Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2a/485769-5835-47f4-a9ff-8ec68e7886e2/1/rg67AeqtMD0wJ1IIvMd4YeaFTyI.roa
File:                     rg67AeqtMD0wJ1IIvMd4YeaFTyI.roa (raw, json)
Hash identifier:          po3w7Qi8ZlRiTSE2vYAsVYJZWCbY0SnfvN8Hrjn9vnc=
Subject key identifier:   AE:0E:BB:01:EA:AD:30:3D:30:27:52:08:BC:C7:78:61:E6:85:4F:22
Certificate issuer:       /CN=b48f41afdc609568fb2338fdb20b2d0c422b723b
Certificate serial:       019424457F867D3BEB633100385188C0297D
Authority key identifier: B4:8F:41:AF:DC:60:95:68:FB:23:38:FD:B2:0B:2D:0C:42:2B:72:3B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tI9Br9xglWj7Izj9sgstDEIrcjs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2a/485769-5835-47f4-a9ff-8ec68e7886e2/1/rg67AeqtMD0wJ1IIvMd4YeaFTyI.roa
Signing time:             Wed 01 Jan 2025 23:48:41 +0000
ROA not before:           Wed 01 Jan 2025 23:48:41 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     6730
IP address blocks:        185.90.152.0/23 maxlen: 23
                          2a05:e100::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2a/485769-5835-47f4-a9ff-8ec68e7886e2/1/tI9Br9xglWj7Izj9sgstDEIrcjs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2a/485769-5835-47f4-a9ff-8ec68e7886e2/1/tI9Br9xglWj7Izj9sgstDEIrcjs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tI9Br9xglWj7Izj9sgstDEIrcjs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:45:7f:86:7d:3b:eb:63:31:00:38:51:88:c0:29:7d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b48f41afdc609568fb2338fdb20b2d0c422b723b
        Validity
            Not Before: Jan  1 23:48:41 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ae0ebb01eaad303d30275208bcc77861e6854f22
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f1:d3:e4:0a:48:bf:1c:b0:15:4b:51:56:0d:df:
                    05:be:fd:9a:e8:0c:b5:f1:f6:2a:a1:ef:25:a2:9f:
                    d5:0f:96:d7:c2:84:8d:fe:bd:72:22:91:c2:61:34:
                    24:92:36:9a:f4:90:0e:09:c0:fe:d2:54:24:e6:ee:
                    c7:f8:16:e0:62:b8:de:57:3a:6d:75:c2:af:38:d9:
                    89:82:9d:4c:24:d4:75:5f:42:18:23:d4:70:90:2d:
                    c5:14:a1:db:c3:48:c5:fe:01:5a:c8:37:b2:43:fc:
                    db:c4:06:23:03:a9:56:76:93:48:82:a0:7e:4d:ea:
                    41:3c:bc:68:ea:55:cd:ae:f5:d8:3d:6b:ed:42:74:
                    88:d0:bb:7e:41:1f:31:9b:6f:2e:87:81:8e:3b:eb:
                    2b:e9:70:7c:f4:d8:6a:b9:10:21:2b:5d:84:5c:79:
                    14:a5:ca:e5:cc:25:60:02:e9:7a:03:b3:fe:bb:c8:
                    c1:7f:ee:6c:8c:90:bc:83:cd:9f:0c:75:31:5a:0d:
                    70:cd:e6:ab:48:8e:5e:09:b2:cf:e4:55:cc:54:b3:
                    52:56:f8:d9:25:ec:59:b6:4e:af:b1:94:3a:83:9a:
                    bc:b2:50:f4:9f:3a:9e:9d:3f:1d:7c:b2:a6:dd:43:
                    b0:11:36:1b:80:08:65:2d:8b:1c:3f:04:cb:c3:78:
                    71:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AE:0E:BB:01:EA:AD:30:3D:30:27:52:08:BC:C7:78:61:E6:85:4F:22
            X509v3 Authority Key Identifier:
