Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1b/8d55c0-9aa0-4be7-82a8-dab6b83cf7ec/1/RTDW_9ir78QV7tSH_VhKQZV9o9E.roa
File:                     RTDW_9ir78QV7tSH_VhKQZV9o9E.roa (raw, json)
Hash identifier:          d4l0MWyE7MGz6KUyIY2o+vwNtkeh3WQEvCQ4JDRIKNw=
Subject key identifier:   45:30:D6:FF:D8:AB:EF:C4:15:EE:D4:87:FD:58:4A:41:95:7D:A3:D1
Certificate issuer:       /CN=4c7844abef711c232c84f83c807a420af3804728
Certificate serial:       0194236A024EEB4BC1F88035BAA0C6D8759D
Authority key identifier: 4C:78:44:AB:EF:71:1C:23:2C:84:F8:3C:80:7A:42:0A:F3:80:47:28
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/THhEq-9xHCMshPg8gHpCCvOARyg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1b/8d55c0-9aa0-4be7-82a8-dab6b83cf7ec/1/RTDW_9ir78QV7tSH_VhKQZV9o9E.roa
Signing time:             Wed 01 Jan 2025 19:48:57 +0000
ROA not before:           Wed 01 Jan 2025 19:48:57 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     203191
IP address blocks:        185.143.12.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1b/8d55c0-9aa0-4be7-82a8-dab6b83cf7ec/1/THhEq-9xHCMshPg8gHpCCvOARyg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1b/8d55c0-9aa0-4be7-82a8-dab6b83cf7ec/1/THhEq-9xHCMshPg8gHpCCvOARyg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/THhEq-9xHCMshPg8gHpCCvOARyg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:6a:02:4e:eb:4b:c1:f8:80:35:ba:a0:c6:d8:75:9d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4c7844abef711c232c84f83c807a420af3804728
        Validity
            Not Before: Jan  1 19:48:57 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4530d6ffd8abefc415eed487fd584a41957da3d1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:ad:7d:86:7f:2f:22:04:e3:f1:1a:69:c0:fa:
                    bf:58:3e:8f:bb:73:81:a8:ac:79:d5:5c:95:7f:52:
                    c8:22:07:29:40:59:e5:69:62:df:3f:e3:1a:b0:c4:
                    34:b7:ec:a8:ce:9d:bb:ec:d9:17:3d:39:4d:fc:e0:
                    5b:fb:b3:7d:c4:80:fa:12:ed:81:ba:6f:58:a9:e9:
                    72:8b:6a:40:ea:2e:a1:9f:17:1f:a0:e4:a9:c4:4a:
                    ee:5b:08:91:ae:e3:7f:72:41:f8:20:94:7d:14:c7:
                    65:17:e7:96:30:0d:0e:35:18:0a:2e:78:7b:8b:5b:
                    c8:43:84:62:c4:5b:4f:f9:13:30:a7:95:b0:5f:98:
                    a5:58:79:fe:e9:3e:d7:14:27:a1:e5:ad:e2:60:09:
                    37:66:a4:3f:12:8d:11:9f:92:bc:0a:c4:85:69:44:
                    cc:3d:63:86:8b:19:4d:80:ca:72:98:00:f2:0c:9b:
                    e9:f9:b3:5c:85:50:40:56:79:20:21:95:68:60:e4:
                    fd:c1:60:02:c6:b2:5a:b3:19:d8:7b:0a:1b:c2:81:
                    63:b9:7c:84:d7:4b:dc:7e:9b:c4:6c:59:3f:c1:38:
                    2d:06:b5:b1:2a:17:b0:22:52:f2:e2:42:16:87:70:
                    1b:50:f2:c6:ee:d5:4d:89:52:33:76:a5:66:72:71:
                    3c:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                45:30:D6:FF:D8:AB:EF:C4:15:EE:D4:87:FD:58:4A:41:95:7D:A3:D1
            X509v3 Authority Key Identifier:
                keyid:4C:78:44:AB:EF:71:1C:23:2C:84:F8:3C:80:7A:42:0A:F3:80:47:28

