Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1e/f7308a-4108-4acc-b600-3630543b521b/1/okBQ3HYZQrL6ORKAHfJHyIzTOqU.roa
File:                     okBQ3HYZQrL6ORKAHfJHyIzTOqU.roa (raw, json)
Hash identifier:          8hx35QaymOBGYmgY5QQuJWW8cF+INO74gqLHBnenUT8=
Subject key identifier:   A2:40:50:DC:76:19:42:B2:FA:39:12:80:1D:F2:47:C8:8C:D3:3A:A5
Certificate issuer:       /CN=6d38b540831c9cd5df480851a7280667ed7cd647
Certificate serial:       0194266A481FE15F2D37EF9B8C26FA847BAD
Authority key identifier: 6D:38:B5:40:83:1C:9C:D5:DF:48:08:51:A7:28:06:67:ED:7C:D6:47
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bTi1QIMcnNXfSAhRpygGZ-181kc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1e/f7308a-4108-4acc-b600-3630543b521b/1/okBQ3HYZQrL6ORKAHfJHyIzTOqU.roa
Signing time:             Thu 02 Jan 2025 09:48:06 +0000
ROA not before:           Thu 02 Jan 2025 09:48:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     49052
IP address blocks:        185.128.240.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1e/f7308a-4108-4acc-b600-3630543b521b/1/bTi1QIMcnNXfSAhRpygGZ-181kc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1e/f7308a-4108-4acc-b600-3630543b521b/1/bTi1QIMcnNXfSAhRpygGZ-181kc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bTi1QIMcnNXfSAhRpygGZ-181kc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 23 Apr 2025 04:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:6a:48:1f:e1:5f:2d:37:ef:9b:8c:26:fa:84:7b:ad
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6d38b540831c9cd5df480851a7280667ed7cd647
        Validity
            Not Before: Jan  2 09:48:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a24050dc761942b2fa3912801df247c88cd33aa5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:35:a8:db:10:7c:86:62:c0:cb:fc:5f:81:a6:
                    01:61:94:90:ff:b3:c5:4f:e8:a6:5e:e0:27:46:5e:
                    d6:54:6c:b1:e5:8e:d7:aa:eb:dd:ad:e4:13:c3:cb:
                    58:25:2e:e9:8b:c7:51:a4:39:a5:3c:0a:a3:b2:7c:
                    27:58:61:64:2f:57:9e:ef:1f:6d:31:da:dd:9f:6d:
                    86:d1:b3:4e:29:45:53:01:41:55:a6:ff:0e:6d:38:
                    e1:cc:38:09:3c:be:0b:3e:bf:12:c8:50:4d:44:39:
                    09:f7:93:6b:29:0d:c4:43:dc:54:ab:49:a2:55:f0:
                    3f:db:46:c2:df:93:06:5b:79:3d:67:5c:a6:9f:3c:
                    ed:a2:fa:ce:87:16:b9:c2:68:05:b3:8c:0c:43:d9:
                    c4:26:fd:ac:1d:b3:34:f8:e6:a5:b7:6b:58:7d:e6:
                    83:b1:3f:db:27:7c:1d:eb:dd:45:7e:00:5e:b8:f0:
                    05:5c:36:13:32:01:72:dc:45:c8:cf:9d:af:a0:78:
                    62:2a:88:22:ef:50:6f:70:79:b9:ef:f5:ff:ee:1e:
                    6e:80:72:9b:23:68:eb:4b:7d:1e:e7:3d:7a:df:25:
                    61:95:18:84:fa:10:7d:70:d1:dc:be:70:2a:ef:6c:
                    13:e1:47:22:80:c8:5c:a5:a4:1e:e1:21:e6:63:df:
                    b8:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A2:40:50:DC:76:19:42:B2:FA:39:12:80:1D:F2:47:C8:8C:D3:3A:A5
            X509v3 Authority Key Identifier:
                keyid:6D:38:B5:40:83:1C:9C:D5:DF:48:08:51:A7:28:06:67:ED:7C:D6:47

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bTi1QIMcnNXfSAhRpygGZ-181kc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/f7308a-4108-4acc-b600-3630543b521b/1/okBQ3HYZQrL6ORKAHfJHyIzTOqU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/f7308a-4108-4acc-b600-3630543b521b/1/bTi1QIMcnNXfSAhRpygGZ-181kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.128.240.0/22

    Signature Algorithm: sha256WithRSAEncryption
         80:0f:1d:67:7e:db:0a:96:6e:dc:ab:8e:c5:3f:43:75:a1:17:
         a2:bc:a6:a8:88:78:6d:d3:17:c1:5e:eb:b0:e8:75:b0:0d:14:
         68:29:9d:05:1d:10:fa:38:11:b2:a8:90:52:64:3b:24:7a:ab:
         22:28:6a:93:13:d9:f8:d2:6c:ce:55:d2:ec:91:87:ba:25:72:
         5a:f2:fb:6f:05:8a:df:0c:e9:3c:c7:d4:68:8c:e6:17:27:36:
         6c:e2:9c:50:66:37:b0:fc:67:a4:c6:57:46:6a:63:89:a3:25:
         e8:08:01:08:d0:f5:2f:87:0a:89:1e:8b:89:b4:3c:d5:29:af:
         03:f6:b9:7d:3f:e0:cf:71:fc:34:93:c9:59:16:2e:c4:e7:3b:
         cd:c6:3e:d7:a6:fa:37:93:24:76:9b:29:9c:4b:1d:cc:e3:05:
         d1:5f:9a:ca:4b:25:13:c5:fc:d1:37:fc:3e:97:73:d9:89:4c:
         62:43:e4:14:bc:a2:b0:08:46:0e:92:db:50:1a:ec:47:99:6c:
         bc:75:3f:48:02:6c:f8:29:f0:11:70:f6:51:e3:f6:1b:5a:50:
         52:d0:62:64:0b:e0:a2:3c:52:a1:b5:3a:cb:97:a5:96:b4:19:
         34:88:ca:34:f8:33:88:c1:39:9a:77:e9:f3:a1:58:43:6b:89:
         b0:11:ce:b9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQmakgf4V8tN++bjCb6hHutMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZkMzhiNTQwODMxYzljZDVkZjQ4MDg1MWE3MjgwNjY3ZWQ3
Y2Q2NDcwHhcNMjUwMTAyMDk0ODA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMjQwNTBkYzc2MTk0MmIyZmEzOTEyODAxZGYyNDdjODhjZDMzYWE1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArzWo2xB8hmLAy/xfgaYBYZSQ/7PF
T+imXuAnRl7WVGyx5Y7XquvdreQTw8tYJS7pi8dRpDmlPAqjsnwnWGFkL1ee7x9t
Mdrdn22G0bNOKUVTAUFVpv8ObTjhzDgJPL4LPr8SyFBNRDkJ95NrKQ3EQ9xUq0mi
VfA/20bC35MGW3k9Z1ymnzztovrOhxa5wmgFs4wMQ9nEJv2sHbM0+Oalt2tYfeaD
sT/bJ3wd691FfgBeuPAFXDYTMgFy3EXIz52voHhiKogi71BvcHm57/X/7h5ugHKb
I2jrS30e5z163yVhlRiE+hB9cNHcvnAq72wT4UcigMhcpaQe4SHmY9+4qwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKJAUNx2GUKy+jkSgB3yR8iM0zqlMB8GA1UdIwQY
MBaAFG04tUCDHJzV30gIUacoBmftfNZHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYlRpMVFJTWNuTlhmU0FoUnB5Z0daLTE4MWtjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZS9mNzMwOGEtNDEwOC00YWNjLWI2MDAt
MzYzMDU0M2I1MjFiLzEvb2tCUTNIWVpRckw2T1JLQUhmSkh5SXpUT3FVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZS9mNzMwOGEtNDEwOC00YWNjLWI2MDAtMzYzMDU0M2I1MjFi
LzEvYlRpMVFJTWNuTlhmU0FoUnB5Z0daLTE4MWtjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuYDwMA0G
CSqGSIb3DQEBCwUAA4IBAQCADx1nftsKlm7cq47FP0N1oReivKaoiHht0xfBXuuw
6HWwDRRoKZ0FHRD6OBGyqJBSZDskeqsiKGqTE9n40mzOVdLskYe6JXJa8vtvBYrf
DOk8x9RojOYXJzZs4pxQZjew/GekxldGamOJoyXoCAEI0PUvhwqJHouJtDzVKa8D
9rl9P+DPcfw0k8lZFi7E5zvNxj7Xpvo3kyR2mymcSx3M4wXRX5rKSyUTxfzRN/w+
l3PZiUxiQ+QUvKKwCEYOkttQGuxHmWy8dT9IAmz4KfARcPZR4/YbWlBS0GJkC+Ci
PFKhtTrLl6WWtBk0iMo0+DOIwTmad+nzoVhDa4mwEc65
-----END CERTIFICATE-----