Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f7/c3069e-5ffc-4c8c-91dc-31d197f139d8/1/1K9FnI645Yqoqp7v7ivnFFVcKlU.roa
File:                     1K9FnI645Yqoqp7v7ivnFFVcKlU.roa (raw, json)
Hash identifier:          h6hzrhT4kJEWC7V4ecnqwx0o1Jw9Qh9TGp5gYGQjVLY=
Subject key identifier:   D4:AF:45:9C:8E:B8:E5:8A:A8:AA:9E:EF:EE:2B:E7:14:55:5C:2A:55
Certificate issuer:       /CN=e875464e89816ef00b0369502018a7e59ce2d36c
Certificate serial:       019421B1D7FCD62812A3EE1A5819FFEF18CD
Authority key identifier: E8:75:46:4E:89:81:6E:F0:0B:03:69:50:20:18:A7:E5:9C:E2:D3:6C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6HVGTomBbvALA2lQIBin5Zzi02w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f7/c3069e-5ffc-4c8c-91dc-31d197f139d8/1/1K9FnI645Yqoqp7v7ivnFFVcKlU.roa
Signing time:             Wed 01 Jan 2025 11:48:10 +0000
ROA not before:           Wed 01 Jan 2025 11:48:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     199966
IP address blocks:        185.40.128.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f7/c3069e-5ffc-4c8c-91dc-31d197f139d8/1/6HVGTomBbvALA2lQIBin5Zzi02w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f7/c3069e-5ffc-4c8c-91dc-31d197f139d8/1/6HVGTomBbvALA2lQIBin5Zzi02w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6HVGTomBbvALA2lQIBin5Zzi02w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 18 Apr 2025 14:00:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:b1:d7:fc:d6:28:12:a3:ee:1a:58:19:ff:ef:18:cd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e875464e89816ef00b0369502018a7e59ce2d36c
        Validity
            Not Before: Jan  1 11:48:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d4af459c8eb8e58aa8aa9eefee2be714555c2a55
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:20:2e:88:53:68:5b:85:19:02:81:d8:79:4b:
                    2f:e9:0d:fc:12:4a:e3:2b:7a:ea:ac:12:3a:38:8e:
                    f9:d5:76:06:c4:df:bf:20:bb:b4:38:5b:b4:d1:c3:
                    22:6e:1d:65:be:cd:b5:a6:91:73:20:7c:4e:d8:ca:
                    28:3c:87:80:6f:1d:8e:12:8a:80:11:58:1d:8e:1e:
                    fb:95:43:e4:49:51:46:92:e6:1a:ae:bf:10:b5:bf:
                    58:39:a4:13:81:8c:a9:84:e3:4e:2f:ed:20:c9:18:
                    40:5f:d8:52:8e:b1:dd:c1:a0:a7:5c:2e:a4:62:35:
                    9a:d0:5f:51:fd:c3:e7:d5:46:53:9d:5f:8e:e0:e5:
                    dd:24:81:29:f8:71:fc:09:cb:c8:ce:4f:07:82:97:
                    8e:a5:d5:5e:e7:83:e0:e2:7a:6e:b5:1b:e1:14:4b:
                    12:03:92:ce:73:ea:ae:38:0e:48:1e:df:dc:51:2b:
                    ce:ea:87:d9:98:d6:1e:94:fc:d0:9b:46:4b:30:5b:
                    a7:16:bc:fe:f8:c3:b9:99:f1:8a:3c:e5:02:67:c2:
                    0b:3d:ca:25:06:b0:a1:2a:77:10:db:5e:dd:53:32:
                    c4:2c:3f:1a:3f:cc:2c:aa:f4:e9:6f:33:80:b7:7c:
                    9b:fc:ce:cb:0b:81:68:94:e3:f6:a1:cd:63:3f:7f:
                    12:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D4:AF:45:9C:8E:B8:E5:8A:A8:AA:9E:EF:EE:2B:E7:14:55:5C:2A:55
            X509v3 Authority Key Identifier:
