Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/4dd198-93cb-459c-bee2-2d1daa299e83/1/rnBvIUiPG215g2G4TvJ3vJPLCJg.roa
File:                     rnBvIUiPG215g2G4TvJ3vJPLCJg.roa (raw, json)
Hash identifier:          QymikogB0QXOb1awGtB0gQkLWC08JbHRqFZVMECKiDM=
Subject key identifier:   AE:70:6F:21:48:8F:1B:6D:79:83:61:B8:4E:F2:77:BC:93:CB:08:98
Certificate issuer:       /CN=b7c8df3da33938bf1b245f1c4479fd24dd9f94f0
Certificate serial:       019424B32D8BFD640676400795C498639FAE
Authority key identifier: B7:C8:DF:3D:A3:39:38:BF:1B:24:5F:1C:44:79:FD:24:DD:9F:94:F0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/t8jfPaM5OL8bJF8cRHn9JN2flPA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/87/4dd198-93cb-459c-bee2-2d1daa299e83/1/rnBvIUiPG215g2G4TvJ3vJPLCJg.roa
Signing time:             Thu 02 Jan 2025 01:48:29 +0000
ROA not before:           Thu 02 Jan 2025 01:48:29 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     200064
IP address blocks:        185.238.164.0/22 maxlen: 22
                          185.238.164.0/24 maxlen: 24
                          185.238.165.0/24 maxlen: 24
                          185.238.166.0/24 maxlen: 24
                          185.238.167.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/87/4dd198-93cb-459c-bee2-2d1daa299e83/1/t8jfPaM5OL8bJF8cRHn9JN2flPA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/87/4dd198-93cb-459c-bee2-2d1daa299e83/1/t8jfPaM5OL8bJF8cRHn9JN2flPA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/t8jfPaM5OL8bJF8cRHn9JN2flPA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 15 Mar 2025 03:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:b3:2d:8b:fd:64:06:76:40:07:95:c4:98:63:9f:ae
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b7c8df3da33938bf1b245f1c4479fd24dd9f94f0
        Validity
            Not Before: Jan  2 01:48:29 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ae706f21488f1b6d798361b84ef277bc93cb0898
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:03:56:1a:98:4e:38:75:6e:11:0f:53:76:2d:
                    9f:f5:82:7f:08:5e:2f:d6:39:3d:95:8f:cc:e4:d0:
                    a6:0b:85:4d:03:65:b2:04:bf:27:98:be:e5:e8:ac:
                    2b:2e:6b:bb:ea:77:25:98:b4:ce:37:64:b8:7e:21:
                    c4:87:2b:28:93:81:38:7e:0b:3d:77:fc:e2:46:34:
                    0e:88:ea:42:4e:09:70:6c:43:c2:22:5f:43:8a:de:
                    e6:8b:db:8e:1f:52:a2:8b:54:23:b6:ef:99:ef:30:
                    7c:b6:86:ff:55:27:eb:60:53:94:fd:94:bc:b2:34:
                    b9:a6:b2:46:d9:bd:44:fc:78:9e:bd:66:0f:d2:b2:
                    e4:eb:d0:ca:8a:d1:da:0d:83:c3:53:57:48:28:fb:
                    ae:2a:f6:57:5e:cb:68:05:0f:99:7b:99:38:3a:84:
                    72:9a:64:ba:ff:d9:64:b5:25:8d:5b:07:17:1d:b1:
                    ca:a5:41:79:e2:92:cc:52:42:6c:1e:bc:f0:e9:c3:
                    c8:c6:8e:f9:61:e2:97:d2:d1:b3:11:b3:a8:54:a2:
                    de:56:6c:8f:be:57:17:84:bd:74:75:cd:aa:0e:62:
                    2f:22:04:92:9b:21:fe:90:e9:ca:db:c6:be:b9:38:
                    e6:03:c5:1a:b9:d1:8c:9b:17:64:57:5a:08:21:dd:
                    de:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AE:70:6F:21:48:8F:1B:6D:79:83:61:B8:4E:F2:77:BC:93:CB:08:98
