Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/40/a760a9-ab5e-4acf-a8e2-4bd58db10ed2/1/bOIrh8o4MvR1wd4C84En4JCn0L4.roa
File:                     bOIrh8o4MvR1wd4C84En4JCn0L4.roa (raw, json)
Hash identifier:          DG81fv6EP9+XjNFDQGRmy+cQGfBXw0VPtgzqJ5IZAq4=
Subject key identifier:   6C:E2:2B:87:CA:38:32:F4:75:C1:DE:02:F3:81:27:E0:90:A7:D0:BE
Certificate issuer:       /CN=54882b1413221e9b5d3bc8a7329b7649f9b1ec2c
Certificate serial:       019425FBFE2C84C5193AC711203FB90C3F8D
Authority key identifier: 54:88:2B:14:13:22:1E:9B:5D:3B:C8:A7:32:9B:76:49:F9:B1:EC:2C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VIgrFBMiHptdO8inMpt2Sfmx7Cw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/40/a760a9-ab5e-4acf-a8e2-4bd58db10ed2/1/bOIrh8o4MvR1wd4C84En4JCn0L4.roa
Signing time:             Thu 02 Jan 2025 07:47:39 +0000
ROA not before:           Thu 02 Jan 2025 07:47:39 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     201193
IP address blocks:        185.231.48.0/22 maxlen: 24
                          185.231.48.0/24 maxlen: 24
                          185.231.49.0/24 maxlen: 24
                          185.231.50.0/24 maxlen: 24
                          185.231.51.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/40/a760a9-ab5e-4acf-a8e2-4bd58db10ed2/1/VIgrFBMiHptdO8inMpt2Sfmx7Cw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/40/a760a9-ab5e-4acf-a8e2-4bd58db10ed2/1/VIgrFBMiHptdO8inMpt2Sfmx7Cw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VIgrFBMiHptdO8inMpt2Sfmx7Cw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 23:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:fb:fe:2c:84:c5:19:3a:c7:11:20:3f:b9:0c:3f:8d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=54882b1413221e9b5d3bc8a7329b7649f9b1ec2c
        Validity
            Not Before: Jan  2 07:47:39 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6ce22b87ca3832f475c1de02f38127e090a7d0be
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:17:b4:39:a5:7c:f1:23:91:69:71:70:95:bf:
                    7f:bc:cb:3a:8f:41:c4:c8:44:e1:b8:10:28:a2:f4:
                    80:d8:ff:93:77:25:31:b7:7b:29:ad:3d:61:1c:83:
                    b9:ca:96:08:e2:da:d4:8f:39:79:02:02:d3:0a:d1:
                    8d:90:a6:89:0a:11:71:48:fc:6c:33:96:b3:59:dd:
                    70:2e:dc:14:36:6c:9b:69:c6:1e:db:8c:aa:0a:a8:
                    1e:30:8c:0a:3f:e0:ad:75:33:a7:4b:0f:01:36:58:
                    23:1d:b2:f9:aa:99:ed:d8:e2:87:c4:50:9c:0d:24:
                    3e:4a:1b:be:64:93:4f:26:a3:9f:63:24:63:23:63:
                    0f:2c:45:dd:ef:b1:66:16:52:b7:d2:a4:f0:ab:43:
                    3c:64:82:84:2f:a6:10:e6:58:fe:68:67:83:3d:dd:
                    d1:1c:4c:56:ee:a3:5b:20:c9:80:7a:09:39:2d:f4:
                    39:cf:0d:1f:93:09:15:80:ad:1c:32:bb:0c:c4:93:
                    54:95:d8:1f:f2:5e:54:19:39:d8:cd:b6:0a:be:6c:
                    86:14:f6:2f:13:61:ca:3e:31:1c:5d:cb:02:e3:46:
                    7a:39:9c:81:54:c2:36:30:b3:75:34:a5:eb:c5:c1:
                    98:26:69:96:53:dc:43:73:df:ea:2b:91:23:fe:4c:
                    25:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6C:E2:2B:87:CA:38:32:F4:75:C1:DE:02:F3:81:27:E0:90:A7:D0:BE
