Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/56aee9-996c-438f-bb00-0dfa6b22eff2/1/a4P5Nmq1ldQpFUTXqCcYVJT2FBw.roa
File:                     a4P5Nmq1ldQpFUTXqCcYVJT2FBw.roa (raw, json)
Hash identifier:          uK/XWq2f7Vj84yIu4J13Mqd4rpKs4ZvyhbUMCrHpfh4=
Subject key identifier:   6B:83:F9:36:6A:B5:95:D4:29:15:44:D7:A8:27:18:54:94:F6:14:1C
Certificate issuer:       /CN=4705d3c6a5b0512682cdfdf363b19a9c567f1f6c
Certificate serial:       019427481B2D8C206AD0D6375F6F6F71AD4B
Authority key identifier: 47:05:D3:C6:A5:B0:51:26:82:CD:FD:F3:63:B1:9A:9C:56:7F:1F:6C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RwXTxqWwUSaCzf3zY7GanFZ_H2w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/56aee9-996c-438f-bb00-0dfa6b22eff2/1/a4P5Nmq1ldQpFUTXqCcYVJT2FBw.roa
Signing time:             Thu 02 Jan 2025 13:50:24 +0000
ROA not before:           Thu 02 Jan 2025 13:50:24 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     138968
IP address blocks:        85.208.212.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/36/56aee9-996c-438f-bb00-0dfa6b22eff2/1/RwXTxqWwUSaCzf3zY7GanFZ_H2w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/36/56aee9-996c-438f-bb00-0dfa6b22eff2/1/RwXTxqWwUSaCzf3zY7GanFZ_H2w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RwXTxqWwUSaCzf3zY7GanFZ_H2w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 13:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:48:1b:2d:8c:20:6a:d0:d6:37:5f:6f:6f:71:ad:4b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4705d3c6a5b0512682cdfdf363b19a9c567f1f6c
        Validity
            Not Before: Jan  2 13:50:24 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6b83f9366ab595d4291544d7a827185494f6141c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:0f:1a:af:01:f1:d5:0a:68:70:be:e2:f4:6e:
                    6d:00:4a:76:25:77:75:02:16:0e:6a:ef:25:86:1e:
                    f2:be:de:48:e8:1d:97:bb:4f:c0:d5:8f:d7:b3:aa:
                    98:5d:d6:a1:22:c8:f1:4f:62:9a:16:0c:29:43:38:
                    59:ee:4c:51:56:e2:45:1c:af:3e:0b:6b:20:81:38:
                    ce:99:b5:68:3a:8d:a9:c0:8b:f9:a5:ae:10:ed:7d:
                    f5:dc:37:5c:5b:b5:1a:f4:9c:e0:2c:26:e6:c2:37:
                    f0:4f:dd:8a:11:1a:57:1b:da:30:52:fc:af:a4:a8:
                    47:69:44:b5:6e:67:12:b2:f9:68:e0:df:f9:66:f7:
                    b4:b4:29:bb:56:2d:5c:d6:f1:54:c5:f3:90:17:10:
                    c9:56:d5:bd:6b:df:6b:99:78:2c:f5:35:7a:cc:d1:
                    c6:ed:ca:df:cc:db:ca:87:ed:ce:84:74:3f:f0:d4:
                    2e:20:8d:bc:fb:2b:dc:93:25:76:53:03:35:aa:6d:
                    be:e9:46:13:f0:d2:0a:12:b5:5c:d6:d8:d8:10:64:
                    f0:75:ef:9d:50:d0:d2:04:59:74:2e:bc:b3:bd:43:
                    b1:16:2d:7a:68:35:11:16:ef:a1:a3:36:77:d9:4c:
                    a5:69:a3:d4:1f:9e:d7:21:8a:a1:25:41:f9:5d:58:
                    bf:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6B:83:F9:36:6A:B5:95:D4:29:15:44:D7:A8:27:18:54:94:F6:14:1C
            X509v3 Authority Key Identifier:
