Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/118413-b7aa-459c-99fa-4de1b520a594/1/4FXB0W838e2KDL7-L_x6UPsRNAQ.roa
File:                     4FXB0W838e2KDL7-L_x6UPsRNAQ.roa (raw, json)
Hash identifier:          LK8SbOkeipWhuTJTuor/1UupMV/BQue0Yrv+JoGi1Bc=
Subject key identifier:   E0:55:C1:D1:6F:37:F1:ED:8A:0C:BE:FE:2F:FC:7A:50:FB:11:34:04
Certificate issuer:       /CN=279669579b3ce61ee8ee7d6af7e314b0f726361f
Certificate serial:       019427478B5010CC4674DFB9FE68BEEE6B09
Authority key identifier: 27:96:69:57:9B:3C:E6:1E:E8:EE:7D:6A:F7:E3:14:B0:F7:26:36:1F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/J5ZpV5s85h7o7n1q9-MUsPcmNh8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/118413-b7aa-459c-99fa-4de1b520a594/1/4FXB0W838e2KDL7-L_x6UPsRNAQ.roa
Signing time:             Thu 02 Jan 2025 13:49:47 +0000
ROA not before:           Thu 02 Jan 2025 13:49:47 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     203512
IP address blocks:        185.129.120.0/24 maxlen: 24
                          185.129.122.0/24 maxlen: 24
                          185.129.123.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/118413-b7aa-459c-99fa-4de1b520a594/1/J5ZpV5s85h7o7n1q9-MUsPcmNh8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/118413-b7aa-459c-99fa-4de1b520a594/1/J5ZpV5s85h7o7n1q9-MUsPcmNh8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/J5ZpV5s85h7o7n1q9-MUsPcmNh8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 09 Apr 2025 13:00:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:47:8b:50:10:cc:46:74:df:b9:fe:68:be:ee:6b:09
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=279669579b3ce61ee8ee7d6af7e314b0f726361f
        Validity
            Not Before: Jan  2 13:49:47 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e055c1d16f37f1ed8a0cbefe2ffc7a50fb113404
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:f8:bb:00:3f:3c:4a:de:d8:ea:27:80:98:29:
                    70:2c:91:77:e4:c7:e9:1f:11:8c:98:1f:97:d8:76:
                    64:e7:07:bb:7d:63:87:b4:87:ce:0f:3a:18:db:af:
                    f3:cd:a9:a4:8e:35:a5:26:82:ae:67:fe:bc:4d:9d:
                    eb:97:9f:ec:fb:d4:11:3b:34:15:67:b8:6d:13:d2:
                    dc:fc:78:cb:62:0f:f6:57:95:3f:c8:d8:ed:e0:c1:
                    cc:0c:49:da:be:d7:3b:37:75:47:76:55:9e:03:b7:
                    cd:c4:40:21:8c:97:77:0a:09:c4:2c:36:2b:af:4a:
                    6d:84:ff:ea:37:a9:f4:89:0b:cc:82:86:a6:85:76:
                    98:2a:e7:34:9f:9d:53:95:91:53:30:6a:3b:9a:5e:
                    dd:43:07:37:13:69:47:89:96:cf:c1:14:e7:95:c4:
                    fd:21:e4:bb:74:c5:09:bb:1d:9e:aa:ec:9b:f9:8c:
                    25:12:3b:05:5d:cb:6f:df:5e:3e:c1:4a:4b:a7:88:
                    77:5d:5e:d5:54:62:81:f2:4e:60:4c:95:3f:36:ad:
                    06:44:84:c1:9a:6a:a1:fd:fc:9d:79:f9:fb:7d:86:
                    0c:7e:43:c3:a3:cf:03:55:3d:ab:67:38:7e:11:c0:
                    17:77:be:ae:cb:71:56:c9:0e:ef:d7:72:2a:29:0c:
                    43:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E0:55:C1:D1:6F:37:F1:ED:8A:0C:BE:FE:2F:FC:7A:50:FB:11:34:04
            X509v3 Authority Key Identifier:
