Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ff/9f2ffa-237b-474b-8880-46fd46d6b547/1/y1M_0IPPUhADZVWuik8Z4f_wo9M.roa
File:                     y1M_0IPPUhADZVWuik8Z4f_wo9M.roa (raw, json)
Hash identifier:          eHKjTvDyh23zI8FCfLLfE/ibDHPOekWU95t2XI4Bzzc=
Subject key identifier:   CB:53:3F:D0:83:CF:52:10:03:65:55:AE:8A:4F:19:E1:FF:F0:A3:D3
Certificate issuer:       /CN=9442ced12d7bb049cd1cdf8df7ba5a957655386c
Certificate serial:       01942444F34A4A070EF8EE001EBCD10861AB
Authority key identifier: 94:42:CE:D1:2D:7B:B0:49:CD:1C:DF:8D:F7:BA:5A:95:76:55:38:6C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/lELO0S17sEnNHN-N97palXZVOGw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ff/9f2ffa-237b-474b-8880-46fd46d6b547/1/y1M_0IPPUhADZVWuik8Z4f_wo9M.roa
Signing time:             Wed 01 Jan 2025 23:48:05 +0000
ROA not before:           Wed 01 Jan 2025 23:48:05 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     51263
IP address blocks:        185.164.180.0/22 maxlen: 22
                          2a0b:4c00::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ff/9f2ffa-237b-474b-8880-46fd46d6b547/1/lELO0S17sEnNHN-N97palXZVOGw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ff/9f2ffa-237b-474b-8880-46fd46d6b547/1/lELO0S17sEnNHN-N97palXZVOGw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/lELO0S17sEnNHN-N97palXZVOGw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 23 Apr 2025 14:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:44:f3:4a:4a:07:0e:f8:ee:00:1e:bc:d1:08:61:ab
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9442ced12d7bb049cd1cdf8df7ba5a957655386c
        Validity
            Not Before: Jan  1 23:48:05 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=cb533fd083cf5210036555ae8a4f19e1fff0a3d3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:67:7d:a9:98:3a:67:74:3d:df:de:2e:45:19:
                    e9:bd:12:ff:e7:d2:80:90:91:0c:3c:7f:00:74:bd:
                    a0:aa:7e:db:78:9a:e5:87:22:9c:35:f3:40:a5:ae:
                    26:bb:db:47:d0:16:29:b7:e4:d5:75:ef:db:ba:65:
                    13:84:bf:a9:98:6c:58:52:bf:fe:a2:46:8a:53:cb:
                    0a:2a:91:46:40:6b:86:b4:3c:aa:c6:c8:97:6d:e8:
                    27:dd:7d:b0:04:69:b6:57:3a:a0:14:da:b6:78:4b:
                    e9:63:b3:83:9a:d5:a3:8a:d4:20:45:a7:e5:9e:a0:
                    64:05:b4:67:21:36:af:67:c4:9b:43:8a:b5:b4:50:
                    6f:65:03:e9:a6:cb:b3:3f:ae:2b:6d:3e:b4:84:62:
                    cb:a7:43:ec:a9:e7:60:b0:35:47:ed:bb:f7:af:24:
                    95:24:37:eb:19:6b:e4:e8:04:ac:6d:15:10:74:d6:
                    6e:96:4b:25:9f:f7:87:7f:f4:84:b6:ae:d1:f1:da:
                    94:c4:30:2d:cc:2e:ce:77:d0:0e:63:a8:a8:22:7b:
                    bb:53:05:e5:bc:13:c4:52:59:43:da:6a:5f:ed:a1:
                    7d:3c:86:82:7c:39:40:1b:58:ad:e1:3d:26:73:49:
                    8e:5e:ae:17:1e:0f:4f:80:31:6b:28:b0:b5:12:ac:
                    5a:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CB:53:3F:D0:83:CF:52:10:03:65:55:AE:8A:4F:19:E1:FF:F0:A3:D3
            X509v3 Authority Key Identifier:
