Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/40/bfec08-8cbe-4c45-8db1-4d46c6a7010a/1/4Thjoi2cuu2R-Wt66Xk0RcDdsq8.roa
File:                     4Thjoi2cuu2R-Wt66Xk0RcDdsq8.roa (raw, json)
Hash identifier:          FfWHL/WqJtibXS4FBAVnGxUAgnegdwlyA934MIbOlIo=
Subject key identifier:   E1:38:63:A2:2D:9C:BA:ED:91:F9:6B:7A:E9:79:34:45:C0:DD:B2:AF
Certificate issuer:       /CN=25475f5ad9eccff69c35a630dcff2c5a663fd7cf
Certificate serial:       019420682F144B05C9B7E6C79646F707E29B
Authority key identifier: 25:47:5F:5A:D9:EC:CF:F6:9C:35:A6:30:DC:FF:2C:5A:66:3F:D7:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JUdfWtnsz_acNaYw3P8sWmY_188.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/40/bfec08-8cbe-4c45-8db1-4d46c6a7010a/1/4Thjoi2cuu2R-Wt66Xk0RcDdsq8.roa
Signing time:             Wed 01 Jan 2025 05:48:06 +0000
ROA not before:           Wed 01 Jan 2025 05:48:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     31042
IP address blocks:        185.20.36.0/22 maxlen: 22
                          185.20.37.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/40/bfec08-8cbe-4c45-8db1-4d46c6a7010a/1/JUdfWtnsz_acNaYw3P8sWmY_188.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/40/bfec08-8cbe-4c45-8db1-4d46c6a7010a/1/JUdfWtnsz_acNaYw3P8sWmY_188.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JUdfWtnsz_acNaYw3P8sWmY_188.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 17:00:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:68:2f:14:4b:05:c9:b7:e6:c7:96:46:f7:07:e2:9b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=25475f5ad9eccff69c35a630dcff2c5a663fd7cf
        Validity
            Not Before: Jan  1 05:48:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e13863a22d9cbaed91f96b7ae9793445c0ddb2af
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:f0:df:e9:05:3e:f6:c8:39:ba:e5:93:27:0a:
                    7c:ef:ee:83:67:0d:b7:41:04:fa:a4:e1:88:3f:c8:
                    ff:12:79:ff:7a:29:00:0f:67:38:58:dd:8c:61:40:
                    f6:2a:e4:15:f3:cc:66:3a:30:30:b5:81:f9:1e:26:
                    48:d5:54:5a:66:a0:17:fc:9c:fa:de:39:0f:e4:1b:
                    5b:26:66:8a:bd:8b:39:9f:99:d6:19:2d:79:fa:5a:
                    d5:dc:bd:42:7a:45:18:b5:45:a6:7c:b5:f2:77:60:
                    01:99:80:b1:6e:8e:24:45:c2:40:98:9b:5f:8a:b7:
                    0f:c1:43:51:f3:02:9f:7c:48:be:8a:f3:fa:65:55:
                    eb:e2:72:3a:0e:5a:6c:3a:86:02:36:3f:64:4d:f8:
                    d3:f7:b4:ab:10:35:3b:0a:c8:ab:e3:90:e9:be:59:
                    a5:de:34:fd:27:c7:5b:05:da:6b:17:6f:a3:0b:f2:
                    22:93:92:1d:7e:7a:3c:3a:98:a6:c8:6a:90:4a:a1:
                    d3:75:19:14:23:97:b5:32:8c:d3:db:29:fb:6c:5f:
                    9b:d6:de:ff:b1:97:5f:2a:c1:f1:26:59:c0:e1:50:
                    21:d3:31:54:b7:27:c5:78:5b:0f:3d:58:45:d9:93:
                    8e:34:e8:fc:ea:96:b7:37:df:4e:3b:48:a9:e5:af:
                    f6:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E1:38:63:A2:2D:9C:BA:ED:91:F9:6B:7A:E9:79:34:45:C0:DD:B2:AF
            X509v3 Authority Key Identifier:
                keyid:25:47:5F:5A:D9:EC:CF:F6:9C:35:A6:30:DC:FF:2C:5A:66:3F:D7:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JUdfWtnsz_acNaYw3P8sWmY_188.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/40/bfec08-8cbe-4c45-8db1-4d46c6a7010a/1/4Thjoi2cuu2R-Wt66Xk0RcDdsq8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/40/bfec08-8cbe-4c45-8db1-4d46c6a7010a/1/JUdfWtnsz_acNaYw3P8sWmY_188.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.20.36.0/22

    Signature Algorithm: sha256WithRSAEncryption
         1e:fa:8a:d0:33:c3:11:48:81:03:e9:c3:cb:e6:74:34:01:8d:
         9a:89:a4:9b:59:89:c4:ff:43:0d:c8:f4:50:1a:48:5b:a5:b4:
         db:5e:86:01:e2:f9:94:0e:cd:d1:58:e2:b6:2c:ea:5c:65:03:
         98:d4:95:eb:9a:88:1b:5f:25:31:0d:ec:3e:2e:4c:af:ed:18:
         49:70:5b:d1:2c:be:19:94:66:7c:6c:7c:52:27:d6:1d:ea:af:
         66:be:d3:f5:41:38:80:ae:55:a1:5c:4d:18:8d:4c:26:44:b0:
         14:c1:ae:24:2d:92:7b:b4:53:81:14:8c:dd:cc:9f:c6:55:86:
         fa:e5:1a:16:37:cb:6e:a7:f1:20:bf:36:ec:46:24:e6:e4:dd:
         bd:d2:6a:03:58:c3:c5:e2:61:3d:50:d6:55:a0:c1:68:3e:2c:
         6f:cc:91:53:e0:39:b2:c5:e5:1a:31:d4:52:9b:60:8c:2f:8f:
         8e:c1:a5:dc:d0:e9:bd:69:1e:a6:fc:8b:78:16:7e:96:73:e8:
         6a:ab:fb:b1:36:f9:e5:3a:32:58:ff:2d:81:11:34:8b:10:61:
         c2:42:5d:e6:6e:62:57:20:4b:4b:5b:2b:f6:c4:05:3e:17:a4:
         22:c9:86:9b:ad:f2:1c:86:f8:c8:16:52:e5:44:66:cc:e2:1c:
         b6:8f:66:8e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQgaC8USwXJt+bHlkb3B+KbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI1NDc1ZjVhZDllY2NmZjY5YzM1YTYzMGRjZmYyYzVhNjYz
ZmQ3Y2YwHhcNMjUwMTAxMDU0ODA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMTM4NjNhMjJkOWNiYWVkOTFmOTZiN2FlOTc5MzQ0NWMwZGRiMmFmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnfDf6QU+9sg5uuWTJwp87+6DZw23
QQT6pOGIP8j/Enn/eikAD2c4WN2MYUD2KuQV88xmOjAwtYH5HiZI1VRaZqAX/Jz6
3jkP5BtbJmaKvYs5n5nWGS15+lrV3L1CekUYtUWmfLXyd2ABmYCxbo4kRcJAmJtf
ircPwUNR8wKffEi+ivP6ZVXr4nI6DlpsOoYCNj9kTfjT97SrEDU7Csir45Dpvlml
3jT9J8dbBdprF2+jC/Iik5Idfno8OpimyGqQSqHTdRkUI5e1MozT2yn7bF+b1t7/
sZdfKsHxJlnA4VAh0zFUtyfFeFsPPVhF2ZOONOj86pa3N99OO0ip5a/2YwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOE4Y6ItnLrtkflreul5NEXA3bKvMB8GA1UdIwQY
MBaAFCVHX1rZ7M/2nDWmMNz/LFpmP9fPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSlVkZld0bnN6X2FjTmFZdzNQOHNXbVlfMTg4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MC9iZmVjMDgtOGNiZS00YzQ1LThkYjEt
NGQ0NmM2YTcwMTBhLzEvNFRoam9pMmN1dTJSLVd0NjZYazBSY0Rkc3E4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MC9iZmVjMDgtOGNiZS00YzQ1LThkYjEtNGQ0NmM2YTcwMTBh
LzEvSlVkZld0bnN6X2FjTmFZdzNQOHNXbVlfMTg4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuRQkMA0G
CSqGSIb3DQEBCwUAA4IBAQAe+orQM8MRSIED6cPL5nQ0AY2aiaSbWYnE/0MNyPRQ
GkhbpbTbXoYB4vmUDs3RWOK2LOpcZQOY1JXrmogbXyUxDew+Lkyv7RhJcFvRLL4Z
lGZ8bHxSJ9Yd6q9mvtP1QTiArlWhXE0YjUwmRLAUwa4kLZJ7tFOBFIzdzJ/GVYb6
5RoWN8tup/EgvzbsRiTm5N290moDWMPF4mE9UNZVoMFoPixvzJFT4DmyxeUaMdRS
m2CML4+OwaXc0Om9aR6m/It4Fn6Wc+hqq/uxNvnlOjJY/y2BETSLEGHCQl3mbmJX
IEtLWyv2xAU+F6QiyYabrfIchvjIFlLlRGbM4hy2j2aO
-----END CERTIFICATE-----