Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/90/4bc2af-4f6d-45bd-aa10-e8702ea59016/1/kDhp1dHjDBAXX9BsUPItX2dtNTc.roa
File:                     kDhp1dHjDBAXX9BsUPItX2dtNTc.roa (raw, json)
Hash identifier:          PynDqUC0SP3COf4tmeohMx6MacUGS0U4TVEP+3iExHk=
Subject key identifier:   90:38:69:D5:D1:E3:0C:10:17:5F:D0:6C:50:F2:2D:5F:67:6D:35:37
Certificate issuer:       /CN=f3752c10f1b0d07b5f48e579dfd14e372713fb47
Certificate serial:       01942144353DD166D5102C74B05E4903881A
Authority key identifier: F3:75:2C:10:F1:B0:D0:7B:5F:48:E5:79:DF:D1:4E:37:27:13:FB:47
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/83UsEPGw0HtfSOV539FONycT-0c.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/90/4bc2af-4f6d-45bd-aa10-e8702ea59016/1/kDhp1dHjDBAXX9BsUPItX2dtNTc.roa
Signing time:             Wed 01 Jan 2025 09:48:25 +0000
ROA not before:           Wed 01 Jan 2025 09:48:25 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     206692
IP address blocks:        185.178.220.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/90/4bc2af-4f6d-45bd-aa10-e8702ea59016/1/83UsEPGw0HtfSOV539FONycT-0c.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/90/4bc2af-4f6d-45bd-aa10-e8702ea59016/1/83UsEPGw0HtfSOV539FONycT-0c.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/83UsEPGw0HtfSOV539FONycT-0c.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 22 Apr 2025 10:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:44:35:3d:d1:66:d5:10:2c:74:b0:5e:49:03:88:1a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f3752c10f1b0d07b5f48e579dfd14e372713fb47
        Validity
            Not Before: Jan  1 09:48:25 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=903869d5d1e30c10175fd06c50f22d5f676d3537
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:67:f1:27:61:dd:97:d0:a6:ae:ab:50:4a:89:
                    e7:8a:35:76:3e:cc:49:e9:fd:62:ea:dd:46:d0:6c:
                    86:75:41:cd:20:94:bc:a9:33:15:36:f8:15:ed:2f:
                    2f:52:7d:89:9d:69:f4:67:e4:86:d4:53:b5:3e:2b:
                    f3:87:99:41:d2:0c:52:4c:dd:91:56:27:e2:d8:f2:
                    c6:2e:7e:cb:08:f3:3e:01:06:7c:80:7a:a4:b1:41:
                    47:88:93:50:67:03:53:e7:65:c9:8b:3c:d7:75:01:
                    33:3e:e9:ea:0f:8b:e1:40:61:d2:72:d7:43:41:cb:
                    ed:fa:55:11:c9:8f:45:42:f0:81:88:b4:5d:62:6a:
                    a7:c8:22:79:a2:84:3c:29:1c:67:72:fb:fa:0b:ba:
                    2c:44:81:49:e6:32:f7:7a:de:f9:52:ed:91:3a:8d:
                    20:45:30:2c:bb:50:a1:53:4a:7a:ae:aa:dc:51:26:
                    4b:d2:94:bb:29:8d:62:42:56:b3:fe:4c:a5:f4:a2:
                    f4:be:e4:89:70:b5:d4:ae:da:94:64:26:ff:73:e3:
                    7f:11:d3:8b:5e:06:c8:80:99:54:65:31:40:e5:53:
                    83:eb:77:c8:26:46:36:ce:92:c9:43:68:0b:81:78:
                    8a:75:e5:75:ad:d5:eb:ae:01:b8:0c:ac:be:96:2c:
                    8b:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                90:38:69:D5:D1:E3:0C:10:17:5F:D0:6C:50:F2:2D:5F:67:6D:35:37
            X509v3 Authority Key Identifier:
