Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d9/887620-f385-43f4-9be2-a99c39090db4/1/sleOMLu6lCo0yQ_O9Go3ZMBJ4nQ.roa
File:                     sleOMLu6lCo0yQ_O9Go3ZMBJ4nQ.roa (raw, json)
Hash identifier:          mFLE25zkAY/mi0s19XSunEJLEf8g+Qy7QzSZ17V9QYU=
Subject key identifier:   B2:57:8E:30:BB:BA:94:2A:34:C9:0F:CE:F4:6A:37:64:C0:49:E2:74
Certificate issuer:       /CN=1d28b18df244db89f2b97a6c72629733b388602f
Certificate serial:       019421B1E9B0842CDEBB318CE163F9C5D64C
Authority key identifier: 1D:28:B1:8D:F2:44:DB:89:F2:B9:7A:6C:72:62:97:33:B3:88:60:2F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HSixjfJE24nyuXpscmKXM7OIYC8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d9/887620-f385-43f4-9be2-a99c39090db4/1/sleOMLu6lCo0yQ_O9Go3ZMBJ4nQ.roa
Signing time:             Wed 01 Jan 2025 11:48:15 +0000
ROA not before:           Wed 01 Jan 2025 11:48:15 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     33856
IP address blocks:        185.98.252.0/22 maxlen: 24
                          2a04:6600::/29 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d9/887620-f385-43f4-9be2-a99c39090db4/1/HSixjfJE24nyuXpscmKXM7OIYC8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d9/887620-f385-43f4-9be2-a99c39090db4/1/HSixjfJE24nyuXpscmKXM7OIYC8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HSixjfJE24nyuXpscmKXM7OIYC8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 22:00:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:b1:e9:b0:84:2c:de:bb:31:8c:e1:63:f9:c5:d6:4c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1d28b18df244db89f2b97a6c72629733b388602f
        Validity
            Not Before: Jan  1 11:48:15 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b2578e30bbba942a34c90fcef46a3764c049e274
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:4e:3e:af:34:95:df:8a:37:46:dc:fe:e6:40:
                    62:55:65:be:99:a2:27:10:10:a1:8b:7b:86:b0:7f:
                    20:f4:df:1b:54:ca:4f:87:bc:e1:42:86:6b:44:7d:
                    20:d8:4a:18:1e:1d:d3:69:d2:74:fb:32:e9:87:7f:
                    52:cf:e0:f3:d8:b9:46:c8:e1:f1:b8:ce:35:cc:3d:
                    32:33:1c:31:0a:f7:f8:a7:83:d8:ea:5a:bf:cd:58:
                    cd:b1:68:87:34:86:bf:dd:38:e6:9e:49:9a:87:09:
                    59:43:1d:26:83:a0:99:56:e8:ef:f8:96:5c:66:49:
                    37:97:0d:ec:b3:78:2b:1f:8f:4d:43:15:81:c4:b9:
                    f7:07:5e:c4:f6:9b:54:76:06:36:41:63:32:cc:e8:
                    1d:93:09:95:4e:d0:52:12:46:b0:44:24:46:44:47:
                    e4:30:98:60:24:4c:48:88:bb:dc:e5:50:d5:d4:32:
                    88:16:e5:7c:5e:2b:d4:8b:49:44:0f:f5:f8:0d:71:
                    f7:fb:2a:e2:87:80:c6:23:79:1a:63:00:4b:c2:1c:
                    92:30:19:c3:b4:c3:fb:04:91:e1:f8:cb:f6:62:27:
                    03:f4:11:72:02:59:2d:d5:15:ff:d3:7e:59:0c:1f:
                    dd:19:a9:3c:21:68:fc:79:4b:5f:96:db:d4:71:f6:
                    fc:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B2:57:8E:30:BB:BA:94:2A:34:C9:0F:CE:F4:6A:37:64:C0:49:E2:74
            X509v3 Authority Key Identifier:
