Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/26/1cd134-4d03-4fcd-b229-7bf0356a6bab/1/4HntnwbwwM5vMcJuIab-USv0aos.roa
File:                     4HntnwbwwM5vMcJuIab-USv0aos.roa (raw, json)
Hash identifier:          D4Y8oo/1p1CfNZ78xGazKWpJcNpM6vsLdZIWby5+wsA=
Subject key identifier:   E0:79:ED:9F:06:F0:C0:CE:6F:31:C2:6E:21:A6:FE:51:2B:F4:6A:8B
Certificate issuer:       /CN=111b09710acdb72086d658e90d8f025fa6a111b1
Certificate serial:       0194266AFA8DD52E00C1D7ADA83BE02585F1
Authority key identifier: 11:1B:09:71:0A:CD:B7:20:86:D6:58:E9:0D:8F:02:5F:A6:A1:11:B1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ERsJcQrNtyCG1ljpDY8CX6ahEbE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/26/1cd134-4d03-4fcd-b229-7bf0356a6bab/1/4HntnwbwwM5vMcJuIab-USv0aos.roa
Signing time:             Thu 02 Jan 2025 09:48:52 +0000
ROA not before:           Thu 02 Jan 2025 09:48:52 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     395743
IP address blocks:        185.101.12.0/22 maxlen: 24
                          185.101.14.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/26/1cd134-4d03-4fcd-b229-7bf0356a6bab/1/ERsJcQrNtyCG1ljpDY8CX6ahEbE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/26/1cd134-4d03-4fcd-b229-7bf0356a6bab/1/ERsJcQrNtyCG1ljpDY8CX6ahEbE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ERsJcQrNtyCG1ljpDY8CX6ahEbE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 18:00:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:6a:fa:8d:d5:2e:00:c1:d7:ad:a8:3b:e0:25:85:f1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=111b09710acdb72086d658e90d8f025fa6a111b1
        Validity
            Not Before: Jan  2 09:48:52 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e079ed9f06f0c0ce6f31c26e21a6fe512bf46a8b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:9e:35:f0:2e:a4:8c:5e:e7:22:15:79:72:e3:
                    af:b6:28:f9:09:5c:f8:8c:1d:95:6b:fc:ea:2c:3a:
                    61:d9:84:04:f3:b0:df:67:2f:f2:71:0e:70:d9:fc:
                    5b:a4:62:96:88:db:b1:53:f4:27:3c:a1:d7:39:69:
                    91:04:a9:fc:81:f3:d7:4e:f4:45:e1:68:ed:a0:f4:
                    cd:11:fd:80:f7:97:d3:2c:bd:36:e2:b9:e6:56:17:
                    49:62:2b:e7:3b:cb:32:68:74:2d:b9:ad:be:2b:d5:
                    91:01:0d:4b:4b:e2:98:12:5a:0c:98:70:8c:10:bb:
                    5e:0d:02:a6:79:d2:ce:e4:4c:4e:9a:3a:b1:73:8a:
                    76:bd:90:2c:87:ef:b3:b9:34:ff:2a:1e:92:73:32:
                    9f:81:76:d9:07:b9:70:91:3e:fb:94:9d:8a:05:12:
                    8a:20:79:fd:7d:71:57:c7:19:d4:49:73:9a:68:1d:
                    3b:9c:d4:94:e4:34:6d:6d:6b:01:dc:2e:8a:a3:16:
                    17:3e:30:91:74:65:65:31:03:1c:3d:8f:5b:89:da:
                    d2:9d:ea:dd:a4:c0:e8:8c:56:23:05:95:95:1f:f8:
                    c8:82:19:87:ab:51:d7:f7:ae:85:e9:7e:b6:5b:4a:
                    2a:b0:a2:78:7e:ac:28:09:6f:0c:4e:54:33:f1:13:
                    dd:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E0:79:ED:9F:06:F0:C0:CE:6F:31:C2:6E:21:A6:FE:51:2B:F4:6A:8B
            X509v3 Authority Key Identifier:
                keyid:11:1B:09:71:0A:CD:B7:20:86:D6:58:E9:0D:8F:02:5F:A6:A1:11:B1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ERsJcQrNtyCG1ljpDY8CX6ahEbE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/26/1cd134-4d03-4fcd-b229-7bf0356a6bab/1/4HntnwbwwM5vMcJuIab-USv0aos.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/26/1cd134-4d03-4fcd-b229-7bf0356a6bab/1/ERsJcQrNtyCG1ljpDY8CX6ahEbE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.101.12.0/22

    Signature Algorithm: sha256WithRSAEncryption
         92:7c:44:c8:74:1e:42:00:32:5c:a5:66:9c:95:2f:38:b5:94:
         9e:70:1a:25:93:99:39:8d:5f:f6:40:2e:61:32:66:5f:d9:8a:
         95:cc:41:af:b6:be:5d:da:f4:0a:28:97:fc:0a:40:98:0d:c7:
         67:50:14:e9:e6:03:69:37:34:d0:59:0e:ef:ca:78:68:18:bd:
         10:da:c5:a6:01:3c:12:8b:48:61:24:c4:2f:1e:84:59:37:c8:
         2a:97:6f:23:3d:13:4c:8e:38:4f:0d:d3:8f:59:04:02:5e:f6:
         ae:33:79:76:1c:55:87:ed:ea:ba:8a:ec:0c:63:25:d3:ae:d4:
         11:82:86:76:19:db:aa:31:7a:34:a2:86:ed:9a:49:fe:18:63:
         ca:ae:10:46:1c:fb:6b:d2:94:2e:f9:73:3a:42:c0:b2:29:fb:
         40:8d:a9:41:9a:55:03:ca:55:98:b1:24:85:c1:de:da:79:f5:
         b9:c8:64:48:67:02:dd:2a:86:f4:d2:97:12:b1:68:c6:20:3b:
         92:11:42:7c:68:e4:92:2b:2d:af:ab:59:8b:02:cd:7e:07:2f:
         7e:2e:b4:dc:e7:4d:01:84:cf:56:38:16:31:3c:44:f2:f3:40:
         24:32:b1:dc:50:96:a5:85:cb:57:ce:bc:f0:cf:e2:fc:8e:3d:
         c8:87:f2:ae
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQmavqN1S4AwdetqDvgJYXxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDExMWIwOTcxMGFjZGI3MjA4NmQ2NThlOTBkOGYwMjVmYTZh
MTExYjEwHhcNMjUwMTAyMDk0ODUyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMDc5ZWQ5ZjA2ZjBjMGNlNmYzMWMyNmUyMWE2ZmU1MTJiZjQ2YThiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy5418C6kjF7nIhV5cuOvtij5CVz4
jB2Va/zqLDph2YQE87DfZy/ycQ5w2fxbpGKWiNuxU/QnPKHXOWmRBKn8gfPXTvRF
4WjtoPTNEf2A95fTLL024rnmVhdJYivnO8syaHQtua2+K9WRAQ1LS+KYEloMmHCM
ELteDQKmedLO5ExOmjqxc4p2vZAsh++zuTT/Kh6SczKfgXbZB7lwkT77lJ2KBRKK
IHn9fXFXxxnUSXOaaB07nNSU5DRtbWsB3C6KoxYXPjCRdGVlMQMcPY9bidrSnerd
pMDojFYjBZWVH/jIghmHq1HX966F6X62W0oqsKJ4fqwoCW8MTlQz8RPd9QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOB57Z8G8MDObzHCbiGm/lEr9GqLMB8GA1UdIwQY
MBaAFBEbCXEKzbcghtZY6Q2PAl+moRGxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRVJzSmNRck50eUNHMWxqcERZOENYNmFoRWJFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNi8xY2QxMzQtNGQwMy00ZmNkLWIyMjkt
N2JmMDM1NmE2YmFiLzEvNEhudG53Ynd3TTV2TWNKdUlhYi1VU3YwYW9zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNi8xY2QxMzQtNGQwMy00ZmNkLWIyMjktN2JmMDM1NmE2YmFi
LzEvRVJzSmNRck50eUNHMWxqcERZOENYNmFoRWJFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuWUMMA0G
CSqGSIb3DQEBCwUAA4IBAQCSfETIdB5CADJcpWaclS84tZSecBolk5k5jV/2QC5h
MmZf2YqVzEGvtr5d2vQKKJf8CkCYDcdnUBTp5gNpNzTQWQ7vynhoGL0Q2sWmATwS
i0hhJMQvHoRZN8gql28jPRNMjjhPDdOPWQQCXvauM3l2HFWH7eq6iuwMYyXTrtQR
goZ2GduqMXo0oobtmkn+GGPKrhBGHPtr0pQu+XM6QsCyKftAjalBmlUDylWYsSSF
wd7aefW5yGRIZwLdKob00pcSsWjGIDuSEUJ8aOSSKy2vq1mLAs1+By9+LrTc500B
hM9WOBYxPETy80AkMrHcUJalhctXzrzwz+L8jj3Ih/Ku
-----END CERTIFICATE-----