Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6e/418b6a-bcfc-4560-b9b1-01aec920c72e/1/tSdceX3_WKYPOSqNpQt9_4TBFn8.roa
File:                     tSdceX3_WKYPOSqNpQt9_4TBFn8.roa (raw, json)
Hash identifier:          zZjSigYgJ8knWkj4u0ar/HI7QTSKBL8PUuzQf8DJQWE=
Subject key identifier:   B5:27:5C:79:7D:FF:58:A6:0F:39:2A:8D:A5:0B:7D:FF:84:C1:16:7F
Certificate issuer:       /CN=ab344b32f58b564c897a1ffa6967089198f2c822
Certificate serial:       019427B618390ECEB85DA267D1DD7546ADAD
Authority key identifier: AB:34:4B:32:F5:8B:56:4C:89:7A:1F:FA:69:67:08:91:98:F2:C8:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qzRLMvWLVkyJeh_6aWcIkZjyyCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6e/418b6a-bcfc-4560-b9b1-01aec920c72e/1/tSdceX3_WKYPOSqNpQt9_4TBFn8.roa
Signing time:             Thu 02 Jan 2025 15:50:32 +0000
ROA not before:           Thu 02 Jan 2025 15:50:32 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     201764
IP address blocks:        185.40.248.0/22 maxlen: 22
                          2a01:50a0::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6e/418b6a-bcfc-4560-b9b1-01aec920c72e/1/qzRLMvWLVkyJeh_6aWcIkZjyyCI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6e/418b6a-bcfc-4560-b9b1-01aec920c72e/1/qzRLMvWLVkyJeh_6aWcIkZjyyCI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qzRLMvWLVkyJeh_6aWcIkZjyyCI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 22 Apr 2025 18:00:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:b6:18:39:0e:ce:b8:5d:a2:67:d1:dd:75:46:ad:ad
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab344b32f58b564c897a1ffa6967089198f2c822
        Validity
            Not Before: Jan  2 15:50:32 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b5275c797dff58a60f392a8da50b7dff84c1167f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:db:db:0d:4a:da:72:12:cd:2b:5e:eb:f4:11:00:
                    c0:68:6e:f5:2d:d8:cc:4a:23:db:f8:9e:fe:c7:18:
                    b0:d3:40:7d:c9:fc:5f:79:e4:29:b9:47:61:ee:fa:
                    3d:84:63:fb:ca:5d:be:24:47:25:d2:5e:5e:91:3e:
                    b4:bc:77:1f:6b:2d:0c:6f:ee:ba:de:8f:c6:73:c6:
                    33:f1:a4:e8:7d:c7:3c:04:0d:9a:ec:8b:9e:26:63:
                    ca:ac:4b:80:69:4c:21:38:5d:c7:2c:99:29:b5:d8:
                    31:46:e1:49:d8:00:f6:80:77:e9:f7:4b:6d:2c:ec:
                    88:ca:df:75:95:e3:95:53:7c:64:14:e0:b4:8b:c3:
                    f8:d1:89:31:2e:6e:0f:f7:69:b8:29:d8:da:64:71:
                    df:58:41:42:8f:6a:86:bc:50:4c:14:8c:9b:88:23:
                    9e:0e:fa:1a:ce:3c:27:a1:fe:94:6a:1f:16:a5:b9:
                    94:08:8b:25:c3:60:2c:0f:67:79:c2:91:d3:36:43:
                    63:38:98:29:4b:c9:76:af:35:f0:e4:84:6c:df:7d:
                    87:eb:e7:3c:e8:2f:e3:85:61:02:06:32:3e:ee:e7:
                    e3:1e:24:c8:4f:09:04:41:f6:2c:f8:57:f4:be:ac:
                    da:e2:f5:6e:c6:17:58:38:c3:a0:a3:95:63:22:d9:
                    01:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B5:27:5C:79:7D:FF:58:A6:0F:39:2A:8D:A5:0B:7D:FF:84:C1:16:7F
            X509v3 Authority Key Identifier:
