Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/35/9a08b0-cfec-4c91-b8eb-4abadb5aea9a/1/sGWSf-xHUHrOgvNkITc8l0s2SBw.roa
File:                     sGWSf-xHUHrOgvNkITc8l0s2SBw.roa (raw, json)
Hash identifier:          HnnC11N9+2hBi9exZUwNcRsG0nrKMg+6AT+jxX+p0kc=
Subject key identifier:   B0:65:92:7F:EC:47:50:7A:CE:82:F3:64:21:37:3C:97:4B:36:48:1C
Certificate issuer:       /CN=4d08894ca40531e7d20294091288e77ad12c2979
Certificate serial:       018CC493244764FDEDB710A87497DEF32DB3
Authority key identifier: 4D:08:89:4C:A4:05:31:E7:D2:02:94:09:12:88:E7:7A:D1:2C:29:79
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TQiJTKQFMefSApQJEojnetEsKXk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/35/9a08b0-cfec-4c91-b8eb-4abadb5aea9a/1/sGWSf-xHUHrOgvNkITc8l0s2SBw.roa
Signing time:             Mon 01 Jan 2024 10:30:26 +0000
ROA not before:           Mon 01 Jan 2024 10:30:26 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     201020
IP address blocks:        185.204.224.0/24 maxlen: 24
                          185.204.225.0/24 maxlen: 24
                          185.204.226.0/24 maxlen: 24
                          185.204.227.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/35/9a08b0-cfec-4c91-b8eb-4abadb5aea9a/1/TQiJTKQFMefSApQJEojnetEsKXk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/35/9a08b0-cfec-4c91-b8eb-4abadb5aea9a/1/TQiJTKQFMefSApQJEojnetEsKXk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TQiJTKQFMefSApQJEojnetEsKXk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 26 Jun 2024 14:33:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:24:47:64:fd:ed:b7:10:a8:74:97:de:f3:2d:b3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4d08894ca40531e7d20294091288e77ad12c2979
        Validity
            Not Before: Jan  1 10:30:26 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b065927fec47507ace82f36421373c974b36481c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:51:b2:ae:95:eb:32:53:5e:ce:ec:41:95:db:
                    d0:b8:76:51:e0:22:70:0d:e7:f1:5b:de:88:40:ee:
                    96:db:5a:d2:92:5b:0c:92:51:55:8e:97:eb:d8:74:
                    b8:d0:7a:6a:80:55:29:e0:05:19:ce:e1:ae:c8:ff:
                    cc:33:6a:68:73:81:d2:21:d3:54:66:d7:89:49:ee:
                    c6:24:9b:5e:c0:18:6a:40:50:22:92:1b:ae:52:c0:
                    84:73:2b:67:f9:ae:76:83:e3:ef:6b:db:91:7d:f4:
                    3d:32:79:76:c5:b9:54:ae:73:ce:16:98:58:35:0c:
                    48:2c:92:ea:20:df:46:92:ff:68:cd:98:22:ed:4c:
                    96:45:3f:c3:5e:5f:21:36:a6:5f:4e:d5:57:a7:fc:
                    71:22:f8:5a:55:5a:ec:25:f0:08:6c:a5:f8:c6:2d:
                    2e:0e:65:38:67:16:63:bb:9c:7d:60:6f:90:0e:5e:
                    b8:9f:7b:eb:db:a5:6b:3a:ef:dd:40:db:5e:a5:a5:
                    62:91:d4:ca:ff:6b:02:51:e7:5c:93:63:09:39:cf:
                    49:c5:30:41:15:27:7a:61:ba:f9:ad:be:32:fa:55:
                    d4:c7:bc:31:f2:2e:0b:1e:2f:06:1b:87:58:0a:47:
                    63:2b:7a:97:4a:85:ef:b8:56:2c:5e:5c:c1:26:cf:
                    99:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B0:65:92:7F:EC:47:50:7A:CE:82:F3:64:21:37:3C:97:4B:36:48:1C