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/THhEq-9xHCMshPg8gHpCCvOARyg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1b/8d55c0-9aa0-4be7-82a8-dab6b83cf7ec/1/RTDW_9ir78QV7tSH_VhKQZV9o9E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1b/8d55c0-9aa0-4be7-82a8-dab6b83cf7ec/1/THhEq-9xHCMshPg8gHpCCvOARyg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.143.12.0/22

    Signature Algorithm: sha256WithRSAEncryption
         1f:2c:c7:5b:e3:64:b2:a3:5f:11:bc:5b:77:ec:f1:99:de:64:
         c1:52:43:7f:d6:2a:8d:67:0a:19:d8:9b:22:e8:ac:f6:bf:1d:
         68:b5:43:9a:a7:92:f5:67:e3:d4:38:f4:bf:83:b3:c3:5b:9a:
         c9:54:e3:f4:35:16:f4:5e:24:81:1f:18:1a:9d:86:c7:a5:39:
         8a:e4:e3:2e:f5:29:36:da:fd:15:df:b8:cb:00:7d:0f:aa:8e:
         a9:2b:22:6b:4a:ce:0c:5d:d9:31:1d:54:9a:ae:46:0b:79:3b:
         6b:31:31:4b:eb:be:2e:11:7d:a6:24:d6:35:ea:90:5f:5a:38:
         a1:d5:7a:ef:be:aa:76:f5:de:5f:bc:9c:44:a9:4f:bb:46:7d:
         6e:2e:37:c2:e6:25:6e:f3:f2:51:63:55:5c:f8:2b:9f:42:c5:
         cf:5b:73:9b:fd:85:ee:fa:cc:13:c0:5f:10:33:5a:10:9e:17:
         a3:b0:14:5a:6f:f1:1c:7e:26:b5:df:7e:24:96:4b:90:09:8e:
         ab:82:66:1b:e0:24:08:68:31:d5:f7:7d:44:19:4d:c6:da:e3:
         27:4b:c2:04:b1:39:2b:f5:b8:3c:74:8d:d9:be:89:08:7c:4b:
         97:be:9c:d2:d1:2a:4e:46:91:b7:3e:b3:ef:b3:f4:c7:f7:5b:
         f5:4b:4c:f3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQjagJO60vB+IA1uqDG2HWdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRjNzg0NGFiZWY3MTFjMjMyYzg0ZjgzYzgwN2E0MjBhZjM4
MDQ3MjgwHhcNMjUwMTAxMTk0ODU3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NTMwZDZmZmQ4YWJlZmM0MTVlZWQ0ODdmZDU4NGE0MTk1N2RhM2QxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvq19hn8vIgTj8RppwPq/WD6Pu3OB
qKx51VyVf1LIIgcpQFnlaWLfP+MasMQ0t+yozp277NkXPTlN/OBb+7N9xID6Eu2B
um9Yqelyi2pA6i6hnxcfoOSpxEruWwiRruN/ckH4IJR9FMdlF+eWMA0ONRgKLnh7
i1vIQ4RixFtP+RMwp5WwX5ilWHn+6T7XFCeh5a3iYAk3ZqQ/Eo0Rn5K8CsSFaUTM
PWOGixlNgMpymADyDJvp+bNchVBAVnkgIZVoYOT9wWACxrJasxnYewobwoFjuXyE
10vcfpvEbFk/wTgtBrWxKhewIlLy4kIWh3AbUPLG7tVNiVIzdqVmcnE8GQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEUw1v/Yq+/EFe7Uh/1YSkGVfaPRMB8GA1UdIwQY
MBaAFEx4RKvvcRwjLIT4PIB6QgrzgEcoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVEhoRXEtOXhIQ01zaFBnOGdIcENDdk9BUnlnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYi84ZDU1YzAtOWFhMC00YmU3LTgyYTgt
ZGFiNmI4M2NmN2VjLzEvUlREV185aXI3OFFWN3RTSF9WaEtRWlY5bzlFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYi84ZDU1YzAtOWFhMC00YmU3LTgyYTgtZGFiNmI4M2NmN2Vj
LzEvVEhoRXEtOXhIQ01zaFBnOGdIcENDdk9BUnlnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuY8MMA0G
CSqGSIb3DQEBCwUAA4IBAQAfLMdb42Syo18RvFt37PGZ3mTBUkN/1iqNZwoZ2Jsi
6Kz2vx1otUOap5L1Z+PUOPS/g7PDW5rJVOP0NRb0XiSBHxganYbHpTmK5OMu9Sk2
2v0V37jLAH0Pqo6pKyJrSs4MXdkxHVSarkYLeTtrMTFL674uEX2mJNY16pBfWjih
1Xrvvqp29d5fvJxEqU+7Rn1uLjfC5iVu8/JRY1Vc+CufQsXPW3Ob/YXu+swTwF8Q
M1oQnhejsBRab/Ecfia1334klkuQCY6rgmYb4CQIaDHV931EGU3G2uMnS8IEsTkr
9bg8dI3ZvokIfEuXvpzS0SpORpG3PrPvs/TH91v1S0zz
-----END CERTIFICATE-----