                keyid:E8:75:46:4E:89:81:6E:F0:0B:03:69:50:20:18:A7:E5:9C:E2:D3:6C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6HVGTomBbvALA2lQIBin5Zzi02w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f7/c3069e-5ffc-4c8c-91dc-31d197f139d8/1/1K9FnI645Yqoqp7v7ivnFFVcKlU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f7/c3069e-5ffc-4c8c-91dc-31d197f139d8/1/6HVGTomBbvALA2lQIBin5Zzi02w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.40.128.0/22

    Signature Algorithm: sha256WithRSAEncryption
         53:34:14:52:aa:d1:7e:d3:bc:78:31:81:1d:a9:78:27:0f:80:
         a1:1f:d2:c7:65:bb:39:10:20:18:d4:f2:1f:49:5d:bb:f1:c8:
         97:2c:e6:02:bc:76:3e:36:e6:bf:e4:d2:43:12:2d:d7:b6:81:
         b8:25:19:a7:01:d4:33:08:49:ab:7f:e9:47:35:f8:ed:82:50:
         07:74:80:03:25:b4:ff:67:00:b1:9f:d8:d1:b9:b4:c7:55:ff:
         29:3c:7f:30:6f:dd:37:d9:64:6b:05:d0:9f:70:9d:c4:bc:1a:
         80:3a:8d:ea:a5:86:5f:9a:e0:07:ad:e3:b9:4b:bf:15:04:67:
         c4:8a:f3:42:1b:87:63:d4:a9:3b:a6:f5:90:0f:12:b5:c5:7f:
         ae:a9:43:1c:5b:35:ad:58:07:45:9c:6c:0d:db:8b:05:58:0c:
         3e:5a:fb:87:cd:25:41:b4:96:cc:ee:c3:b4:81:03:fd:4a:e9:
         c9:9e:26:04:88:f1:11:57:d6:60:03:c1:42:de:2b:aa:b9:d2:
         9c:3e:f6:33:00:e7:5e:d4:3e:e0:39:41:60:ef:2d:fa:b2:93:
         f1:e3:44:15:9d:0f:1f:d7:f4:4a:c9:c5:41:0c:fe:85:49:cb:
         fb:85:70:7f:a6:e2:e9:b5:da:be:26:2c:ec:c3:07:6d:cf:f6:
         21:97:f3:b7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhsdf81igSo+4aWBn/7xjNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU4NzU0NjRlODk4MTZlZjAwYjAzNjk1MDIwMThhN2U1OWNl
MmQzNmMwHhcNMjUwMTAxMTE0ODEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNGFmNDU5YzhlYjhlNThhYThhYTllZWZlZTJiZTcxNDU1NWMyYTU1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzCAuiFNoW4UZAoHYeUsv6Q38Ekrj
K3rqrBI6OI751XYGxN+/ILu0OFu00cMibh1lvs21ppFzIHxO2MooPIeAbx2OEoqA
EVgdjh77lUPkSVFGkuYarr8Qtb9YOaQTgYyphONOL+0gyRhAX9hSjrHdwaCnXC6k
YjWa0F9R/cPn1UZTnV+O4OXdJIEp+HH8CcvIzk8HgpeOpdVe54Pg4nputRvhFEsS
A5LOc+quOA5IHt/cUSvO6ofZmNYelPzQm0ZLMFunFrz++MO5mfGKPOUCZ8ILPcol
BrChKncQ217dUzLELD8aP8wsqvTpbzOAt3yb/M7LC4FolOP2oc1jP38SowIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNSvRZyOuOWKqKqe7+4r5xRVXCpVMB8GA1UdIwQY
MBaAFOh1Rk6JgW7wCwNpUCAYp+Wc4tNsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNkhWR1RvbUJidkFMQTJsUUlCaW41WnppMDJ3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNy9jMzA2OWUtNWZmYy00YzhjLTkxZGMt
MzFkMTk3ZjEzOWQ4LzEvMUs5Rm5JNjQ1WXFvcXA3djdpdm5GRlZjS2xVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNy9jMzA2OWUtNWZmYy00YzhjLTkxZGMtMzFkMTk3ZjEzOWQ4
LzEvNkhWR1RvbUJidkFMQTJsUUlCaW41WnppMDJ3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuSiAMA0G
CSqGSIb3DQEBCwUAA4IBAQBTNBRSqtF+07x4MYEdqXgnD4ChH9LHZbs5ECAY1PIf
SV278ciXLOYCvHY+Nua/5NJDEi3XtoG4JRmnAdQzCEmrf+lHNfjtglAHdIADJbT/
ZwCxn9jRubTHVf8pPH8wb9032WRrBdCfcJ3EvBqAOo3qpYZfmuAHreO5S78VBGfE
ivNCG4dj1Kk7pvWQDxK1xX+uqUMcWzWtWAdFnGwN24sFWAw+WvuHzSVBtJbM7sO0
gQP9SunJniYEiPERV9ZgA8FC3iuqudKcPvYzAOde1D7gOUFg7y36spPx40QVnQ8f
1/RKycVBDP6FScv7hXB/puLptdq+Jizswwdtz/Yhl/O3
-----END CERTIFICATE-----