                keyid:F3:75:2C:10:F1:B0:D0:7B:5F:48:E5:79:DF:D1:4E:37:27:13:FB:47

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/83UsEPGw0HtfSOV539FONycT-0c.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/90/4bc2af-4f6d-45bd-aa10-e8702ea59016/1/kDhp1dHjDBAXX9BsUPItX2dtNTc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/90/4bc2af-4f6d-45bd-aa10-e8702ea59016/1/83UsEPGw0HtfSOV539FONycT-0c.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.178.220.0/22

    Signature Algorithm: sha256WithRSAEncryption
         60:a1:78:1c:16:a2:86:43:1d:7d:c4:6e:6c:0b:59:c4:0c:a2:
         ab:9f:76:8b:95:36:09:2a:93:79:2b:70:79:1f:4d:2b:c9:f9:
         63:7b:54:15:c0:ca:27:97:87:68:8f:78:9f:34:92:69:7a:a4:
         2a:24:5b:e5:e9:d7:e6:aa:db:72:e8:93:67:63:51:99:72:81:
         b3:d5:14:62:3e:43:21:b4:d4:6c:98:c3:6c:9e:b6:42:ac:f6:
         0c:9f:d4:27:3a:6f:84:c0:ea:77:5f:1f:ea:8b:12:79:40:2c:
         e2:27:43:4d:11:c4:e8:10:2f:dc:e0:98:7a:0b:e0:50:51:b6:
         a5:63:ea:ca:03:f8:2d:29:2c:c8:07:d4:6a:b2:88:9a:22:51:
         3a:a3:9c:4f:1c:a2:89:fb:46:93:ec:d2:eb:b0:33:4d:41:5f:
         b8:00:02:9e:23:84:ad:e8:8b:43:05:13:ab:4f:10:4b:a0:81:
         4d:db:5b:eb:b3:4e:da:92:3a:af:4e:8d:77:89:a2:eb:d7:1f:
         4a:3f:d8:08:e3:52:f3:b8:fd:4e:0e:e9:72:eb:f1:96:73:8c:
         7b:94:c9:32:f0:21:ac:61:98:fe:94:50:b4:90:b0:0b:22:8f:
         37:86:71:36:ae:d9:88:14:2d:0c:6e:02:ae:9b:c3:88:6c:b8:
         21:18:8a:01
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhRDU90WbVECx0sF5JA4gaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYzNzUyYzEwZjFiMGQwN2I1ZjQ4ZTU3OWRmZDE0ZTM3Mjcx
M2ZiNDcwHhcNMjUwMTAxMDk0ODI1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MDM4NjlkNWQxZTMwYzEwMTc1ZmQwNmM1MGYyMmQ1ZjY3NmQzNTM3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuGfxJ2Hdl9CmrqtQSonnijV2PsxJ
6f1i6t1G0GyGdUHNIJS8qTMVNvgV7S8vUn2JnWn0Z+SG1FO1Pivzh5lB0gxSTN2R
Vifi2PLGLn7LCPM+AQZ8gHqksUFHiJNQZwNT52XJizzXdQEzPunqD4vhQGHSctdD
Qcvt+lURyY9FQvCBiLRdYmqnyCJ5ooQ8KRxncvv6C7osRIFJ5jL3et75Uu2ROo0g
RTAsu1ChU0p6rqrcUSZL0pS7KY1iQlaz/kyl9KL0vuSJcLXUrtqUZCb/c+N/EdOL
XgbIgJlUZTFA5VOD63fIJkY2zpLJQ2gLgXiKdeV1rdXrrgG4DKy+liyLawIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJA4adXR4wwQF1/QbFDyLV9nbTU3MB8GA1UdIwQY
MBaAFPN1LBDxsNB7X0jled/RTjcnE/tHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvODNVc0VQR3cwSHRmU09WNTM5Rk9OeWNULTBjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85MC80YmMyYWYtNGY2ZC00NWJkLWFhMTAt
ZTg3MDJlYTU5MDE2LzEva0RocDFkSGpEQkFYWDlCc1VQSXRYMmR0TlRjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85MC80YmMyYWYtNGY2ZC00NWJkLWFhMTAtZTg3MDJlYTU5MDE2
LzEvODNVc0VQR3cwSHRmU09WNTM5Rk9OeWNULTBjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCubLcMA0G
CSqGSIb3DQEBCwUAA4IBAQBgoXgcFqKGQx19xG5sC1nEDKKrn3aLlTYJKpN5K3B5
H00ryflje1QVwMonl4doj3ifNJJpeqQqJFvl6dfmqtty6JNnY1GZcoGz1RRiPkMh
tNRsmMNsnrZCrPYMn9QnOm+EwOp3Xx/qixJ5QCziJ0NNEcToEC/c4Jh6C+BQUbal
Y+rKA/gtKSzIB9RqsoiaIlE6o5xPHKKJ+0aT7NLrsDNNQV+4AAKeI4St6ItDBROr
TxBLoIFN21vrs07akjqvTo13iaLr1x9KP9gI41LzuP1ODuly6/GWc4x7lMky8CGs
YZj+lFC0kLALIo83hnE2rtmIFC0MbgKum8OIbLghGIoB
-----END CERTIFICATE-----