Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3b/2acb8f-222f-4473-9205-1390a2d99e0b/1/g2bIRp1_Ofi7tBEEaDVHCapdwAY.roa
File:                     g2bIRp1_Ofi7tBEEaDVHCapdwAY.roa (raw, json)
Hash identifier:          mKK0SH1X7uOReLc+h1naUYfsSMGvNovIT24/wKrbp8E=
Subject key identifier:   83:66:C8:46:9D:7F:39:F8:BB:B4:11:04:68:35:47:09:AA:5D:C0:06
Certificate issuer:       /CN=4f73b056f8d0fa996d6833c30b1fd78e7d979ac4
Certificate serial:       0196EE242CE5DDE167FF7D1329487D5982D8
Authority key identifier: 4F:73:B0:56:F8:D0:FA:99:6D:68:33:C3:0B:1F:D7:8E:7D:97:9A:C4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T3OwVvjQ-pltaDPDCx_Xjn2XmsQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3b/2acb8f-222f-4473-9205-1390a2d99e0b/1/g2bIRp1_Ofi7tBEEaDVHCapdwAY.roa
Signing time:             Tue 20 May 2025 14:41:10 +0000
ROA not before:           Tue 20 May 2025 14:41:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     1836
IP address blocks:        185.231.104.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3b/2acb8f-222f-4473-9205-1390a2d99e0b/1/T3OwVvjQ-pltaDPDCx_Xjn2XmsQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3b/2acb8f-222f-4473-9205-1390a2d99e0b/1/T3OwVvjQ-pltaDPDCx_Xjn2XmsQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T3OwVvjQ-pltaDPDCx_Xjn2XmsQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 08 Jun 2025 20:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:ee:24:2c:e5:dd:e1:67:ff:7d:13:29:48:7d:59:82:d8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f73b056f8d0fa996d6833c30b1fd78e7d979ac4
        Validity
            Not Before: May 20 14:41:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8366c8469d7f39f8bbb4110468354709aa5dc006
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:87:63:d7:8f:7d:ce:f1:13:0c:01:b0:3c:16:
                    fb:2f:9f:07:e2:53:a5:bd:83:34:39:d6:7e:e6:8b:
                    20:fb:a1:04:4f:99:b8:37:59:01:b3:63:99:69:ec:
                    4d:e5:75:c0:62:35:fd:fb:3c:cd:2f:f2:05:dd:53:
                    e3:96:d9:5b:05:73:66:e1:1b:39:de:69:92:a9:32:
                    62:3d:e7:ff:d9:37:a0:58:48:f8:70:e8:45:31:88:
                    14:ae:a9:fc:97:1a:a2:5b:88:40:b2:3f:e9:b8:50:
                    ed:2b:9e:a9:14:0d:28:92:ec:42:46:15:e8:81:7d:
                    1a:e1:e3:61:5d:36:7c:43:0c:a2:75:e0:e6:36:51:
                    3e:f8:79:4b:8f:d1:6b:67:52:a0:0c:84:a8:24:78:
                    79:a7:32:c0:c9:0f:b0:74:dd:48:5c:10:14:da:5d:
                    9c:b2:98:b4:8f:67:7a:66:b5:c6:08:9e:ec:2e:c8:
                    7b:6c:9a:84:26:b2:73:7d:2d:cb:2e:bf:7b:ce:47:
                    bb:9d:9b:da:9d:e1:11:df:21:db:64:98:65:df:71:
                    82:c7:39:26:fb:60:37:b6:c2:b2:ae:8a:2e:3e:aa:
                    a1:2c:fc:5c:02:85:9c:16:04:ed:1b:e0:ac:9f:14:
                    4e:3c:09:ac:76:54:f4:76:7f:89:48:26:09:f2:94:
                    74:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                83:66:C8:46:9D:7F:39:F8:BB:B4:11:04:68:35:47:09:AA:5D:C0:06
            X509v3 Authority Key Identifier:
                keyid:4F:73:B0:56:F8:D0:FA:99:6D:68:33:C3:0B:1F:D7:8E:7D:97:9A:C4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T3OwVvjQ-pltaDPDCx_Xjn2XmsQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3b/2acb8f-222f-4473-9205-1390a2d99e0b/1/g2bIRp1_Ofi7tBEEaDVHCapdwAY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3b/2acb8f-222f-4473-9205-1390a2d99e0b/1/T3OwVvjQ-pltaDPDCx_Xjn2XmsQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.231.104.0/22

    Signature Algorithm: sha256WithRSAEncryption
         82:ce:00:f4:fb:02:b8:a1:ac:38:df:7e:6d:c4:f6:b4:ba:44:
         13:b2:92:2f:89:0b:d3:5c:e5:88:d1:df:07:a6:10:38:8a:19:
         f5:dc:af:dc:65:78:3a:c5:60:c7:50:29:39:db:82:2e:24:f9:
         28:07:f9:c6:28:eb:38:ec:fe:bc:7a:50:05:23:66:ef:ab:23:
         4e:31:b1:25:10:a0:a7:72:2d:93:df:e9:24:e9:08:b2:40:76:
         3f:00:48:13:6b:66:fa:9f:0c:62:3b:d8:a8:18:20:33:bf:be:
         cc:b9:14:03:9a:8b:9c:ea:1c:a7:a6:16:5c:26:8d:20:91:d5:
         1c:31:cb:fd:c2:d4:e7:25:91:71:fc:ad:6b:fb:b5:c6:40:9c:
         d3:00:55:7c:f6:6e:3a:57:95:10:89:07:3c:8a:5e:74:a5:bf:
         28:29:8a:29:01:b3:f7:67:12:78:a1:d7:e5:a0:8a:8d:a2:09:
         dd:c0:fb:6c:7c:be:54:6d:ea:fe:2a:98:f5:eb:bc:65:76:e2:
         5b:01:af:ea:76:8e:f1:03:39:ef:56:24:31:de:17:98:d0:65:
         cb:f2:5a:f5:c5:0a:1f:4e:9d:37:cc:76:e5:8c:28:fe:26:ef:
         4e:70:95:50:06:76:ab:5d:f3:3a:08:17:e7:19:b9:06:a8:45:
         da:56:0f:52
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZbuJCzl3eFn/30TKUh9WYLYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmNzNiMDU2ZjhkMGZhOTk2ZDY4MzNjMzBiMWZkNzhlN2Q5
NzlhYzQwHhcNMjUwNTIwMTQ0MTEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MzY2Yzg0NjlkN2YzOWY4YmJiNDExMDQ2ODM1NDcwOWFhNWRjMDA2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA14dj1499zvETDAGwPBb7L58H4lOl
vYM0OdZ+5osg+6EET5m4N1kBs2OZaexN5XXAYjX9+zzNL/IF3VPjltlbBXNm4Rs5
3mmSqTJiPef/2TegWEj4cOhFMYgUrqn8lxqiW4hAsj/puFDtK56pFA0okuxCRhXo
gX0a4eNhXTZ8QwyideDmNlE++HlLj9FrZ1KgDISoJHh5pzLAyQ+wdN1IXBAU2l2c
spi0j2d6ZrXGCJ7sLsh7bJqEJrJzfS3LLr97zke7nZvaneER3yHbZJhl33GCxzkm
+2A3tsKyroouPqqhLPxcAoWcFgTtG+CsnxROPAmsdlT0dn+JSCYJ8pR0LwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFINmyEadfzn4u7QRBGg1RwmqXcAGMB8GA1UdIwQY
MBaAFE9zsFb40PqZbWgzwwsf1459l5rEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVDNPd1Z2alEtcGx0YURQREN4X1hqbjJYbXNRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYi8yYWNiOGYtMjIyZi00NDczLTkyMDUt
MTM5MGEyZDk5ZTBiLzEvZzJiSVJwMV9PZmk3dEJFRWFEVkhDYXBkd0FZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYi8yYWNiOGYtMjIyZi00NDczLTkyMDUtMTM5MGEyZDk5ZTBi
LzEvVDNPd1Z2alEtcGx0YURQREN4X1hqbjJYbXNRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuedoMA0G
CSqGSIb3DQEBCwUAA4IBAQCCzgD0+wK4oaw4335txPa0ukQTspIviQvTXOWI0d8H
phA4ihn13K/cZXg6xWDHUCk524IuJPkoB/nGKOs47P68elAFI2bvqyNOMbElEKCn
ci2T3+kk6QiyQHY/AEgTa2b6nwxiO9ioGCAzv77MuRQDmouc6hynphZcJo0gkdUc
Mcv9wtTnJZFx/K1r+7XGQJzTAFV89m46V5UQiQc8il50pb8oKYopAbP3ZxJ4odfl
oIqNogndwPtsfL5Uber+Kpj167xlduJbAa/qdo7xAznvViQx3heY0GXL8lr1xQof
Tp03zHbljCj+Ju9OcJVQBnarXfM6CBfnGbkGqEXaVg9S
-----END CERTIFICATE-----