Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/30/674abb-221a-4454-acfc-965a34180136/1/rAkcIeR16JbVpYeePcru3Xd_9Fo.roa
File:                     rAkcIeR16JbVpYeePcru3Xd_9Fo.roa (raw, json)
Hash identifier:          5QKOAoJ3RyBbcQy0L3k19T9nHrTzNr6BOoQXHbBl8Lc=
Subject key identifier:   AC:09:1C:21:E4:75:E8:96:D5:A5:87:9E:3D:CA:EE:DD:77:7F:F4:5A
Certificate issuer:       /CN=b1168d062a0c2e6166a8262c4d7298d76dedd04f
Certificate serial:       01942143F560EF6C081A1880CEE03286C264
Authority key identifier: B1:16:8D:06:2A:0C:2E:61:66:A8:26:2C:4D:72:98:D7:6D:ED:D0:4F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sRaNBioMLmFmqCYsTXKY123t0E8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/30/674abb-221a-4454-acfc-965a34180136/1/rAkcIeR16JbVpYeePcru3Xd_9Fo.roa
Signing time:             Wed 01 Jan 2025 09:48:09 +0000
ROA not before:           Wed 01 Jan 2025 09:48:09 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     201343
IP address blocks:        185.67.208.0/23 maxlen: 23
                          185.102.208.0/23 maxlen: 23
                          185.102.211.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/30/674abb-221a-4454-acfc-965a34180136/1/sRaNBioMLmFmqCYsTXKY123t0E8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/30/674abb-221a-4454-acfc-965a34180136/1/sRaNBioMLmFmqCYsTXKY123t0E8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/sRaNBioMLmFmqCYsTXKY123t0E8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:43:f5:60:ef:6c:08:1a:18:80:ce:e0:32:86:c2:64
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b1168d062a0c2e6166a8262c4d7298d76dedd04f
        Validity
            Not Before: Jan  1 09:48:09 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ac091c21e475e896d5a5879e3dcaeedd777ff45a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:2e:df:63:6b:57:1c:07:3b:a4:4b:74:7e:13:
                    46:7f:28:4d:09:96:d5:13:75:27:70:86:78:4a:3f:
                    34:f2:89:9d:01:60:fe:1f:2b:0a:e4:71:f8:4d:f2:
                    af:17:a1:00:2e:7d:31:4d:59:49:05:7d:24:f0:b3:
                    3a:fb:57:82:44:f1:86:2d:01:76:5b:e4:06:fd:34:
                    54:aa:4c:2b:e6:04:05:e7:79:86:bb:0b:44:92:3a:
                    51:13:86:f3:bc:31:2b:a6:2f:5b:72:ec:80:e1:40:
                    48:46:f1:1a:cf:3b:3b:73:f7:a7:46:ab:70:94:bf:
                    82:a8:61:0f:58:83:97:2c:3a:ab:31:03:a9:67:70:
                    76:5b:cf:f3:d1:91:6c:18:df:a3:ed:19:67:aa:7d:
                    81:88:68:d8:fc:10:d6:25:8d:0b:41:f8:95:fc:e9:
                    d4:ab:a1:ee:8d:a2:20:16:b0:0f:f6:d6:af:58:b1:
                    ce:a1:3b:0e:a3:a5:56:6d:35:71:b5:26:b9:98:61:
                    ff:b4:4d:cb:fb:f5:f7:73:2d:0b:91:c3:62:c0:ef:
                    8b:04:f4:0d:ad:c1:c4:d1:72:46:19:53:09:55:2f:
                    97:bb:1d:93:2c:3d:df:1e:fa:ee:af:3f:00:69:5c:
                    20:49:34:99:0a:06:a6:2d:e5:d1:49:74:02:bf:de:
                    fd:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AC:09:1C:21:E4:75:E8:96:D5:A5:87:9E:3D:CA:EE:DD:77:7F:F4:5A
            X509v3 Authority Key Identifier:
                keyid:B1:16:8D:06:2A:0C:2E:61:66:A8:26:2C:4D:72:98:D7:6D:ED:D0:4F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sRaNBioMLmFmqCYsTXKY123t0E8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/30/674abb-221a-4454-acfc-965a34180136/1/rAkcIeR16JbVpYeePcru3Xd_9Fo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/30/674abb-221a-4454-acfc-965a34180136/1/sRaNBioMLmFmqCYsTXKY123t0E8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.67.208.0/23
                  185.102.208.0/23
                  185.102.211.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0a:e2:12:a0:eb:f8:87:00:30:d3:d3:97:fc:f8:8f:2b:dd:f7:
         61:a9:10:cd:61:ce:21:31:4b:af:27:34:08:87:3f:c2:b5:0e:
         63:35:93:fc:39:b0:a7:a4:b2:0d:90:59:f6:46:08:65:00:21:
         fa:39:4f:f5:99:66:58:f8:e0:d0:08:6c:fa:48:a5:07:31:c5:
         cb:d7:b3:8e:8e:01:45:e0:25:fa:a6:6d:88:0a:a9:cd:ff:61:
         d1:6b:14:9f:ef:69:28:8f:30:99:91:01:61:3e:f7:83:8f:d7:
         39:92:9e:53:c7:6b:7b:0b:51:76:eb:f8:9c:42:25:4c:53:ff:
         a0:b7:7e:b3:5d:ed:6e:2c:f9:d9:f4:8d:17:6f:28:46:6e:08:
         2b:1e:c2:d1:c8:ba:25:bf:9c:2e:2b:09:77:c7:fb:14:ff:7d:
         26:8b:61:7d:b4:99:d7:e5:fe:79:76:b1:08:66:89:ab:d4:04:
         59:02:3c:6a:87:91:e3:18:1d:52:95:ba:a6:ee:c0:4e:30:7c:
         8b:9a:a1:4b:7b:d7:9a:ec:2c:db:77:45:2e:00:4f:89:46:5b:
         ef:e6:6e:5e:82:e6:a1:03:d4:4c:07:27:9d:53:bc:4e:37:9e:
         1d:97:ee:f1:53:d6:72:99:7c:fc:a7:f9:7a:b9:39:14:9e:4a:
         79:93:2b:02
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZQhQ/Vg72wIGhiAzuAyhsJkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIxMTY4ZDA2MmEwYzJlNjE2NmE4MjYyYzRkNzI5OGQ3NmRl
ZGQwNGYwHhcNMjUwMTAxMDk0ODA5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYzA5MWMyMWU0NzVlODk2ZDVhNTg3OWUzZGNhZWVkZDc3N2ZmNDVhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsS7fY2tXHAc7pEt0fhNGfyhNCZbV
E3UncIZ4Sj808omdAWD+HysK5HH4TfKvF6EALn0xTVlJBX0k8LM6+1eCRPGGLQF2
W+QG/TRUqkwr5gQF53mGuwtEkjpRE4bzvDErpi9bcuyA4UBIRvEazzs7c/enRqtw
lL+CqGEPWIOXLDqrMQOpZ3B2W8/z0ZFsGN+j7Rlnqn2BiGjY/BDWJY0LQfiV/OnU
q6HujaIgFrAP9tavWLHOoTsOo6VWbTVxtSa5mGH/tE3L+/X3cy0LkcNiwO+LBPQN
rcHE0XJGGVMJVS+Xux2TLD3fHvrurz8AaVwgSTSZCgamLeXRSXQCv979zwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFKwJHCHkdeiW1aWHnj3K7t13f/RaMB8GA1UdIwQY
MBaAFLEWjQYqDC5hZqgmLE1ymNdt7dBPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc1JhTkJpb01MbUZtcUNZc1RYS1kxMjN0MEU4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMC82NzRhYmItMjIxYS00NDU0LWFjZmMt
OTY1YTM0MTgwMTM2LzEvckFrY0llUjE2SmJWcFllZVBjcnUzWGRfOUZvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMC82NzRhYmItMjIxYS00NDU0LWFjZmMtOTY1YTM0MTgwMTM2
LzEvc1JhTkJpb01MbUZtcUNZc1RYS1kxMjN0MEU4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQBuUPQAwQB
uWbQAwQAuWbTMA0GCSqGSIb3DQEBCwUAA4IBAQAK4hKg6/iHADDT05f8+I8r3fdh
qRDNYc4hMUuvJzQIhz/CtQ5jNZP8ObCnpLINkFn2RghlACH6OU/1mWZY+ODQCGz6
SKUHMcXL17OOjgFF4CX6pm2ICqnN/2HRaxSf72kojzCZkQFhPveDj9c5kp5Tx2t7
C1F26/icQiVMU/+gt36zXe1uLPnZ9I0XbyhGbggrHsLRyLolv5wuKwl3x/sU/30m
i2F9tJnX5f55drEIZomr1ARZAjxqh5HjGB1Slbqm7sBOMHyLmqFLe9ea7Czbd0Uu
AE+JRlvv5m5eguahA9RMByedU7xON54dl+7xU9ZymXz8p/l6uTkUnkp5kysC
-----END CERTIFICATE-----