Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/05/b38fd7-9e68-426b-a100-1c0fd89dbcb4/1/CrtWfCL7i9NVihI1TfWhriARtZk.roa
File:                     CrtWfCL7i9NVihI1TfWhriARtZk.roa (raw, json)
Hash identifier:          GvkPNrJjcp+5LqZSEnG2rMaRPFf5goGwB+oAHuiRPHA=
Subject key identifier:   0A:BB:56:7C:22:FB:8B:D3:55:8A:12:35:4D:F5:A1:AE:20:11:B5:99
Certificate issuer:       /CN=b7730c8322118c81ca84bab1b7e0890a9c85e9f7
Certificate serial:       01942067CBC6014FBB945C4BD0EFF959EA62
Authority key identifier: B7:73:0C:83:22:11:8C:81:CA:84:BA:B1:B7:E0:89:0A:9C:85:E9:F7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/t3MMgyIRjIHKhLqxt-CJCpyF6fc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/05/b38fd7-9e68-426b-a100-1c0fd89dbcb4/1/CrtWfCL7i9NVihI1TfWhriARtZk.roa
Signing time:             Wed 01 Jan 2025 05:47:40 +0000
ROA not before:           Wed 01 Jan 2025 05:47:40 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     205033
IP address blocks:        185.219.244.0/22 maxlen: 22
                          2a0b:f040::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/05/b38fd7-9e68-426b-a100-1c0fd89dbcb4/1/t3MMgyIRjIHKhLqxt-CJCpyF6fc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/05/b38fd7-9e68-426b-a100-1c0fd89dbcb4/1/t3MMgyIRjIHKhLqxt-CJCpyF6fc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/t3MMgyIRjIHKhLqxt-CJCpyF6fc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 18 Apr 2025 16:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:67:cb:c6:01:4f:bb:94:5c:4b:d0:ef:f9:59:ea:62
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b7730c8322118c81ca84bab1b7e0890a9c85e9f7
        Validity
            Not Before: Jan  1 05:47:40 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0abb567c22fb8bd3558a12354df5a1ae2011b599
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:01:1d:c2:6d:2c:29:45:66:b1:24:f1:87:0b:
                    52:69:ab:6d:5e:dd:60:be:a2:4b:7c:17:60:b0:0f:
                    b0:fc:0b:4a:f4:92:46:72:46:20:a2:04:de:a8:16:
                    81:b0:1a:57:19:2c:cb:81:66:73:19:0f:73:a7:0c:
                    07:06:7e:17:ba:ef:be:41:ed:49:30:28:3f:d4:d0:
                    6a:4a:8b:90:1a:24:a2:39:d8:36:af:ee:9f:0b:b3:
                    fb:0a:d6:84:29:15:bb:62:90:a6:65:c3:18:e7:a1:
                    2b:1f:89:ff:c6:9b:84:3f:ca:e7:fd:a6:8a:4e:f9:
                    a4:b1:83:b5:b5:1f:c4:5f:44:58:9b:70:d1:33:a2:
                    d1:cb:4d:0d:55:d5:c9:b9:32:96:28:4d:3b:2a:a5:
                    f2:c0:1f:1c:9c:61:38:d0:28:45:ee:78:f1:00:f9:
                    79:ca:16:72:21:a1:ab:26:7e:cc:e9:30:da:b3:a2:
                    f9:7b:48:59:58:5b:79:54:c7:43:9d:37:b1:90:59:
                    11:89:a1:98:09:b7:a0:05:ce:f3:2b:eb:a9:d2:6f:
                    b6:85:3a:b6:e2:0b:50:26:cd:8f:33:85:46:20:63:
                    34:c8:38:46:46:65:b3:d7:2f:21:30:c2:d2:6c:12:
                    8a:86:75:01:53:40:d3:5f:78:dd:bd:fc:0b:b2:29:
                    5a:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0A:BB:56:7C:22:FB:8B:D3:55:8A:12:35:4D:F5:A1:AE:20:11:B5:99
            X509v3 Authority Key Identifier:
                keyid:B7:73:0C:83:22:11:8C:81:CA:84:BA:B1:B7:E0:89:0A:9C:85:E9:F7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/t3MMgyIRjIHKhLqxt-CJCpyF6fc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/05/b38fd7-9e68-426b-a100-1c0fd89dbcb4/1/CrtWfCL7i9NVihI1TfWhriARtZk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/05/b38fd7-9e68-426b-a100-1c0fd89dbcb4/1/t3MMgyIRjIHKhLqxt-CJCpyF6fc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.219.244.0/22
                IPv6:
                  2a0b:f040::/32

    Signature Algorithm: sha256WithRSAEncryption
         5b:7d:7a:b6:ce:81:9c:2c:d6:0d:71:54:a9:93:33:8e:65:a0:
         4a:e6:88:76:3b:64:83:24:8a:26:2d:9f:f1:fc:47:39:05:da:
         80:7d:35:bc:9a:75:3b:c4:a0:b3:a6:46:36:86:71:5f:29:0c:
         fc:02:7c:7f:65:ff:a8:06:59:9f:96:db:61:a2:dd:a6:2f:05:
         c9:63:c9:6f:d6:f4:d1:4c:87:a1:c7:fc:b5:b1:e2:a6:f9:0d:
         67:39:44:29:55:e6:34:5f:f8:69:9b:b0:5e:1b:61:f3:81:ad:
         2a:07:1a:37:05:2c:65:62:6e:75:ad:e7:54:78:66:65:ce:43:
         ed:55:b9:c7:f3:e0:dc:3b:ea:5c:b3:05:e0:7c:3c:61:d8:5d:
         34:87:7e:b7:33:f0:7d:02:17:f3:9d:35:ad:d6:86:f3:a0:db:
         3c:ec:90:2a:79:fa:23:de:d5:3d:45:9c:6d:37:9a:8a:93:a4:
         50:36:04:43:fa:ba:0d:c8:32:71:da:42:2c:ed:e7:84:ed:4f:
         8a:5f:d1:cc:d8:46:4b:02:bb:91:41:2a:e2:29:31:4e:4c:a6:
         74:90:36:4d:c2:93:be:e1:fe:f6:83:07:16:78:11:75:19:f2:
         c0:2e:9b:dc:f4:8c:90:4c:a4:8e:d0:dc:ae:70:b4:4c:48:da:
         b5:a3:99:ef
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQgZ8vGAU+7lFxL0O/5WepiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI3NzMwYzgzMjIxMThjODFjYTg0YmFiMWI3ZTA4OTBhOWM4
NWU5ZjcwHhcNMjUwMTAxMDU0NzQwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYWJiNTY3YzIyZmI4YmQzNTU4YTEyMzU0ZGY1YTFhZTIwMTFiNTk5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxwEdwm0sKUVmsSTxhwtSaattXt1g
vqJLfBdgsA+w/AtK9JJGckYgogTeqBaBsBpXGSzLgWZzGQ9zpwwHBn4Xuu++Qe1J
MCg/1NBqSouQGiSiOdg2r+6fC7P7CtaEKRW7YpCmZcMY56ErH4n/xpuEP8rn/aaK
TvmksYO1tR/EX0RYm3DRM6LRy00NVdXJuTKWKE07KqXywB8cnGE40ChF7njxAPl5
yhZyIaGrJn7M6TDas6L5e0hZWFt5VMdDnTexkFkRiaGYCbegBc7zK+up0m+2hTq2
4gtQJs2PM4VGIGM0yDhGRmWz1y8hMMLSbBKKhnUBU0DTX3jdvfwLsilanQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFAq7Vnwi+4vTVYoSNU31oa4gEbWZMB8GA1UdIwQY
MBaAFLdzDIMiEYyByoS6sbfgiQqchen3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdDNNTWd5SVJqSUhLaExxeHQtQ0pDcHlGNmZjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNS9iMzhmZDctOWU2OC00MjZiLWExMDAt
MWMwZmQ4OWRiY2I0LzEvQ3J0V2ZDTDdpOU5WaWhJMVRmV2hyaUFSdFprLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNS9iMzhmZDctOWU2OC00MjZiLWExMDAtMWMwZmQ4OWRiY2I0
LzEvdDNNTWd5SVJqSUhLaExxeHQtQ0pDcHlGNmZjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCudv0MA0E
AgACMAcDBQAqC/BAMA0GCSqGSIb3DQEBCwUAA4IBAQBbfXq2zoGcLNYNcVSpkzOO
ZaBK5oh2O2SDJIomLZ/x/Ec5BdqAfTW8mnU7xKCzpkY2hnFfKQz8Anx/Zf+oBlmf
ltthot2mLwXJY8lv1vTRTIehx/y1seKm+Q1nOUQpVeY0X/hpm7BeG2Hzga0qBxo3
BSxlYm51redUeGZlzkPtVbnH8+DcO+pcswXgfDxh2F00h363M/B9AhfznTWt1obz
oNs87JAqefoj3tU9RZxtN5qKk6RQNgRD+roNyDJx2kIs7eeE7U+KX9HM2EZLAruR
QSriKTFOTKZ0kDZNwpO+4f72gwcWeBF1GfLALpvc9IyQTKSO0NyucLRMSNq1o5nv
-----END CERTIFICATE-----