Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/24/9c4fb0-c475-4204-9987-0a91cadbee66/1/kfsN1HfyfK-NQ9iZIGxx8I0iebc.roa
File:                     kfsN1HfyfK-NQ9iZIGxx8I0iebc.roa (raw, json)
Hash identifier:          471clsXqk9Nk68jCHR5a7ma3NzbA1DO/nClDnuoSJLA=
Subject key identifier:   91:FB:0D:D4:77:F2:7C:AF:8D:43:D8:99:20:6C:71:F0:8D:22:79:B7
Certificate issuer:       /CN=4f6a9444adaa523c5768e9f6be14065183ac20a8
Certificate serial:       019420D5C3C07544161ABAF213349D2BB550
Authority key identifier: 4F:6A:94:44:AD:AA:52:3C:57:68:E9:F6:BE:14:06:51:83:AC:20:A8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T2qURK2qUjxXaOn2vhQGUYOsIKg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/24/9c4fb0-c475-4204-9987-0a91cadbee66/1/kfsN1HfyfK-NQ9iZIGxx8I0iebc.roa
Signing time:             Wed 01 Jan 2025 07:47:47 +0000
ROA not before:           Wed 01 Jan 2025 07:47:47 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     42910
IP address blocks:        185.7.176.0/22 maxlen: 22
                          185.7.176.0/24 maxlen: 24
                          185.7.177.0/24 maxlen: 24
                          185.7.178.0/24 maxlen: 24
                          185.7.179.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/24/9c4fb0-c475-4204-9987-0a91cadbee66/1/T2qURK2qUjxXaOn2vhQGUYOsIKg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/24/9c4fb0-c475-4204-9987-0a91cadbee66/1/T2qURK2qUjxXaOn2vhQGUYOsIKg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T2qURK2qUjxXaOn2vhQGUYOsIKg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 23:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:d5:c3:c0:75:44:16:1a:ba:f2:13:34:9d:2b:b5:50
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f6a9444adaa523c5768e9f6be14065183ac20a8
        Validity
            Not Before: Jan  1 07:47:47 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=91fb0dd477f27caf8d43d899206c71f08d2279b7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:6d:95:64:1d:ad:b3:6b:02:ef:83:46:00:4e:
                    4f:d5:3b:69:9a:db:90:cc:f7:21:fd:23:cd:e0:3d:
                    d0:36:a1:be:8a:7a:da:5b:bb:11:e7:fe:a5:f5:2e:
                    23:58:7a:80:bb:9e:37:39:8d:c7:6b:e9:ac:a1:f6:
                    01:61:d0:67:e2:97:2f:84:55:89:32:ea:7d:36:47:
                    b8:17:72:b2:52:5c:83:0e:d3:95:71:ec:c3:9e:f9:
                    15:5f:17:dc:8e:aa:75:fd:92:f2:16:64:f2:a8:33:
                    df:6a:96:33:6e:a1:4b:29:08:14:e5:a5:46:bf:12:
                    a1:8f:3d:2f:83:c6:ed:22:8a:f1:cb:be:f2:bb:a8:
                    12:fc:07:64:29:13:2a:6f:17:87:b9:e9:cd:bc:e7:
                    f4:1e:5e:d5:2a:58:f2:b5:04:3b:bf:97:08:16:0a:
                    d0:fd:f0:a6:53:aa:0b:80:98:8e:76:54:06:34:57:
                    03:c5:5d:ed:3c:4d:fd:f2:52:55:db:34:27:d7:aa:
                    fe:c9:ee:18:f0:db:c6:37:49:82:84:60:50:88:c8:
                    6e:80:29:f6:1d:41:e1:11:ee:35:c7:3a:f4:f8:82:
                    60:20:c5:3c:e5:04:39:f8:3d:6d:06:c8:bc:99:93:
                    30:62:8b:d2:cb:2c:e3:5c:f3:34:22:87:64:8a:8f:
                    aa:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                91:FB:0D:D4:77:F2:7C:AF:8D:43:D8:99:20:6C:71:F0:8D:22:79:B7
