Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1b/8d55c0-9aa0-4be7-82a8-dab6b83cf7ec/1/MfLf638cBMkfH5M2VRdb5zkozps.roa
File:                     MfLf638cBMkfH5M2VRdb5zkozps.roa (raw, json)
Hash identifier:          2fcAYwjckXPjFWKMKBGwmwkGYgpmXwgfJsrW0TpRDWg=
Subject key identifier:   31:F2:DF:EB:7F:1C:04:C9:1F:1F:93:36:55:17:5B:E7:39:28:CE:9B
Certificate issuer:       /CN=4c7844abef711c232c84f83c807a420af3804728
Certificate serial:       01942686DFF79D4A6C4CB61584DA6485CCC2
Authority key identifier: 4C:78:44:AB:EF:71:1C:23:2C:84:F8:3C:80:7A:42:0A:F3:80:47:28
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/THhEq-9xHCMshPg8gHpCCvOARyg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1b/8d55c0-9aa0-4be7-82a8-dab6b83cf7ec/1/MfLf638cBMkfH5M2VRdb5zkozps.roa
Signing time:             Thu 02 Jan 2025 10:19:20 +0000
ROA not before:           Thu 02 Jan 2025 10:19:20 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     203800
IP address blocks:        185.123.92.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1b/8d55c0-9aa0-4be7-82a8-dab6b83cf7ec/1/THhEq-9xHCMshPg8gHpCCvOARyg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1b/8d55c0-9aa0-4be7-82a8-dab6b83cf7ec/1/THhEq-9xHCMshPg8gHpCCvOARyg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/THhEq-9xHCMshPg8gHpCCvOARyg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:86:df:f7:9d:4a:6c:4c:b6:15:84:da:64:85:cc:c2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4c7844abef711c232c84f83c807a420af3804728
        Validity
            Not Before: Jan  2 10:19:20 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=31f2dfeb7f1c04c91f1f933655175be73928ce9b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ef:04:9c:93:c4:40:ef:33:4a:d3:c2:d7:25:8f:
                    64:39:4d:0a:db:92:05:48:1a:b8:a2:bd:ea:38:8d:
                    cb:59:22:71:ef:e6:18:43:b0:80:cb:bf:5c:b3:73:
                    81:54:b7:a6:72:7e:ef:f9:04:c9:ff:93:05:d5:d2:
                    fa:80:aa:ad:de:50:46:d6:ce:df:bd:3a:d6:64:83:
                    82:13:9b:08:e1:9e:95:ca:ec:ff:4d:41:94:8c:8e:
                    96:04:6e:7c:e5:de:51:20:53:87:6e:a4:3a:01:a7:
                    7e:e5:11:d6:16:c7:95:44:27:0c:a0:09:ae:c4:bb:
                    69:35:da:c7:c3:b9:28:83:95:42:65:fe:70:a0:60:
                    5d:5f:66:e4:69:33:e1:3a:29:c9:98:9f:f8:f9:01:
                    f9:7a:d4:b6:52:65:c6:08:4e:00:16:d6:bd:44:fb:
                    c4:1a:70:c5:05:f1:2f:64:af:2c:24:c2:34:0b:94:
                    e0:8d:d1:97:f1:7f:c9:1d:f0:91:79:1e:04:f9:68:
                    56:d1:d6:67:d6:dc:da:38:cf:92:ba:20:83:68:08:
                    fb:66:11:0c:70:f2:f5:59:9e:a7:d4:18:b6:42:d4:
                    7a:e1:8c:b5:5e:c0:f0:60:47:18:f8:33:a9:20:65:
                    c4:72:84:55:0f:ed:ad:73:a9:6a:fd:3e:aa:62:ea:
                    16:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                31:F2:DF:EB:7F:1C:04:C9:1F:1F:93:36:55:17:5B:E7:39:28:CE:9B
            X509v3 Authority Key Identifier:
                keyid:4C:78:44:AB:EF:71:1C:23:2C:84:F8:3C:80:7A:42:0A:F3:80:47:28

