Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/d6179f-4bda-4871-8977-c80d33a26535/1/CaL9jYSTc-IdChBXaiMWMez9mXg.roa
File:                     CaL9jYSTc-IdChBXaiMWMez9mXg.roa (raw, json)
Hash identifier:          KSdlQjcVUmbuNppz/t/DKjZyc/L+OBaFoRGPDIpwznQ=
Subject key identifier:   09:A2:FD:8D:84:93:73:E2:1D:0A:10:57:6A:23:16:31:EC:FD:99:78
Certificate issuer:       /CN=3efde2ad7123b3a86008058805bb1016f6b73fb0
Certificate serial:       01941FFA6CC769F4FEFFC24A6672B4910EEA
Authority key identifier: 3E:FD:E2:AD:71:23:B3:A8:60:08:05:88:05:BB:10:16:F6:B7:3F:B0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Pv3irXEjs6hgCAWIBbsQFva3P7A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/d6179f-4bda-4871-8977-c80d33a26535/1/CaL9jYSTc-IdChBXaiMWMez9mXg.roa
Signing time:             Wed 01 Jan 2025 03:48:12 +0000
ROA not before:           Wed 01 Jan 2025 03:48:12 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     25279
IP address blocks:        185.138.4.0/22 maxlen: 24
                          217.68.0.0/20 maxlen: 24
                          2a02:328::/29 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/00/d6179f-4bda-4871-8977-c80d33a26535/1/Pv3irXEjs6hgCAWIBbsQFva3P7A.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/00/d6179f-4bda-4871-8977-c80d33a26535/1/Pv3irXEjs6hgCAWIBbsQFva3P7A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Pv3irXEjs6hgCAWIBbsQFva3P7A.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 10 Mar 2025 15:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:fa:6c:c7:69:f4:fe:ff:c2:4a:66:72:b4:91:0e:ea
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3efde2ad7123b3a86008058805bb1016f6b73fb0
        Validity
            Not Before: Jan  1 03:48:12 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=09a2fd8d849373e21d0a10576a231631ecfd9978
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:3f:79:e1:89:b8:36:d5:17:8c:44:71:8b:21:
                    44:19:89:82:be:05:cf:d1:b6:ff:a8:5e:c4:86:60:
                    39:31:e2:7b:02:d0:88:84:29:7c:a2:7e:ce:3c:db:
                    8b:d4:82:ae:ed:c2:ca:d5:7f:85:ab:67:02:68:d1:
                    14:c4:55:fa:53:1c:93:3c:e5:e4:87:cb:64:ff:25:
                    ea:9e:91:3d:e1:0c:fc:12:68:6f:c0:46:34:be:09:
                    87:3e:50:88:92:41:6c:0a:cd:99:02:4f:14:86:1c:
                    78:3b:a9:7f:33:00:e7:8d:13:f6:e8:63:30:b9:95:
                    2f:0d:24:d7:6e:c4:d5:33:77:61:7a:09:ff:d6:52:
                    23:1e:f0:7e:87:3e:cb:d8:2a:41:05:47:74:ff:8e:
                    94:44:96:ac:e5:d6:eb:72:a2:ee:3f:da:14:a1:fd:
                    cb:92:9e:c8:eb:3a:cc:56:8d:87:2d:0c:66:15:90:
                    b2:1c:af:ba:c2:65:ee:a2:b4:05:80:51:25:7f:0e:
                    7f:89:58:4b:64:dd:94:08:c6:b2:ca:0d:f0:46:9d:
                    70:2c:8e:2b:0a:5a:e9:e1:59:32:df:ea:d6:20:3c:
                    95:32:7e:07:fa:31:07:ea:d6:e3:32:50:ba:02:90:
                    09:16:dd:74:29:d5:d1:4f:b6:58:2b:0b:55:91:67:
                    d6:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                09:A2:FD:8D:84:93:73:E2:1D:0A:10:57:6A:23:16:31:EC:FD:99:78
            X509v3 Authority Key Identifier:
