Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/27/3f151b-fb71-4f1b-bb09-539b329f995c/1/tBcUVtef6rZ0kSSzgGFNQ0aGmXk.roa
File:                     tBcUVtef6rZ0kSSzgGFNQ0aGmXk.roa (raw, json)
Hash identifier:          axGcXX34atfoTeccVW4HcK4Aoj164U97BqMvxhWQBsY=
Subject key identifier:   B4:17:14:56:D7:9F:EA:B6:74:91:24:B3:80:61:4D:43:46:86:99:79
Certificate issuer:       /CN=434421cf6a02b38af5b6bbca6dbd3764448b6cb7
Certificate serial:       01942143783DB81C10B5902449AB68DC757E
Authority key identifier: 43:44:21:CF:6A:02:B3:8A:F5:B6:BB:CA:6D:BD:37:64:44:8B:6C:B7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Q0Qhz2oCs4r1trvKbb03ZESLbLc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/27/3f151b-fb71-4f1b-bb09-539b329f995c/1/tBcUVtef6rZ0kSSzgGFNQ0aGmXk.roa
Signing time:             Wed 01 Jan 2025 09:47:37 +0000
ROA not before:           Wed 01 Jan 2025 09:47:37 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     199244
IP address blocks:        185.3.192.0/22 maxlen: 22
                          2a02:5f40::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/27/3f151b-fb71-4f1b-bb09-539b329f995c/1/Q0Qhz2oCs4r1trvKbb03ZESLbLc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/27/3f151b-fb71-4f1b-bb09-539b329f995c/1/Q0Qhz2oCs4r1trvKbb03ZESLbLc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Q0Qhz2oCs4r1trvKbb03ZESLbLc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 17 Apr 2025 13:16:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:43:78:3d:b8:1c:10:b5:90:24:49:ab:68:dc:75:7e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=434421cf6a02b38af5b6bbca6dbd3764448b6cb7
        Validity
            Not Before: Jan  1 09:47:37 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b4171456d79feab6749124b380614d4346869979
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:23:32:91:ee:0b:01:09:bd:69:c5:3a:fb:e1:
                    19:8b:94:0f:3b:6f:21:69:2d:d6:3b:22:7a:57:25:
                    f9:f2:04:2a:cc:7a:1e:2f:22:9b:4a:8c:81:8d:65:
                    84:08:d3:f8:67:f0:e2:08:fb:e7:20:fa:b1:ff:67:
                    2d:9f:58:53:fa:a8:4d:41:d8:16:8b:9f:07:c2:34:
                    13:6e:9d:f4:40:59:12:82:47:d5:51:ce:3c:52:e2:
                    75:f3:52:c4:31:43:d6:66:a2:7f:e9:36:61:ae:e7:
                    6a:97:62:bf:4b:ca:80:07:78:81:3b:cb:78:dc:2b:
                    4c:b0:46:3b:a6:fa:2b:55:a2:30:42:42:51:8f:9a:
                    42:65:41:05:d6:90:cf:d0:18:97:7b:3a:c5:f9:6e:
                    3b:e0:be:ca:8a:c8:4f:a8:81:47:aa:d0:15:21:57:
                    2e:02:5d:51:69:27:9a:16:b3:7e:44:2e:e5:52:80:
                    9c:4f:ee:61:e3:b2:c9:e5:cb:a1:0c:b7:c6:41:a5:
                    f4:34:d8:b0:58:49:38:ba:f4:5f:26:12:b2:44:fa:
                    41:94:4c:1b:80:bb:b9:cc:da:ad:34:4f:16:6a:2e:
                    2a:0f:16:b0:1c:be:05:ac:58:04:e9:53:e0:e7:42:
                    f3:1e:02:76:f4:9f:35:70:1a:1c:6b:65:a8:a6:ff:
                    60:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B4:17:14:56:D7:9F:EA:B6:74:91:24:B3:80:61:4D:43:46:86:99:79
            X509v3 Authority Key Identifier:
                keyid:43:44:21:CF:6A:02:B3:8A:F5:B6:BB:CA:6D:BD:37:64:44:8B:6C:B7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Q0Qhz2oCs4r1trvKbb03ZESLbLc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/27/3f151b-fb71-4f1b-bb09-539b329f995c/1/tBcUVtef6rZ0kSSzgGFNQ0aGmXk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/27/3f151b-fb71-4f1b-bb09-539b329f995c/1/Q0Qhz2oCs4r1trvKbb03ZESLbLc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.3.192.0/22
                IPv6:
                  2a02:5f40::/32

    Signature Algorithm: sha256WithRSAEncryption
         01:b9:f3:ec:7f:4e:65:b3:98:da:a3:61:f7:04:5b:ad:44:66:
         cf:8f:2a:c4:49:b7:7a:71:1c:98:9f:55:29:e4:c8:e7:5c:ce:
         d6:11:46:38:63:ea:e0:e4:b6:4d:10:bf:9b:4f:d0:27:d0:9e:
         82:08:4e:8f:d6:2d:d7:59:dd:8a:af:1e:18:69:c0:d6:d0:f7:
         b5:2a:fd:bd:44:08:ec:14:a9:75:d6:71:9b:2a:61:21:06:41:
         6f:98:39:7e:4a:28:23:7e:c4:f8:fc:54:7d:e7:be:84:e4:9e:
         2c:a3:83:52:ee:f2:64:f6:29:0c:f6:60:92:44:69:c7:28:37:
         d7:df:e0:44:50:67:2d:c0:0d:d2:21:6f:ee:71:16:d3:5c:af:
         5c:58:47:1e:21:d5:3a:ca:f6:67:37:52:1b:a7:0f:c8:ea:64:
         96:76:5b:aa:b7:c6:9b:95:e4:e9:1e:31:b5:fc:60:61:17:38:
         f3:44:d0:ce:28:f2:67:28:aa:66:cd:d1:5f:64:81:18:88:7f:
         37:b0:70:f0:1a:5e:ee:9a:b4:30:f3:d3:09:7c:5c:e6:7a:2b:
         ac:79:6a:ab:b6:e2:d1:29:5c:67:98:21:3c:80:76:78:e7:5e:
         c4:9c:a0:3f:43:ec:34:69:10:ce:dd:85:9f:8c:91:80:17:01:
         f3:94:b9:74
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQhQ3g9uBwQtZAkSato3HV+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQzNDQyMWNmNmEwMmIzOGFmNWI2YmJjYTZkYmQzNzY0NDQ4
YjZjYjcwHhcNMjUwMTAxMDk0NzM3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNDE3MTQ1NmQ3OWZlYWI2NzQ5MTI0YjM4MDYxNGQ0MzQ2ODY5OTc5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyiMyke4LAQm9acU6++EZi5QPO28h
aS3WOyJ6VyX58gQqzHoeLyKbSoyBjWWECNP4Z/DiCPvnIPqx/2ctn1hT+qhNQdgW
i58HwjQTbp30QFkSgkfVUc48UuJ181LEMUPWZqJ/6TZhrudql2K/S8qAB3iBO8t4
3CtMsEY7pvorVaIwQkJRj5pCZUEF1pDP0BiXezrF+W474L7KishPqIFHqtAVIVcu
Al1RaSeaFrN+RC7lUoCcT+5h47LJ5cuhDLfGQaX0NNiwWEk4uvRfJhKyRPpBlEwb
gLu5zNqtNE8Wai4qDxawHL4FrFgE6VPg50LzHgJ29J81cBoca2Wopv9gOwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFLQXFFbXn+q2dJEks4BhTUNGhpl5MB8GA1UdIwQY
MBaAFENEIc9qArOK9ba7ym29N2REi2y3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUTBRaHoyb0NzNHIxdHJ2S2JiMDNaRVNMYkxjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNy8zZjE1MWItZmI3MS00ZjFiLWJiMDkt
NTM5YjMyOWY5OTVjLzEvdEJjVVZ0ZWY2clowa1NTemdHRk5RMGFHbVhrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNy8zZjE1MWItZmI3MS00ZjFiLWJiMDktNTM5YjMyOWY5OTVj
LzEvUTBRaHoyb0NzNHIxdHJ2S2JiMDNaRVNMYkxjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuQPAMA0E
AgACMAcDBQAqAl9AMA0GCSqGSIb3DQEBCwUAA4IBAQABufPsf05ls5jao2H3BFut
RGbPjyrESbd6cRyYn1Up5MjnXM7WEUY4Y+rg5LZNEL+bT9An0J6CCE6P1i3XWd2K
rx4YacDW0Pe1Kv29RAjsFKl11nGbKmEhBkFvmDl+SigjfsT4/FR9576E5J4so4NS
7vJk9ikM9mCSRGnHKDfX3+BEUGctwA3SIW/ucRbTXK9cWEceIdU6yvZnN1Ibpw/I
6mSWdluqt8ableTpHjG1/GBhFzjzRNDOKPJnKKpmzdFfZIEYiH83sHDwGl7umrQw
89MJfFzmeiuseWqrtuLRKVxnmCE8gHZ4517EnKA/Q+w0aRDO3YWfjJGAFwHzlLl0
-----END CERTIFICATE-----