                keyid:1D:28:B1:8D:F2:44:DB:89:F2:B9:7A:6C:72:62:97:33:B3:88:60:2F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HSixjfJE24nyuXpscmKXM7OIYC8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/887620-f385-43f4-9be2-a99c39090db4/1/sleOMLu6lCo0yQ_O9Go3ZMBJ4nQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/887620-f385-43f4-9be2-a99c39090db4/1/HSixjfJE24nyuXpscmKXM7OIYC8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.98.252.0/22
                IPv6:
                  2a04:6600::/29

    Signature Algorithm: sha256WithRSAEncryption
         5f:a2:6c:f0:94:ad:43:1d:31:90:b5:53:d2:51:c7:fa:0c:7f:
         a1:68:d3:b0:40:b3:58:40:87:8e:a9:da:2c:be:c6:87:0c:40:
         8b:7b:00:69:2f:b5:c6:ed:bd:b3:22:8c:47:4a:bc:58:f5:01:
         d2:0d:65:d1:fb:e6:c6:50:52:ca:1b:8c:b8:9b:8f:ba:87:06:
         0a:59:4b:48:ad:91:5e:88:01:37:df:1a:5f:b1:e2:4f:b2:e4:
         ed:0b:59:02:32:a8:3e:a7:d3:ed:50:9b:aa:54:73:06:57:93:
         a4:5a:99:41:9a:98:30:92:24:23:e3:9c:56:37:bc:a6:be:2c:
         59:64:4f:e9:7d:d2:c4:f2:e3:e2:72:b9:de:ad:9d:26:db:82:
         2d:86:a4:ba:38:56:86:33:57:95:ce:2b:b8:13:de:90:95:3d:
         e8:74:18:b8:ed:78:e2:52:9f:d3:e0:e1:49:fb:86:83:2d:7f:
         a0:f3:19:c7:63:93:3a:18:4a:e3:e6:d6:ca:e7:77:02:79:3e:
         48:7f:62:56:d4:b0:dd:cf:2c:55:76:a8:e8:62:a1:e3:55:f2:
         67:38:65:0a:20:33:2d:e5:fb:1f:9f:76:1b:87:a1:ef:e3:d0:
         ad:74:67:9c:3a:91:85:d0:77:bf:36:6d:fa:d0:14:65:13:24:
         35:9c:2d:fa
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQhsemwhCzeuzGM4WP5xdZMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFkMjhiMThkZjI0NGRiODlmMmI5N2E2YzcyNjI5NzMzYjM4
ODYwMmYwHhcNMjUwMTAxMTE0ODE1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMjU3OGUzMGJiYmE5NDJhMzRjOTBmY2VmNDZhMzc2NGMwNDllMjc0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnE4+rzSV34o3Rtz+5kBiVWW+maIn
EBChi3uGsH8g9N8bVMpPh7zhQoZrRH0g2EoYHh3TadJ0+zLph39Sz+Dz2LlGyOHx
uM41zD0yMxwxCvf4p4PY6lq/zVjNsWiHNIa/3TjmnkmahwlZQx0mg6CZVujv+JZc
Zkk3lw3ss3grH49NQxWBxLn3B17E9ptUdgY2QWMyzOgdkwmVTtBSEkawRCRGREfk
MJhgJExIiLvc5VDV1DKIFuV8XivUi0lED/X4DXH3+yrih4DGI3kaYwBLwhySMBnD
tMP7BJHh+Mv2YicD9BFyAlkt1RX/035ZDB/dGak8IWj8eUtfltvUcfb8yQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFLJXjjC7upQqNMkPzvRqN2TASeJ0MB8GA1UdIwQY
MBaAFB0osY3yRNuJ8rl6bHJilzOziGAvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSFNpeGpmSkUyNG55dVhwc2NtS1hNN09JWUM4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kOS84ODc2MjAtZjM4NS00M2Y0LTliZTIt
YTk5YzM5MDkwZGI0LzEvc2xlT01MdTZsQ28weVFfTzlHbzNaTUJKNG5RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kOS84ODc2MjAtZjM4NS00M2Y0LTliZTItYTk5YzM5MDkwZGI0
LzEvSFNpeGpmSkUyNG55dVhwc2NtS1hNN09JWUM4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuWL8MA0E
AgACMAcDBQMqBGYAMA0GCSqGSIb3DQEBCwUAA4IBAQBfomzwlK1DHTGQtVPSUcf6
DH+haNOwQLNYQIeOqdosvsaHDECLewBpL7XG7b2zIoxHSrxY9QHSDWXR++bGUFLK
G4y4m4+6hwYKWUtIrZFeiAE33xpfseJPsuTtC1kCMqg+p9PtUJuqVHMGV5OkWplB
mpgwkiQj45xWN7ymvixZZE/pfdLE8uPicrnerZ0m24IthqS6OFaGM1eVziu4E96Q
lT3odBi47XjiUp/T4OFJ+4aDLX+g8xnHY5M6GErj5tbK53cCeT5If2JW1LDdzyxV
dqjoYqHjVfJnOGUKIDMt5fsfn3Ybh6Hv49CtdGecOpGF0He/Nm360BRlEyQ1nC36
-----END CERTIFICATE-----