Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/25/ba6df7-f325-4184-a54a-0c481f0ad20e/1/_NM1NCp1cN1DYzJiCGmCgt8PewA.roa
File:                     _NM1NCp1cN1DYzJiCGmCgt8PewA.roa (raw, json)
Hash identifier:          lWpFq2FWlvUt77xrhpx6xR9CElxvq9niQECpLO3Fdwk=
Subject key identifier:   FC:D3:35:34:2A:75:70:DD:43:63:32:62:08:69:82:82:DF:0F:7B:00
Certificate issuer:       /CN=28bf1e72323742ac4d8136ab6c8e85df7ba37eeb
Certificate serial:       018CC8701CE65E595D54D369CF8FEB330B49
Authority key identifier: 28:BF:1E:72:32:37:42:AC:4D:81:36:AB:6C:8E:85:DF:7B:A3:7E:EB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KL8ecjI3QqxNgTarbI6F33ujfus.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/25/ba6df7-f325-4184-a54a-0c481f0ad20e/1/_NM1NCp1cN1DYzJiCGmCgt8PewA.roa
Signing time:             Tue 02 Jan 2024 04:30:39 +0000
ROA not before:           Tue 02 Jan 2024 04:30:39 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     20986
IP address blocks:        185.249.143.0/24 maxlen: 24
                          185.249.140.0/24 maxlen: 24
                          185.249.141.0/24 maxlen: 24
                          185.249.142.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/25/ba6df7-f325-4184-a54a-0c481f0ad20e/1/KL8ecjI3QqxNgTarbI6F33ujfus.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/25/ba6df7-f325-4184-a54a-0c481f0ad20e/1/KL8ecjI3QqxNgTarbI6F33ujfus.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KL8ecjI3QqxNgTarbI6F33ujfus.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:70:1c:e6:5e:59:5d:54:d3:69:cf:8f:eb:33:0b:49
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=28bf1e72323742ac4d8136ab6c8e85df7ba37eeb
        Validity
            Not Before: Jan  2 04:30:39 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=fcd335342a7570dd4363326208698282df0f7b00
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:45:84:fd:2e:23:ca:8b:91:c0:aa:58:11:bb:
                    4c:03:88:44:4d:20:7d:8c:97:3f:bc:4b:3a:f6:95:
                    c6:36:51:5b:8a:98:3d:c8:05:24:e0:05:c0:93:f9:
                    ea:b7:1b:59:2a:76:03:15:e3:a6:39:ca:d9:4a:c2:
                    37:1e:a6:38:60:cf:7a:93:69:93:44:d9:b6:fc:c8:
                    78:45:b9:51:c6:ca:96:21:43:2a:9d:65:0a:db:5a:
                    42:6d:9d:76:f5:d4:fc:25:58:ce:5a:6c:b0:c2:ef:
                    03:e1:32:b2:51:9a:e1:77:de:a7:09:bb:80:bb:f4:
                    4b:c7:0a:f8:e5:ba:26:00:f5:2e:ad:9b:60:58:02:
                    03:ec:49:cf:2f:c9:13:06:e3:88:ba:bf:8d:df:f7:
                    b2:55:26:50:8f:04:8f:b7:32:8d:c6:96:33:82:8d:
                    a8:28:85:d4:56:c9:50:79:95:04:7d:07:1a:27:ff:
                    5b:12:87:a6:21:4e:c8:7b:db:99:f1:05:ac:cd:3a:
                    c6:95:ff:8e:cd:52:bc:16:e5:28:9a:85:36:67:65:
                    9b:6e:14:15:bd:2c:d2:2a:17:ec:7b:07:1f:76:f4:
                    4e:aa:b5:bf:56:b1:cc:cb:52:ea:d3:2b:3c:ea:8b:
                    5b:55:04:f5:8e:e5:14:36:85:87:3f:45:92:c6:d4:
                    75:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FC:D3:35:34:2A:75:70:DD:43:63:32:62:08:69:82:82:DF:0F:7B:00
