Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/28/b24b88-22f0-49b8-b2e3-731f47820b20/1/MLpmz1Ih74d3ai6mUgS3az1JAoA.roa
File:                     MLpmz1Ih74d3ai6mUgS3az1JAoA.roa (raw, json)
Hash identifier:          wPq9cbkd3gHsPqU0L1CCMHdPpNtSvMWNQxLswqIps2I=
Subject key identifier:   30:BA:66:CF:52:21:EF:87:77:6A:2E:A6:52:04:B7:6B:3D:49:02:80
Certificate issuer:       /CN=fc57d7a2d57661f6c3c6ea7636ca0ff2300c146f
Certificate serial:       0194221FD90C5CB54D2446BC71C71C30FD12
Authority key identifier: FC:57:D7:A2:D5:76:61:F6:C3:C6:EA:76:36:CA:0F:F2:30:0C:14:6F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_FfXotV2YfbDxup2NsoP8jAMFG8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/28/b24b88-22f0-49b8-b2e3-731f47820b20/1/MLpmz1Ih74d3ai6mUgS3az1JAoA.roa
Signing time:             Wed 01 Jan 2025 13:48:19 +0000
ROA not before:           Wed 01 Jan 2025 13:48:19 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     204818
IP address blocks:        185.245.92.0/23 maxlen: 23
                          185.245.94.0/23 maxlen: 23
                          2a0d:5380::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/28/b24b88-22f0-49b8-b2e3-731f47820b20/1/_FfXotV2YfbDxup2NsoP8jAMFG8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/28/b24b88-22f0-49b8-b2e3-731f47820b20/1/_FfXotV2YfbDxup2NsoP8jAMFG8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_FfXotV2YfbDxup2NsoP8jAMFG8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 19 Apr 2025 01:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:1f:d9:0c:5c:b5:4d:24:46:bc:71:c7:1c:30:fd:12
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fc57d7a2d57661f6c3c6ea7636ca0ff2300c146f
        Validity
            Not Before: Jan  1 13:48:19 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=30ba66cf5221ef87776a2ea65204b76b3d490280
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:86:74:da:7f:1a:e4:c3:30:7a:25:3d:cc:b9:
                    cd:0e:fd:63:47:3a:38:75:6d:90:34:d9:80:79:8a:
                    dc:ea:b9:2b:15:6e:b5:4e:0e:1c:28:e9:3b:84:80:
                    00:ff:d2:e3:2e:9a:61:24:6e:1f:71:be:91:18:2c:
                    05:8b:1c:e6:46:5b:0b:4a:e3:28:15:b9:f3:00:52:
                    96:ec:56:c8:6b:d9:2b:36:2b:23:49:0f:22:90:f8:
                    56:9b:82:b4:df:cb:1e:fc:14:69:5c:a0:f0:0c:84:
                    5f:45:99:b8:e0:c5:04:74:33:b5:b5:df:dc:15:f5:
                    4b:f0:cf:03:66:1c:7c:6e:dd:b1:82:cd:19:15:a5:
                    01:56:20:b7:2a:cc:5f:b8:56:3b:75:25:12:d7:7c:
                    e2:90:9b:a0:ad:f4:fe:ed:bf:78:50:ba:bd:00:ae:
                    8d:31:c5:ae:d1:27:88:46:38:ee:1b:64:51:6d:42:
                    6e:46:78:62:17:c4:e5:bf:8b:64:4b:e3:6e:91:88:
                    4b:6d:69:1a:3c:b8:4b:3e:f8:9c:44:8f:97:76:cb:
                    3b:f5:11:ec:4b:82:de:30:d5:28:5b:6c:7f:01:5b:
                    72:6d:4b:61:69:f1:50:72:fd:ce:68:d8:c7:2b:b9:
                    69:18:e2:23:7a:ba:78:4b:da:40:93:84:3e:58:ea:
                    14:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                30:BA:66:CF:52:21:EF:87:77:6A:2E:A6:52:04:B7:6B:3D:49:02:80
            X509v3 Authority Key Identifier:
                keyid:FC:57:D7:A2:D5:76:61:F6:C3:C6:EA:76:36:CA:0F:F2:30:0C:14:6F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_FfXotV2YfbDxup2NsoP8jAMFG8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/28/b24b88-22f0-49b8-b2e3-731f47820b20/1/MLpmz1Ih74d3ai6mUgS3az1JAoA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/28/b24b88-22f0-49b8-b2e3-731f47820b20/1/_FfXotV2YfbDxup2NsoP8jAMFG8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.245.92.0/22
                IPv6:
                  2a0d:5380::/29

    Signature Algorithm: sha256WithRSAEncryption
         60:6f:fb:99:66:27:3a:46:de:f0:51:9b:c4:8c:10:c6:ac:0a:
         37:90:bf:06:1d:4f:8b:b2:43:97:a2:27:ac:bd:a6:ac:c4:1a:
         c8:79:a6:2f:da:2b:88:37:4a:76:3a:17:cd:b8:65:4d:11:b1:
         e9:54:b4:d4:a1:d4:4d:ba:20:91:38:80:08:7f:58:70:32:8a:
         12:8c:b5:0d:79:c7:b0:2a:0f:2d:f0:97:8e:05:ca:93:7b:2f:
         6a:43:64:45:25:b9:02:35:91:ae:a2:16:88:c8:83:65:b9:bb:
         a0:0d:87:9b:5d:25:45:33:03:32:e8:c0:55:65:b5:da:74:e2:
         41:6b:61:71:93:9b:82:1b:aa:c6:4d:51:fd:ee:81:13:15:d1:
         4f:d6:6a:83:ad:89:d8:aa:b0:3b:53:08:cd:20:33:40:ea:ae:
         15:e0:ff:04:d0:bd:16:a0:fd:a0:b8:6f:95:b9:62:e4:a6:ab:
         17:33:94:60:6a:db:8f:61:21:8e:39:bc:fc:5d:89:60:be:61:
         1b:bf:88:5f:9e:e7:c8:99:cf:21:4d:61:2a:0d:9f:29:1e:fb:
         70:ae:ff:3f:7e:1f:4e:cf:e3:19:96:6a:3a:88:29:e8:22:48:
         84:6e:94:1e:3d:d1:dd:a5:85:cd:76:f4:1d:fe:d3:83:86:6d:
         cb:cb:12:b2
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQiH9kMXLVNJEa8ccccMP0SMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZjNTdkN2EyZDU3NjYxZjZjM2M2ZWE3NjM2Y2EwZmYyMzAw
YzE0NmYwHhcNMjUwMTAxMTM0ODE5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMGJhNjZjZjUyMjFlZjg3Nzc2YTJlYTY1MjA0Yjc2YjNkNDkwMjgwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwIZ02n8a5MMweiU9zLnNDv1jRzo4
dW2QNNmAeYrc6rkrFW61Tg4cKOk7hIAA/9LjLpphJG4fcb6RGCwFixzmRlsLSuMo
FbnzAFKW7FbIa9krNisjSQ8ikPhWm4K038se/BRpXKDwDIRfRZm44MUEdDO1td/c
FfVL8M8DZhx8bt2xgs0ZFaUBViC3KsxfuFY7dSUS13zikJugrfT+7b94ULq9AK6N
McWu0SeIRjjuG2RRbUJuRnhiF8Tlv4tkS+NukYhLbWkaPLhLPvicRI+Xdss79RHs
S4LeMNUoW2x/AVtybUthafFQcv3OaNjHK7lpGOIjerp4S9pAk4Q+WOoURQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFDC6Zs9SIe+Hd2ouplIEt2s9SQKAMB8GA1UdIwQY
MBaAFPxX16LVdmH2w8bqdjbKD/IwDBRvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX0ZmWG90VjJZZmJEeHVwMk5zb1A4akFNRkc4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOC9iMjRiODgtMjJmMC00OWI4LWIyZTMt
NzMxZjQ3ODIwYjIwLzEvTUxwbXoxSWg3NGQzYWk2bVVnUzNhejFKQW9BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOC9iMjRiODgtMjJmMC00OWI4LWIyZTMtNzMxZjQ3ODIwYjIw
LzEvX0ZmWG90VjJZZmJEeHVwMk5zb1A4akFNRkc4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCufVcMA0E
AgACMAcDBQMqDVOAMA0GCSqGSIb3DQEBCwUAA4IBAQBgb/uZZic6Rt7wUZvEjBDG
rAo3kL8GHU+LskOXoiesvaasxBrIeaYv2iuIN0p2OhfNuGVNEbHpVLTUodRNuiCR
OIAIf1hwMooSjLUNecewKg8t8JeOBcqTey9qQ2RFJbkCNZGuohaIyINlubugDYeb
XSVFMwMy6MBVZbXadOJBa2Fxk5uCG6rGTVH97oETFdFP1mqDrYnYqrA7UwjNIDNA
6q4V4P8E0L0WoP2guG+VuWLkpqsXM5RgatuPYSGOObz8XYlgvmEbv4hfnufImc8h
TWEqDZ8pHvtwrv8/fh9Oz+MZlmo6iCnoIkiEbpQePdHdpYXNdvQd/tODhm3LyxKy
-----END CERTIFICATE-----