Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/23/389424-aaba-4491-9fba-fcb43d4f6714/1/cb8dWgekdgTmGEn_puzoSrtajs0.roa
File:                     cb8dWgekdgTmGEn_puzoSrtajs0.roa (raw, json)
Hash identifier:          klMt7aeT4NJnkoShXspgSHaq5Jk7n53EuU54bLRTaLc=
Subject key identifier:   71:BF:1D:5A:07:A4:76:04:E6:18:49:FF:A6:EC:E8:4A:BB:5A:8E:CD
Certificate issuer:       /CN=9e1ba1653fca7c801723ca46ff442e6bac1e91a0
Certificate serial:       019427488236C758AC3EC4AFB208B2310636
Authority key identifier: 9E:1B:A1:65:3F:CA:7C:80:17:23:CA:46:FF:44:2E:6B:AC:1E:91:A0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nhuhZT_KfIAXI8pG_0Qua6wekaA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/23/389424-aaba-4491-9fba-fcb43d4f6714/1/cb8dWgekdgTmGEn_puzoSrtajs0.roa
Signing time:             Thu 02 Jan 2025 13:50:50 +0000
ROA not before:           Thu 02 Jan 2025 13:50:50 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     211974
IP address blocks:        185.203.220.0/22 maxlen: 24
                          2a12:9740::/29 maxlen: 64
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/23/389424-aaba-4491-9fba-fcb43d4f6714/1/nhuhZT_KfIAXI8pG_0Qua6wekaA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/23/389424-aaba-4491-9fba-fcb43d4f6714/1/nhuhZT_KfIAXI8pG_0Qua6wekaA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nhuhZT_KfIAXI8pG_0Qua6wekaA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:48:82:36:c7:58:ac:3e:c4:af:b2:08:b2:31:06:36
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9e1ba1653fca7c801723ca46ff442e6bac1e91a0
        Validity
            Not Before: Jan  2 13:50:50 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=71bf1d5a07a47604e61849ffa6ece84abb5a8ecd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:ed:aa:66:27:90:fb:b7:c8:ae:8d:e2:98:dc:
                    b4:96:56:d3:ae:eb:30:6e:62:f9:e4:b3:68:4a:3b:
                    6d:16:56:a4:98:d4:f7:7d:16:92:83:03:e4:a3:23:
                    67:f0:a8:a7:f4:57:e4:85:03:12:33:5f:d5:8c:92:
                    e3:13:f6:0e:b6:9d:0a:39:9f:ed:73:dd:6b:3a:87:
                    f4:f6:12:6f:78:e9:aa:f1:5a:58:e5:d6:4e:62:ee:
                    65:d8:7a:d6:93:5a:19:4e:ba:dd:79:d2:b5:d5:1a:
                    94:ac:2e:80:88:d6:ae:5b:7a:73:d6:5f:59:c4:cd:
                    d5:75:80:52:32:e9:08:66:51:d0:72:48:00:3e:97:
                    05:23:d2:cf:e9:78:90:13:72:8d:d4:f1:91:ac:56:
                    91:2b:2b:ed:e2:5b:a0:22:46:2a:17:a0:27:85:5d:
                    e4:d0:bc:5d:8a:46:58:79:08:24:e7:5d:c3:c6:97:
                    7c:ee:2b:fb:61:40:9c:ee:77:5f:c8:05:b3:30:2f:
                    da:38:4b:65:9c:68:3d:7c:70:f1:8a:2e:02:05:d9:
                    ac:a4:0f:3a:a5:18:97:e1:26:13:1d:a1:a0:62:f0:
                    45:fd:3f:0f:e8:07:7f:96:7d:b7:a7:71:7a:80:91:
                    e0:5a:b8:84:c6:6e:4e:60:d1:6a:f5:f6:66:3d:c5:
                    c4:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                71:BF:1D:5A:07:A4:76:04:E6:18:49:FF:A6:EC:E8:4A:BB:5A:8E:CD
            X509v3 Authority Key Identifier:
                keyid:9E:1B:A1:65:3F:CA:7C:80:17:23:CA:46:FF:44:2E:6B:AC:1E:91:A0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nhuhZT_KfIAXI8pG_0Qua6wekaA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/23/389424-aaba-4491-9fba-fcb43d4f6714/1/cb8dWgekdgTmGEn_puzoSrtajs0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/23/389424-aaba-4491-9fba-fcb43d4f6714/1/nhuhZT_KfIAXI8pG_0Qua6wekaA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.203.220.0/22
                IPv6:
                  2a12:9740::/29

    Signature Algorithm: sha256WithRSAEncryption
         c0:1b:72:9d:37:49:a5:7c:1b:91:8d:db:bb:55:4c:1c:89:87:
         8f:18:52:e5:01:da:5c:59:db:2a:04:b2:56:1c:ca:9a:54:0a:
         b8:22:8d:3a:a1:7a:c3:f2:97:d7:64:98:11:07:20:23:c0:0f:
         e3:b0:ad:2b:ee:1b:e3:cc:7c:e7:ed:1d:a1:8d:8e:ae:4b:c5:
         48:fb:90:f5:07:d9:61:be:88:7f:9c:a5:b6:89:d5:6a:1d:1a:
         18:62:e1:b5:c9:57:ca:a0:ce:ef:dd:4b:65:a7:ff:a6:5c:cc:
         4e:25:1c:43:30:5d:4a:55:98:65:d1:0a:29:58:4c:ce:40:f8:
         ca:8d:33:ad:a4:9c:b5:2c:35:8b:08:e4:94:b1:85:86:e1:9e:
         39:a4:d5:77:c2:bc:d3:4e:05:ac:0d:4f:78:f9:a5:5e:70:1e:
         92:09:bc:45:dc:5e:fb:66:fe:81:f5:c3:67:57:b8:86:7e:7d:
         4f:87:6b:70:11:93:a7:00:fd:3f:b8:96:a1:a0:29:27:eb:a4:
         90:61:82:e1:d8:28:b0:2f:e7:53:fb:13:fe:9a:51:cd:3d:29:
         cd:58:38:7b:94:1b:b2:0b:a8:53:f8:ef:36:e7:02:ec:f9:35:
         f3:32:7d:e3:fb:be:0b:92:48:6b:64:26:da:f6:b3:d8:bc:c3:
         14:14:b0:ff
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQnSII2x1isPsSvsgiyMQY2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDllMWJhMTY1M2ZjYTdjODAxNzIzY2E0NmZmNDQyZTZiYWMx
ZTkxYTAwHhcNMjUwMTAyMTM1MDUwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MWJmMWQ1YTA3YTQ3NjA0ZTYxODQ5ZmZhNmVjZTg0YWJiNWE4ZWNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsO2qZieQ+7fIro3imNy0llbTrusw
bmL55LNoSjttFlakmNT3fRaSgwPkoyNn8Kin9FfkhQMSM1/VjJLjE/YOtp0KOZ/t
c91rOof09hJveOmq8VpY5dZOYu5l2HrWk1oZTrrdedK11RqUrC6AiNauW3pz1l9Z
xM3VdYBSMukIZlHQckgAPpcFI9LP6XiQE3KN1PGRrFaRKyvt4lugIkYqF6AnhV3k
0LxdikZYeQgk513Dxpd87iv7YUCc7ndfyAWzMC/aOEtlnGg9fHDxii4CBdmspA86
pRiX4SYTHaGgYvBF/T8P6Ad/ln23p3F6gJHgWriExm5OYNFq9fZmPcXEXQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFHG/HVoHpHYE5hhJ/6bs6Eq7Wo7NMB8GA1UdIwQY
MBaAFJ4boWU/ynyAFyPKRv9ELmusHpGgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbmh1aFpUX0tmSUFYSThwR18wUXVhNndla2FBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMy8zODk0MjQtYWFiYS00NDkxLTlmYmEt
ZmNiNDNkNGY2NzE0LzEvY2I4ZFdnZWtkZ1RtR0VuX3B1em9TcnRhanMwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMy8zODk0MjQtYWFiYS00NDkxLTlmYmEtZmNiNDNkNGY2NzE0
LzEvbmh1aFpUX0tmSUFYSThwR18wUXVhNndla2FBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCucvcMA0E
AgACMAcDBQMqEpdAMA0GCSqGSIb3DQEBCwUAA4IBAQDAG3KdN0mlfBuRjdu7VUwc
iYePGFLlAdpcWdsqBLJWHMqaVAq4Io06oXrD8pfXZJgRByAjwA/jsK0r7hvjzHzn
7R2hjY6uS8VI+5D1B9lhvoh/nKW2idVqHRoYYuG1yVfKoM7v3Utlp/+mXMxOJRxD
MF1KVZhl0QopWEzOQPjKjTOtpJy1LDWLCOSUsYWG4Z45pNV3wrzTTgWsDU94+aVe
cB6SCbxF3F77Zv6B9cNnV7iGfn1Ph2twEZOnAP0/uJahoCkn66SQYYLh2CiwL+dT
+xP+mlHNPSnNWDh7lBuyC6hT+O825wLs+TXzMn3j+74LkkhrZCba9rPYvMMUFLD/
-----END CERTIFICATE-----