Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/28/8e1198-e50f-416f-9d6b-1e9bff5e4021/1/RdCbQ_v6C3AqgUPprLsURH8LT5w.roa
File:                     RdCbQ_v6C3AqgUPprLsURH8LT5w.roa (raw, json)
Hash identifier:          kXBabjQsEi+6w0J2wLx2a1ynhFaoOMH+SG7D7xchscI=
Subject key identifier:   45:D0:9B:43:FB:FA:0B:70:2A:81:43:E9:AC:BB:14:44:7F:0B:4F:9C
Certificate issuer:       /CN=4df0970484eb26bc59fd8fa8d5bf7c3c7212d011
Certificate serial:       0196F4C5539937CF8AEB580BF42BFE339985
Authority key identifier: 4D:F0:97:04:84:EB:26:BC:59:FD:8F:A8:D5:BF:7C:3C:72:12:D0:11
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TfCXBITrJrxZ_Y-o1b98PHIS0BE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/28/8e1198-e50f-416f-9d6b-1e9bff5e4021/1/RdCbQ_v6C3AqgUPprLsURH8LT5w.roa
Signing time:             Wed 21 May 2025 21:34:54 +0000
ROA not before:           Wed 21 May 2025 21:34:54 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     29632
IP address blocks:        185.230.44.0/22 maxlen: 22
                          185.237.226.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/28/8e1198-e50f-416f-9d6b-1e9bff5e4021/1/TfCXBITrJrxZ_Y-o1b98PHIS0BE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/28/8e1198-e50f-416f-9d6b-1e9bff5e4021/1/TfCXBITrJrxZ_Y-o1b98PHIS0BE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TfCXBITrJrxZ_Y-o1b98PHIS0BE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 08 Jun 2025 09:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:f4:c5:53:99:37:cf:8a:eb:58:0b:f4:2b:fe:33:99:85
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4df0970484eb26bc59fd8fa8d5bf7c3c7212d011
        Validity
            Not Before: May 21 21:34:54 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=45d09b43fbfa0b702a8143e9acbb14447f0b4f9c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:90:48:c7:32:76:d1:d2:1c:7c:ae:a4:d8:ce:
                    dc:65:09:ff:de:de:08:40:e6:aa:ea:b5:75:a1:94:
                    60:64:e5:04:98:7f:a7:1b:c8:6a:2d:a6:7a:44:f9:
                    76:38:1e:f1:43:3e:05:da:b0:60:0f:e7:d7:aa:6c:
                    95:dc:cb:39:da:17:c1:88:50:e9:d7:69:67:af:e0:
                    20:a3:c6:78:ec:4a:2a:10:ef:b4:12:a4:d0:fa:d6:
                    65:42:a8:a3:a6:11:07:73:56:50:4b:ae:55:d6:6d:
                    71:fc:e3:32:db:a6:2e:84:5b:bb:bb:9a:e7:30:3e:
                    05:99:bc:1e:21:b8:b8:86:0b:2e:44:92:e0:e4:cd:
                    f9:38:4f:d9:7b:2d:16:1b:c8:2e:1a:71:56:c8:e3:
                    9e:73:fb:95:bc:63:c5:cd:9b:c7:5d:ab:b4:72:3f:
                    05:6f:96:67:6b:96:a7:5e:2a:70:c5:df:94:2b:8e:
                    af:34:e6:5e:e8:3d:61:3a:db:6c:fc:8e:a0:2e:42:
                    fe:9f:12:68:80:76:35:03:14:9c:74:2d:76:7f:57:
                    fb:35:fc:54:d9:3d:c6:51:d9:9b:02:cb:da:8e:7d:
                    40:7a:0c:dc:44:e3:1f:09:bd:94:df:52:de:8e:37:
                    b7:b2:dd:fc:02:d3:cc:2c:b9:33:96:bf:11:bf:cf:
                    03:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                45:D0:9B:43:FB:FA:0B:70:2A:81:43:E9:AC:BB:14:44:7F:0B:4F:9C
            X509v3 Authority Key Identifier:
                keyid:4D:F0:97:04:84:EB:26:BC:59:FD:8F:A8:D5:BF:7C:3C:72:12:D0:11

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TfCXBITrJrxZ_Y-o1b98PHIS0BE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/28/8e1198-e50f-416f-9d6b-1e9bff5e4021/1/RdCbQ_v6C3AqgUPprLsURH8LT5w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/28/8e1198-e50f-416f-9d6b-1e9bff5e4021/1/TfCXBITrJrxZ_Y-o1b98PHIS0BE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.230.44.0/22
                  185.237.226.0/23

    Signature Algorithm: sha256WithRSAEncryption
         65:f0:91:f6:15:eb:17:e9:53:a5:5d:dd:4e:18:63:8b:3d:d9:
         9f:ca:74:37:71:27:ae:61:99:32:6a:52:a0:47:15:65:4a:aa:
         28:5b:42:91:b7:9d:9e:aa:0d:7b:0c:30:2f:34:ea:ea:02:ce:
         6f:a5:19:15:5d:f9:5f:d8:a1:1f:62:2d:a3:96:57:f2:bb:46:
         48:81:29:71:e0:e0:f3:52:b4:92:ad:0d:d0:54:e8:ee:fa:e7:
         86:96:d7:eb:37:c6:ab:4e:d3:34:28:f4:d8:f1:d6:ab:c6:0a:
         0c:cd:bb:3c:82:84:11:25:1f:26:c1:a2:5f:38:94:87:61:54:
         00:9a:3d:02:43:37:cc:27:e9:f9:f0:d3:d1:0f:a0:ac:e8:4b:
         a0:ef:37:d7:4b:7c:91:d8:97:a3:ef:46:be:61:bf:ac:67:8b:
         7d:27:3b:09:ad:25:06:0f:0d:f6:82:ba:83:16:71:0e:a5:9f:
         8c:f7:5b:db:55:53:3f:95:83:1d:da:53:0e:5c:b1:c6:bf:f0:
         6d:db:c6:cb:09:61:4d:59:ad:c0:e3:0c:01:01:80:ed:eb:56:
         4a:05:5d:7c:c5:c4:ce:19:46:7d:5c:99:a9:df:4b:28:29:a8:
         76:9f:ce:4b:15:ee:b8:b8:39:cd:17:ce:c3:95:dd:ce:45:74:
         a3:b9:81:f1
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZb0xVOZN8+K61gL9Cv+M5mFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRkZjA5NzA0ODRlYjI2YmM1OWZkOGZhOGQ1YmY3YzNjNzIx
MmQwMTEwHhcNMjUwNTIxMjEzNDU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NWQwOWI0M2ZiZmEwYjcwMmE4MTQzZTlhY2JiMTQ0NDdmMGI0ZjljMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAspBIxzJ20dIcfK6k2M7cZQn/3t4I
QOaq6rV1oZRgZOUEmH+nG8hqLaZ6RPl2OB7xQz4F2rBgD+fXqmyV3Ms52hfBiFDp
12lnr+Ago8Z47EoqEO+0EqTQ+tZlQqijphEHc1ZQS65V1m1x/OMy26YuhFu7u5rn
MD4FmbweIbi4hgsuRJLg5M35OE/Zey0WG8guGnFWyOOec/uVvGPFzZvHXau0cj8F
b5Zna5anXipwxd+UK46vNOZe6D1hOtts/I6gLkL+nxJogHY1AxScdC12f1f7NfxU
2T3GUdmbAsvajn1AegzcROMfCb2U31Lejje3st38AtPMLLkzlr8Rv88D3QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFEXQm0P7+gtwKoFD6ay7FER/C0+cMB8GA1UdIwQY
MBaAFE3wlwSE6ya8Wf2PqNW/fDxyEtARMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVGZDWEJJVHJKcnhaX1ktbzFiOThQSElTMEJFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOC84ZTExOTgtZTUwZi00MTZmLTlkNmIt
MWU5YmZmNWU0MDIxLzEvUmRDYlFfdjZDM0FxZ1VQcHJMc1VSSDhMVDV3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOC84ZTExOTgtZTUwZi00MTZmLTlkNmItMWU5YmZmNWU0MDIx
LzEvVGZDWEJJVHJKcnhaX1ktbzFiOThQSElTMEJFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCueYsAwQB
ue3iMA0GCSqGSIb3DQEBCwUAA4IBAQBl8JH2FesX6VOlXd1OGGOLPdmfynQ3cSeu
YZkyalKgRxVlSqooW0KRt52eqg17DDAvNOrqAs5vpRkVXflf2KEfYi2jllfyu0ZI
gSlx4ODzUrSSrQ3QVOju+ueGltfrN8arTtM0KPTY8darxgoMzbs8goQRJR8mwaJf
OJSHYVQAmj0CQzfMJ+n58NPRD6Cs6Eug7zfXS3yR2Jej70a+Yb+sZ4t9JzsJrSUG
Dw32grqDFnEOpZ+M91vbVVM/lYMd2lMOXLHGv/Bt28bLCWFNWa3A4wwBAYDt61ZK
BV18xcTOGUZ9XJmp30soKah2n85LFe64uDnNF87Dld3ORXSjuYHx
-----END CERTIFICATE-----