Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/a0d73d-6564-4142-a6ee-83e73cb25ea5/1/F3kOmnX-kEtjSilXO2Pe0L_37Jo.roa
File:                     F3kOmnX-kEtjSilXO2Pe0L_37Jo.roa (raw, json)
Hash identifier:          lIJ2C488mP6Ma0OF6csW3I8GzUd4jiMp8CCjsO6b5Eg=
Subject key identifier:   17:79:0E:9A:75:FE:90:4B:63:4A:29:57:3B:63:DE:D0:BF:F7:EC:9A
Certificate issuer:       /CN=bc4e21b27d6f84ebdd888c68e79ce555c846dacb
Certificate serial:       01942823DB11EDFA66FCCFF60D31F2D2F735
Authority key identifier: BC:4E:21:B2:7D:6F:84:EB:DD:88:8C:68:E7:9C:E5:55:C8:46:DA:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vE4hsn1vhOvdiIxo55zlVchG2ss.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/65/a0d73d-6564-4142-a6ee-83e73cb25ea5/1/F3kOmnX-kEtjSilXO2Pe0L_37Jo.roa
Signing time:             Thu 02 Jan 2025 17:50:25 +0000
ROA not before:           Thu 02 Jan 2025 17:50:25 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     16509
IP address blocks:        185.151.44.0/23 maxlen: 23
                          185.151.47.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/65/a0d73d-6564-4142-a6ee-83e73cb25ea5/1/vE4hsn1vhOvdiIxo55zlVchG2ss.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/65/a0d73d-6564-4142-a6ee-83e73cb25ea5/1/vE4hsn1vhOvdiIxo55zlVchG2ss.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vE4hsn1vhOvdiIxo55zlVchG2ss.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:28:23:db:11:ed:fa:66:fc:cf:f6:0d:31:f2:d2:f7:35
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bc4e21b27d6f84ebdd888c68e79ce555c846dacb
        Validity
            Not Before: Jan  2 17:50:25 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=17790e9a75fe904b634a29573b63ded0bff7ec9a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:70:c6:30:85:b1:b7:be:95:8a:ab:de:6d:81:
                    70:34:bf:50:58:44:aa:35:a6:29:da:03:98:a3:48:
                    41:29:19:88:08:4c:53:a1:f4:db:05:ea:79:2a:f7:
                    23:07:c8:47:fa:0f:90:62:7b:36:28:c5:29:cf:e1:
                    c9:8b:63:ef:01:71:d9:1c:cc:67:7c:c5:fa:b0:de:
                    03:8e:9d:9d:9e:81:e6:f9:85:62:0c:d1:71:43:1f:
                    6c:f4:2e:81:bd:57:35:28:d3:e0:33:a5:79:1e:b1:
                    10:00:d9:74:f3:af:bc:27:18:ea:4b:06:c5:bf:f2:
                    bc:2f:3e:9e:c7:19:68:3d:fd:17:7f:02:73:ee:e1:
                    a2:55:13:c6:17:a6:27:2f:c6:bd:d8:4d:65:14:43:
                    24:84:cc:02:b8:94:49:4e:58:e3:50:75:27:0e:26:
                    b7:5e:30:ae:a1:8c:86:4f:ec:96:20:82:d2:5d:79:
                    fb:26:bf:e3:59:3c:08:1c:85:cd:f0:c7:4b:53:e2:
                    6a:0f:b5:8b:1e:66:63:f1:cc:e7:01:56:97:be:89:
                    4e:40:2a:a1:8a:57:99:d3:e4:8a:13:21:c2:81:0c:
                    17:a3:79:e3:ab:0e:54:fe:7b:8e:ae:32:de:bc:55:
                    47:58:c0:ab:1b:25:6b:f0:36:b0:ed:47:fe:59:fa:
                    e6:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                17:79:0E:9A:75:FE:90:4B:63:4A:29:57:3B:63:DE:D0:BF:F7:EC:9A
            X509v3 Authority Key Identifier:
                keyid:BC:4E:21:B2:7D:6F:84:EB:DD:88:8C:68:E7:9C:E5:55:C8:46:DA:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vE4hsn1vhOvdiIxo55zlVchG2ss.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/a0d73d-6564-4142-a6ee-83e73cb25ea5/1/F3kOmnX-kEtjSilXO2Pe0L_37Jo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/65/a0d73d-6564-4142-a6ee-83e73cb25ea5/1/vE4hsn1vhOvdiIxo55zlVchG2ss.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.151.44.0/23
                  185.151.47.0/24

    Signature Algorithm: sha256WithRSAEncryption
         88:6a:8c:fd:8d:dc:9a:79:d2:a6:1c:73:86:6f:05:a7:51:43:
         ed:16:f2:a4:e2:54:72:65:b1:70:73:e8:20:31:33:b6:7a:e4:
         87:9e:86:01:54:0b:17:b6:45:bc:28:04:20:66:48:5a:a8:22:
         95:ba:d3:49:8d:44:7a:7d:bc:de:30:a4:51:f0:81:7f:3d:66:
         b7:36:c0:b5:d0:6b:b6:8b:10:4a:c1:74:a8:2d:22:98:02:c9:
         05:03:37:52:4b:b3:46:02:27:29:bc:4c:08:da:9e:e2:12:8d:
         09:59:8a:8c:ee:20:b2:61:69:af:fe:30:84:80:5c:14:8e:c7:
         91:5e:e8:ad:0d:dd:de:7f:bf:ba:0a:78:46:0a:f5:82:73:3a:
         bb:f1:5d:f7:ee:9e:7f:e8:62:67:c3:7b:09:89:2e:95:81:84:
         c9:a2:cf:8a:d9:b2:2c:31:4b:6e:92:f3:63:fe:5a:16:9c:d9:
         72:b8:07:12:98:48:49:02:77:ec:85:62:48:3f:da:58:d1:89:
         3f:98:33:a9:51:a7:f7:b0:00:92:ce:b4:57:b0:28:65:45:ac:
         8d:e0:c4:ab:8b:a2:ff:d3:0a:2b:75:5a:80:8b:d4:9e:f5:64:
         9a:38:5a:21:29:00:ce:89:2d:d9:04:a4:6b:32:89:60:16:90:
         66:bb:91:7c
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQoI9sR7fpm/M/2DTHy0vc1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJjNGUyMWIyN2Q2Zjg0ZWJkZDg4OGM2OGU3OWNlNTU1Yzg0
NmRhY2IwHhcNMjUwMTAyMTc1MDI1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNzc5MGU5YTc1ZmU5MDRiNjM0YTI5NTczYjYzZGVkMGJmZjdlYzlhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq3DGMIWxt76ViqvebYFwNL9QWESq
NaYp2gOYo0hBKRmICExTofTbBep5KvcjB8hH+g+QYns2KMUpz+HJi2PvAXHZHMxn
fMX6sN4Djp2dnoHm+YViDNFxQx9s9C6BvVc1KNPgM6V5HrEQANl086+8JxjqSwbF
v/K8Lz6exxloPf0XfwJz7uGiVRPGF6YnL8a92E1lFEMkhMwCuJRJTljjUHUnDia3
XjCuoYyGT+yWIILSXXn7Jr/jWTwIHIXN8MdLU+JqD7WLHmZj8cznAVaXvolOQCqh
ileZ0+SKEyHCgQwXo3njqw5U/nuOrjLevFVHWMCrGyVr8Daw7Uf+WfrmfwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFBd5Dpp1/pBLY0opVztj3tC/9+yaMB8GA1UdIwQY
MBaAFLxOIbJ9b4Tr3YiMaOec5VXIRtrLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdkU0aHNuMXZoT3ZkaUl4bzU1emxWY2hHMnNzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS9hMGQ3M2QtNjU2NC00MTQyLWE2ZWUt
ODNlNzNjYjI1ZWE1LzEvRjNrT21uWC1rRXRqU2lsWE8yUGUwTF8zN0pvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS9hMGQ3M2QtNjU2NC00MTQyLWE2ZWUtODNlNzNjYjI1ZWE1
LzEvdkU0aHNuMXZoT3ZkaUl4bzU1emxWY2hHMnNzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBuZcsAwQA
uZcvMA0GCSqGSIb3DQEBCwUAA4IBAQCIaoz9jdyaedKmHHOGbwWnUUPtFvKk4lRy
ZbFwc+ggMTO2euSHnoYBVAsXtkW8KAQgZkhaqCKVutNJjUR6fbzeMKRR8IF/PWa3
NsC10Gu2ixBKwXSoLSKYAskFAzdSS7NGAicpvEwI2p7iEo0JWYqM7iCyYWmv/jCE
gFwUjseRXuitDd3ef7+6CnhGCvWCczq78V337p5/6GJnw3sJiS6VgYTJos+K2bIs
MUtukvNj/loWnNlyuAcSmEhJAnfshWJIP9pY0Yk/mDOpUaf3sACSzrRXsChlRayN
4MSri6L/0wordVqAi9Se9WSaOFohKQDOiS3ZBKRrMolgFpBmu5F8
-----END CERTIFICATE-----