Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/35/00e8e1-c235-49a9-9f92-63831ae951ef/1/dDCoImKQNrHXyasH5BqbAo27W3o.roa
File:                     dDCoImKQNrHXyasH5BqbAo27W3o.roa (raw, json)
Hash identifier:          f48SfVN/nMYwPQ7yDQlyTF9yoojdYsN08X4hTrgTFDI=
Subject key identifier:   74:30:A8:22:62:90:36:B1:D7:C9:AB:07:E4:1A:9B:02:8D:BB:5B:7A
Certificate issuer:       /CN=1f5cf6d120e28138b0aa2fc83cba9b0e96796c36
Certificate serial:       019422FB353BB2453528ED52C2FE9AA620AA
Authority key identifier: 1F:5C:F6:D1:20:E2:81:38:B0:AA:2F:C8:3C:BA:9B:0E:96:79:6C:36
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/H1z20SDigTiwqi_IPLqbDpZ5bDY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/35/00e8e1-c235-49a9-9f92-63831ae951ef/1/dDCoImKQNrHXyasH5BqbAo27W3o.roa
Signing time:             Wed 01 Jan 2025 17:47:55 +0000
ROA not before:           Wed 01 Jan 2025 17:47:55 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     1241
IP address blocks:        185.247.160.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/35/00e8e1-c235-49a9-9f92-63831ae951ef/1/H1z20SDigTiwqi_IPLqbDpZ5bDY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/35/00e8e1-c235-49a9-9f92-63831ae951ef/1/H1z20SDigTiwqi_IPLqbDpZ5bDY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/H1z20SDigTiwqi_IPLqbDpZ5bDY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 17 Apr 2025 17:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:fb:35:3b:b2:45:35:28:ed:52:c2:fe:9a:a6:20:aa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1f5cf6d120e28138b0aa2fc83cba9b0e96796c36
        Validity
            Not Before: Jan  1 17:47:55 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=7430a822629036b1d7c9ab07e41a9b028dbb5b7a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:0b:12:f5:78:90:b0:ce:0c:ec:da:4d:85:3c:
                    d9:9f:eb:fb:fc:75:34:e0:de:c5:ea:5c:0d:1d:0c:
                    9e:b8:f4:4b:fa:1a:0d:05:7e:92:25:67:1c:dc:52:
                    34:e6:f5:d3:37:8d:71:b4:89:bb:c7:4d:db:3f:8f:
                    8f:0b:12:26:19:97:13:dc:35:69:44:cc:8f:ba:4d:
                    ff:84:61:0e:f4:65:af:f6:1b:ed:ce:61:6c:e0:e1:
                    5b:d6:0e:e0:eb:32:8f:41:4d:2c:81:8f:cb:a3:bb:
                    9c:1e:a6:2e:a3:43:df:40:9c:84:37:38:ad:2a:ee:
                    90:9a:40:b2:9d:9f:65:b5:54:1c:cd:8f:6a:95:fc:
                    ef:af:a4:2e:18:89:1a:c2:a2:f9:d4:a4:6b:56:3d:
                    6a:63:44:04:1d:2a:b0:42:f3:20:9f:a8:02:4d:00:
                    8e:a8:77:5a:f2:1a:2d:54:b8:4a:c6:66:46:f2:ca:
                    c1:2d:8d:e7:76:38:e5:17:a5:10:79:2d:4d:3c:bd:
                    60:24:ef:ab:bb:22:30:cd:f0:3c:2e:dd:e6:fd:43:
                    b0:fd:84:db:67:54:a0:23:1c:c8:bd:84:71:06:f4:
                    25:75:34:ba:40:3b:0d:d1:5f:fa:4c:50:1a:90:d5:
                    66:24:d6:f8:57:36:88:91:3b:a5:14:bd:86:04:e0:
                    6d:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                74:30:A8:22:62:90:36:B1:D7:C9:AB:07:E4:1A:9B:02:8D:BB:5B:7A
            X509v3 Authority Key Identifier:
                keyid:1F:5C:F6:D1:20:E2:81:38:B0:AA:2F:C8:3C:BA:9B:0E:96:79:6C:36

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/H1z20SDigTiwqi_IPLqbDpZ5bDY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/35/00e8e1-c235-49a9-9f92-63831ae951ef/1/dDCoImKQNrHXyasH5BqbAo27W3o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/35/00e8e1-c235-49a9-9f92-63831ae951ef/1/H1z20SDigTiwqi_IPLqbDpZ5bDY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.247.160.0/22

    Signature Algorithm: sha256WithRSAEncryption
         29:ef:d0:c6:1a:32:34:73:8d:35:fd:22:5f:ae:48:e8:9c:6f:
         9b:ef:bf:86:84:e2:4d:2c:63:3c:32:20:76:25:7c:d0:0d:ec:
         ca:5a:45:d9:c2:61:b7:53:2a:bf:a5:f1:57:71:39:56:87:f0:
         4e:02:7f:69:98:0b:78:2e:98:09:db:fb:20:d4:b3:93:d6:2f:
         2e:fb:08:81:32:e3:f8:7a:e1:95:4e:9f:b6:5d:e9:f6:88:8d:
         83:8e:35:37:bf:00:37:10:21:fa:17:8f:76:4a:d4:a6:ca:3e:
         8f:48:40:61:c2:3e:6c:bf:eb:db:69:52:a1:f5:02:23:90:52:
         7f:f1:6d:5e:94:c7:a3:a2:8e:45:bc:d4:79:a0:f3:9e:12:c7:
         d2:e3:63:34:6c:c9:77:77:ad:83:d2:25:c7:58:24:07:58:92:
         eb:23:98:bd:40:c5:64:2f:46:8e:8d:11:58:f8:dd:b1:d0:7d:
         54:10:bc:53:4b:99:43:d4:65:cc:9a:cf:c4:e3:e1:4f:fb:c5:
         96:36:4f:3f:47:55:91:b1:b4:72:45:61:71:4e:c7:5e:7e:91:
         e2:bd:83:01:a3:89:d1:55:a2:d4:9e:f7:c4:f8:77:42:36:1a:
         28:2e:4d:1c:1b:7b:2c:b7:9f:d2:7f:53:ea:3f:45:88:c8:12:
         a5:13:70:15
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQi+zU7skU1KO1Swv6apiCqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFmNWNmNmQxMjBlMjgxMzhiMGFhMmZjODNjYmE5YjBlOTY3
OTZjMzYwHhcNMjUwMTAxMTc0NzU1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NDMwYTgyMjYyOTAzNmIxZDdjOWFiMDdlNDFhOWIwMjhkYmI1YjdhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAygsS9XiQsM4M7NpNhTzZn+v7/HU0
4N7F6lwNHQyeuPRL+hoNBX6SJWcc3FI05vXTN41xtIm7x03bP4+PCxImGZcT3DVp
RMyPuk3/hGEO9GWv9hvtzmFs4OFb1g7g6zKPQU0sgY/Lo7ucHqYuo0PfQJyENzit
Ku6QmkCynZ9ltVQczY9qlfzvr6QuGIkawqL51KRrVj1qY0QEHSqwQvMgn6gCTQCO
qHda8hotVLhKxmZG8srBLY3ndjjlF6UQeS1NPL1gJO+ruyIwzfA8Lt3m/UOw/YTb
Z1SgIxzIvYRxBvQldTS6QDsN0V/6TFAakNVmJNb4VzaIkTulFL2GBOBtYQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHQwqCJikDax18mrB+QamwKNu1t6MB8GA1UdIwQY
MBaAFB9c9tEg4oE4sKovyDy6mw6WeWw2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSDF6MjBTRGlnVGl3cWlfSVBMcWJEcFo1YkRZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNS8wMGU4ZTEtYzIzNS00OWE5LTlmOTIt
NjM4MzFhZTk1MWVmLzEvZERDb0ltS1FOckhYeWFzSDVCcWJBbzI3VzNvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNS8wMGU4ZTEtYzIzNS00OWE5LTlmOTItNjM4MzFhZTk1MWVm
LzEvSDF6MjBTRGlnVGl3cWlfSVBMcWJEcFo1YkRZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCufegMA0G
CSqGSIb3DQEBCwUAA4IBAQAp79DGGjI0c401/SJfrkjonG+b77+GhOJNLGM8MiB2
JXzQDezKWkXZwmG3Uyq/pfFXcTlWh/BOAn9pmAt4LpgJ2/sg1LOT1i8u+wiBMuP4
euGVTp+2Xen2iI2DjjU3vwA3ECH6F492StSmyj6PSEBhwj5sv+vbaVKh9QIjkFJ/
8W1elMejoo5FvNR5oPOeEsfS42M0bMl3d62D0iXHWCQHWJLrI5i9QMVkL0aOjRFY
+N2x0H1UELxTS5lD1GXMms/E4+FP+8WWNk8/R1WRsbRyRWFxTsdefpHivYMBo4nR
VaLUnvfE+HdCNhooLk0cG3sst5/Sf1PqP0WIyBKlE3AV
-----END CERTIFICATE-----