                keyid:47:05:D3:C6:A5:B0:51:26:82:CD:FD:F3:63:B1:9A:9C:56:7F:1F:6C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RwXTxqWwUSaCzf3zY7GanFZ_H2w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/56aee9-996c-438f-bb00-0dfa6b22eff2/1/a4P5Nmq1ldQpFUTXqCcYVJT2FBw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/56aee9-996c-438f-bb00-0dfa6b22eff2/1/RwXTxqWwUSaCzf3zY7GanFZ_H2w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.208.212.0/22

    Signature Algorithm: sha256WithRSAEncryption
         1b:50:d0:97:ad:7e:45:b9:26:2a:b6:fd:93:21:18:66:a4:42:
         87:4e:d1:4b:f1:26:bd:be:03:4b:b9:29:82:3a:d0:3a:02:86:
         ac:7e:08:d4:01:50:25:e2:20:61:3e:f9:65:87:d9:97:f8:86:
         45:5a:fd:50:15:c1:d4:32:8a:f2:25:b3:fb:76:96:36:c5:a1:
         a2:3d:59:d5:4d:e4:f8:50:ce:a5:40:be:4e:d6:e7:bb:e3:08:
         7d:87:fb:70:eb:0e:49:b1:3b:93:55:68:87:ce:f8:e1:2f:6e:
         74:d7:9f:4e:8e:59:90:fd:11:83:25:8b:65:c7:b6:92:55:62:
         c7:45:de:92:44:08:0f:a5:e6:6d:0c:f3:22:16:a5:fe:fb:31:
         6f:36:33:09:c3:62:ec:de:1f:35:21:72:df:55:e1:2a:05:04:
         d1:e1:56:b6:2d:d4:0d:5e:a8:8d:d8:51:a3:5f:00:cd:94:db:
         26:fb:6e:a0:f9:98:59:0e:85:d5:79:f0:24:53:14:9e:03:d7:
         e6:d5:f8:15:db:65:d9:e3:c8:ed:17:e7:be:6d:7e:87:07:40:
         93:b6:a0:b8:b0:a8:31:4c:d7:14:a8:ff:5b:f7:7a:f8:69:92:
         c6:53:0b:af:a4:8e:d1:56:69:0c:87:ef:15:84:ba:0a:5a:f8:
         8b:bd:79:e3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQnSBstjCBq0NY3X29vca1LMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ3MDVkM2M2YTViMDUxMjY4MmNkZmRmMzYzYjE5YTljNTY3
ZjFmNmMwHhcNMjUwMTAyMTM1MDI0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YjgzZjkzNjZhYjU5NWQ0MjkxNTQ0ZDdhODI3MTg1NDk0ZjYxNDFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqA8arwHx1QpocL7i9G5tAEp2JXd1
AhYOau8lhh7yvt5I6B2Xu0/A1Y/Xs6qYXdahIsjxT2KaFgwpQzhZ7kxRVuJFHK8+
C2sggTjOmbVoOo2pwIv5pa4Q7X313DdcW7Ua9JzgLCbmwjfwT92KERpXG9owUvyv
pKhHaUS1bmcSsvlo4N/5Zve0tCm7Vi1c1vFUxfOQFxDJVtW9a99rmXgs9TV6zNHG
7crfzNvKh+3OhHQ/8NQuII28+yvckyV2UwM1qm2+6UYT8NIKErVc1tjYEGTwde+d
UNDSBFl0LryzvUOxFi16aDURFu+hozZ32UylaaPUH57XIYqhJUH5XVi/3wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGuD+TZqtZXUKRVE16gnGFSU9hQcMB8GA1UdIwQY
MBaAFEcF08alsFEmgs3982OxmpxWfx9sMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUndYVHhxV3dVU2FDemYzelk3R2FuRlpfSDJ3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi81NmFlZTktOTk2Yy00MzhmLWJiMDAt
MGRmYTZiMjJlZmYyLzEvYTRQNU5tcTFsZFFwRlVUWHFDY1lWSlQyRkJ3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi81NmFlZTktOTk2Yy00MzhmLWJiMDAtMGRmYTZiMjJlZmYy
LzEvUndYVHhxV3dVU2FDemYzelk3R2FuRlpfSDJ3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCVdDUMA0G
CSqGSIb3DQEBCwUAA4IBAQAbUNCXrX5FuSYqtv2TIRhmpEKHTtFL8Sa9vgNLuSmC
OtA6AoasfgjUAVAl4iBhPvllh9mX+IZFWv1QFcHUMoryJbP7dpY2xaGiPVnVTeT4
UM6lQL5O1ue74wh9h/tw6w5JsTuTVWiHzvjhL250159OjlmQ/RGDJYtlx7aSVWLH
Rd6SRAgPpeZtDPMiFqX++zFvNjMJw2Ls3h81IXLfVeEqBQTR4Va2LdQNXqiN2FGj
XwDNlNsm+26g+ZhZDoXVefAkUxSeA9fm1fgV22XZ48jtF+e+bX6HB0CTtqC4sKgx
TNcUqP9b93r4aZLGUwuvpI7RVmkMh+8VhLoKWviLvXnj
-----END CERTIFICATE-----