Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/45/4a0cdc-e7fe-450e-97ec-29095ad1cced/1/_0wH1BRcgc6tfF99TwNnC3iQ1pU.roa
File:                     _0wH1BRcgc6tfF99TwNnC3iQ1pU.roa (raw, json)
Hash identifier:          O+Zelc4oaCgFlSMOLR6IXR0OWFyZm1W0ImLAmE3cggg=
Subject key identifier:   FF:4C:07:D4:14:5C:81:CE:AD:7C:5F:7D:4F:03:67:0B:78:90:D6:95
Certificate issuer:       /CN=4bd444c864e9e85d35376e0f68281799f6281f14
Certificate serial:       01941F8C4CB33678249E27899A7A9A14DB04
Authority key identifier: 4B:D4:44:C8:64:E9:E8:5D:35:37:6E:0F:68:28:17:99:F6:28:1F:14
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/S9REyGTp6F01N24PaCgXmfYoHxQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/45/4a0cdc-e7fe-450e-97ec-29095ad1cced/1/_0wH1BRcgc6tfF99TwNnC3iQ1pU.roa
Signing time:             Wed 01 Jan 2025 01:47:55 +0000
ROA not before:           Wed 01 Jan 2025 01:47:55 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     60717
IP address blocks:        185.13.92.0/22 maxlen: 22
                          2a02:f480::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/45/4a0cdc-e7fe-450e-97ec-29095ad1cced/1/S9REyGTp6F01N24PaCgXmfYoHxQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/45/4a0cdc-e7fe-450e-97ec-29095ad1cced/1/S9REyGTp6F01N24PaCgXmfYoHxQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/S9REyGTp6F01N24PaCgXmfYoHxQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 07:01:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:8c:4c:b3:36:78:24:9e:27:89:9a:7a:9a:14:db:04
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4bd444c864e9e85d35376e0f68281799f6281f14
        Validity
            Not Before: Jan  1 01:47:55 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ff4c07d4145c81cead7c5f7d4f03670b7890d695
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:56:d7:54:d8:ec:6b:df:74:e2:5e:78:8e:82:
                    b0:35:e3:66:e4:45:90:05:7d:83:f3:ec:07:7f:25:
                    97:e9:c4:0c:fb:f7:25:f0:11:e0:e0:8d:56:78:77:
                    16:45:2d:4b:d0:e6:66:24:bc:c4:e2:77:51:29:45:
                    07:af:06:a3:08:e5:8f:63:1c:88:14:e0:ae:76:6d:
                    11:17:b6:88:33:ca:b0:8d:e1:4b:29:39:73:11:65:
                    99:00:c8:7e:ba:84:9d:69:c7:0c:af:f5:08:9a:3e:
                    b6:5a:8a:8c:d5:92:d0:86:4b:fa:c7:1f:e2:5a:be:
                    bd:88:32:d5:a4:61:d0:0b:8b:fc:7d:34:49:e7:e0:
                    1d:2e:15:f4:8d:8e:ff:1e:d0:20:43:19:2e:79:5a:
                    de:3a:79:ef:f1:17:61:26:32:59:59:11:86:58:f2:
                    bd:fe:a7:cf:93:f8:3a:ae:28:a4:64:23:c9:bb:4c:
                    14:9e:49:00:29:f2:47:ad:60:4f:0e:77:13:ed:f0:
                    1e:01:36:a4:15:de:6e:37:73:b5:95:62:d3:48:93:
                    f4:da:44:d2:a1:ff:0f:59:12:20:b9:72:f8:ce:f0:
                    58:69:19:77:2c:1c:e0:f1:49:df:c8:a0:d6:c3:d8:
                    90:09:b1:be:1c:9b:23:42:70:c3:db:2a:67:2d:bc:
                    18:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FF:4C:07:D4:14:5C:81:CE:AD:7C:5F:7D:4F:03:67:0B:78:90:D6:95
            X509v3 Authority Key Identifier:
                keyid:4B:D4:44:C8:64:E9:E8:5D:35:37:6E:0F:68:28:17:99:F6:28:1F:14

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/S9REyGTp6F01N24PaCgXmfYoHxQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/45/4a0cdc-e7fe-450e-97ec-29095ad1cced/1/_0wH1BRcgc6tfF99TwNnC3iQ1pU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/45/4a0cdc-e7fe-450e-97ec-29095ad1cced/1/S9REyGTp6F01N24PaCgXmfYoHxQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.13.92.0/22
                IPv6:
                  2a02:f480::/29

    Signature Algorithm: sha256WithRSAEncryption
         5d:22:0e:3f:64:8f:2d:e9:a6:fc:fe:eb:2f:be:38:ef:92:d2:
         3e:79:b1:ee:74:95:33:35:bc:0b:c1:8b:f0:06:c4:58:18:15:
         23:cc:0c:81:86:b7:ec:86:3f:15:fe:93:88:d4:c5:20:6e:cf:
         93:f7:4c:54:f7:b6:2c:c3:d5:e6:6f:7e:09:30:98:b6:2a:27:
         99:84:14:21:d8:04:65:b3:5f:75:0e:56:eb:6f:a4:3a:5c:91:
         a9:0b:46:30:67:cb:03:4f:57:15:b3:6c:23:41:5d:ee:7d:12:
         a6:ed:cb:f0:a1:4c:42:ec:f6:c1:bf:59:c1:08:21:3f:ac:dd:
         13:3b:ec:3e:e0:8f:6a:61:1a:a6:55:8f:c3:3d:fc:7f:b1:0f:
         a7:3c:1c:ab:85:cd:d1:3f:94:1f:0a:5c:11:09:df:32:16:f2:
         cb:0d:c9:e3:12:42:50:87:1f:06:26:1f:52:fc:28:d8:6d:fb:
         04:b4:25:e2:23:43:bb:21:3a:d4:3a:01:c3:de:de:cd:74:5e:
         f9:a4:8c:3e:0a:8f:40:20:38:77:e3:62:68:2a:5c:c9:9b:d6:
         79:3c:5e:ee:05:be:9d:a4:62:bd:e4:35:62:b5:20:cd:b7:ec:
         7d:cd:52:5a:86:6e:4a:55:0d:52:87:f3:43:32:05:4b:b1:63:
         a6:5a:e4:e7
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQfjEyzNngknieJmnqaFNsEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRiZDQ0NGM4NjRlOWU4NWQzNTM3NmUwZjY4MjgxNzk5ZjYy
ODFmMTQwHhcNMjUwMTAxMDE0NzU1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZjRjMDdkNDE0NWM4MWNlYWQ3YzVmN2Q0ZjAzNjcwYjc4OTBkNjk1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr1bXVNjsa9904l54joKwNeNm5EWQ
BX2D8+wHfyWX6cQM+/cl8BHg4I1WeHcWRS1L0OZmJLzE4ndRKUUHrwajCOWPYxyI
FOCudm0RF7aIM8qwjeFLKTlzEWWZAMh+uoSdaccMr/UImj62WoqM1ZLQhkv6xx/i
Wr69iDLVpGHQC4v8fTRJ5+AdLhX0jY7/HtAgQxkueVreOnnv8RdhJjJZWRGGWPK9
/qfPk/g6riikZCPJu0wUnkkAKfJHrWBPDncT7fAeATakFd5uN3O1lWLTSJP02kTS
of8PWRIguXL4zvBYaRl3LBzg8UnfyKDWw9iQCbG+HJsjQnDD2ypnLbwYHQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFP9MB9QUXIHOrXxffU8DZwt4kNaVMB8GA1UdIwQY
MBaAFEvURMhk6ehdNTduD2goF5n2KB8UMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUzlSRXlHVHA2RjAxTjI0UGFDZ1htZllvSHhRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80NS80YTBjZGMtZTdmZS00NTBlLTk3ZWMt
MjkwOTVhZDFjY2VkLzEvXzB3SDFCUmNnYzZ0ZkY5OVR3Tm5DM2lRMXBVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80NS80YTBjZGMtZTdmZS00NTBlLTk3ZWMtMjkwOTVhZDFjY2Vk
LzEvUzlSRXlHVHA2RjAxTjI0UGFDZ1htZllvSHhRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuQ1cMA0E
AgACMAcDBQMqAvSAMA0GCSqGSIb3DQEBCwUAA4IBAQBdIg4/ZI8t6ab8/usvvjjv
ktI+ebHudJUzNbwLwYvwBsRYGBUjzAyBhrfshj8V/pOI1MUgbs+T90xU97Ysw9Xm
b34JMJi2KieZhBQh2ARls191Dlbrb6Q6XJGpC0YwZ8sDT1cVs2wjQV3ufRKm7cvw
oUxC7PbBv1nBCCE/rN0TO+w+4I9qYRqmVY/DPfx/sQ+nPByrhc3RP5QfClwRCd8y
FvLLDcnjEkJQhx8GJh9S/CjYbfsEtCXiI0O7ITrUOgHD3t7NdF75pIw+Co9AIDh3
42JoKlzJm9Z5PF7uBb6dpGK95DVitSDNt+x9zVJahm5KVQ1Sh/NDMgVLsWOmWuTn
-----END CERTIFICATE-----