            X509v3 Authority Key Identifier:
                keyid:54:88:2B:14:13:22:1E:9B:5D:3B:C8:A7:32:9B:76:49:F9:B1:EC:2C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VIgrFBMiHptdO8inMpt2Sfmx7Cw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/40/a760a9-ab5e-4acf-a8e2-4bd58db10ed2/1/bOIrh8o4MvR1wd4C84En4JCn0L4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/40/a760a9-ab5e-4acf-a8e2-4bd58db10ed2/1/VIgrFBMiHptdO8inMpt2Sfmx7Cw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.231.48.0/22

    Signature Algorithm: sha256WithRSAEncryption
         70:49:d9:a7:f7:80:87:f0:fb:80:59:fa:78:b0:bc:be:32:06:
         4c:ab:3e:c0:59:fd:5d:e7:b1:6b:e3:d3:82:de:6d:05:82:72:
         61:b5:ad:13:6f:02:21:f6:0e:80:38:f6:ca:c9:ed:0b:8e:8a:
         f1:e5:31:ff:e7:71:1e:88:71:6f:37:d8:d8:83:ca:0a:cf:22:
         10:75:9c:a3:36:c0:27:b2:03:af:ad:98:e2:27:c7:88:3b:1b:
         9b:9e:4f:85:4d:0d:20:d8:9b:8d:cd:0b:d0:d5:00:b2:e6:05:
         b2:00:26:c5:48:0f:65:f2:04:dc:7d:73:37:f7:12:51:6b:6e:
         7f:6c:8b:0d:5b:9a:e2:01:9e:52:85:98:81:a5:a7:f5:bc:8d:
         ca:a4:fb:fa:8b:66:86:4c:de:e7:99:83:25:40:89:63:f3:b2:
         95:c4:41:3a:89:38:00:cb:22:09:88:a5:71:0e:cc:d3:f5:f8:
         8e:08:27:ae:9a:5c:07:81:f1:6d:48:84:b0:a3:10:75:5d:1a:
         f4:94:c9:6e:3a:f3:4a:ec:99:5a:80:91:dd:34:44:72:1d:3f:
         ea:ae:a1:7c:11:2b:13:f9:99:1a:23:c5:b5:15:cd:a8:2e:87:
         a9:1f:c7:75:14:34:cc:49:14:f1:f0:64:b8:f3:b7:cd:15:0d:
         4a:6a:35:48
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQl+/4shMUZOscRID+5DD+NMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU0ODgyYjE0MTMyMjFlOWI1ZDNiYzhhNzMyOWI3NjQ5Zjli
MWVjMmMwHhcNMjUwMTAyMDc0NzM5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2Y2UyMmI4N2NhMzgzMmY0NzVjMWRlMDJmMzgxMjdlMDkwYTdkMGJlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtBe0OaV88SORaXFwlb9/vMs6j0HE
yEThuBAoovSA2P+TdyUxt3sprT1hHIO5ypYI4trUjzl5AgLTCtGNkKaJChFxSPxs
M5azWd1wLtwUNmybacYe24yqCqgeMIwKP+CtdTOnSw8BNlgjHbL5qpnt2OKHxFCc
DSQ+Shu+ZJNPJqOfYyRjI2MPLEXd77FmFlK30qTwq0M8ZIKEL6YQ5lj+aGeDPd3R
HExW7qNbIMmAegk5LfQ5zw0fkwkVgK0cMrsMxJNUldgf8l5UGTnYzbYKvmyGFPYv
E2HKPjEcXcsC40Z6OZyBVMI2MLN1NKXrxcGYJmmWU9xDc9/qK5Ej/kwlGwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGziK4fKODL0dcHeAvOBJ+CQp9C+MB8GA1UdIwQY
MBaAFFSIKxQTIh6bXTvIpzKbdkn5sewsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVklnckZCTWlIcHRkTzhpbk1wdDJTZm14N0N3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MC9hNzYwYTktYWI1ZS00YWNmLWE4ZTIt
NGJkNThkYjEwZWQyLzEvYk9Jcmg4bzRNdlIxd2Q0Qzg0RW40SkNuMEw0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MC9hNzYwYTktYWI1ZS00YWNmLWE4ZTItNGJkNThkYjEwZWQy
LzEvVklnckZCTWlIcHRkTzhpbk1wdDJTZm14N0N3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuecwMA0G
CSqGSIb3DQEBCwUAA4IBAQBwSdmn94CH8PuAWfp4sLy+MgZMqz7AWf1d57Fr49OC
3m0FgnJhta0TbwIh9g6AOPbKye0Ljorx5TH/53EeiHFvN9jYg8oKzyIQdZyjNsAn
sgOvrZjiJ8eIOxubnk+FTQ0g2JuNzQvQ1QCy5gWyACbFSA9l8gTcfXM39xJRa25/
bIsNW5riAZ5ShZiBpaf1vI3KpPv6i2aGTN7nmYMlQIlj87KVxEE6iTgAyyIJiKVx
DszT9fiOCCeumlwHgfFtSISwoxB1XRr0lMluOvNK7JlagJHdNERyHT/qrqF8ESsT
+ZkaI8W1Fc2oLoepH8d1FDTMSRTx8GS487fNFQ1KajVI
-----END CERTIFICATE-----