                keyid:94:42:CE:D1:2D:7B:B0:49:CD:1C:DF:8D:F7:BA:5A:95:76:55:38:6C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lELO0S17sEnNHN-N97palXZVOGw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/9f2ffa-237b-474b-8880-46fd46d6b547/1/y1M_0IPPUhADZVWuik8Z4f_wo9M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/9f2ffa-237b-474b-8880-46fd46d6b547/1/lELO0S17sEnNHN-N97palXZVOGw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.164.180.0/22
                IPv6:
                  2a0b:4c00::/29

    Signature Algorithm: sha256WithRSAEncryption
         07:10:50:65:0d:62:df:b8:a5:4b:77:a6:d3:b1:16:95:a1:d1:
         d3:12:06:d3:f3:16:67:23:3d:03:85:d5:02:a8:49:ca:6c:da:
         15:77:c1:1a:0b:d9:39:43:18:54:ee:70:e8:2d:f0:f2:13:7d:
         9c:50:1f:d1:12:8f:9d:8e:f6:e6:29:e5:b8:dc:1d:12:73:ea:
         4f:47:ff:01:65:89:69:1a:43:c0:24:52:c8:22:f1:67:e9:dc:
         78:60:de:00:8f:8b:8b:b1:06:83:16:58:38:57:8e:f3:e1:8f:
         ec:a0:a7:25:61:7e:6a:07:91:a0:a6:70:65:65:fc:6a:ed:5c:
         e5:d4:58:d1:ad:d6:2e:2e:2b:20:51:7c:6e:fb:19:a8:27:fd:
         2a:c8:7e:c5:15:f5:df:68:ab:7c:31:89:aa:55:05:3c:48:64:
         8a:ef:40:00:82:9a:29:59:51:02:c8:f5:9a:58:63:18:80:3d:
         c2:97:34:23:95:f6:e2:4c:c5:84:48:3f:07:81:24:84:d4:85:
         83:0c:9c:81:d7:07:4a:ab:b2:28:14:1c:0e:05:9c:f3:c3:70:
         51:ca:09:bc:4e:2c:86:05:83:a2:f6:a2:79:2f:b1:dc:1f:71:
         a9:28:e3:51:ad:a0:23:3d:65:25:f3:f9:cf:52:7f:f5:3f:4c:
         21:0e:7c:9e
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQkRPNKSgcO+O4AHrzRCGGrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk0NDJjZWQxMmQ3YmIwNDljZDFjZGY4ZGY3YmE1YTk1NzY1
NTM4NmMwHhcNMjUwMTAxMjM0ODA1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYjUzM2ZkMDgzY2Y1MjEwMDM2NTU1YWU4YTRmMTllMWZmZjBhM2QzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm2d9qZg6Z3Q9394uRRnpvRL/59KA
kJEMPH8AdL2gqn7beJrlhyKcNfNApa4mu9tH0BYpt+TVde/bumUThL+pmGxYUr/+
okaKU8sKKpFGQGuGtDyqxsiXbegn3X2wBGm2VzqgFNq2eEvpY7ODmtWjitQgRafl
nqBkBbRnITavZ8SbQ4q1tFBvZQPppsuzP64rbT60hGLLp0PsqedgsDVH7bv3rySV
JDfrGWvk6ASsbRUQdNZulksln/eHf/SEtq7R8dqUxDAtzC7Od9AOY6ioInu7UwXl
vBPEUllD2mpf7aF9PIaCfDlAG1it4T0mc0mOXq4XHg9PgDFrKLC1EqxauQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFMtTP9CDz1IQA2VVropPGeH/8KPTMB8GA1UdIwQY
MBaAFJRCztEte7BJzRzfjfe6WpV2VThsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbEVMTzBTMTdzRW5OSE4tTjk3cGFsWFpWT0d3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZi85ZjJmZmEtMjM3Yi00NzRiLTg4ODAt
NDZmZDQ2ZDZiNTQ3LzEveTFNXzBJUFBVaEFEWlZXdWlrOFo0Zl93bzlNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZi85ZjJmZmEtMjM3Yi00NzRiLTg4ODAtNDZmZDQ2ZDZiNTQ3
LzEvbEVMTzBTMTdzRW5OSE4tTjk3cGFsWFpWT0d3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuaS0MA0E
AgACMAcDBQMqC0wAMA0GCSqGSIb3DQEBCwUAA4IBAQAHEFBlDWLfuKVLd6bTsRaV
odHTEgbT8xZnIz0DhdUCqEnKbNoVd8EaC9k5QxhU7nDoLfDyE32cUB/REo+djvbm
KeW43B0Sc+pPR/8BZYlpGkPAJFLIIvFn6dx4YN4Aj4uLsQaDFlg4V47z4Y/soKcl
YX5qB5GgpnBlZfxq7Vzl1FjRrdYuLisgUXxu+xmoJ/0qyH7FFfXfaKt8MYmqVQU8
SGSK70AAgpopWVECyPWaWGMYgD3ClzQjlfbiTMWESD8HgSSE1IWDDJyB1wdKq7Io
FBwOBZzzw3BRygm8TiyGBYOi9qJ5L7HcH3GpKONRraAjPWUl8/nPUn/1P0whDnye
-----END CERTIFICATE-----