Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1b/8d55c0-9aa0-4be7-82a8-dab6b83cf7ec/1/nRd2QQHJvxWvYt2MaDtdcdyAXq0.roa
File:                     nRd2QQHJvxWvYt2MaDtdcdyAXq0.roa (raw, json)
Hash identifier:          yZqn0BYFHogcQ5mr/kG0CSKrE+RjbicfkkCTMtc6QdE=
Subject key identifier:   9D:17:76:41:01:C9:BF:15:AF:62:DD:8C:68:3B:5D:71:DC:80:5E:AD
Certificate issuer:       /CN=4c7844abef711c232c84f83c807a420af3804728
Certificate serial:       01942686DDB4B7EF17D7208CD7CAFD77D149
Authority key identifier: 4C:78:44:AB:EF:71:1C:23:2C:84:F8:3C:80:7A:42:0A:F3:80:47:28
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/THhEq-9xHCMshPg8gHpCCvOARyg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1b/8d55c0-9aa0-4be7-82a8-dab6b83cf7ec/1/nRd2QQHJvxWvYt2MaDtdcdyAXq0.roa
Signing time:             Thu 02 Jan 2025 10:19:20 +0000
ROA not before:           Thu 02 Jan 2025 10:19:20 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     203297
IP address blocks:        185.139.164.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1b/8d55c0-9aa0-4be7-82a8-dab6b83cf7ec/1/THhEq-9xHCMshPg8gHpCCvOARyg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1b/8d55c0-9aa0-4be7-82a8-dab6b83cf7ec/1/THhEq-9xHCMshPg8gHpCCvOARyg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/THhEq-9xHCMshPg8gHpCCvOARyg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:86:dd:b4:b7:ef:17:d7:20:8c:d7:ca:fd:77:d1:49
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4c7844abef711c232c84f83c807a420af3804728
        Validity
            Not Before: Jan  2 10:19:20 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9d17764101c9bf15af62dd8c683b5d71dc805ead
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:f7:5b:40:6b:79:d4:85:b7:65:f0:e3:5d:0c:
                    36:b0:58:e9:88:67:98:3e:5f:bb:c2:fc:33:7e:bb:
                    47:61:f8:9c:85:ee:1d:d4:d5:74:48:a0:3c:64:97:
                    32:b2:d3:17:15:43:4b:7a:68:57:26:16:e2:d0:74:
                    ec:67:86:a9:eb:3a:29:99:ad:58:85:ae:5e:f6:2e:
                    0f:9e:0f:bc:be:29:29:4d:c8:08:c2:73:a6:7a:14:
                    6b:bc:71:2d:02:27:28:19:1c:4d:4b:27:4f:c5:7c:
                    46:76:85:01:49:87:10:a4:87:33:5f:fc:77:c5:7b:
                    c7:9a:6b:4d:d8:81:4a:d4:1b:b8:e5:c8:ae:81:aa:
                    57:b8:dd:0e:bd:37:80:ed:b1:37:14:7d:1b:d8:94:
                    83:71:03:19:ca:7a:04:7b:2a:5e:08:b4:26:2e:13:
                    b3:49:82:fd:d5:18:23:af:d6:ca:9d:6d:97:d7:47:
                    42:b1:ab:fc:7e:de:23:e8:f9:cd:48:5e:72:e4:14:
                    32:e1:c0:9c:91:67:8f:94:ce:89:d0:61:a3:cf:21:
                    e7:18:66:b0:46:37:ac:7a:55:d1:e5:33:6a:fc:75:
                    d3:61:35:80:59:c9:9a:e2:5c:97:82:80:43:f4:54:
                    f1:9c:a8:50:ec:b4:73:43:c4:28:68:02:59:32:5f:
                    a9:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9D:17:76:41:01:C9:BF:15:AF:62:DD:8C:68:3B:5D:71:DC:80:5E:AD
            X509v3 Authority Key Identifier:
                keyid:4C:78:44:AB:EF:71:1C:23:2C:84:F8:3C:80:7A:42:0A:F3:80:47:28

