Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/16/d6a422-3612-45af-83ab-d24b68966e0e/1/dDjpKlcdmauXOkT6m9CWK4-kpis.roa
File:                     dDjpKlcdmauXOkT6m9CWK4-kpis.roa (raw, json)
Hash identifier:          G6ujxWSW0sYQE7gy/Nuu88UGg9rwT78FpEnJjrgOwo8=
Subject key identifier:   74:38:E9:2A:57:1D:99:AB:97:3A:44:FA:9B:D0:96:2B:8F:A4:A6:2B
Certificate issuer:       /CN=a15e3f974b5f974656ccf4d45596caad1b9096d4
Certificate serial:       0194258F5BC2111B258069D55B94FF35F083
Authority key identifier: A1:5E:3F:97:4B:5F:97:46:56:CC:F4:D4:55:96:CA:AD:1B:90:96:D4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/oV4_l0tfl0ZWzPTUVZbKrRuQltQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/16/d6a422-3612-45af-83ab-d24b68966e0e/1/dDjpKlcdmauXOkT6m9CWK4-kpis.roa
Signing time:             Thu 02 Jan 2025 05:48:59 +0000
ROA not before:           Thu 02 Jan 2025 05:48:59 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     34549
IP address blocks:        185.220.149.0/24 maxlen: 24
                          2a0b:f841::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/16/d6a422-3612-45af-83ab-d24b68966e0e/1/oV4_l0tfl0ZWzPTUVZbKrRuQltQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/16/d6a422-3612-45af-83ab-d24b68966e0e/1/oV4_l0tfl0ZWzPTUVZbKrRuQltQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/oV4_l0tfl0ZWzPTUVZbKrRuQltQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:8f:5b:c2:11:1b:25:80:69:d5:5b:94:ff:35:f0:83
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a15e3f974b5f974656ccf4d45596caad1b9096d4
        Validity
            Not Before: Jan  2 05:48:59 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=7438e92a571d99ab973a44fa9bd0962b8fa4a62b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:4b:c9:e7:d8:1e:82:c1:84:8c:70:fd:c4:50:
                    9e:63:92:ea:61:52:90:2f:3f:8f:96:4d:07:6d:58:
                    76:f5:6c:ca:c7:91:aa:51:3c:53:c4:ae:2f:e2:cf:
                    e2:72:29:2c:ea:10:89:5a:70:7e:76:bb:61:92:d5:
                    b3:ca:a3:51:5c:ce:71:12:b4:64:36:95:8b:a5:7c:
                    3e:43:e7:61:02:fc:8c:b9:db:84:83:85:1a:35:ce:
                    ae:12:41:5f:aa:f0:66:0e:50:56:78:0b:ae:1f:57:
                    a0:50:5a:a9:04:d2:0c:a2:d4:2f:2b:96:dd:3b:4f:
                    3b:33:1c:79:b6:5a:f0:48:11:ab:39:d4:73:cf:fb:
                    fd:24:10:10:23:7b:b1:f8:9b:82:9d:91:df:74:fe:
                    7d:55:18:37:87:d4:55:52:5b:9c:ef:c4:ea:4d:dc:
                    42:a8:26:73:0d:c0:1e:b6:fc:ea:4f:9d:f5:6a:ad:
                    21:e9:3e:7d:9e:1c:e8:3a:ad:d3:09:57:de:46:e4:
                    d8:75:32:25:46:56:0a:8f:03:ee:24:89:e7:48:d6:
                    0d:4b:29:82:11:81:1d:0a:58:73:25:4d:a4:2d:18:
                    0c:06:fe:dd:a8:87:fd:5b:76:d9:88:4a:58:89:6c:
                    0c:6e:8f:f2:10:73:4c:ad:74:58:60:23:c5:70:c6:
                    9a:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                74:38:E9:2A:57:1D:99:AB:97:3A:44:FA:9B:D0:96:2B:8F:A4:A6:2B
            X509v3 Authority Key Identifier:
                keyid:A1:5E:3F:97:4B:5F:97:46:56:CC:F4:D4:55:96:CA:AD:1B:90:96:D4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/oV4_l0tfl0ZWzPTUVZbKrRuQltQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/d6a422-3612-45af-83ab-d24b68966e0e/1/dDjpKlcdmauXOkT6m9CWK4-kpis.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/16/d6a422-3612-45af-83ab-d24b68966e0e/1/oV4_l0tfl0ZWzPTUVZbKrRuQltQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.220.149.0/24
                IPv6:
                  2a0b:f841::/32

    Signature Algorithm: sha256WithRSAEncryption
         56:c7:a6:30:a1:e1:34:75:01:ec:dd:3c:a2:ca:ae:4a:b7:fb:
         ae:ca:5d:0f:16:0f:38:5a:9b:b7:c7:f3:65:fe:bc:5b:14:07:
         82:70:76:10:14:1d:39:90:18:03:80:76:a8:64:6e:50:f4:24:
         87:3f:65:8f:e5:a0:8e:66:6a:9c:c7:c6:41:78:38:70:f1:06:
         e6:ae:5e:06:1b:49:bf:61:51:01:07:71:e4:03:5a:fd:32:d5:
         5f:a9:de:26:3d:a3:b5:a9:96:fc:b1:e8:96:cc:3a:00:05:c1:
         29:db:ec:92:28:33:c1:27:20:5f:01:21:7f:39:b8:ed:28:0c:
         38:3d:2e:71:50:7d:45:00:6d:a4:8a:89:4f:6a:d6:a0:26:bc:
         6d:e5:3f:1e:6a:24:af:b7:f9:bd:4f:df:fa:10:cb:46:f0:d8:
         00:00:eb:ee:aa:6c:9f:9e:2b:ff:31:55:93:0f:71:6a:46:65:
         ae:20:12:17:30:59:d4:f3:b5:28:67:89:af:c1:9c:70:88:03:
         66:b2:27:ab:d0:16:09:e5:f7:fd:da:fe:82:ed:9d:26:b8:2a:
         34:a2:56:e5:0e:ad:95:a1:29:11:85:1f:82:cb:d2:21:37:8d:
         99:b5:b3:cc:ff:8f:41:7d:86:1d:4f:44:43:90:52:71:70:72:
         e6:78:66:3d
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQlj1vCERslgGnVW5T/NfCDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGExNWUzZjk3NGI1Zjk3NDY1NmNjZjRkNDU1OTZjYWFkMWI5
MDk2ZDQwHhcNMjUwMTAyMDU0ODU5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NDM4ZTkyYTU3MWQ5OWFiOTczYTQ0ZmE5YmQwOTYyYjhmYTRhNjJiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyEvJ59gegsGEjHD9xFCeY5LqYVKQ
Lz+Plk0HbVh29WzKx5GqUTxTxK4v4s/iciks6hCJWnB+drthktWzyqNRXM5xErRk
NpWLpXw+Q+dhAvyMuduEg4UaNc6uEkFfqvBmDlBWeAuuH1egUFqpBNIMotQvK5bd
O087Mxx5tlrwSBGrOdRzz/v9JBAQI3ux+JuCnZHfdP59VRg3h9RVUluc78TqTdxC
qCZzDcAetvzqT531aq0h6T59nhzoOq3TCVfeRuTYdTIlRlYKjwPuJInnSNYNSymC
EYEdClhzJU2kLRgMBv7dqIf9W3bZiEpYiWwMbo/yEHNMrXRYYCPFcMaa4QIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFHQ46SpXHZmrlzpE+pvQliuPpKYrMB8GA1UdIwQY
MBaAFKFeP5dLX5dGVsz01FWWyq0bkJbUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb1Y0X2wwdGZsMFpXelBUVVZaYktyUnVRbHRRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNi9kNmE0MjItMzYxMi00NWFmLTgzYWIt
ZDI0YjY4OTY2ZTBlLzEvZERqcEtsY2RtYXVYT2tUNm05Q1dLNC1rcGlzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNi9kNmE0MjItMzYxMi00NWFmLTgzYWItZDI0YjY4OTY2ZTBl
LzEvb1Y0X2wwdGZsMFpXelBUVVZaYktyUnVRbHRRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAudyVMA0E
AgACMAcDBQAqC/hBMA0GCSqGSIb3DQEBCwUAA4IBAQBWx6YwoeE0dQHs3Tyiyq5K
t/uuyl0PFg84Wpu3x/Nl/rxbFAeCcHYQFB05kBgDgHaoZG5Q9CSHP2WP5aCOZmqc
x8ZBeDhw8Qbmrl4GG0m/YVEBB3HkA1r9MtVfqd4mPaO1qZb8seiWzDoABcEp2+yS
KDPBJyBfASF/ObjtKAw4PS5xUH1FAG2kiolPatagJrxt5T8eaiSvt/m9T9/6EMtG
8NgAAOvuqmyfniv/MVWTD3FqRmWuIBIXMFnU87UoZ4mvwZxwiANmsier0BYJ5ff9
2v6C7Z0muCo0olblDq2VoSkRhR+Cy9IhN42ZtbPM/49BfYYdT0RDkFJxcHLmeGY9
-----END CERTIFICATE-----