            X509v3 Authority Key Identifier:
                keyid:28:BF:1E:72:32:37:42:AC:4D:81:36:AB:6C:8E:85:DF:7B:A3:7E:EB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KL8ecjI3QqxNgTarbI6F33ujfus.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/25/ba6df7-f325-4184-a54a-0c481f0ad20e/1/_NM1NCp1cN1DYzJiCGmCgt8PewA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/25/ba6df7-f325-4184-a54a-0c481f0ad20e/1/KL8ecjI3QqxNgTarbI6F33ujfus.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.249.140.0/22

    Signature Algorithm: sha256WithRSAEncryption
         af:38:09:c8:90:2c:52:0d:26:26:1d:02:02:42:8d:99:ba:27:
         92:c2:40:44:88:78:f3:77:30:fc:d5:d3:87:e7:23:3c:5c:d1:
         00:4c:a8:0c:2b:3c:7e:f6:6d:37:be:71:da:2b:13:dd:09:ae:
         3b:33:a9:dc:cc:b7:ae:1c:62:3b:3d:41:26:83:09:1b:59:b8:
         81:60:3d:70:e9:38:1d:f1:65:fb:34:0a:5d:67:2b:c3:39:b6:
         a3:42:53:2d:93:4a:90:62:38:d7:5f:1d:e2:55:af:7e:a9:d9:
         c0:e9:23:2c:f2:a4:75:9f:21:97:6c:0b:f2:26:e4:6e:a8:ab:
         27:7f:6a:5b:9d:46:bc:5b:13:23:2a:3c:87:1f:26:eb:55:be:
         b1:df:ca:97:66:eb:29:95:86:06:6d:e6:14:5f:89:d1:41:bc:
         78:90:fd:6c:3f:ed:52:eb:f6:c6:08:4c:15:02:43:4f:34:25:
         f3:5a:85:55:08:76:c9:ac:f5:a2:c8:e2:cd:75:b1:88:2e:79:
         f6:fb:04:84:6e:e7:38:3e:e1:3b:15:a0:15:e4:d5:71:f5:cc:
         ce:d9:72:b0:34:5f:cd:61:f8:3e:96:89:0a:1b:c0:94:47:5d:
         fe:5d:4c:8b:52:3b:0e:3d:fd:92:72:a9:cc:0f:9f:35:73:87:
         9f:ab:54:46
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIcBzmXlldVNNpz4/rMwtJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI4YmYxZTcyMzIzNzQyYWM0ZDgxMzZhYjZjOGU4NWRmN2Jh
MzdlZWIwHhcNMjQwMTAyMDQzMDM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmY2QzMzUzNDJhNzU3MGRkNDM2MzMyNjIwODY5ODI4MmRmMGY3YjAwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnUWE/S4jyouRwKpYEbtMA4hETSB9
jJc/vEs69pXGNlFbipg9yAUk4AXAk/nqtxtZKnYDFeOmOcrZSsI3HqY4YM96k2mT
RNm2/Mh4RblRxsqWIUMqnWUK21pCbZ129dT8JVjOWmywwu8D4TKyUZrhd96nCbuA
u/RLxwr45bomAPUurZtgWAID7EnPL8kTBuOIur+N3/eyVSZQjwSPtzKNxpYzgo2o
KIXUVslQeZUEfQcaJ/9bEoemIU7Ie9uZ8QWszTrGlf+OzVK8FuUomoU2Z2WbbhQV
vSzSKhfsewcfdvROqrW/VrHMy1Lq0ys86otbVQT1juUUNoWHP0WSxtR11QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPzTNTQqdXDdQ2MyYghpgoLfD3sAMB8GA1UdIwQY
MBaAFCi/HnIyN0KsTYE2q2yOhd97o37rMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS0w4ZWNqSTNRcXhOZ1RhcmJJNkYzM3VqZnVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNS9iYTZkZjctZjMyNS00MTg0LWE1NGEt
MGM0ODFmMGFkMjBlLzEvX05NMU5DcDFjTjFEWXpKaUNHbUNndDhQZXdBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNS9iYTZkZjctZjMyNS00MTg0LWE1NGEtMGM0ODFmMGFkMjBl
LzEvS0w4ZWNqSTNRcXhOZ1RhcmJJNkYzM3VqZnVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCufmMMA0G
CSqGSIb3DQEBCwUAA4IBAQCvOAnIkCxSDSYmHQICQo2ZuieSwkBEiHjzdzD81dOH
5yM8XNEATKgMKzx+9m03vnHaKxPdCa47M6nczLeuHGI7PUEmgwkbWbiBYD1w6Tgd
8WX7NApdZyvDObajQlMtk0qQYjjXXx3iVa9+qdnA6SMs8qR1nyGXbAvyJuRuqKsn
f2pbnUa8WxMjKjyHHybrVb6x38qXZusplYYGbeYUX4nRQbx4kP1sP+1S6/bGCEwV
AkNPNCXzWoVVCHbJrPWiyOLNdbGILnn2+wSEbuc4PuE7FaAV5NVx9czO2XKwNF/N
Yfg+lokKG8CUR13+XUyLUjsOPf2ScqnMD581c4efq1RG
-----END CERTIFICATE-----