            X509v3 Authority Key Identifier:
                keyid:4F:6A:94:44:AD:AA:52:3C:57:68:E9:F6:BE:14:06:51:83:AC:20:A8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T2qURK2qUjxXaOn2vhQGUYOsIKg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/24/9c4fb0-c475-4204-9987-0a91cadbee66/1/kfsN1HfyfK-NQ9iZIGxx8I0iebc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/24/9c4fb0-c475-4204-9987-0a91cadbee66/1/T2qURK2qUjxXaOn2vhQGUYOsIKg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.7.176.0/22

    Signature Algorithm: sha256WithRSAEncryption
         88:f9:41:46:fa:9b:75:a4:a9:83:31:9d:23:c9:e3:4b:6a:c4:
         18:56:64:9e:c3:43:a8:71:e1:74:39:36:f8:a6:c0:d0:02:ac:
         af:eb:7c:77:70:73:50:ad:d4:a3:c9:cf:c5:cf:b8:a6:d4:f7:
         02:3a:94:ca:a0:6c:1a:c8:f2:89:c2:4d:2b:1f:ed:df:cb:42:
         3c:c6:20:2b:53:56:2b:1a:c2:37:35:56:a9:fe:eb:d7:3c:68:
         9c:bb:e5:29:c6:58:fb:3c:8b:10:b4:45:fd:cb:73:f9:fd:c7:
         14:9e:0d:06:1f:3a:a1:be:46:08:3c:f8:fc:4c:14:d8:03:fc:
         23:a4:21:bd:93:6f:1d:76:1a:06:7b:70:d8:20:99:32:f2:5e:
         2c:87:60:a2:72:32:eb:eb:e0:35:b2:f4:2c:3d:fb:f2:20:e6:
         5a:eb:63:bd:db:80:98:c0:f2:76:09:2f:0e:a1:c7:15:b6:aa:
         02:b0:92:13:c3:1c:0c:16:8b:4f:97:dd:f6:6b:63:bb:16:a5:
         8f:01:cf:58:8d:4b:65:b3:f4:09:dd:f8:42:b4:62:e8:d7:99:
         94:5a:9b:d6:a0:4f:29:1f:5c:74:76:79:b3:9e:2a:9d:57:70:
         65:12:65:ad:65:03:5f:06:c9:17:f7:5c:69:79:b0:e1:b1:70:
         2b:4d:29:94
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQg1cPAdUQWGrryEzSdK7VQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmNmE5NDQ0YWRhYTUyM2M1NzY4ZTlmNmJlMTQwNjUxODNh
YzIwYTgwHhcNMjUwMTAxMDc0NzQ3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MWZiMGRkNDc3ZjI3Y2FmOGQ0M2Q4OTkyMDZjNzFmMDhkMjI3OWI3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtW2VZB2ts2sC74NGAE5P1TtpmtuQ
zPch/SPN4D3QNqG+inraW7sR5/6l9S4jWHqAu543OY3Ha+msofYBYdBn4pcvhFWJ
Mup9Nke4F3KyUlyDDtOVcezDnvkVXxfcjqp1/ZLyFmTyqDPfapYzbqFLKQgU5aVG
vxKhjz0vg8btIorxy77yu6gS/AdkKRMqbxeHuenNvOf0Hl7VKljytQQ7v5cIFgrQ
/fCmU6oLgJiOdlQGNFcDxV3tPE398lJV2zQn16r+ye4Y8NvGN0mChGBQiMhugCn2
HUHhEe41xzr0+IJgIMU85QQ5+D1tBsi8mZMwYovSyyzjXPM0Iodkio+quQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJH7DdR38nyvjUPYmSBscfCNInm3MB8GA1UdIwQY
MBaAFE9qlEStqlI8V2jp9r4UBlGDrCCoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVDJxVVJLMnFVanhYYU9uMnZoUUdVWU9zSUtnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNC85YzRmYjAtYzQ3NS00MjA0LTk5ODct
MGE5MWNhZGJlZTY2LzEva2ZzTjFIZnlmSy1OUTlpWklHeHg4STBpZWJjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNC85YzRmYjAtYzQ3NS00MjA0LTk5ODctMGE5MWNhZGJlZTY2
LzEvVDJxVVJLMnFVanhYYU9uMnZoUUdVWU9zSUtnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuQewMA0G
CSqGSIb3DQEBCwUAA4IBAQCI+UFG+pt1pKmDMZ0jyeNLasQYVmSew0OoceF0OTb4
psDQAqyv63x3cHNQrdSjyc/Fz7im1PcCOpTKoGwayPKJwk0rH+3fy0I8xiArU1Yr
GsI3NVap/uvXPGicu+Upxlj7PIsQtEX9y3P5/ccUng0GHzqhvkYIPPj8TBTYA/wj
pCG9k28ddhoGe3DYIJky8l4sh2CicjLr6+A1svQsPfvyIOZa62O924CYwPJ2CS8O
occVtqoCsJITwxwMFotPl932a2O7FqWPAc9YjUtls/QJ3fhCtGLo15mUWpvWoE8p
H1x0dnmzniqdV3BlEmWtZQNfBskX91xpebDhsXArTSmU
-----END CERTIFICATE-----