Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1c/629cb2-2b4d-4748-bb11-c9fe0ba28647/1/4hn1wVatZQI4O44VQ9afg3_3YCE.roa
File:                     4hn1wVatZQI4O44VQ9afg3_3YCE.roa (raw, json)
Hash identifier:          Wip87SKY/zyuxOVUXFbAARGlH7AAphh/zZD7B0INIf4=
Subject key identifier:   E2:19:F5:C1:56:AD:65:02:38:3B:8E:15:43:D6:9F:83:7F:F7:60:21
Certificate issuer:       /CN=40fac6a32fe4baa7d89b91ec5165a3d96688e144
Certificate serial:       019423693D8AC7E9376423854B8EF6A74ED2
Authority key identifier: 40:FA:C6:A3:2F:E4:BA:A7:D8:9B:91:EC:51:65:A3:D9:66:88:E1:44
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/QPrGoy_kuqfYm5HsUWWj2WaI4UQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1c/629cb2-2b4d-4748-bb11-c9fe0ba28647/1/4hn1wVatZQI4O44VQ9afg3_3YCE.roa
Signing time:             Wed 01 Jan 2025 19:48:07 +0000
ROA not before:           Wed 01 Jan 2025 19:48:07 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     202223
IP address blocks:        185.49.164.0/22 maxlen: 22
                          185.49.164.0/24 maxlen: 24
                          185.49.165.0/24 maxlen: 24
                          185.49.166.0/24 maxlen: 24
                          185.49.167.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1c/629cb2-2b4d-4748-bb11-c9fe0ba28647/1/QPrGoy_kuqfYm5HsUWWj2WaI4UQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1c/629cb2-2b4d-4748-bb11-c9fe0ba28647/1/QPrGoy_kuqfYm5HsUWWj2WaI4UQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/QPrGoy_kuqfYm5HsUWWj2WaI4UQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 23 Apr 2025 23:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:69:3d:8a:c7:e9:37:64:23:85:4b:8e:f6:a7:4e:d2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=40fac6a32fe4baa7d89b91ec5165a3d96688e144
        Validity
            Not Before: Jan  1 19:48:07 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e219f5c156ad6502383b8e1543d69f837ff76021
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:a5:86:fd:b7:44:85:79:3d:0c:30:f7:f3:32:
                    f0:88:79:87:c1:b8:08:45:b4:c0:97:b9:71:1c:69:
                    4b:b2:85:2a:93:25:69:4d:48:89:b3:a4:1b:b8:e6:
                    8e:d1:a9:fb:6b:95:de:93:3a:18:20:55:57:f9:6f:
                    9d:2e:a3:24:40:9c:4b:a5:20:fe:08:c8:73:71:60:
                    82:c3:d2:3a:ed:88:d9:40:63:00:fa:f9:c3:95:7c:
                    8c:28:dc:85:40:f2:45:8d:50:54:a4:f9:b7:1a:bd:
                    7f:4c:e2:50:5a:10:0b:b3:28:99:88:40:ce:34:bb:
                    0e:b9:b8:20:51:7e:68:67:5a:04:66:47:34:63:70:
                    4f:58:e1:6c:31:bc:24:bb:97:79:41:21:cc:25:9d:
                    e6:08:1e:30:fd:31:f0:10:f8:a0:be:52:c1:e7:7b:
                    76:40:46:4f:79:20:d8:46:5b:e9:94:f0:37:73:54:
                    8e:39:8f:d4:7d:93:e4:05:e0:88:d1:99:ae:6c:bc:
                    fa:d5:7a:c8:05:2e:dd:8c:7b:d2:29:0b:6e:64:37:
                    7e:f4:7f:97:7c:f7:f7:b8:c7:97:5b:4b:c4:50:63:
                    ff:5f:9f:01:57:40:50:97:f7:78:74:18:dd:f0:af:
                    fb:c3:5d:81:1a:23:2b:69:ba:49:49:b9:65:35:34:
                    f7:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E2:19:F5:C1:56:AD:65:02:38:3B:8E:15:43:D6:9F:83:7F:F7:60:21
