Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2e/ea29f2-c340-4d61-b5bb-b853dff8765c/1/DfvtpBc-nvqHEzH62KyAmVwM6wc.roa
File:                     DfvtpBc-nvqHEzH62KyAmVwM6wc.roa (raw, json)
Hash identifier:          vQtE9Py9eSZNLr1/cVugAFwNdN9RtLbpzhnSE7YveL8=
Subject key identifier:   0D:FB:ED:A4:17:3E:9E:FA:87:13:31:FA:D8:AC:80:99:5C:0C:EB:07
Certificate issuer:       /CN=3188fae3ebbb3d74feeddcf507f83e67db8850a2
Certificate serial:       0194258F395C17BEAC2B2BCDCCD4C9A08CF1
Authority key identifier: 31:88:FA:E3:EB:BB:3D:74:FE:ED:DC:F5:07:F8:3E:67:DB:88:50:A2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MYj64-u7PXT-7dz1B_g-Z9uIUKI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2e/ea29f2-c340-4d61-b5bb-b853dff8765c/1/DfvtpBc-nvqHEzH62KyAmVwM6wc.roa
Signing time:             Thu 02 Jan 2025 05:48:50 +0000
ROA not before:           Thu 02 Jan 2025 05:48:50 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     62313
IP address blocks:        185.141.200.0/22 maxlen: 24
                          185.188.204.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2e/ea29f2-c340-4d61-b5bb-b853dff8765c/1/MYj64-u7PXT-7dz1B_g-Z9uIUKI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2e/ea29f2-c340-4d61-b5bb-b853dff8765c/1/MYj64-u7PXT-7dz1B_g-Z9uIUKI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MYj64-u7PXT-7dz1B_g-Z9uIUKI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 16 Apr 2025 08:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:8f:39:5c:17:be:ac:2b:2b:cd:cc:d4:c9:a0:8c:f1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3188fae3ebbb3d74feeddcf507f83e67db8850a2
        Validity
            Not Before: Jan  2 05:48:50 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0dfbeda4173e9efa871331fad8ac80995c0ceb07
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:b7:5c:84:2f:5b:5d:2a:b3:d0:ca:db:dc:53:
                    eb:48:1d:0f:8b:70:60:0d:bc:67:d0:c4:f7:6d:f7:
                    a8:6d:e6:d1:47:ea:95:ae:aa:3b:72:05:53:8c:c6:
                    c5:ec:66:68:80:ce:87:22:99:8f:0b:63:7a:47:0f:
                    fb:f6:41:20:35:91:a1:ab:ab:09:da:c1:b3:db:99:
                    eb:fb:8f:de:b5:f7:5b:2c:a8:f7:24:1c:34:0b:11:
                    11:4c:f1:65:de:c2:f1:06:07:81:e3:92:09:12:d7:
                    c1:5a:cc:7e:79:91:e0:15:54:ac:1c:de:7e:87:b9:
                    2a:d2:fc:c1:88:34:26:1c:c1:5f:26:0f:2c:d0:21:
                    ba:59:97:5c:e0:d8:27:ee:d7:42:3e:38:53:2b:df:
                    5c:bd:df:9f:a0:67:ab:98:2a:94:cd:c9:f3:88:43:
                    0e:3e:7f:74:4d:3e:04:71:b8:ca:84:3b:60:a6:9d:
                    8e:ca:8b:55:b8:20:db:6d:ae:29:1d:78:02:c5:75:
                    7d:41:24:e9:c9:57:27:1f:c5:f1:23:d9:31:ad:3e:
                    73:0f:f5:56:09:96:b9:9d:87:e8:a3:3b:9d:ca:57:
                    f2:5d:5f:5e:17:61:23:f6:8d:0f:5b:99:88:3a:e3:
                    3a:52:b9:db:2c:83:62:fb:39:bf:53:af:18:f2:a8:
                    55:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0D:FB:ED:A4:17:3E:9E:FA:87:13:31:FA:D8:AC:80:99:5C:0C:EB:07
            X509v3 Authority Key Identifier:
                keyid:31:88:FA:E3:EB:BB:3D:74:FE:ED:DC:F5:07:F8:3E:67:DB:88:50:A2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MYj64-u7PXT-7dz1B_g-Z9uIUKI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2e/ea29f2-c340-4d61-b5bb-b853dff8765c/1/DfvtpBc-nvqHEzH62KyAmVwM6wc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2e/ea29f2-c340-4d61-b5bb-b853dff8765c/1/MYj64-u7PXT-7dz1B_g-Z9uIUKI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.141.200.0/22
                  185.188.204.0/22

    Signature Algorithm: sha256WithRSAEncryption
         2c:66:9c:1a:55:35:fe:35:65:c2:f7:33:ef:13:18:9c:48:3a:
         77:7c:c2:bc:e2:a5:1b:b2:a9:fe:36:84:48:ba:8a:63:67:bc:
         5d:52:af:d7:50:03:86:b2:82:2c:9e:34:85:e2:ec:0d:b9:80:
         98:f0:43:19:5e:b1:68:4f:63:61:a2:d7:7d:8d:27:13:3f:8c:
         5d:4e:99:61:02:53:f3:46:94:40:ce:c7:c8:0e:20:3c:95:7d:
         3f:61:ad:8f:7e:ef:f7:24:98:ec:a8:3e:84:bc:4d:1f:99:b6:
         db:3c:1d:72:c4:4a:44:ca:d8:5c:d3:c7:e4:88:ab:ae:c9:74:
         dc:7f:39:a5:45:98:41:70:c0:70:ed:c1:63:92:54:f4:06:95:
         3c:59:30:3e:00:ed:34:da:d9:bf:9c:16:8d:dd:b9:67:43:a9:
         41:68:15:11:1f:f4:0b:e9:86:d7:c1:f8:db:fc:c0:bb:34:70:
         cb:5c:c5:45:c2:de:41:bc:37:4e:46:fb:fd:fd:c2:2c:9d:af:
         17:4a:88:99:0c:31:28:02:79:c0:14:35:c3:e7:81:73:f7:c1:
         c1:76:51:5c:cf:1f:a3:b1:88:83:7c:25:6f:cd:de:5f:2d:8c:
         a7:d7:f9:94:0f:a4:ad:11:46:0d:dd:43:00:25:2d:b1:63:9a:
         56:18:e2:fd
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQljzlcF76sKyvNzNTJoIzxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMxODhmYWUzZWJiYjNkNzRmZWVkZGNmNTA3ZjgzZTY3ZGI4
ODUwYTIwHhcNMjUwMTAyMDU0ODUwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZGZiZWRhNDE3M2U5ZWZhODcxMzMxZmFkOGFjODA5OTVjMGNlYjA3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA17dchC9bXSqz0Mrb3FPrSB0Pi3Bg
Dbxn0MT3bfeobebRR+qVrqo7cgVTjMbF7GZogM6HIpmPC2N6Rw/79kEgNZGhq6sJ
2sGz25nr+4/etfdbLKj3JBw0CxERTPFl3sLxBgeB45IJEtfBWsx+eZHgFVSsHN5+
h7kq0vzBiDQmHMFfJg8s0CG6WZdc4Ngn7tdCPjhTK99cvd+foGermCqUzcnziEMO
Pn90TT4EcbjKhDtgpp2OyotVuCDbba4pHXgCxXV9QSTpyVcnH8XxI9kxrT5zD/VW
CZa5nYfoozudylfyXV9eF2Ej9o0PW5mIOuM6UrnbLINi+zm/U68Y8qhVXwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFA377aQXPp76hxMx+tisgJlcDOsHMB8GA1UdIwQY
MBaAFDGI+uPruz10/u3c9Qf4PmfbiFCiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTVlqNjQtdTdQWFQtN2R6MUJfZy1aOXVJVUtJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZS9lYTI5ZjItYzM0MC00ZDYxLWI1YmIt
Yjg1M2RmZjg3NjVjLzEvRGZ2dHBCYy1udnFIRXpINjJLeUFtVndNNndjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZS9lYTI5ZjItYzM0MC00ZDYxLWI1YmItYjg1M2RmZjg3NjVj
LzEvTVlqNjQtdTdQWFQtN2R6MUJfZy1aOXVJVUtJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCuY3IAwQC
ubzMMA0GCSqGSIb3DQEBCwUAA4IBAQAsZpwaVTX+NWXC9zPvExicSDp3fMK84qUb
sqn+NoRIuopjZ7xdUq/XUAOGsoIsnjSF4uwNuYCY8EMZXrFoT2Nhotd9jScTP4xd
TplhAlPzRpRAzsfIDiA8lX0/Ya2Pfu/3JJjsqD6EvE0fmbbbPB1yxEpEythc08fk
iKuuyXTcfzmlRZhBcMBw7cFjklT0BpU8WTA+AO002tm/nBaN3blnQ6lBaBURH/QL
6YbXwfjb/MC7NHDLXMVFwt5BvDdORvv9/cIsna8XSoiZDDEoAnnAFDXD54Fz98HB
dlFczx+jsYiDfCVvzd5fLYyn1/mUD6StEUYN3UMAJS2xY5pWGOL9
-----END CERTIFICATE-----