            X509v3 Authority Key Identifier:
                keyid:B7:C8:DF:3D:A3:39:38:BF:1B:24:5F:1C:44:79:FD:24:DD:9F:94:F0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/t8jfPaM5OL8bJF8cRHn9JN2flPA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/4dd198-93cb-459c-bee2-2d1daa299e83/1/rnBvIUiPG215g2G4TvJ3vJPLCJg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/87/4dd198-93cb-459c-bee2-2d1daa299e83/1/t8jfPaM5OL8bJF8cRHn9JN2flPA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.238.164.0/22

    Signature Algorithm: sha256WithRSAEncryption
         37:38:eb:13:3f:e2:b3:8c:66:8c:ba:70:a3:b8:08:95:b1:41:
         c4:6f:ce:47:72:e1:72:f3:7c:b5:8f:6b:23:05:8e:2d:c3:7f:
         b1:91:3c:b6:02:b8:82:cb:57:9f:c9:e2:fe:27:ae:9f:9d:30:
         a5:03:4e:5a:bb:7f:6f:78:cc:c2:ff:14:18:7a:fe:8f:89:0f:
         e8:45:c3:8d:b3:57:83:4c:95:51:40:47:48:78:4d:d9:b0:44:
         46:cd:0a:c7:d6:97:84:37:d4:54:30:6c:5b:cd:d8:51:4b:03:
         70:da:93:52:1c:6c:4d:cf:a2:96:96:02:c0:c6:db:42:31:53:
         31:40:52:00:a3:fe:10:59:b3:d4:8f:72:a5:17:03:7f:83:da:
         6d:24:a5:fd:d3:ef:a7:97:1e:b6:3d:e9:85:59:fb:b1:30:e6:
         3d:a9:62:b6:38:9c:4f:82:2d:6f:cd:60:f2:43:6d:e5:01:d9:
         5a:e9:d8:45:7b:97:41:f3:11:04:18:ec:da:61:cb:a6:c3:cd:
         cc:8a:59:21:42:99:d6:f0:89:95:e8:26:12:2a:5f:44:a7:8a:
         07:34:9f:40:37:ca:c8:7a:92:75:a3:16:98:1b:62:78:81:2b:
         d0:57:58:e9:9c:88:bb:84:77:23:b5:dc:97:7c:ac:06:0f:2e:
         7b:1d:24:2f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQksy2L/WQGdkAHlcSYY5+uMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI3YzhkZjNkYTMzOTM4YmYxYjI0NWYxYzQ0NzlmZDI0ZGQ5
Zjk0ZjAwHhcNMjUwMTAyMDE0ODI5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZTcwNmYyMTQ4OGYxYjZkNzk4MzYxYjg0ZWYyNzdiYzkzY2IwODk4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoQNWGphOOHVuEQ9Tdi2f9YJ/CF4v
1jk9lY/M5NCmC4VNA2WyBL8nmL7l6KwrLmu76nclmLTON2S4fiHEhysok4E4fgs9
d/ziRjQOiOpCTglwbEPCIl9Dit7mi9uOH1Kii1Qjtu+Z7zB8tob/VSfrYFOU/ZS8
sjS5prJG2b1E/HievWYP0rLk69DKitHaDYPDU1dIKPuuKvZXXstoBQ+Ze5k4OoRy
mmS6/9lktSWNWwcXHbHKpUF54pLMUkJsHrzw6cPIxo75YeKX0tGzEbOoVKLeVmyP
vlcXhL10dc2qDmIvIgSSmyH+kOnK28a+uTjmA8UaudGMmxdkV1oIId3edQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFK5wbyFIjxtteYNhuE7yd7yTywiYMB8GA1UdIwQY
MBaAFLfI3z2jOTi/GyRfHER5/STdn5TwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdDhqZlBhTTVPTDhiSkY4Y1JIbjlKTjJmbFBBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny80ZGQxOTgtOTNjYi00NTljLWJlZTIt
MmQxZGFhMjk5ZTgzLzEvcm5CdklVaVBHMjE1ZzJHNFR2SjN2SlBMQ0pnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ny80ZGQxOTgtOTNjYi00NTljLWJlZTItMmQxZGFhMjk5ZTgz
LzEvdDhqZlBhTTVPTDhiSkY4Y1JIbjlKTjJmbFBBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCue6kMA0G
CSqGSIb3DQEBCwUAA4IBAQA3OOsTP+KzjGaMunCjuAiVsUHEb85HcuFy83y1j2sj
BY4tw3+xkTy2AriCy1efyeL+J66fnTClA05au39veMzC/xQYev6PiQ/oRcONs1eD
TJVRQEdIeE3ZsERGzQrH1peEN9RUMGxbzdhRSwNw2pNSHGxNz6KWlgLAxttCMVMx
QFIAo/4QWbPUj3KlFwN/g9ptJKX90++nlx62PemFWfuxMOY9qWK2OJxPgi1vzWDy
Q23lAdla6dhFe5dB8xEEGOzaYcumw83MilkhQpnW8ImV6CYSKl9Ep4oHNJ9AN8rI
epJ1oxaYG2J4gSvQV1jpnIi7hHcjtdyXfKwGDy57HSQv
-----END CERTIFICATE-----