Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/24/9f50e1-3ec4-46dc-b4f7-874234ed1e5e/1/RzHN7Dslblmf2SWetMH6DUd-Es8.roa
File:                     RzHN7Dslblmf2SWetMH6DUd-Es8.roa (raw, json)
Hash identifier:          2K0PSVlUZvtFJCr5mNlFcXi4Xq9NSfuA5JwXa1JJxuU=
Subject key identifier:   47:31:CD:EC:3B:25:6E:59:9F:D9:25:9E:B4:C1:FA:0D:47:7E:12:CF
Certificate issuer:       /CN=3af1507fda4e704828c7e03caf626456aafc5b1a
Certificate serial:       019427B5D5DEC461679D4B189C62B15108DA
Authority key identifier: 3A:F1:50:7F:DA:4E:70:48:28:C7:E0:3C:AF:62:64:56:AA:FC:5B:1A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OvFQf9pOcEgox-A8r2JkVqr8Wxo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/24/9f50e1-3ec4-46dc-b4f7-874234ed1e5e/1/RzHN7Dslblmf2SWetMH6DUd-Es8.roa
Signing time:             Thu 02 Jan 2025 15:50:15 +0000
ROA not before:           Thu 02 Jan 2025 15:50:15 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     199536
IP address blocks:        185.148.100.0/22 maxlen: 22
                          2a0f:57c0::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/24/9f50e1-3ec4-46dc-b4f7-874234ed1e5e/1/OvFQf9pOcEgox-A8r2JkVqr8Wxo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/24/9f50e1-3ec4-46dc-b4f7-874234ed1e5e/1/OvFQf9pOcEgox-A8r2JkVqr8Wxo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OvFQf9pOcEgox-A8r2JkVqr8Wxo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 17 Apr 2025 12:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:b5:d5:de:c4:61:67:9d:4b:18:9c:62:b1:51:08:da
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3af1507fda4e704828c7e03caf626456aafc5b1a
        Validity
            Not Before: Jan  2 15:50:15 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4731cdec3b256e599fd9259eb4c1fa0d477e12cf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:49:97:78:0a:f4:6f:7b:f7:36:cb:a4:8d:09:
                    1a:4b:7d:d7:ab:ba:bd:f0:55:66:9a:b7:bf:8a:ff:
                    c8:66:47:66:43:28:7b:34:be:67:3f:0b:4c:8f:32:
                    7e:fe:e5:c2:2b:46:bb:e2:d0:d3:22:34:65:3f:1c:
                    04:e1:81:4d:42:e2:9c:36:b5:10:fe:ab:69:de:99:
                    49:4a:22:85:57:84:79:b3:75:27:72:ff:bc:01:1e:
                    ad:b8:21:b2:fc:5a:ac:da:75:80:48:e3:6d:26:a7:
                    e4:57:7f:fa:1c:8c:d5:6c:0a:65:d2:5b:27:90:50:
                    30:b9:78:7a:9d:89:94:b7:89:d0:e7:e6:45:db:f6:
                    12:84:a2:9e:57:16:c6:86:59:06:06:c5:9e:3f:b5:
                    05:6a:ea:a9:94:da:bd:e7:05:6b:1e:dd:8d:c0:03:
                    cd:48:d0:dc:8f:1a:63:c6:a8:fa:fc:2b:2a:b6:7b:
                    2a:d9:4d:6c:3b:1d:08:7d:93:34:25:06:a4:93:2b:
                    8c:7a:5f:6d:e2:79:76:1e:61:42:9a:86:01:bf:ce:
                    b5:65:37:e5:0b:c7:3e:f9:b8:ee:d3:4d:ba:8c:60:
                    fe:46:74:2b:a0:99:6e:3d:a4:13:af:54:b6:bf:5e:
                    5b:13:d0:99:19:c7:ce:3a:62:7b:92:5c:ae:a4:1d:
                    6b:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                47:31:CD:EC:3B:25:6E:59:9F:D9:25:9E:B4:C1:FA:0D:47:7E:12:CF
            X509v3 Authority Key Identifier:
                keyid:3A:F1:50:7F:DA:4E:70:48:28:C7:E0:3C:AF:62:64:56:AA:FC:5B:1A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OvFQf9pOcEgox-A8r2JkVqr8Wxo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/24/9f50e1-3ec4-46dc-b4f7-874234ed1e5e/1/RzHN7Dslblmf2SWetMH6DUd-Es8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/24/9f50e1-3ec4-46dc-b4f7-874234ed1e5e/1/OvFQf9pOcEgox-A8r2JkVqr8Wxo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.148.100.0/22
                IPv6:
                  2a0f:57c0::/32

    Signature Algorithm: sha256WithRSAEncryption
         0e:12:e1:c8:1e:8c:58:cf:ed:89:07:f3:73:86:4d:5c:e9:db:
         99:c9:c5:bd:55:1e:82:e9:1b:59:d7:7c:09:f1:07:d9:15:ca:
         f7:19:47:6c:65:7e:18:83:1b:1a:fc:5e:b7:92:5d:5b:5b:96:
         c0:ee:67:49:68:fe:af:db:89:b7:23:5a:d5:68:e9:df:62:b3:
         81:e5:94:73:5b:97:bb:ce:0d:b2:4f:b4:86:39:0d:45:ac:96:
         bd:2b:23:31:27:0c:c0:22:a5:f3:57:6f:93:20:6d:e1:94:7e:
         99:2b:bf:f0:26:d7:ac:2b:a6:45:e3:69:72:dd:78:e2:75:08:
         cf:04:cf:64:61:52:2f:9f:48:48:a5:82:56:7e:33:35:2f:0d:
         97:ca:86:67:03:7c:97:fc:d9:e4:fd:68:d0:26:c7:86:8e:d0:
         24:f9:d3:07:e6:80:f7:d3:19:04:31:9e:ec:2f:ef:3a:07:9b:
         9b:3f:9d:93:c7:b1:e9:c3:37:84:ff:68:d1:e6:3f:23:8f:5d:
         3d:05:01:1f:e2:72:ca:f3:a6:f5:19:12:8e:cd:9d:cd:bd:87:
         24:e7:17:6a:db:f4:57:75:95:45:06:67:84:8d:7b:45:8c:2d:
         7d:26:80:61:aa:0e:c3:c9:f4:b3:a0:4d:33:d2:5b:c0:c1:ed:
         a3:ed:e7:41
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQntdXexGFnnUsYnGKxUQjaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNhZjE1MDdmZGE0ZTcwNDgyOGM3ZTAzY2FmNjI2NDU2YWFm
YzViMWEwHhcNMjUwMTAyMTU1MDE1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NzMxY2RlYzNiMjU2ZTU5OWZkOTI1OWViNGMxZmEwZDQ3N2UxMmNmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxEmXeAr0b3v3NsukjQkaS33Xq7q9
8FVmmre/iv/IZkdmQyh7NL5nPwtMjzJ+/uXCK0a74tDTIjRlPxwE4YFNQuKcNrUQ
/qtp3plJSiKFV4R5s3Uncv+8AR6tuCGy/Fqs2nWASONtJqfkV3/6HIzVbApl0lsn
kFAwuXh6nYmUt4nQ5+ZF2/YShKKeVxbGhlkGBsWeP7UFauqplNq95wVrHt2NwAPN
SNDcjxpjxqj6/Csqtnsq2U1sOx0IfZM0JQakkyuMel9t4nl2HmFCmoYBv861ZTfl
C8c++bju0026jGD+RnQroJluPaQTr1S2v15bE9CZGcfOOmJ7klyupB1r/wIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFEcxzew7JW5Zn9klnrTB+g1HfhLPMB8GA1UdIwQY
MBaAFDrxUH/aTnBIKMfgPK9iZFaq/FsaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT3ZGUWY5cE9jRWdveC1BOHIySmtWcXI4V3hvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNC85ZjUwZTEtM2VjNC00NmRjLWI0Zjct
ODc0MjM0ZWQxZTVlLzEvUnpITjdEc2xibG1mMlNXZXRNSDZEVWQtRXM4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNC85ZjUwZTEtM2VjNC00NmRjLWI0ZjctODc0MjM0ZWQxZTVl
LzEvT3ZGUWY5cE9jRWdveC1BOHIySmtWcXI4V3hvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuZRkMA0E
AgACMAcDBQAqD1fAMA0GCSqGSIb3DQEBCwUAA4IBAQAOEuHIHoxYz+2JB/Nzhk1c
6duZycW9VR6C6RtZ13wJ8QfZFcr3GUdsZX4Ygxsa/F63kl1bW5bA7mdJaP6v24m3
I1rVaOnfYrOB5ZRzW5e7zg2yT7SGOQ1FrJa9KyMxJwzAIqXzV2+TIG3hlH6ZK7/w
JtesK6ZF42ly3XjidQjPBM9kYVIvn0hIpYJWfjM1Lw2XyoZnA3yX/Nnk/WjQJseG
jtAk+dMH5oD30xkEMZ7sL+86B5ubP52Tx7HpwzeE/2jR5j8jj109BQEf4nLK86b1
GRKOzZ3NvYck5xdq2/RXdZVFBmeEjXtFjC19JoBhqg7DyfSzoE0z0lvAwe2j7edB
-----END CERTIFICATE-----