            X509v3 Authority Key Identifier:
                keyid:40:FA:C6:A3:2F:E4:BA:A7:D8:9B:91:EC:51:65:A3:D9:66:88:E1:44

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QPrGoy_kuqfYm5HsUWWj2WaI4UQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/629cb2-2b4d-4748-bb11-c9fe0ba28647/1/4hn1wVatZQI4O44VQ9afg3_3YCE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/629cb2-2b4d-4748-bb11-c9fe0ba28647/1/QPrGoy_kuqfYm5HsUWWj2WaI4UQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.49.164.0/22

    Signature Algorithm: sha256WithRSAEncryption
         7c:14:4e:53:97:bf:dc:9e:cb:34:e3:c2:38:2f:a8:f2:34:b6:
         e5:ba:4d:31:1e:1d:5c:da:1d:e7:7b:08:94:30:2c:85:d9:91:
         21:46:8c:f3:c4:64:b1:95:05:f7:2f:eb:b5:6b:94:61:c9:17:
         5c:8f:1f:79:71:a5:0a:24:30:cc:df:ec:da:fb:22:80:32:06:
         44:e7:58:67:ad:1c:11:20:a9:6a:b7:80:6c:ee:0c:38:bc:5f:
         08:f4:fb:63:28:d7:66:ce:bd:b9:f3:07:0e:a9:12:5b:64:43:
         35:1a:46:be:b0:d9:c9:74:d5:df:3d:f5:78:bf:ea:db:3c:76:
         05:3f:02:3d:43:35:1c:4e:6b:12:df:b2:ae:db:11:4a:1f:36:
         2e:76:fb:66:50:90:4e:a7:63:f2:ed:49:5d:71:b8:f9:60:ef:
         43:6c:bc:f7:1e:c3:63:9a:32:ae:d4:b9:2f:bd:60:da:22:97:
         c0:3d:7b:5e:cd:a2:8e:91:b0:63:88:be:b5:21:ef:3e:af:ad:
         f8:38:0b:52:32:e1:23:1a:f9:e7:b7:53:99:f0:f1:7f:52:c1:
         3b:df:2b:2e:4b:18:f1:29:f3:8c:31:be:ca:8d:a4:e9:91:68:
         ec:52:6f:ce:0c:d9:ca:85:c8:d9:08:f4:6d:91:9f:09:28:0a:
         1f:7c:8f:df
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQjaT2Kx+k3ZCOFS472p07SMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQwZmFjNmEzMmZlNGJhYTdkODliOTFlYzUxNjVhM2Q5NjY4
OGUxNDQwHhcNMjUwMTAxMTk0ODA3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMjE5ZjVjMTU2YWQ2NTAyMzgzYjhlMTU0M2Q2OWY4MzdmZjc2MDIxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvqWG/bdEhXk9DDD38zLwiHmHwbgI
RbTAl7lxHGlLsoUqkyVpTUiJs6QbuOaO0an7a5XekzoYIFVX+W+dLqMkQJxLpSD+
CMhzcWCCw9I67YjZQGMA+vnDlXyMKNyFQPJFjVBUpPm3Gr1/TOJQWhALsyiZiEDO
NLsOubggUX5oZ1oEZkc0Y3BPWOFsMbwku5d5QSHMJZ3mCB4w/THwEPigvlLB53t2
QEZPeSDYRlvplPA3c1SOOY/UfZPkBeCI0ZmubLz61XrIBS7djHvSKQtuZDd+9H+X
fPf3uMeXW0vEUGP/X58BV0BQl/d4dBjd8K/7w12BGiMrabpJSbllNTT3nQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOIZ9cFWrWUCODuOFUPWn4N/92AhMB8GA1UdIwQY
MBaAFED6xqMv5Lqn2JuR7FFlo9lmiOFEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUVByR295X2t1cWZZbTVIc1VXV2oyV2FJNFVRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYy82MjljYjItMmI0ZC00NzQ4LWJiMTEt
YzlmZTBiYTI4NjQ3LzEvNGhuMXdWYXRaUUk0TzQ0VlE5YWZnM18zWUNFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYy82MjljYjItMmI0ZC00NzQ4LWJiMTEtYzlmZTBiYTI4NjQ3
LzEvUVByR295X2t1cWZZbTVIc1VXV2oyV2FJNFVRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuTGkMA0G
CSqGSIb3DQEBCwUAA4IBAQB8FE5Tl7/cnss048I4L6jyNLbluk0xHh1c2h3newiU
MCyF2ZEhRozzxGSxlQX3L+u1a5RhyRdcjx95caUKJDDM3+za+yKAMgZE51hnrRwR
IKlqt4Bs7gw4vF8I9PtjKNdmzr258wcOqRJbZEM1Gka+sNnJdNXfPfV4v+rbPHYF
PwI9QzUcTmsS37Ku2xFKHzYudvtmUJBOp2Py7Uldcbj5YO9DbLz3HsNjmjKu1Lkv
vWDaIpfAPXtezaKOkbBjiL61Ie8+r634OAtSMuEjGvnnt1OZ8PF/UsE73ysuSxjx
KfOMMb7KjaTpkWjsUm/ODNnKhcjZCPRtkZ8JKAoffI/f
-----END CERTIFICATE-----