Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/17/98ee76-0e02-4ff5-91ed-8667a1010143/1/A4Hv6ilbj-Hq-sEQxHCFjnJGPcg.roa
File:                     A4Hv6ilbj-Hq-sEQxHCFjnJGPcg.roa (raw, json)
Hash identifier:          vN/GanH0kropaMl+FMWa5RxvA+BoMIEwdjLhlP/xzOQ=
Subject key identifier:   03:81:EF:EA:29:5B:8F:E1:EA:FA:C1:10:C4:70:85:8E:72:46:3D:C8
Certificate issuer:       /CN=564013e3464c16cd8589b05202fb0f0c5910dca3
Certificate serial:       0194258F7F92E28A9EA076998449879400EB
Authority key identifier: 56:40:13:E3:46:4C:16:CD:85:89:B0:52:02:FB:0F:0C:59:10:DC:A3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VkAT40ZMFs2FibBSAvsPDFkQ3KM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/17/98ee76-0e02-4ff5-91ed-8667a1010143/1/A4Hv6ilbj-Hq-sEQxHCFjnJGPcg.roa
Signing time:             Thu 02 Jan 2025 05:49:08 +0000
ROA not before:           Thu 02 Jan 2025 05:49:08 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     16509
IP address blocks:        185.186.212.0/24 maxlen: 24
                          185.186.213.0/24 maxlen: 24
                          2a0b:8780::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/17/98ee76-0e02-4ff5-91ed-8667a1010143/1/VkAT40ZMFs2FibBSAvsPDFkQ3KM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/17/98ee76-0e02-4ff5-91ed-8667a1010143/1/VkAT40ZMFs2FibBSAvsPDFkQ3KM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VkAT40ZMFs2FibBSAvsPDFkQ3KM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:8f:7f:92:e2:8a:9e:a0:76:99:84:49:87:94:00:eb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=564013e3464c16cd8589b05202fb0f0c5910dca3
        Validity
            Not Before: Jan  2 05:49:08 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0381efea295b8fe1eafac110c470858e72463dc8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:72:bd:a4:a1:e6:e5:19:44:29:de:c2:1a:e2:
                    de:c9:01:5b:e6:f7:bc:b6:6b:9e:bb:9c:ef:e2:9a:
                    4b:0c:b8:db:fe:85:11:78:16:15:17:70:7c:19:d2:
                    dd:cf:f1:20:ec:9e:21:8d:f7:7f:14:22:57:c9:53:
                    23:dd:88:87:36:2a:fd:50:cb:a8:f3:71:89:10:9a:
                    20:2e:f7:79:5a:25:69:61:84:43:6e:1d:c3:2d:8e:
                    19:3b:24:8e:3f:dc:81:b6:8d:49:9a:73:b0:0a:27:
                    0d:da:14:9b:27:9e:f2:ac:3c:8a:ec:a1:76:43:17:
                    db:2c:23:b5:22:36:39:10:3c:8b:5d:5c:d3:fd:8e:
                    82:0f:84:d5:2d:10:70:d4:21:0d:26:0d:42:3f:36:
                    47:bb:ac:8f:88:1a:6b:d2:e4:93:6d:c4:92:ae:c9:
                    b0:40:36:1b:5c:9b:5e:72:54:13:03:15:ae:79:c0:
                    b6:20:34:cb:a2:84:e4:53:91:0b:d9:6c:51:bf:61:
                    6d:88:03:da:91:02:16:42:33:ce:08:d4:d8:11:e9:
                    64:69:5d:21:72:f2:3a:99:1a:37:3a:9d:0b:74:ac:
                    4a:da:ff:fa:43:2f:e2:80:2d:c0:89:e0:fb:63:d4:
                    de:89:08:e3:30:d4:e9:7a:60:c8:5d:9a:f2:cb:2b:
                    70:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                03:81:EF:EA:29:5B:8F:E1:EA:FA:C1:10:C4:70:85:8E:72:46:3D:C8
            X509v3 Authority Key Identifier:
                keyid:56:40:13:E3:46:4C:16:CD:85:89:B0:52:02:FB:0F:0C:59:10:DC:A3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VkAT40ZMFs2FibBSAvsPDFkQ3KM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/17/98ee76-0e02-4ff5-91ed-8667a1010143/1/A4Hv6ilbj-Hq-sEQxHCFjnJGPcg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/17/98ee76-0e02-4ff5-91ed-8667a1010143/1/VkAT40ZMFs2FibBSAvsPDFkQ3KM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.186.212.0/23
                IPv6:
                  2a0b:8780::/48

    Signature Algorithm: sha256WithRSAEncryption
         90:f6:8d:d5:25:7f:44:8f:ce:40:b0:8a:39:72:2b:ee:2a:cf:
         db:24:ef:90:5f:08:12:8d:d1:12:a1:5e:e1:3a:d2:45:b9:5e:
         5d:56:05:4a:8f:98:9f:fc:24:22:dc:a0:db:b5:47:9b:92:ce:
         e6:9a:95:e5:c4:bf:21:58:9f:f6:53:fe:5d:f6:f6:b4:d0:c9:
         a5:9b:da:99:34:43:09:1e:9a:44:73:d1:c6:9f:13:57:00:bf:
         4d:30:7d:7b:8e:ad:f5:5e:e0:32:b2:49:a3:10:bf:91:ad:e8:
         bd:02:49:50:2e:0f:33:45:f3:34:6e:95:58:c7:9e:5c:4a:b7:
         4a:fe:ff:de:cf:51:2a:2d:d7:45:f7:8f:9f:25:31:f6:09:e1:
         18:46:46:20:7e:ed:0e:3a:e9:8b:c0:f0:38:97:e7:a8:57:33:
         be:a5:2b:46:bb:9b:e7:a4:38:7d:62:ff:d4:17:82:20:e6:da:
         9f:fc:56:ad:b6:86:60:c6:de:6d:9c:54:e8:a2:28:0f:e5:f2:
         47:6c:4e:9d:16:af:e1:7b:6c:12:91:07:3c:ea:9f:29:bd:75:
         f6:29:5a:ce:30:0e:4c:35:a1:97:ef:cd:d4:28:7b:5d:53:31:
         49:bc:07:5e:da:5d:e2:a1:f8:df:50:93:e2:fa:4c:eb:7f:d0:
         07:f2:60:e8
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZQlj3+S4oqeoHaZhEmHlADrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU2NDAxM2UzNDY0YzE2Y2Q4NTg5YjA1MjAyZmIwZjBjNTkx
MGRjYTMwHhcNMjUwMTAyMDU0OTA4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMzgxZWZlYTI5NWI4ZmUxZWFmYWMxMTBjNDcwODU4ZTcyNDYzZGM4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm3K9pKHm5RlEKd7CGuLeyQFb5ve8
tmueu5zv4ppLDLjb/oUReBYVF3B8GdLdz/Eg7J4hjfd/FCJXyVMj3YiHNir9UMuo
83GJEJogLvd5WiVpYYRDbh3DLY4ZOySOP9yBto1JmnOwCicN2hSbJ57yrDyK7KF2
QxfbLCO1IjY5EDyLXVzT/Y6CD4TVLRBw1CENJg1CPzZHu6yPiBpr0uSTbcSSrsmw
QDYbXJteclQTAxWuecC2IDTLooTkU5EL2WxRv2FtiAPakQIWQjPOCNTYEelkaV0h
cvI6mRo3Op0LdKxK2v/6Qy/igC3AieD7Y9TeiQjjMNTpemDIXZryyytwYwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFAOB7+opW4/h6vrBEMRwhY5yRj3IMB8GA1UdIwQY
MBaAFFZAE+NGTBbNhYmwUgL7DwxZENyjMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVmtBVDQwWk1GczJGaWJCU0F2c1BERmtRM0tNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNy85OGVlNzYtMGUwMi00ZmY1LTkxZWQt
ODY2N2ExMDEwMTQzLzEvQTRIdjZpbGJqLUhxLXNFUXhIQ0ZqbkpHUGNnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNy85OGVlNzYtMGUwMi00ZmY1LTkxZWQtODY2N2ExMDEwMTQz
LzEvVmtBVDQwWk1GczJGaWJCU0F2c1BERmtRM0tNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQBubrUMA8E
AgACMAkDBwAqC4eAAAAwDQYJKoZIhvcNAQELBQADggEBAJD2jdUlf0SPzkCwijly
K+4qz9sk75BfCBKN0RKhXuE60kW5Xl1WBUqPmJ/8JCLcoNu1R5uSzuaaleXEvyFY
n/ZT/l329rTQyaWb2pk0QwkemkRz0cafE1cAv00wfXuOrfVe4DKySaMQv5Gt6L0C
SVAuDzNF8zRulVjHnlxKt0r+/97PUSot10X3j58lMfYJ4RhGRiB+7Q466YvA8DiX
56hXM76lK0a7m+ekOH1i/9QXgiDm2p/8Vq22hmDG3m2cVOiiKA/l8kdsTp0Wr+F7
bBKRBzzqnym9dfYpWs4wDkw1oZfvzdQoe11TMUm8B17aXeKh+N9Qk+L6TOt/0Afy
YOg=
-----END CERTIFICATE-----