Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/18/411234-df12-4d3f-a706-2445f634e928/1/TXaQaEN4XvnYBFgT0ib4CXdw4tY.roa
File:                     TXaQaEN4XvnYBFgT0ib4CXdw4tY.roa (raw, json)
Hash identifier:          0gsLwdoudfPPIkVNaiLgsua+5TeHeS/a6jBdMi3m75A=
Subject key identifier:   4D:76:90:68:43:78:5E:F9:D8:04:58:13:D2:26:F8:09:77:70:E2:D6
Certificate issuer:       /CN=c5f2203bc0286702345ac465500b4488c031c6b5
Certificate serial:       01941FFA5CA074EB739E22012451F3324341
Authority key identifier: C5:F2:20:3B:C0:28:67:02:34:5A:C4:65:50:0B:44:88:C0:31:C6:B5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xfIgO8AoZwI0WsRlUAtEiMAxxrU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/18/411234-df12-4d3f-a706-2445f634e928/1/TXaQaEN4XvnYBFgT0ib4CXdw4tY.roa
Signing time:             Wed 01 Jan 2025 03:48:08 +0000
ROA not before:           Wed 01 Jan 2025 03:48:08 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     207047
IP address blocks:        185.205.168.0/22 maxlen: 22
                          185.205.168.0/24 maxlen: 24
                          185.205.169.0/24 maxlen: 24
                          185.205.170.0/24 maxlen: 24
                          185.205.171.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/18/411234-df12-4d3f-a706-2445f634e928/1/xfIgO8AoZwI0WsRlUAtEiMAxxrU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/18/411234-df12-4d3f-a706-2445f634e928/1/xfIgO8AoZwI0WsRlUAtEiMAxxrU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xfIgO8AoZwI0WsRlUAtEiMAxxrU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 23:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:fa:5c:a0:74:eb:73:9e:22:01:24:51:f3:32:43:41
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c5f2203bc0286702345ac465500b4488c031c6b5
        Validity
            Not Before: Jan  1 03:48:08 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4d76906843785ef9d8045813d226f8097770e2d6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:c7:94:7d:70:55:23:42:60:05:2d:9b:ed:bc:
                    30:50:50:e3:de:4c:bb:52:40:0d:05:7f:28:cd:f1:
                    d8:72:57:b9:3f:d7:f3:38:9e:5f:29:fc:11:fb:fa:
                    e7:98:e9:c6:a7:dd:1d:48:28:c2:3d:ee:41:a1:29:
                    92:13:21:55:5c:9e:4e:14:d2:72:0e:40:1b:24:24:
                    58:5c:fb:46:ea:02:70:93:f1:1f:a5:36:0a:bd:28:
                    3f:2d:51:8b:dc:0f:6c:2c:1d:39:a8:31:3b:dc:fc:
                    76:55:36:1f:f3:5f:1e:cc:c6:6a:0e:74:e9:42:d8:
                    ac:07:58:56:13:68:9b:48:94:52:1f:dd:da:17:c7:
                    3a:47:2a:96:5d:7d:36:ba:70:ba:ab:c0:7d:2f:42:
                    79:8a:51:b4:a7:3d:da:83:26:0b:ee:77:f6:50:eb:
                    2c:0e:7f:e0:c3:22:1b:5c:02:77:39:20:50:1e:12:
                    43:77:43:6f:59:28:c5:ca:d8:ef:8e:06:34:4c:76:
                    00:d3:2b:72:8f:ff:02:d2:ea:99:16:0c:81:4d:c8:
                    04:94:6b:1a:1e:34:1b:22:b5:72:e0:76:67:31:11:
                    8d:53:b6:3e:d8:9c:b1:04:63:a9:c9:e9:40:09:59:
                    78:b3:c2:96:52:ac:41:e3:b1:32:4c:57:4a:23:c2:
                    42:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4D:76:90:68:43:78:5E:F9:D8:04:58:13:D2:26:F8:09:77:70:E2:D6