                keyid:AB:34:4B:32:F5:8B:56:4C:89:7A:1F:FA:69:67:08:91:98:F2:C8:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qzRLMvWLVkyJeh_6aWcIkZjyyCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6e/418b6a-bcfc-4560-b9b1-01aec920c72e/1/tSdceX3_WKYPOSqNpQt9_4TBFn8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6e/418b6a-bcfc-4560-b9b1-01aec920c72e/1/qzRLMvWLVkyJeh_6aWcIkZjyyCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.40.248.0/22
                IPv6:
                  2a01:50a0::/32

    Signature Algorithm: sha256WithRSAEncryption
         10:4f:10:30:88:96:6a:3b:73:76:5f:4c:5a:07:56:f8:b6:99:
         2c:c1:c2:cc:58:8c:58:e1:19:d1:67:e8:2f:1a:39:50:45:34:
         60:0a:c4:0d:f4:c6:db:57:c2:d5:d6:96:bf:10:34:c8:0e:4f:
         b4:a6:40:7f:b0:d3:71:3b:cf:32:1c:91:8c:00:97:24:25:38:
         0b:44:12:f9:87:42:1d:fa:87:b0:57:8d:b3:8b:43:80:48:23:
         53:e5:c2:69:61:23:2b:21:cf:40:ab:5d:6b:af:a7:2d:57:30:
         e9:bd:89:ca:62:b0:54:90:0b:8c:1b:f4:20:37:96:91:54:64:
         cf:3c:cc:e4:2d:f5:04:d6:42:c5:53:bd:03:52:bc:67:14:7f:
         54:3b:4c:ba:a6:20:21:7d:35:6a:d9:3f:b1:15:3a:52:84:b4:
         81:9a:73:fc:bc:69:86:1f:16:ac:60:e8:af:c3:44:06:0f:b5:
         dd:7f:7f:80:e8:3c:09:1c:d1:24:9c:70:f1:dd:2f:e3:e4:8a:
         04:5b:42:9d:fa:b4:13:18:da:df:a0:45:bb:ba:0a:b3:26:1f:
         d1:9e:dc:ef:df:ea:cf:ff:23:d3:39:51:e2:da:9e:08:9e:9d:
         54:47:55:3f:1d:ef:a4:76:67:26:0b:36:b0:9a:87:47:ec:e5:
         f2:11:32:2e
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQnthg5Ds64XaJn0d11Rq2tMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFiMzQ0YjMyZjU4YjU2NGM4OTdhMWZmYTY5NjcwODkxOThm
MmM4MjIwHhcNMjUwMTAyMTU1MDMyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNTI3NWM3OTdkZmY1OGE2MGYzOTJhOGRhNTBiN2RmZjg0YzExNjdmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA29sNStpyEs0rXuv0EQDAaG71LdjM
SiPb+J7+xxiw00B9yfxfeeQpuUdh7vo9hGP7yl2+JEcl0l5ekT60vHcfay0Mb+66
3o/Gc8Yz8aTofcc8BA2a7IueJmPKrEuAaUwhOF3HLJkptdgxRuFJ2AD2gHfp90tt
LOyIyt91leOVU3xkFOC0i8P40YkxLm4P92m4KdjaZHHfWEFCj2qGvFBMFIybiCOe
Dvoazjwnof6Uah8WpbmUCIslw2AsD2d5wpHTNkNjOJgpS8l2rzXw5IRs332H6+c8
6C/jhWECBjI+7ufjHiTITwkEQfYs+Ff0vqza4vVuxhdYOMOgo5VjItkBsQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFLUnXHl9/1imDzkqjaULff+EwRZ/MB8GA1UdIwQY
MBaAFKs0SzL1i1ZMiXof+mlnCJGY8sgiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcXpSTE12V0xWa3lKZWhfNmFXY0lrWmp5eUNJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82ZS80MThiNmEtYmNmYy00NTYwLWI5YjEt
MDFhZWM5MjBjNzJlLzEvdFNkY2VYM19XS1lQT1NxTnBRdDlfNFRCRm44LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82ZS80MThiNmEtYmNmYy00NTYwLWI5YjEtMDFhZWM5MjBjNzJl
LzEvcXpSTE12V0xWa3lKZWhfNmFXY0lrWmp5eUNJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuSj4MA0E
AgACMAcDBQAqAVCgMA0GCSqGSIb3DQEBCwUAA4IBAQAQTxAwiJZqO3N2X0xaB1b4
tpkswcLMWIxY4RnRZ+gvGjlQRTRgCsQN9MbbV8LV1pa/EDTIDk+0pkB/sNNxO88y
HJGMAJckJTgLRBL5h0Id+oewV42zi0OASCNT5cJpYSMrIc9Aq11rr6ctVzDpvYnK
YrBUkAuMG/QgN5aRVGTPPMzkLfUE1kLFU70DUrxnFH9UO0y6piAhfTVq2T+xFTpS
hLSBmnP8vGmGHxasYOivw0QGD7Xdf3+A6DwJHNEknHDx3S/j5IoEW0Kd+rQTGNrf
oEW7ugqzJh/Rntzv3+rP/yPTOVHi2p4Inp1UR1U/He+kdmcmCzawmodH7OXyETIu
-----END CERTIFICATE-----