ab:9f:8e:50:a2:36:56:5f:8a:c3:32:4b:47:a7:aa:bb:
         56:d6:a2:ac
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQhQ/e2Hmx7H0Ey+9TNH9syMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE5NmUyMzQxZDc4M2U1OTM0Zjg3ZDA1YzQ3M2ZjNmQyYjMw
ZDlkNDUwHhcNMjUwMTAxMDk0ODA5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMGMyMmYxMDY4MWQwNWQ2NDJkMjI3ZWNiYmQxYTQ2OWZjM2FjMjgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsT61uK0tFTZSAOMIdktPWSfFYMs6
LZJ5Vo4it5gjMnmazlnJzyV+SDmiCboyohMzD/QGftpiYu9o9rmm9bbxFa4CPv25
irzpZ1/zmKl7ThPYPiF77VgsvDAdV8jk152GyPrEfyJvIMiP5BqBjBVxoYf3jv3s
h6cMp8yvEx/QyBlaZWQNSSc41CdP8+wxE6oEIFbtf5WQ6CprtIGU6voGVjsKxjje
WMPbJXoIBvHw08+attqRbCsd2FuOsPuqghGmg9welkbStahdjKoT5MPNEeu8X2dA
QUNFNY0U6m9ze+D6ndnJ7C5WNsczmhjo7YJ16dmSQhqFGsvtQzS0ExJbQwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFLDCLxBoHQXWQtIn7LvRpGn8OsKBMB8GA1UdIwQY
MBaAFKluI0HXg+WTT4fQXEc/xtKzDZ1FMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcVc0alFkZUQ1Wk5QaDlCY1J6X0cwck1OblVVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNy8yNTc5MzItYzE4Zi00MTFkLTliNmYt
NmQ0MjI1N2M4ZjZiLzEvc01JdkVHZ2RCZFpDMGlmc3U5R2thZnc2d29FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNy8yNTc5MzItYzE4Zi00MTFkLTliNmYtNmQ0MjI1N2M4ZjZi
LzEvcVc0alFkZUQ1Wk5QaDlCY1J6X0cwck1OblVVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBuVKYAwQA
uaujMA0GCSqGSIb3DQEBCwUAA4IBAQC7hANgLy5M3/EhTE98wItBEURpKhv9SnZQ
oHYrm0okb+DgrCdBlBtxVz4+jDkNQknVMaN06Vyai8TKINP3wra3cMJ62gG1zdzI
KdU9c2+ey9Zpq7EPWJvpu4KpogjQf3By4lVR9Mw1ReRd2pu7vY+8mF4HlU6TsamJ
Xk5Re2utkaODSK494H5C8ExfY7QS0h7ut+EUDesk/w4pQHa6vpTESj2bNUN7Oqyz
dSl6wC2Gog/YPzD3ZaYs2TYYI+AbP2HtsXzVq7KF5JgrLtNazp5FXOT7KsqJTbx8
nHwKiwhkynl1QatnG8pG3Lv2MKufjlCiNlZfisMyS0enqrtW1qKs
-----END CERTIFICATE-----