                keyid:27:96:69:57:9B:3C:E6:1E:E8:EE:7D:6A:F7:E3:14:B0:F7:26:36:1F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/J5ZpV5s85h7o7n1q9-MUsPcmNh8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/118413-b7aa-459c-99fa-4de1b520a594/1/4FXB0W838e2KDL7-L_x6UPsRNAQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/118413-b7aa-459c-99fa-4de1b520a594/1/J5ZpV5s85h7o7n1q9-MUsPcmNh8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.129.120.0/24
                  185.129.122.0/23

    Signature Algorithm: sha256WithRSAEncryption
         96:61:eb:2c:1f:0d:c5:b4:d2:6e:95:9e:df:48:a8:eb:14:26:
         2a:dd:59:43:b6:3e:e6:b5:af:a1:7f:a0:63:f0:5a:34:48:11:
         4c:76:2d:a5:fc:81:79:37:e4:af:5a:ee:8d:fa:82:00:55:1d:
         33:8d:3d:11:d4:1b:38:a0:b2:f6:cf:23:bf:d1:67:83:97:60:
         96:a8:d8:22:db:5e:b1:ca:0a:32:c5:34:11:d1:50:87:c4:14:
         7c:11:6b:3e:50:34:32:8d:99:48:42:37:bc:2a:70:cb:54:cf:
         2b:9f:29:26:79:e4:47:56:b9:93:31:48:0d:00:14:b0:07:ca:
         c7:41:08:a5:ef:49:66:f1:56:02:44:31:8e:c9:a1:1e:d9:13:
         c9:15:52:bb:14:12:ac:16:7e:ee:c3:c2:96:c4:a9:02:78:5f:
         dd:02:c0:6b:2e:85:71:af:b2:e9:c0:c5:ab:84:06:fc:68:26:
         65:5a:ac:c5:17:93:9d:6f:fb:98:2d:f0:e6:52:7d:75:a9:a9:
         e8:f3:96:8f:be:fa:50:6f:5d:94:8f:87:4c:37:1e:e9:5d:17:
         63:da:c6:a4:d4:21:17:85:fd:6d:82:8f:bf:1d:c4:25:20:52:
         6d:54:0d:a5:4d:83:c2:76:d9:0e:9e:c5:88:59:f9:02:1a:f2:
         bf:23:cb:fe
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQnR4tQEMxGdN+5/mi+7msJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI3OTY2OTU3OWIzY2U2MWVlOGVlN2Q2YWY3ZTMxNGIwZjcy
NjM2MWYwHhcNMjUwMTAyMTM0OTQ3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMDU1YzFkMTZmMzdmMWVkOGEwY2JlZmUyZmZjN2E1MGZiMTEzNDA0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz/i7AD88St7Y6ieAmClwLJF35Mfp
HxGMmB+X2HZk5we7fWOHtIfODzoY26/zzamkjjWlJoKuZ/68TZ3rl5/s+9QROzQV
Z7htE9Lc/HjLYg/2V5U/yNjt4MHMDEnavtc7N3VHdlWeA7fNxEAhjJd3CgnELDYr
r0pthP/qN6n0iQvMgoamhXaYKuc0n51TlZFTMGo7ml7dQwc3E2lHiZbPwRTnlcT9
IeS7dMUJux2equyb+YwlEjsFXctv314+wUpLp4h3XV7VVGKB8k5gTJU/Nq0GRITB
mmqh/fydefn7fYYMfkPDo88DVT2rZzh+EcAXd76uy3FWyQ7v13IqKQxDjQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFOBVwdFvN/Htigy+/i/8elD7ETQEMB8GA1UdIwQY
MBaAFCeWaVebPOYe6O59avfjFLD3JjYfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSjVacFY1czg1aDdvN24xcTktTVVzUGNtTmg4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS8xMTg0MTMtYjdhYS00NTljLTk5ZmEt
NGRlMWI1MjBhNTk0LzEvNEZYQjBXODM4ZTJLREw3LUxfeDZVUHNSTkFRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS8xMTg0MTMtYjdhYS00NTljLTk5ZmEtNGRlMWI1MjBhNTk0
LzEvSjVacFY1czg1aDdvN24xcTktTVVzUGNtTmg4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAuYF4AwQB
uYF6MA0GCSqGSIb3DQEBCwUAA4IBAQCWYessHw3FtNJulZ7fSKjrFCYq3VlDtj7m
ta+hf6Bj8Fo0SBFMdi2l/IF5N+SvWu6N+oIAVR0zjT0R1Bs4oLL2zyO/0WeDl2CW
qNgi216xygoyxTQR0VCHxBR8EWs+UDQyjZlIQje8KnDLVM8rnykmeeRHVrmTMUgN
ABSwB8rHQQil70lm8VYCRDGOyaEe2RPJFVK7FBKsFn7uw8KWxKkCeF/dAsBrLoVx
r7LpwMWrhAb8aCZlWqzFF5Odb/uYLfDmUn11qano85aPvvpQb12Uj4dMNx7pXRdj
2sak1CEXhf1tgo+/HcQlIFJtVA2lTYPCdtkOnsWIWfkCGvK/I8v+
-----END CERTIFICATE-----