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/THhEq-9xHCMshPg8gHpCCvOARyg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1b/8d55c0-9aa0-4be7-82a8-dab6b83cf7ec/1/nRd2QQHJvxWvYt2MaDtdcdyAXq0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1b/8d55c0-9aa0-4be7-82a8-dab6b83cf7ec/1/THhEq-9xHCMshPg8gHpCCvOARyg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.139.164.0/22

    Signature Algorithm: sha256WithRSAEncryption
         7c:2f:ff:5d:41:f1:ff:ff:c0:c3:85:01:91:9a:83:48:20:00:
         5b:3e:b8:1a:9e:fc:1e:24:74:18:d5:7e:7f:69:65:af:fc:39:
         b8:92:c3:72:f4:02:c4:23:01:70:43:bf:82:33:77:a0:8a:5a:
         05:07:2e:6c:3b:ae:fd:82:d3:51:d7:82:d9:57:c5:56:c6:64:
         39:cc:e5:93:23:2d:20:57:d6:e3:9d:03:e0:36:97:ad:ee:4c:
         8b:3a:14:5c:e0:53:80:06:6d:48:b5:f8:4d:62:8a:f4:00:bf:
         c9:f6:76:3a:56:eb:a8:cd:8d:e1:02:15:a7:9a:e4:df:ba:d2:
         ab:b2:b3:e5:c5:ed:9f:fd:34:e5:66:85:04:41:38:b2:2b:21:
         94:7f:d5:fa:20:ce:fe:ea:86:da:44:e1:f2:4e:f9:b1:b0:e1:
         5a:60:51:ae:e5:d0:7f:bc:b8:5e:f7:75:bb:59:73:3d:3e:65:
         f0:ca:94:f4:66:00:46:79:38:70:67:2b:a0:11:49:93:5d:ad:
         61:6b:3b:4d:8e:ce:d6:38:98:c5:64:27:c5:67:ca:e9:d9:c3:
         3c:8b:9a:ba:98:b3:06:96:30:f0:46:4c:ff:b9:ba:fd:4a:30:
         7d:9e:30:83:54:65:11:21:d2:60:a3:bc:12:0e:c5:45:1f:29:
         1b:c9:54:84
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQmht20t+8X1yCM18r9d9FJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRjNzg0NGFiZWY3MTFjMjMyYzg0ZjgzYzgwN2E0MjBhZjM4
MDQ3MjgwHhcNMjUwMTAyMTAxOTIwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZDE3NzY0MTAxYzliZjE1YWY2MmRkOGM2ODNiNWQ3MWRjODA1ZWFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0PdbQGt51IW3ZfDjXQw2sFjpiGeY
Pl+7wvwzfrtHYfiche4d1NV0SKA8ZJcystMXFUNLemhXJhbi0HTsZ4ap6zopma1Y
ha5e9i4Png+8vikpTcgIwnOmehRrvHEtAicoGRxNSydPxXxGdoUBSYcQpIczX/x3
xXvHmmtN2IFK1Bu45ciugapXuN0OvTeA7bE3FH0b2JSDcQMZynoEeypeCLQmLhOz
SYL91Rgjr9bKnW2X10dCsav8ft4j6PnNSF5y5BQy4cCckWePlM6J0GGjzyHnGGaw
RjeselXR5TNq/HXTYTWAWcma4lyXgoBD9FTxnKhQ7LRzQ8QoaAJZMl+pjQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJ0XdkEByb8Vr2LdjGg7XXHcgF6tMB8GA1UdIwQY
MBaAFEx4RKvvcRwjLIT4PIB6QgrzgEcoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVEhoRXEtOXhIQ01zaFBnOGdIcENDdk9BUnlnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYi84ZDU1YzAtOWFhMC00YmU3LTgyYTgt
ZGFiNmI4M2NmN2VjLzEvblJkMlFRSEp2eFd2WXQyTWFEdGRjZHlBWHEwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYi84ZDU1YzAtOWFhMC00YmU3LTgyYTgtZGFiNmI4M2NmN2Vj
LzEvVEhoRXEtOXhIQ01zaFBnOGdIcENDdk9BUnlnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuYukMA0G
CSqGSIb3DQEBCwUAA4IBAQB8L/9dQfH//8DDhQGRmoNIIABbPrganvweJHQY1X5/
aWWv/Dm4ksNy9ALEIwFwQ7+CM3egiloFBy5sO679gtNR14LZV8VWxmQ5zOWTIy0g
V9bjnQPgNpet7kyLOhRc4FOABm1ItfhNYor0AL/J9nY6VuuozY3hAhWnmuTfutKr
srPlxe2f/TTlZoUEQTiyKyGUf9X6IM7+6obaROHyTvmxsOFaYFGu5dB/vLhe93W7
WXM9PmXwypT0ZgBGeThwZyugEUmTXa1haztNjs7WOJjFZCfFZ8rp2cM8i5q6mLMG
ljDwRkz/ubr9SjB9njCDVGURIdJgo7wSDsVFHykbyVSE
-----END CERTIFICATE-----