Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/30/674abb-221a-4454-acfc-965a34180136/1/jYCp1px7d3_I6mefNTn8vuzWBOg.roa
File:                     jYCp1px7d3_I6mefNTn8vuzWBOg.roa (raw, json)
Hash identifier:          Pv+cwNn5v2uyPM9DJOrn9OfaFC2aCdBmSBHPyx9HtlM=
Subject key identifier:   8D:80:A9:D6:9C:7B:77:7F:C8:EA:67:9F:35:39:FC:BE:EC:D6:04:E8
Certificate issuer:       /CN=b1168d062a0c2e6166a8262c4d7298d76dedd04f
Certificate serial:       01942143F353DBC3664C078E12978F235D6A
Authority key identifier: B1:16:8D:06:2A:0C:2E:61:66:A8:26:2C:4D:72:98:D7:6D:ED:D0:4F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sRaNBioMLmFmqCYsTXKY123t0E8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/30/674abb-221a-4454-acfc-965a34180136/1/jYCp1px7d3_I6mefNTn8vuzWBOg.roa
Signing time:             Wed 01 Jan 2025 09:48:08 +0000
ROA not before:           Wed 01 Jan 2025 09:48:08 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     29119
IP address blocks:        185.67.210.0/24 maxlen: 24
                          185.67.211.0/24 maxlen: 24
                          185.102.208.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/30/674abb-221a-4454-acfc-965a34180136/1/sRaNBioMLmFmqCYsTXKY123t0E8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/30/674abb-221a-4454-acfc-965a34180136/1/sRaNBioMLmFmqCYsTXKY123t0E8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/sRaNBioMLmFmqCYsTXKY123t0E8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:43:f3:53:db:c3:66:4c:07:8e:12:97:8f:23:5d:6a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b1168d062a0c2e6166a8262c4d7298d76dedd04f
        Validity
            Not Before: Jan  1 09:48:08 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8d80a9d69c7b777fc8ea679f3539fcbeecd604e8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:d9:07:2d:2a:cc:0c:80:af:65:d9:6e:b7:f3:
                    63:d6:38:93:4d:d5:89:72:13:ae:ec:a3:6c:da:05:
                    79:ae:1e:42:f7:6b:ce:dd:ad:67:57:c1:c8:70:17:
                    e4:85:86:ae:25:7a:e8:63:3f:64:b4:20:70:a8:90:
                    6e:ed:7f:a7:1c:e1:20:ae:df:aa:1d:1c:eb:e2:97:
                    d9:ca:72:b5:f3:d6:29:5c:1d:bf:07:26:0c:1e:c5:
                    0a:5c:2d:fa:77:dd:6d:3a:7a:37:a2:13:ad:3d:b5:
                    0f:75:b5:9c:d0:44:c0:07:78:ee:84:02:05:25:f0:
                    ce:98:40:89:5d:5c:93:42:4d:71:b5:cf:90:fa:60:
                    8d:da:b9:d2:fb:ad:f1:3f:07:29:47:14:fa:e0:04:
                    0a:b4:2f:01:7b:63:34:bb:a3:c5:4e:a7:a2:a9:54:
                    13:6c:f8:c6:c0:d8:e0:5c:9a:e8:5c:e1:69:ce:eb:
                    0e:38:41:99:bd:df:c4:d3:75:63:d8:43:d9:c9:cc:
                    65:81:cd:aa:10:70:b2:cc:f8:d0:29:ed:8d:85:01:
                    cf:7e:02:0a:62:23:59:aa:d0:3c:a3:d0:61:42:ac:
                    37:48:c4:80:c3:a6:57:a6:c4:e4:93:0c:18:28:e4:
                    f7:03:d8:2d:bb:89:7a:a6:1a:7a:a7:11:e0:fe:69:
                    d5:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8D:80:A9:D6:9C:7B:77:7F:C8:EA:67:9F:35:39:FC:BE:EC:D6:04:E8
            X509v3 Authority Key Identifier:
                keyid:B1:16:8D:06:2A:0C:2E:61:66:A8:26:2C:4D:72:98:D7:6D:ED:D0:4F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sRaNBioMLmFmqCYsTXKY123t0E8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/30/674abb-221a-4454-acfc-965a34180136/1/jYCp1px7d3_I6mefNTn8vuzWBOg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/30/674abb-221a-4454-acfc-965a34180136/1/sRaNBioMLmFmqCYsTXKY123t0E8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.67.210.0/23
                  185.102.208.0/23

    Signature Algorithm: sha256WithRSAEncryption
         4b:65:2e:e8:d7:67:04:b7:eb:7e:f2:be:b8:c7:bf:3f:8c:57:
         44:8e:40:07:22:53:ec:5d:0a:f8:8c:f2:1f:53:dd:8d:40:d6:
         73:f1:c5:14:13:58:01:62:41:ae:7c:ab:e9:d8:f0:8f:5f:a8:
         54:38:3b:ee:d3:d6:45:c6:70:be:c6:e5:03:28:0a:d2:79:63:
         f0:80:41:65:8f:48:b2:01:b3:bd:34:71:c5:e8:3c:eb:c4:34:
         71:b7:df:3d:13:cd:99:d1:f6:0c:75:47:f2:45:dd:18:26:56:
         08:bb:8e:ec:70:27:8e:08:71:1c:27:4f:f5:68:8d:df:8d:d9:
         f1:10:70:59:53:f2:fd:50:5f:9b:df:9d:2b:0c:69:3f:d8:3b:
         ab:28:03:4d:e4:de:bd:b6:1c:48:30:42:c5:4c:62:2f:83:13:
         50:00:1b:7d:6e:a7:ec:6c:67:e2:40:56:6b:cf:98:d6:88:9a:
         7c:4f:cc:46:6f:0e:8f:34:a3:5d:40:43:00:6e:28:4e:74:64:
         82:b0:e5:ac:11:37:29:55:20:22:6f:7b:1f:b5:cb:26:8d:13:
         33:cd:8c:74:b5:61:02:c4:87:ff:00:9e:65:bf:b4:f3:91:19:
         ea:0a:ac:82:b8:1d:78:48:03:ca:d3:3b:96:2c:b5:6b:63:41:
         9a:91:dc:93
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQhQ/NT28NmTAeOEpePI11qMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIxMTY4ZDA2MmEwYzJlNjE2NmE4MjYyYzRkNzI5OGQ3NmRl
ZGQwNGYwHhcNMjUwMTAxMDk0ODA4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZDgwYTlkNjljN2I3NzdmYzhlYTY3OWYzNTM5ZmNiZWVjZDYwNGU4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq9kHLSrMDICvZdlut/Nj1jiTTdWJ
chOu7KNs2gV5rh5C92vO3a1nV8HIcBfkhYauJXroYz9ktCBwqJBu7X+nHOEgrt+q
HRzr4pfZynK189YpXB2/ByYMHsUKXC36d91tOno3ohOtPbUPdbWc0ETAB3juhAIF
JfDOmECJXVyTQk1xtc+Q+mCN2rnS+63xPwcpRxT64AQKtC8Be2M0u6PFTqeiqVQT
bPjGwNjgXJroXOFpzusOOEGZvd/E03Vj2EPZycxlgc2qEHCyzPjQKe2NhQHPfgIK
YiNZqtA8o9BhQqw3SMSAw6ZXpsTkkwwYKOT3A9gtu4l6php6pxHg/mnVrQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFI2Aqdace3d/yOpnnzU5/L7s1gToMB8GA1UdIwQY
MBaAFLEWjQYqDC5hZqgmLE1ymNdt7dBPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc1JhTkJpb01MbUZtcUNZc1RYS1kxMjN0MEU4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMC82NzRhYmItMjIxYS00NDU0LWFjZmMt
OTY1YTM0MTgwMTM2LzEvallDcDFweDdkM19JNm1lZk5Ubjh2dXpXQk9nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMC82NzRhYmItMjIxYS00NDU0LWFjZmMtOTY1YTM0MTgwMTM2
LzEvc1JhTkJpb01MbUZtcUNZc1RYS1kxMjN0MEU4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBuUPSAwQB
uWbQMA0GCSqGSIb3DQEBCwUAA4IBAQBLZS7o12cEt+t+8r64x78/jFdEjkAHIlPs
XQr4jPIfU92NQNZz8cUUE1gBYkGufKvp2PCPX6hUODvu09ZFxnC+xuUDKArSeWPw
gEFlj0iyAbO9NHHF6DzrxDRxt989E82Z0fYMdUfyRd0YJlYIu47scCeOCHEcJ0/1
aI3fjdnxEHBZU/L9UF+b350rDGk/2DurKANN5N69thxIMELFTGIvgxNQABt9bqfs
bGfiQFZrz5jWiJp8T8xGbw6PNKNdQEMAbihOdGSCsOWsETcpVSAib3sftcsmjRMz
zYx0tWECxIf/AJ5lv7TzkRnqCqyCuB14SAPK0zuWLLVrY0GakdyT
-----END CERTIFICATE-----