                keyid:3E:FD:E2:AD:71:23:B3:A8:60:08:05:88:05:BB:10:16:F6:B7:3F:B0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Pv3irXEjs6hgCAWIBbsQFva3P7A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/d6179f-4bda-4871-8977-c80d33a26535/1/CaL9jYSTc-IdChBXaiMWMez9mXg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/d6179f-4bda-4871-8977-c80d33a26535/1/Pv3irXEjs6hgCAWIBbsQFva3P7A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.138.4.0/22
                  217.68.0.0/20
                IPv6:
                  2a02:328::/29

    Signature Algorithm: sha256WithRSAEncryption
         46:06:1d:37:55:a8:47:04:f1:a4:ee:f6:98:b8:1a:7e:40:64:
         28:c1:4e:9e:b8:1f:09:98:5b:8d:4e:b7:26:e0:75:ad:7c:60:
         6b:a7:83:b1:99:88:56:e0:0f:6d:7e:ef:ee:75:7c:69:6e:8c:
         79:bd:33:58:79:cf:92:49:68:d5:47:ef:61:79:2f:03:e4:a1:
         1a:be:39:e0:f5:32:95:b5:3e:e5:a1:33:f4:cc:61:f8:f7:e6:
         2f:96:d7:6e:e5:d7:d9:b9:cf:ef:44:40:d2:1c:be:83:4e:cb:
         a7:ac:8c:34:64:d4:36:02:ed:8d:5c:63:7b:06:43:b6:4b:64:
         ac:2b:68:ff:fb:18:d8:fd:a1:d3:44:e6:94:f8:a9:46:7f:d4:
         26:be:69:c9:3d:a6:95:6a:54:a8:d6:f1:80:4a:4a:2c:b8:44:
         df:d3:56:04:6b:1c:20:30:49:40:b3:f1:9b:4d:7c:46:7f:ee:
         da:b7:1c:a1:2b:71:f0:7e:82:0c:19:eb:9d:05:3e:95:11:b0:
         26:70:1d:e8:2c:2d:ac:40:4e:4f:a8:33:bf:f8:c9:51:21:ba:
         0c:d6:c9:b6:de:cf:4d:49:da:2a:95:cc:0b:7a:b4:7d:ed:17:
         a0:e0:b2:19:b3:4e:ec:42:6e:22:29:dc:9e:52:0a:84:ac:17:
         ee:9c:c3:d6
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZQf+mzHafT+/8JKZnK0kQ7qMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNlZmRlMmFkNzEyM2IzYTg2MDA4MDU4ODA1YmIxMDE2ZjZi
NzNmYjAwHhcNMjUwMTAxMDM0ODEyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwOWEyZmQ4ZDg0OTM3M2UyMWQwYTEwNTc2YTIzMTYzMWVjZmQ5OTc4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzz954Ym4NtUXjERxiyFEGYmCvgXP
0bb/qF7EhmA5MeJ7AtCIhCl8on7OPNuL1IKu7cLK1X+Fq2cCaNEUxFX6UxyTPOXk
h8tk/yXqnpE94Qz8EmhvwEY0vgmHPlCIkkFsCs2ZAk8Uhhx4O6l/MwDnjRP26GMw
uZUvDSTXbsTVM3dhegn/1lIjHvB+hz7L2CpBBUd0/46URJas5dbrcqLuP9oUof3L
kp7I6zrMVo2HLQxmFZCyHK+6wmXuorQFgFElfw5/iVhLZN2UCMayyg3wRp1wLI4r
Clrp4Vky3+rWIDyVMn4H+jEH6tbjMlC6ApAJFt10KdXRT7ZYKwtVkWfW3QIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFAmi/Y2Ek3PiHQoQV2ojFjHs/Zl4MB8GA1UdIwQY
MBaAFD794q1xI7OoYAgFiAW7EBb2tz+wMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUHYzaXJYRWpzNmhnQ0FXSUJic1FGdmEzUDdBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9kNjE3OWYtNGJkYS00ODcxLTg5Nzct
YzgwZDMzYTI2NTM1LzEvQ2FMOWpZU1RjLUlkQ2hCWGFpTVdNZXo5bVhnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9kNjE3OWYtNGJkYS00ODcxLTg5NzctYzgwZDMzYTI2NTM1
LzEvUHYzaXJYRWpzNmhnQ0FXSUJic1FGdmEzUDdBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQCuYoEAwQE
2UQAMA0EAgACMAcDBQMqAgMoMA0GCSqGSIb3DQEBCwUAA4IBAQBGBh03VahHBPGk
7vaYuBp+QGQowU6euB8JmFuNTrcm4HWtfGBrp4OxmYhW4A9tfu/udXxpbox5vTNY
ec+SSWjVR+9heS8D5KEavjng9TKVtT7loTP0zGH49+Yvltdu5dfZuc/vREDSHL6D
TsunrIw0ZNQ2Au2NXGN7BkO2S2SsK2j/+xjY/aHTROaU+KlGf9QmvmnJPaaValSo
1vGASkosuETf01YEaxwgMElAs/GbTXxGf+7atxyhK3HwfoIMGeudBT6VEbAmcB3o
LC2sQE5PqDO/+MlRIboM1sm23s9NSdoqlcwLerR97Reg4LIZs07sQm4iKdyeUgqE
rBfunMPW
-----END CERTIFICATE-----