Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/c010dc-0910-4341-8b33-2e694b339933/1/8d1YJYgf6Rz6kRIBD3UQNKc2F8c.roa
File:                     8d1YJYgf6Rz6kRIBD3UQNKc2F8c.roa (raw, json)
Hash identifier:          ArGXxGOlSt05WQEcRlEvgz37GIFNJOy3pqucGsjJaSA=
Subject key identifier:   F1:DD:58:25:88:1F:E9:1C:FA:91:12:01:0F:75:10:34:A7:36:17:C7
Certificate issuer:       /CN=4a9c5e56aacd01ffb2825a931ed5ede41c3f92e6
Certificate serial:       0194274799DD28760B09BAE83C5DE03F283D
Authority key identifier: 4A:9C:5E:56:AA:CD:01:FF:B2:82:5A:93:1E:D5:ED:E4:1C:3F:92:E6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/SpxeVqrNAf-yglqTHtXt5Bw_kuY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/c010dc-0910-4341-8b33-2e694b339933/1/8d1YJYgf6Rz6kRIBD3UQNKc2F8c.roa
Signing time:             Thu 02 Jan 2025 13:49:51 +0000
ROA not before:           Thu 02 Jan 2025 13:49:51 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     204511
IP address blocks:        185.197.116.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/00/c010dc-0910-4341-8b33-2e694b339933/1/SpxeVqrNAf-yglqTHtXt5Bw_kuY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/00/c010dc-0910-4341-8b33-2e694b339933/1/SpxeVqrNAf-yglqTHtXt5Bw_kuY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/SpxeVqrNAf-yglqTHtXt5Bw_kuY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 22 Feb 2025 10:01:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:47:99:dd:28:76:0b:09:ba:e8:3c:5d:e0:3f:28:3d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4a9c5e56aacd01ffb2825a931ed5ede41c3f92e6
        Validity
            Not Before: Jan  2 13:49:51 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f1dd5825881fe91cfa9112010f751034a73617c7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:be:94:55:fe:e0:8f:59:3e:2e:ca:04:43:77:
                    a7:6e:55:24:fa:59:45:b3:41:86:86:4d:f3:28:cf:
                    0d:0d:1b:08:2e:39:e7:0b:34:36:21:0a:ab:14:21:
                    57:38:a7:5b:81:82:78:47:b7:12:d2:0c:3a:4e:2b:
                    1f:15:ab:25:1b:0b:ed:aa:14:bb:b0:57:d2:c8:d0:
                    c1:74:44:37:e5:40:f1:7b:96:a9:97:f6:f4:c1:6f:
                    e3:62:a7:bc:e8:d5:c9:88:1d:c5:62:03:9f:ce:73:
                    3c:0f:1c:4d:1a:91:b4:94:ec:72:6a:2c:1f:33:70:
                    41:10:03:8d:f9:75:ba:a7:47:6a:2c:08:3e:5f:63:
                    df:70:68:fd:b0:02:1a:a6:35:67:34:52:c6:85:19:
                    b2:71:12:39:49:75:be:03:75:64:ef:3b:c0:ab:13:
                    62:64:64:01:0c:14:d7:7c:6e:6b:db:06:0a:69:ca:
                    70:d9:3a:8d:8f:cd:53:aa:8e:43:00:85:36:c0:52:
                    b7:34:e9:8d:0e:e8:24:0f:cd:ab:ee:9a:e8:db:b2:
                    d9:81:7d:56:05:57:36:9a:91:9e:37:96:dc:2c:8b:
                    00:78:4b:66:1c:a6:7b:c3:b4:c3:b1:1b:c0:4c:ee:
                    e8:1a:c7:97:5c:04:a3:a6:69:ba:58:85:a2:63:78:
                    03:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F1:DD:58:25:88:1F:E9:1C:FA:91:12:01:0F:75:10:34:A7:36:17:C7
            X509v3 Authority Key Identifier:
                keyid:4A:9C:5E:56:AA:CD:01:FF:B2:82:5A:93:1E:D5:ED:E4:1C:3F:92:E6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SpxeVqrNAf-yglqTHtXt5Bw_kuY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/c010dc-0910-4341-8b33-2e694b339933/1/8d1YJYgf6Rz6kRIBD3UQNKc2F8c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/c010dc-0910-4341-8b33-2e694b339933/1/SpxeVqrNAf-yglqTHtXt5Bw_kuY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.197.116.0/22

    Signature Algorithm: sha256WithRSAEncryption
         7c:05:bc:30:fb:16:f5:2f:13:a3:9d:f1:0a:3f:fb:19:3b:a8:
         7b:73:c7:22:0d:94:35:ea:53:3c:5e:89:14:2d:9a:fc:44:82:
         2b:46:32:ce:7b:0b:1b:07:d8:2f:ce:2d:4d:c7:1d:00:bd:2b:
         60:3d:a4:b4:46:9a:17:57:24:1f:c5:da:45:c2:e5:e3:35:fc:
         99:cc:2d:c0:b0:31:dd:ba:3e:68:65:95:b9:82:00:69:49:02:
         0a:e6:fe:d1:fc:aa:ed:28:db:5c:65:07:cc:67:bc:da:3b:84:
         ce:f3:4f:3f:ed:12:45:60:48:71:00:d6:b7:6d:d8:f0:02:d2:
         59:4d:d3:8b:a7:7e:8b:8e:0c:77:74:db:83:49:bb:3a:90:33:
         b9:9d:31:a6:35:46:a8:ea:88:0f:e1:0b:7b:25:5c:b6:6b:fc:
         17:e1:53:1f:ca:fc:ac:54:93:7e:42:28:03:b8:6b:25:07:94:
         23:aa:c5:22:28:3f:12:45:c1:1a:c9:30:30:cf:d8:7b:19:54:
         b6:66:21:21:fe:4c:a6:fa:35:1d:4a:58:a5:f9:3f:4c:c8:ae:
         3c:76:fc:fd:f5:c9:90:85:0b:b7:88:23:05:cc:b4:07:8b:f0:
         98:86:db:40:f2:be:89:64:6f:5e:4d:41:2d:37:c2:f3:60:51:
         80:41:37:e3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQnR5ndKHYLCbroPF3gPyg9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRhOWM1ZTU2YWFjZDAxZmZiMjgyNWE5MzFlZDVlZGU0MWMz
ZjkyZTYwHhcNMjUwMTAyMTM0OTUxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMWRkNTgyNTg4MWZlOTFjZmE5MTEyMDEwZjc1MTAzNGE3MzYxN2M3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmr6UVf7gj1k+LsoEQ3enblUk+llF
s0GGhk3zKM8NDRsILjnnCzQ2IQqrFCFXOKdbgYJ4R7cS0gw6TisfFaslGwvtqhS7
sFfSyNDBdEQ35UDxe5apl/b0wW/jYqe86NXJiB3FYgOfznM8DxxNGpG0lOxyaiwf
M3BBEAON+XW6p0dqLAg+X2PfcGj9sAIapjVnNFLGhRmycRI5SXW+A3Vk7zvAqxNi
ZGQBDBTXfG5r2wYKacpw2TqNj81Tqo5DAIU2wFK3NOmNDugkD82r7pro27LZgX1W
BVc2mpGeN5bcLIsAeEtmHKZ7w7TDsRvATO7oGseXXASjpmm6WIWiY3gDSwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPHdWCWIH+kc+pESAQ91EDSnNhfHMB8GA1UdIwQY
MBaAFEqcXlaqzQH/soJakx7V7eQcP5LmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU3B4ZVZxck5BZi15Z2xxVEh0WHQ1Qndfa3VZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9jMDEwZGMtMDkxMC00MzQxLThiMzMt
MmU2OTRiMzM5OTMzLzEvOGQxWUpZZ2Y2Uno2a1JJQkQzVVFOS2MyRjhjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9jMDEwZGMtMDkxMC00MzQxLThiMzMtMmU2OTRiMzM5OTMz
LzEvU3B4ZVZxck5BZi15Z2xxVEh0WHQ1Qndfa3VZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCucV0MA0G
CSqGSIb3DQEBCwUAA4IBAQB8Bbww+xb1LxOjnfEKP/sZO6h7c8ciDZQ16lM8XokU
LZr8RIIrRjLOewsbB9gvzi1Nxx0AvStgPaS0RpoXVyQfxdpFwuXjNfyZzC3AsDHd
uj5oZZW5ggBpSQIK5v7R/KrtKNtcZQfMZ7zaO4TO808/7RJFYEhxANa3bdjwAtJZ
TdOLp36Ljgx3dNuDSbs6kDO5nTGmNUao6ogP4Qt7JVy2a/wX4VMfyvysVJN+QigD
uGslB5QjqsUiKD8SRcEayTAwz9h7GVS2ZiEh/kym+jUdSlil+T9MyK48dvz99cmQ
hQu3iCMFzLQHi/CYhttA8r6JZG9eTUEtN8LzYFGAQTfj
-----END CERTIFICATE-----