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/THhEq-9xHCMshPg8gHpCCvOARyg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1b/8d55c0-9aa0-4be7-82a8-dab6b83cf7ec/1/MfLf638cBMkfH5M2VRdb5zkozps.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1b/8d55c0-9aa0-4be7-82a8-dab6b83cf7ec/1/THhEq-9xHCMshPg8gHpCCvOARyg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.123.92.0/22

    Signature Algorithm: sha256WithRSAEncryption
         10:21:83:f4:e1:d5:85:9c:72:b3:02:6d:e8:36:db:e1:81:e0:
         5b:35:bc:c5:1f:ef:dc:7a:9b:f0:15:85:93:4a:3e:cd:85:56:
         78:7d:d8:ba:74:94:ca:2c:ec:83:ff:3b:2e:2c:75:f6:ba:62:
         ac:79:25:67:15:b3:2b:f1:cf:58:c4:66:6d:dd:02:08:08:7c:
         de:a4:8a:0f:a7:05:26:8a:ed:9a:9a:ac:e5:b1:2d:8a:84:88:
         c5:b5:b6:6b:f0:9c:35:b9:45:7c:3d:82:36:93:03:26:0d:36:
         a9:f4:e4:5d:b9:73:63:32:ef:19:6e:2c:04:15:98:1a:2c:43:
         e6:90:8a:79:3d:0a:44:12:e0:8c:9b:77:af:c9:ab:17:fd:76:
         c6:f8:35:ef:0f:b0:b5:f1:66:b3:08:1a:a1:54:49:46:f1:3a:
         5f:2b:54:69:14:98:f4:fa:06:35:23:63:32:92:a7:a8:b5:18:
         59:2d:d8:fb:b5:1c:d9:0f:0f:7a:28:ec:a9:06:d9:7b:c0:27:
         d1:ca:95:bb:dd:4d:42:fb:74:13:fd:1f:73:f4:c6:36:57:90:
         2d:2d:e8:4e:da:f2:1f:ed:0d:48:67:3d:ad:4d:ed:45:06:2d:
         5d:f6:84:bc:11:33:88:ad:4b:d8:2c:aa:20:11:88:e6:5c:da:
         46:84:00:dc
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQmht/3nUpsTLYVhNpkhczCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRjNzg0NGFiZWY3MTFjMjMyYzg0ZjgzYzgwN2E0MjBhZjM4
MDQ3MjgwHhcNMjUwMTAyMTAxOTIwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMWYyZGZlYjdmMWMwNGM5MWYxZjkzMzY1NTE3NWJlNzM5MjhjZTliMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7wSck8RA7zNK08LXJY9kOU0K25IF
SBq4or3qOI3LWSJx7+YYQ7CAy79cs3OBVLemcn7v+QTJ/5MF1dL6gKqt3lBG1s7f
vTrWZIOCE5sI4Z6Vyuz/TUGUjI6WBG585d5RIFOHbqQ6Aad+5RHWFseVRCcMoAmu
xLtpNdrHw7kog5VCZf5woGBdX2bkaTPhOinJmJ/4+QH5etS2UmXGCE4AFta9RPvE
GnDFBfEvZK8sJMI0C5TgjdGX8X/JHfCReR4E+WhW0dZn1tzaOM+SuiCDaAj7ZhEM
cPL1WZ6n1Bi2QtR64Yy1XsDwYEcY+DOpIGXEcoRVD+2tc6lq/T6qYuoWaQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDHy3+t/HATJHx+TNlUXW+c5KM6bMB8GA1UdIwQY
MBaAFEx4RKvvcRwjLIT4PIB6QgrzgEcoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVEhoRXEtOXhIQ01zaFBnOGdIcENDdk9BUnlnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYi84ZDU1YzAtOWFhMC00YmU3LTgyYTgt
ZGFiNmI4M2NmN2VjLzEvTWZMZjYzOGNCTWtmSDVNMlZSZGI1emtvenBzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYi84ZDU1YzAtOWFhMC00YmU3LTgyYTgtZGFiNmI4M2NmN2Vj
LzEvVEhoRXEtOXhIQ01zaFBnOGdIcENDdk9BUnlnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuXtcMA0G
CSqGSIb3DQEBCwUAA4IBAQAQIYP04dWFnHKzAm3oNtvhgeBbNbzFH+/cepvwFYWT
Sj7NhVZ4fdi6dJTKLOyD/zsuLHX2umKseSVnFbMr8c9YxGZt3QIICHzepIoPpwUm
iu2amqzlsS2KhIjFtbZr8Jw1uUV8PYI2kwMmDTap9ORduXNjMu8ZbiwEFZgaLEPm
kIp5PQpEEuCMm3evyasX/XbG+DXvD7C18WazCBqhVElG8TpfK1RpFJj0+gY1I2My
kqeotRhZLdj7tRzZDw96KOypBtl7wCfRypW73U1C+3QT/R9z9MY2V5AtLehO2vIf
7Q1IZz2tTe1FBi1d9oS8ETOIrUvYLKogEYjmXNpGhADc
-----END CERTIFICATE-----