Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0c/f0aef3-263d-4f41-8853-18b7eb923a99/1/dCB4YZJSisBMGI9Gka6oZ1pddoY.roa
File:                     dCB4YZJSisBMGI9Gka6oZ1pddoY.roa (raw, json)
Hash identifier:          xw6pibbp+5PMAJyrwS7VeHcyM1PCsmWnDTSaDLnPh9M=
Subject key identifier:   74:20:78:61:92:52:8A:C0:4C:18:8F:46:91:AE:A8:67:5A:5D:76:86
Certificate issuer:       /CN=6e37a10a4a0273f41facf7440d59f39ad5eaf64b
Certificate serial:       0194266C09DA2C5000D8C0A4DEBD65F882B0
Authority key identifier: 6E:37:A1:0A:4A:02:73:F4:1F:AC:F7:44:0D:59:F3:9A:D5:EA:F6:4B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bjehCkoCc_QfrPdEDVnzmtXq9ks.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0c/f0aef3-263d-4f41-8853-18b7eb923a99/1/dCB4YZJSisBMGI9Gka6oZ1pddoY.roa
Signing time:             Thu 02 Jan 2025 09:50:02 +0000
ROA not before:           Thu 02 Jan 2025 09:50:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     204702
IP address blocks:        185.157.148.0/22 maxlen: 24
                          2a0c:f380::/29 maxlen: 36
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0c/f0aef3-263d-4f41-8853-18b7eb923a99/1/bjehCkoCc_QfrPdEDVnzmtXq9ks.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0c/f0aef3-263d-4f41-8853-18b7eb923a99/1/bjehCkoCc_QfrPdEDVnzmtXq9ks.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bjehCkoCc_QfrPdEDVnzmtXq9ks.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 22 Feb 2025 06:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:6c:09:da:2c:50:00:d8:c0:a4:de:bd:65:f8:82:b0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6e37a10a4a0273f41facf7440d59f39ad5eaf64b
        Validity
            Not Before: Jan  2 09:50:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=7420786192528ac04c188f4691aea8675a5d7686
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:4c:a3:b7:e6:d6:6b:34:f0:98:91:6e:e7:a3:
                    0f:a7:2a:85:6e:9e:ed:0f:ff:ac:d9:d5:ee:3f:ee:
                    9a:4a:90:91:73:87:22:66:cd:af:c9:4b:6d:46:a7:
                    47:06:23:be:cb:ba:ec:a7:6d:f6:90:ee:04:91:a8:
                    11:ba:48:dc:1d:31:29:50:2f:18:35:f8:3c:97:6e:
                    97:5e:96:43:cf:b3:c6:4c:73:fd:6f:ea:0d:43:98:
                    3c:ec:c4:00:00:8e:03:52:98:c4:e4:6f:ea:bb:8a:
                    67:23:34:af:3e:7f:2b:e5:5a:0b:19:1a:f3:82:89:
                    7b:bb:60:bf:69:d6:c7:2a:d8:1f:92:2e:a0:d8:3d:
                    62:0d:e1:3a:ae:ce:cc:6b:c1:05:20:18:19:54:7f:
                    df:af:55:dc:ce:6d:42:79:01:c7:5b:97:a4:fe:a4:
                    7b:49:bf:f1:54:2c:65:bb:a7:19:e8:6c:81:cb:42:
                    01:fd:2e:9b:ca:77:5d:a5:c9:62:d2:02:b9:81:c9:
                    dd:bc:10:c1:45:0a:04:9c:e9:fe:f7:43:e9:19:1b:
                    fb:6d:83:7c:82:d4:f7:9b:a9:eb:d2:c7:e7:a6:c6:
                    bd:cf:e4:b3:9d:53:88:3d:21:23:70:6d:4b:2b:de:
                    f8:84:25:23:3a:fe:24:76:50:0b:ce:f0:1d:cf:e6:
                    95:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                74:20:78:61:92:52:8A:C0:4C:18:8F:46:91:AE:A8:67:5A:5D:76:86
            X509v3 Authority Key Identifier:
                keyid:6E:37:A1:0A:4A:02:73:F4:1F:AC:F7:44:0D:59:F3:9A:D5:EA:F6:4B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bjehCkoCc_QfrPdEDVnzmtXq9ks.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/f0aef3-263d-4f41-8853-18b7eb923a99/1/dCB4YZJSisBMGI9Gka6oZ1pddoY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/f0aef3-263d-4f41-8853-18b7eb923a99/1/bjehCkoCc_QfrPdEDVnzmtXq9ks.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.157.148.0/22
                IPv6:
                  2a0c:f380::/29

    Signature Algorithm: sha256WithRSAEncryption
         30:31:fc:66:a7:7c:b1:23:05:72:9d:6b:bc:82:19:81:16:1e:
         99:d8:8e:6c:3d:ce:c4:3d:3e:bb:56:f6:e0:56:7b:3d:48:d7:
         cc:88:72:0a:3f:ea:4e:e9:17:60:ec:84:f9:3f:83:1b:a6:b6:
         ed:4b:06:04:70:8e:00:1f:be:17:47:21:77:ed:33:1c:c8:69:
         3b:53:b9:6b:84:d3:f4:df:6a:a5:39:fb:64:29:1d:06:ec:32:
         c8:79:37:96:30:2f:21:7f:cc:1c:7e:b2:21:23:4b:ff:35:92:
         e6:97:a2:a1:f6:74:ea:32:ed:16:db:4c:ed:0a:4b:8f:12:76:
         a2:55:5a:ae:cc:43:03:bb:b8:5a:3a:eb:9b:2d:55:00:1f:66:
         56:c5:eb:a6:3f:11:38:cb:ff:83:18:f9:bb:07:b5:16:66:da:
         b8:cb:42:0e:35:3f:a5:b3:93:e6:8c:b4:51:b7:5c:3e:1c:ac:
         e6:1c:7c:b1:ad:94:e0:76:b0:70:f0:ae:4d:01:09:a7:41:d0:
         11:f5:51:18:ab:c6:cc:15:e3:b7:27:c6:77:14:55:6a:a6:6d:
         78:94:71:8a:b6:1d:94:2f:28:41:14:99:69:9b:73:3c:0c:c6:
         39:d6:46:1a:73:64:24:5c:26:58:6d:38:00:f5:08:c1:e8:6b:
         a8:7e:01:c2
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQmbAnaLFAA2MCk3r1l+IKwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZlMzdhMTBhNGEwMjczZjQxZmFjZjc0NDBkNTlmMzlhZDVl
YWY2NGIwHhcNMjUwMTAyMDk1MDAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NDIwNzg2MTkyNTI4YWMwNGMxODhmNDY5MWFlYTg2NzVhNWQ3Njg2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvkyjt+bWazTwmJFu56MPpyqFbp7t
D/+s2dXuP+6aSpCRc4ciZs2vyUttRqdHBiO+y7rsp232kO4EkagRukjcHTEpUC8Y
Nfg8l26XXpZDz7PGTHP9b+oNQ5g87MQAAI4DUpjE5G/qu4pnIzSvPn8r5VoLGRrz
gol7u2C/adbHKtgfki6g2D1iDeE6rs7Ma8EFIBgZVH/fr1Xczm1CeQHHW5ek/qR7
Sb/xVCxlu6cZ6GyBy0IB/S6bynddpcli0gK5gcndvBDBRQoEnOn+90PpGRv7bYN8
gtT3m6nr0sfnpsa9z+SznVOIPSEjcG1LK974hCUjOv4kdlALzvAdz+aVJQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFHQgeGGSUorATBiPRpGuqGdaXXaGMB8GA1UdIwQY
MBaAFG43oQpKAnP0H6z3RA1Z85rV6vZLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYmplaENrb0NjX1FmclBkRURWbnptdFhxOWtzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYy9mMGFlZjMtMjYzZC00ZjQxLTg4NTMt
MThiN2ViOTIzYTk5LzEvZENCNFlaSlNpc0JNR0k5R2thNm9aMXBkZG9ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYy9mMGFlZjMtMjYzZC00ZjQxLTg4NTMtMThiN2ViOTIzYTk5
LzEvYmplaENrb0NjX1FmclBkRURWbnptdFhxOWtzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuZ2UMA0E
AgACMAcDBQMqDPOAMA0GCSqGSIb3DQEBCwUAA4IBAQAwMfxmp3yxIwVynWu8ghmB
Fh6Z2I5sPc7EPT67VvbgVns9SNfMiHIKP+pO6Rdg7IT5P4MbprbtSwYEcI4AH74X
RyF37TMcyGk7U7lrhNP032qlOftkKR0G7DLIeTeWMC8hf8wcfrIhI0v/NZLml6Kh
9nTqMu0W20ztCkuPEnaiVVquzEMDu7haOuubLVUAH2ZWxeumPxE4y/+DGPm7B7UW
Ztq4y0IONT+ls5PmjLRRt1w+HKzmHHyxrZTgdrBw8K5NAQmnQdAR9VEYq8bMFeO3
J8Z3FFVqpm14lHGKth2ULyhBFJlpm3M8DMY51kYac2QkXCZYbTgA9QjB6GuofgHC
-----END CERTIFICATE-----