                keyid:B4:8F:41:AF:DC:60:95:68:FB:23:38:FD:B2:0B:2D:0C:42:2B:72:3B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tI9Br9xglWj7Izj9sgstDEIrcjs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/485769-5835-47f4-a9ff-8ec68e7886e2/1/rg67AeqtMD0wJ1IIvMd4YeaFTyI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/485769-5835-47f4-a9ff-8ec68e7886e2/1/tI9Br9xglWj7Izj9sgstDEIrcjs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.90.152.0/23
                IPv6:
                  2a05:e100::/48

    Signature Algorithm: sha256WithRSAEncryption
         a3:34:43:d8:21:6d:ec:74:b8:f0:20:f9:93:ea:40:7b:d1:13:
         1c:43:3d:ca:f0:a6:b9:ae:1b:6e:60:02:2d:4c:c5:f2:35:82:
         a8:21:68:00:7a:83:b2:78:c6:64:4e:44:93:bd:39:ae:2a:d7:
         c6:77:a0:ac:a5:a9:6a:ed:e2:f3:d3:cd:80:38:19:23:4f:26:
         b0:59:a3:11:c8:b3:56:fe:b9:4e:4f:c9:49:5e:29:dc:45:64:
         59:34:6c:8b:a4:45:1e:d3:14:4d:5d:86:e9:9b:0f:08:16:e2:
         d9:11:bf:68:25:ab:6a:f7:b0:46:07:8e:a1:a7:2a:69:c6:68:
         2e:5b:05:cc:ce:b9:fb:53:da:1f:83:47:1b:1f:a9:f9:51:8c:
         8b:2c:c6:44:78:60:2e:9a:f9:d2:5e:6d:11:82:7d:4b:f3:ee:
         b4:7e:14:83:4a:cd:f3:37:5a:f2:2c:38:b9:59:29:41:12:a4:
         42:a1:70:5c:53:16:4e:30:18:51:e4:8f:76:0b:48:57:77:fc:
         43:b3:83:d2:b8:56:b3:c7:7d:b0:d9:ad:b5:93:d8:94:50:01:
         25:ac:e6:3c:fa:63:2c:62:c3:66:2b:9e:c3:c0:64:a5:b6:a5:
         81:88:47:c4:86:11:37:5a:a0:e7:8a:3f:da:a4:88:6f:a6:08:
         f5:2d:86:a1
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZQkRX+GfTvrYzEAOFGIwCl9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0OGY0MWFmZGM2MDk1NjhmYjIzMzhmZGIyMGIyZDBjNDIy
YjcyM2IwHhcNMjUwMTAxMjM0ODQxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZTBlYmIwMWVhYWQzMDNkMzAyNzUyMDhiY2M3Nzg2MWU2ODU0ZjIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8dPkCki/HLAVS1FWDd8Fvv2a6Ay1
8fYqoe8lop/VD5bXwoSN/r1yIpHCYTQkkjaa9JAOCcD+0lQk5u7H+BbgYrjeVzpt
dcKvONmJgp1MJNR1X0IYI9RwkC3FFKHbw0jF/gFayDeyQ/zbxAYjA6lWdpNIgqB+
TepBPLxo6lXNrvXYPWvtQnSI0Lt+QR8xm28uh4GOO+sr6XB89NhquRAhK12EXHkU
pcrlzCVgAul6A7P+u8jBf+5sjJC8g82fDHUxWg1wzearSI5eCbLP5FXMVLNSVvjZ
JexZtk6vsZQ6g5q8slD0nzqenT8dfLKm3UOwETYbgAhlLYscPwTLw3hxowIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFK4OuwHqrTA9MCdSCLzHeGHmhU8iMB8GA1UdIwQY
MBaAFLSPQa/cYJVo+yM4/bILLQxCK3I7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdEk5QnI5eGdsV2o3SXpqOXNnc3RERUlyY2pzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYS80ODU3NjktNTgzNS00N2Y0LWE5ZmYt
OGVjNjhlNzg4NmUyLzEvcmc2N0FlcXRNRDB3SjFJSXZNZDRZZWFGVHlJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYS80ODU3NjktNTgzNS00N2Y0LWE5ZmYtOGVjNjhlNzg4NmUy
LzEvdEk5QnI5eGdsV2o3SXpqOXNnc3RERUlyY2pzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQBuVqYMA8E
AgACMAkDBwAqBeEAAAAwDQYJKoZIhvcNAQELBQADggEBAKM0Q9ghbex0uPAg+ZPq
QHvRExxDPcrwprmuG25gAi1MxfI1gqghaAB6g7J4xmRORJO9Oa4q18Z3oKylqWrt
4vPTzYA4GSNPJrBZoxHIs1b+uU5PyUleKdxFZFk0bIukRR7TFE1dhumbDwgW4tkR
v2glq2r3sEYHjqGnKmnGaC5bBczOuftT2h+DRxsfqflRjIssxkR4YC6a+dJebRGC
fUvz7rR+FINKzfM3WvIsOLlZKUESpEKhcFxTFk4wGFHkj3YLSFd3/EOzg9K4VrPH
fbDZrbWT2JRQASWs5jz6Yyxiw2YrnsPAZKW2pYGIR8SGETdaoOeKP9qkiG+mCPUt
hqE=
-----END CERTIFICATE-----