Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2d/439ef6-6e39-44e8-8c9b-92d418e8d9a5/1/HNrCdJFr8Rfx0QNo8n5aDjy6J1M.roa
File:                     HNrCdJFr8Rfx0QNo8n5aDjy6J1M.roa (raw, json)
Hash identifier:          gUK0hPbdwoGfL6nF9RbnOReZ1s6L9tQ32o9aBdmxdu0=
Subject key identifier:   1C:DA:C2:74:91:6B:F1:17:F1:D1:03:68:F2:7E:5A:0E:3C:BA:27:53
Certificate issuer:       /CN=0f0d94ee63c70a733663bbc4b5b576de607e19ed
Certificate serial:       019420D597AEFC1B337B92D773739BF542D6
Authority key identifier: 0F:0D:94:EE:63:C7:0A:73:36:63:BB:C4:B5:B5:76:DE:60:7E:19:ED
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Dw2U7mPHCnM2Y7vEtbV23mB-Ge0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2d/439ef6-6e39-44e8-8c9b-92d418e8d9a5/1/HNrCdJFr8Rfx0QNo8n5aDjy6J1M.roa
Signing time:             Wed 01 Jan 2025 07:47:36 +0000
ROA not before:           Wed 01 Jan 2025 07:47:36 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     202661
IP address blocks:        185.197.40.0/22 maxlen: 22
                          2a0e:d1c0::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2d/439ef6-6e39-44e8-8c9b-92d418e8d9a5/1/Dw2U7mPHCnM2Y7vEtbV23mB-Ge0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2d/439ef6-6e39-44e8-8c9b-92d418e8d9a5/1/Dw2U7mPHCnM2Y7vEtbV23mB-Ge0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Dw2U7mPHCnM2Y7vEtbV23mB-Ge0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 23 Apr 2025 14:46:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:d5:97:ae:fc:1b:33:7b:92:d7:73:73:9b:f5:42:d6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0f0d94ee63c70a733663bbc4b5b576de607e19ed
        Validity
            Not Before: Jan  1 07:47:36 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1cdac274916bf117f1d10368f27e5a0e3cba2753
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:be:ec:cf:c7:7e:49:ee:7b:68:c0:d9:ba:90:
                    ae:b7:6b:e4:c4:41:13:82:08:2a:25:db:39:2b:af:
                    de:22:c3:c3:f4:e6:d0:3b:da:b7:f3:b7:80:db:b7:
                    6b:7c:5b:99:27:4d:82:6a:7b:2f:1b:3b:f7:41:8e:
                    86:44:03:98:d2:22:c3:f0:40:3f:dd:dc:56:d3:a8:
                    14:16:e2:ff:ff:10:b9:08:c7:3a:49:98:c9:5f:6f:
                    f3:00:11:8c:42:8d:b1:4c:8f:cb:42:32:98:78:b6:
                    47:db:ad:2f:3c:cb:9f:51:91:02:b9:d5:8a:ec:63:
                    16:24:7c:ea:18:16:47:5f:fd:ab:23:f6:d0:bc:37:
                    f0:f4:14:37:49:c7:c5:4f:e8:2c:c7:c3:8d:cf:81:
                    9b:7e:7a:12:3b:a0:77:1b:ff:8f:e4:81:bc:2f:2d:
                    de:08:ea:c3:c2:b3:be:0d:f3:47:49:68:1c:3c:6d:
                    8b:ae:fd:04:b1:b9:70:a8:ca:0d:a6:26:6c:aa:49:
                    ef:55:c9:ae:f1:0f:bf:bb:19:cb:ee:5a:57:c5:49:
                    fa:f3:83:3f:80:40:51:99:a2:85:9c:85:c2:f0:98:
                    a6:8f:39:b8:16:0c:88:a7:89:33:5b:2f:86:e1:11:
                    e7:e1:2c:70:8c:3d:c4:66:59:80:c0:9a:d8:38:60:
                    24:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1C:DA:C2:74:91:6B:F1:17:F1:D1:03:68:F2:7E:5A:0E:3C:BA:27:53
            X509v3 Authority Key Identifier:
                keyid:0F:0D:94:EE:63:C7:0A:73:36:63:BB:C4:B5:B5:76:DE:60:7E:19:ED

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Dw2U7mPHCnM2Y7vEtbV23mB-Ge0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/439ef6-6e39-44e8-8c9b-92d418e8d9a5/1/HNrCdJFr8Rfx0QNo8n5aDjy6J1M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/439ef6-6e39-44e8-8c9b-92d418e8d9a5/1/Dw2U7mPHCnM2Y7vEtbV23mB-Ge0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.197.40.0/22
                IPv6:
                  2a0e:d1c0::/32

    Signature Algorithm: sha256WithRSAEncryption
         10:e4:2d:a0:56:43:63:a9:81:f3:bf:6b:a6:b4:70:6a:e4:50:
         0c:d1:ef:ea:7b:e0:4d:be:93:df:18:5c:a4:96:0e:02:42:18:
         05:3d:75:68:05:b5:23:02:4d:b4:f8:dc:41:0f:5d:0b:c1:5c:
         41:de:a0:4b:15:af:b7:58:94:3e:da:e8:07:e1:0b:bc:13:c9:
         6f:54:17:85:ba:c2:2e:2f:e7:c2:3d:eb:34:5d:01:d3:74:27:
         6f:00:00:1d:25:5c:91:9b:ab:27:c3:e0:37:b4:5b:59:62:77:
         f5:f5:ac:c7:59:1b:03:dd:21:7c:92:d1:fe:9f:07:c8:37:30:
         be:41:93:c6:18:76:01:fb:5c:4d:16:ec:7d:56:54:5f:8b:8b:
         6f:17:52:48:67:97:73:96:3c:6b:b4:8e:e9:72:52:76:ca:55:
         d9:8d:dd:b6:16:9e:79:90:f1:c0:30:39:c3:e3:30:98:c0:ec:
         05:a3:fa:5c:85:39:ea:31:47:1e:e8:df:0f:e1:96:0e:97:2e:
         71:da:82:d6:e0:85:49:4b:b3:90:07:23:91:78:de:7e:a6:7b:
         5d:62:58:a2:64:dc:dc:92:ba:6d:7f:50:55:1f:0f:1f:a6:7e:
         4c:da:f7:91:b0:f2:eb:94:79:87:84:e2:06:54:b7:24:ac:d1:
         87:df:4d:3c
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQg1Zeu/Bsze5LXc3Ob9ULWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBmMGQ5NGVlNjNjNzBhNzMzNjYzYmJjNGI1YjU3NmRlNjA3
ZTE5ZWQwHhcNMjUwMTAxMDc0NzM2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxY2RhYzI3NDkxNmJmMTE3ZjFkMTAzNjhmMjdlNWEwZTNjYmEyNzUzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtL7sz8d+Se57aMDZupCut2vkxEET
gggqJds5K6/eIsPD9ObQO9q387eA27drfFuZJ02CansvGzv3QY6GRAOY0iLD8EA/
3dxW06gUFuL//xC5CMc6SZjJX2/zABGMQo2xTI/LQjKYeLZH260vPMufUZECudWK
7GMWJHzqGBZHX/2rI/bQvDfw9BQ3ScfFT+gsx8ONz4GbfnoSO6B3G/+P5IG8Ly3e
COrDwrO+DfNHSWgcPG2Lrv0EsblwqMoNpiZsqknvVcmu8Q+/uxnL7lpXxUn684M/
gEBRmaKFnIXC8Jimjzm4FgyIp4kzWy+G4RHn4SxwjD3EZlmAwJrYOGAkLwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFBzawnSRa/EX8dEDaPJ+Wg48uidTMB8GA1UdIwQY
MBaAFA8NlO5jxwpzNmO7xLW1dt5gfhntMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRHcyVTdtUEhDbk0yWTd2RXRiVjIzbUItR2UwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZC80MzllZjYtNmUzOS00NGU4LThjOWIt
OTJkNDE4ZThkOWE1LzEvSE5yQ2RKRnI4UmZ4MFFObzhuNWFEank2SjFNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZC80MzllZjYtNmUzOS00NGU4LThjOWItOTJkNDE4ZThkOWE1
LzEvRHcyVTdtUEhDbk0yWTd2RXRiVjIzbUItR2UwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCucUoMA0E
AgACMAcDBQAqDtHAMA0GCSqGSIb3DQEBCwUAA4IBAQAQ5C2gVkNjqYHzv2umtHBq
5FAM0e/qe+BNvpPfGFyklg4CQhgFPXVoBbUjAk20+NxBD10LwVxB3qBLFa+3WJQ+
2ugH4Qu8E8lvVBeFusIuL+fCPes0XQHTdCdvAAAdJVyRm6snw+A3tFtZYnf19azH
WRsD3SF8ktH+nwfINzC+QZPGGHYB+1xNFux9VlRfi4tvF1JIZ5dzljxrtI7pclJ2
ylXZjd22Fp55kPHAMDnD4zCYwOwFo/pchTnqMUce6N8P4ZYOly5x2oLW4IVJS7OQ
ByOReN5+pntdYliiZNzckrptf1BVHw8fpn5M2veRsPLrlHmHhOIGVLckrNGH3008
-----END CERTIFICATE-----