            X509v3 Authority Key Identifier:
                keyid:C5:F2:20:3B:C0:28:67:02:34:5A:C4:65:50:0B:44:88:C0:31:C6:B5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xfIgO8AoZwI0WsRlUAtEiMAxxrU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/18/411234-df12-4d3f-a706-2445f634e928/1/TXaQaEN4XvnYBFgT0ib4CXdw4tY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/18/411234-df12-4d3f-a706-2445f634e928/1/xfIgO8AoZwI0WsRlUAtEiMAxxrU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.205.168.0/22

    Signature Algorithm: sha256WithRSAEncryption
         96:86:66:a7:02:04:97:5c:8b:05:c6:a8:2c:ff:6a:50:d5:a2:
         ef:4f:b2:3c:46:63:4b:d3:a7:15:5d:77:7e:47:8e:b1:15:e2:
         83:3f:ae:58:1e:cc:5a:20:9e:b6:b4:00:3a:34:82:35:1f:6f:
         d7:b6:a9:01:f3:28:4e:75:6f:b5:08:e5:27:8a:cc:68:93:2f:
         d7:45:04:45:9e:54:26:9f:ba:3b:24:3e:0d:e0:a9:2c:63:77:
         96:ff:ba:d2:cf:a9:47:11:74:df:2d:20:4c:a1:d9:82:25:30:
         e9:1d:b0:ac:1b:41:25:3c:72:1b:05:10:d3:6c:87:25:c3:a4:
         63:c0:03:9c:0e:69:75:6b:9e:82:61:81:f1:dd:56:02:77:14:
         9a:e6:64:45:f7:06:9c:4a:57:ab:52:00:cc:f2:98:65:5f:2e:
         05:09:28:1a:1d:42:21:74:93:f6:92:bb:b3:c3:73:07:cb:d0:
         dd:26:7d:a5:40:46:f2:d6:40:25:ae:5c:a6:b8:c9:81:11:37:
         8a:6f:ee:83:22:31:be:d8:48:74:8c:f6:e3:17:e3:ba:da:77:
         04:5c:67:df:2b:83:65:d0:f1:b2:4a:09:61:b1:09:c2:ef:8b:
         bd:f7:c6:4e:8a:9f:4d:04:ca:23:5c:73:de:2b:cc:b2:22:29:
         ad:79:43:2c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQf+lygdOtzniIBJFHzMkNBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM1ZjIyMDNiYzAyODY3MDIzNDVhYzQ2NTUwMGI0NDg4YzAz
MWM2YjUwHhcNMjUwMTAxMDM0ODA4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZDc2OTA2ODQzNzg1ZWY5ZDgwNDU4MTNkMjI2ZjgwOTc3NzBlMmQ2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzceUfXBVI0JgBS2b7bwwUFDj3ky7
UkANBX8ozfHYcle5P9fzOJ5fKfwR+/rnmOnGp90dSCjCPe5BoSmSEyFVXJ5OFNJy
DkAbJCRYXPtG6gJwk/EfpTYKvSg/LVGL3A9sLB05qDE73Px2VTYf818ezMZqDnTp
QtisB1hWE2ibSJRSH93aF8c6RyqWXX02unC6q8B9L0J5ilG0pz3agyYL7nf2UOss
Dn/gwyIbXAJ3OSBQHhJDd0NvWSjFytjvjgY0THYA0ytyj/8C0uqZFgyBTcgElGsa
HjQbIrVy4HZnMRGNU7Y+2JyxBGOpyelACVl4s8KWUqxB47EyTFdKI8JCtwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFE12kGhDeF752ARYE9Im+Al3cOLWMB8GA1UdIwQY
MBaAFMXyIDvAKGcCNFrEZVALRIjAMca1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveGZJZ084QW9ad0kwV3NSbFVBdEVpTUF4eHJVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xOC80MTEyMzQtZGYxMi00ZDNmLWE3MDYt
MjQ0NWY2MzRlOTI4LzEvVFhhUWFFTjRYdm5ZQkZnVDBpYjRDWGR3NHRZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xOC80MTEyMzQtZGYxMi00ZDNmLWE3MDYtMjQ0NWY2MzRlOTI4
LzEveGZJZ084QW9ad0kwV3NSbFVBdEVpTUF4eHJVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuc2oMA0G
CSqGSIb3DQEBCwUAA4IBAQCWhmanAgSXXIsFxqgs/2pQ1aLvT7I8RmNL06cVXXd+
R46xFeKDP65YHsxaIJ62tAA6NII1H2/XtqkB8yhOdW+1COUnisxoky/XRQRFnlQm
n7o7JD4N4KksY3eW/7rSz6lHEXTfLSBModmCJTDpHbCsG0ElPHIbBRDTbIclw6Rj
wAOcDml1a56CYYHx3VYCdxSa5mRF9wacSlerUgDM8phlXy4FCSgaHUIhdJP2kruz
w3MHy9DdJn2lQEby1kAlrlymuMmBETeKb+6DIjG+2Eh0jPbjF+O62ncEXGffK4Nl
0PGySglhsQnC74u998ZOip9NBMojXHPeK8yyIimteUMs
-----END CERTIFICATE-----