            X509v3 Authority Key Identifier:
                keyid:4D:08:89:4C:A4:05:31:E7:D2:02:94:09:12:88:E7:7A:D1:2C:29:79

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TQiJTKQFMefSApQJEojnetEsKXk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/35/9a08b0-cfec-4c91-b8eb-4abadb5aea9a/1/sGWSf-xHUHrOgvNkITc8l0s2SBw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/35/9a08b0-cfec-4c91-b8eb-4abadb5aea9a/1/TQiJTKQFMefSApQJEojnetEsKXk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.204.224.0/22

    Signature Algorithm: sha256WithRSAEncryption
         39:0f:9c:15:98:09:fb:9e:83:a3:c8:87:cd:fc:2f:a5:7a:90:
         ed:70:16:fd:33:c2:02:9f:f5:10:4b:02:60:ff:02:00:9c:b0:
         93:44:58:a2:82:d1:5f:5b:56:96:e9:18:88:4f:43:6e:32:6e:
         2f:b2:a8:28:10:2f:2b:8c:c1:49:e2:53:7d:9e:16:a4:ff:39:
         d9:84:46:89:ee:6d:ac:f1:dc:33:78:04:0b:cb:ff:95:52:0d:
         aa:19:e9:85:0b:53:d3:e7:84:93:eb:e6:13:5f:7a:80:d2:e1:
         95:5a:d0:92:ab:30:10:02:95:03:6c:a3:41:90:f2:65:7d:47:
         73:19:e6:89:3f:8f:e1:d1:85:d2:60:9c:85:a8:66:5a:c5:02:
         38:09:a6:98:2b:16:01:64:b5:6f:70:dc:17:6f:4e:0f:9c:7e:
         35:61:ce:14:1b:2c:38:c0:50:96:68:5c:30:4d:c6:6a:17:e5:
         8a:fb:7f:64:5c:5b:9d:cd:ff:fb:69:43:ff:5e:0f:9f:39:39:
         e0:76:de:d1:45:1f:02:61:1d:e1:4a:f6:b9:ff:7a:27:96:1b:
         15:37:dd:d2:c7:76:7d:a0:ad:03:d9:72:e0:fe:12:e7:31:b2:
         af:88:72:81:17:ba:eb:9b:fd:49:22:4a:77:0e:62:f4:c6:a9:
         06:19:e9:80
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEkyRHZP3ttxCodJfe8y2zMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRkMDg4OTRjYTQwNTMxZTdkMjAyOTQwOTEyODhlNzdhZDEy
YzI5NzkwHhcNMjQwMTAxMTAzMDI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMDY1OTI3ZmVjNDc1MDdhY2U4MmYzNjQyMTM3M2M5NzRiMzY0ODFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2FGyrpXrMlNezuxBldvQuHZR4CJw
DefxW96IQO6W21rSklsMklFVjpfr2HS40HpqgFUp4AUZzuGuyP/MM2poc4HSIdNU
ZteJSe7GJJtewBhqQFAikhuuUsCEcytn+a52g+Pva9uRffQ9Mnl2xblUrnPOFphY
NQxILJLqIN9Gkv9ozZgi7UyWRT/DXl8hNqZfTtVXp/xxIvhaVVrsJfAIbKX4xi0u
DmU4ZxZju5x9YG+QDl64n3vr26VrOu/dQNtepaVikdTK/2sCUedck2MJOc9JxTBB
FSd6Ybr5rb4y+lXUx7wx8i4LHi8GG4dYCkdjK3qXSoXvuFYsXlzBJs+Z/QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLBlkn/sR1B6zoLzZCE3PJdLNkgcMB8GA1UdIwQY
MBaAFE0IiUykBTHn0gKUCRKI53rRLCl5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVFFpSlRLUUZNZWZTQXBRSkVvam5ldEVzS1hrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNS85YTA4YjAtY2ZlYy00YzkxLWI4ZWIt
NGFiYWRiNWFlYTlhLzEvc0dXU2YteEhVSHJPZ3ZOa0lUYzhsMHMyU0J3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNS85YTA4YjAtY2ZlYy00YzkxLWI4ZWItNGFiYWRiNWFlYTlh
LzEvVFFpSlRLUUZNZWZTQXBRSkVvam5ldEVzS1hrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuczgMA0G
CSqGSIb3DQEBCwUAA4IBAQA5D5wVmAn7noOjyIfN/C+lepDtcBb9M8ICn/UQSwJg
/wIAnLCTRFiigtFfW1aW6RiIT0NuMm4vsqgoEC8rjMFJ4lN9nhak/znZhEaJ7m2s
8dwzeAQLy/+VUg2qGemFC1PT54ST6+YTX3qA0uGVWtCSqzAQApUDbKNBkPJlfUdz
GeaJP4/h0YXSYJyFqGZaxQI4CaaYKxYBZLVvcNwXb04PnH41Yc4UGyw4wFCWaFww
TcZqF+WK+39kXFudzf/7aUP/Xg+fOTngdt7RRR8CYR3hSva5/3onlhsVN93Sx3Z9
oK0D2XLg/hLnMbKviHKBF7rrm/1JIkp3DmL0xqkGGemA
-----END CERTIFICATE-----