Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/37/a7938f-7c9a-43c9-95f3-f3810bd70376/1/PoyytAvXOYVvBU28xnJ13dEQvjk.roa
File:                     PoyytAvXOYVvBU28xnJ13dEQvjk.roa (raw, json)
Hash identifier:          i4hitHtlLKsldZIYK5cClvI2iYzkK5dcUJcf/PHsfy4=
Subject key identifier:   3E:8C:B2:B4:0B:D7:39:85:6F:05:4D:BC:C6:72:75:DD:D1:10:BE:39
Certificate issuer:       /CN=411c4322082191c79e2d86db4e1bf9d0718e27e9
Certificate serial:       0194266C2A227F28C79A24A84356DD3A9867
Authority key identifier: 41:1C:43:22:08:21:91:C7:9E:2D:86:DB:4E:1B:F9:D0:71:8E:27:E9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/QRxDIgghkceeLYbbThv50HGOJ-k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/37/a7938f-7c9a-43c9-95f3-f3810bd70376/1/PoyytAvXOYVvBU28xnJ13dEQvjk.roa
Signing time:             Thu 02 Jan 2025 09:50:10 +0000
ROA not before:           Thu 02 Jan 2025 09:50:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     202695
IP address blocks:        64.38.104.0/22 maxlen: 22
                          185.156.244.0/22 maxlen: 22
                          2a03:5b00::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/37/a7938f-7c9a-43c9-95f3-f3810bd70376/1/QRxDIgghkceeLYbbThv50HGOJ-k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/37/a7938f-7c9a-43c9-95f3-f3810bd70376/1/QRxDIgghkceeLYbbThv50HGOJ-k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/QRxDIgghkceeLYbbThv50HGOJ-k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 18:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:6c:2a:22:7f:28:c7:9a:24:a8:43:56:dd:3a:98:67
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=411c4322082191c79e2d86db4e1bf9d0718e27e9
        Validity
            Not Before: Jan  2 09:50:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3e8cb2b40bd739856f054dbcc67275ddd110be39
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:37:02:d9:f4:e3:3e:d8:0f:99:0f:d6:43:07:
                    b6:f8:71:89:3a:4c:7d:ea:20:e7:b6:d0:2e:be:13:
                    2f:e0:f5:2d:f0:d2:88:e1:a0:0a:4b:01:46:f6:3f:
                    b6:17:f9:50:52:58:43:9a:e9:d5:a7:23:b0:32:02:
                    c8:06:8d:16:a2:82:5e:ee:3d:d6:a2:2f:7d:47:5e:
                    d8:83:2c:e7:06:1e:b8:f1:c0:2c:aa:39:ca:ef:fc:
                    f7:15:ae:c3:46:09:58:c8:95:b4:fb:bf:a7:79:21:
                    05:f8:1d:a2:83:20:07:50:82:6f:ea:1f:42:65:48:
                    01:5a:60:80:03:48:7d:77:87:46:8e:1e:4a:a5:32:
                    91:6a:b4:f7:b3:3f:06:19:2b:fb:dc:8b:ce:64:ed:
                    9e:8a:70:ea:20:4f:98:03:7e:0c:9e:08:c1:17:d8:
                    8d:75:65:74:9f:ba:73:40:1a:00:5a:e9:ae:72:a1:
                    e5:8e:97:0b:bb:28:2d:c0:d0:62:d1:af:7b:a6:73:
                    64:2e:f7:e2:27:10:7a:59:9c:1c:0f:89:0d:41:df:
                    9d:fb:8b:24:35:49:66:f3:31:f8:50:94:29:8b:3e:
                    1a:bf:c6:34:14:57:41:62:e2:e2:e2:02:ee:2e:13:
                    c7:ce:9f:50:45:48:54:69:e2:48:78:c5:bb:62:97:
                    2c:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3E:8C:B2:B4:0B:D7:39:85:6F:05:4D:BC:C6:72:75:DD:D1:10:BE:39
            X509v3 Authority Key Identifier:
                keyid:41:1C:43:22:08:21:91:C7:9E:2D:86:DB:4E:1B:F9:D0:71:8E:27:E9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QRxDIgghkceeLYbbThv50HGOJ-k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/37/a7938f-7c9a-43c9-95f3-f3810bd70376/1/PoyytAvXOYVvBU28xnJ13dEQvjk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/37/a7938f-7c9a-43c9-95f3-f3810bd70376/1/QRxDIgghkceeLYbbThv50HGOJ-k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  64.38.104.0/22
                  185.156.244.0/22
                IPv6:
                  2a03:5b00::/32

    Signature Algorithm: sha256WithRSAEncryption
         8a:67:26:90:e9:34:b5:07:ed:44:7e:b4:ba:21:89:46:88:10:
         58:21:b7:a9:ef:3b:98:83:81:0d:ae:df:0e:e6:2b:58:6c:4d:
         8b:c6:80:4d:ed:19:ca:15:78:5d:45:82:12:fa:c4:1b:ad:03:
         09:27:3f:62:57:d5:85:53:b4:b9:be:78:0c:2a:2a:74:92:f6:
         8a:f0:d2:44:21:de:fb:63:93:8a:35:76:be:37:15:84:66:d7:
         56:34:6b:0c:d0:a3:8a:90:b9:82:54:31:f8:ba:03:a4:6f:f4:
         49:2c:ac:21:49:d3:31:0c:ce:f6:0f:a6:12:28:89:e3:6c:ce:
         68:f6:4f:c2:c0:dd:d7:bf:1d:26:73:7b:30:02:bc:b7:23:8d:
         ad:9b:20:e5:27:03:6f:46:29:73:0d:8d:a7:f8:e2:a9:76:4f:
         0f:6b:00:4e:ca:cb:c0:37:3a:e6:d3:f0:8e:06:b3:36:e7:9b:
         be:de:80:dd:66:35:b3:d3:ce:66:09:bd:a5:50:6d:bf:c3:90:
         65:ec:95:93:8d:56:34:bd:5c:c3:12:72:6a:37:16:27:9a:15:
         ec:c2:fa:6b:9b:94:77:03:ea:be:26:6a:74:2a:01:ef:44:49:
         aa:20:b0:40:93:15:04:d3:13:00:ae:1c:fb:c1:e0:8a:7d:3d:
         b5:f2:0e:f5
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZQmbCoifyjHmiSoQ1bdOphnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQxMWM0MzIyMDgyMTkxYzc5ZTJkODZkYjRlMWJmOWQwNzE4
ZTI3ZTkwHhcNMjUwMTAyMDk1MDEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZThjYjJiNDBiZDczOTg1NmYwNTRkYmNjNjcyNzVkZGQxMTBiZTM5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApjcC2fTjPtgPmQ/WQwe2+HGJOkx9
6iDnttAuvhMv4PUt8NKI4aAKSwFG9j+2F/lQUlhDmunVpyOwMgLIBo0WooJe7j3W
oi99R17YgyznBh648cAsqjnK7/z3Fa7DRglYyJW0+7+neSEF+B2igyAHUIJv6h9C
ZUgBWmCAA0h9d4dGjh5KpTKRarT3sz8GGSv73IvOZO2einDqIE+YA34MngjBF9iN
dWV0n7pzQBoAWumucqHljpcLuygtwNBi0a97pnNkLvfiJxB6WZwcD4kNQd+d+4sk
NUlm8zH4UJQpiz4av8Y0FFdBYuLi4gLuLhPHzp9QRUhUaeJIeMW7YpcsJQIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFD6MsrQL1zmFbwVNvMZydd3REL45MB8GA1UdIwQY
MBaAFEEcQyIIIZHHni2G204b+dBxjifpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUVJ4RElnZ2hrY2VlTFliYlRodjUwSEdPSi1rLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNy9hNzkzOGYtN2M5YS00M2M5LTk1ZjMt
ZjM4MTBiZDcwMzc2LzEvUG95eXRBdlhPWVZ2QlUyOHhuSjEzZEVRdmprLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNy9hNzkzOGYtN2M5YS00M2M5LTk1ZjMtZjM4MTBiZDcwMzc2
LzEvUVJ4RElnZ2hrY2VlTFliYlRodjUwSEdPSi1rLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQCQCZoAwQC
uZz0MA0EAgACMAcDBQAqA1sAMA0GCSqGSIb3DQEBCwUAA4IBAQCKZyaQ6TS1B+1E
frS6IYlGiBBYIbep7zuYg4ENrt8O5itYbE2LxoBN7RnKFXhdRYIS+sQbrQMJJz9i
V9WFU7S5vngMKip0kvaK8NJEId77Y5OKNXa+NxWEZtdWNGsM0KOKkLmCVDH4ugOk
b/RJLKwhSdMxDM72D6YSKInjbM5o9k/CwN3Xvx0mc3swAry3I42tmyDlJwNvRilz
DY2n+OKpdk8PawBOysvANzrm0/COBrM255u+3oDdZjWz085mCb2lUG2/w5Bl7JWT
jVY0vVzDEnJqNxYnmhXswvprm5R3A+q+Jmp0KgHvREmqILBAkxUE0xMArhz7weCK
fT218g71
-----END CERTIFICATE-----