Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/45/4a0cdc-e7fe-450e-97ec-29095ad1cced/1/igkLmqGvdo3ZptL2OBtAT5tgBr8.roa
File:                     igkLmqGvdo3ZptL2OBtAT5tgBr8.roa (raw, json)
Hash identifier:          JNS1dghL0HEbj9Q46she80UtZ72vLWiMcXMi6xfr/RQ=
Subject key identifier:   8A:09:0B:9A:A1:AF:76:8D:D9:A6:D2:F6:38:1B:40:4F:9B:60:06:BF
Certificate issuer:       /CN=4bd444c864e9e85d35376e0f68281799f6281f14
Certificate serial:       01941F8C4C24F3F4E0C7455224ADD88C5155
Authority key identifier: 4B:D4:44:C8:64:E9:E8:5D:35:37:6E:0F:68:28:17:99:F6:28:1F:14
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/S9REyGTp6F01N24PaCgXmfYoHxQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/45/4a0cdc-e7fe-450e-97ec-29095ad1cced/1/igkLmqGvdo3ZptL2OBtAT5tgBr8.roa
Signing time:             Wed 01 Jan 2025 01:47:55 +0000
ROA not before:           Wed 01 Jan 2025 01:47:55 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     49788
IP address blocks:        185.13.92.0/22 maxlen: 22
                          2a02:f480::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/45/4a0cdc-e7fe-450e-97ec-29095ad1cced/1/S9REyGTp6F01N24PaCgXmfYoHxQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/45/4a0cdc-e7fe-450e-97ec-29095ad1cced/1/S9REyGTp6F01N24PaCgXmfYoHxQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/S9REyGTp6F01N24PaCgXmfYoHxQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 10:07:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:8c:4c:24:f3:f4:e0:c7:45:52:24:ad:d8:8c:51:55
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4bd444c864e9e85d35376e0f68281799f6281f14
        Validity
            Not Before: Jan  1 01:47:55 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8a090b9aa1af768dd9a6d2f6381b404f9b6006bf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:27:90:ad:04:6d:f6:51:b4:05:ec:f4:0a:5b:
                    39:ab:5b:2f:00:74:14:aa:1b:c6:51:57:66:0b:e0:
                    95:67:cd:38:ff:17:ab:bb:42:18:2e:e3:24:56:6d:
                    f5:f7:71:a4:8e:31:0b:b4:67:22:3d:1c:59:b7:48:
                    b8:a0:30:84:fb:c4:36:0c:99:ff:90:22:5b:c6:02:
                    3f:90:db:3c:de:98:52:a0:e7:17:e8:a2:81:7b:ff:
                    24:7f:11:d9:99:5b:a2:15:7f:42:6c:ee:a6:df:43:
                    79:25:d2:62:da:92:c3:20:b0:58:8c:02:a7:57:96:
                    6b:d0:49:08:07:38:aa:43:6d:bc:12:80:bf:da:54:
                    56:ba:3b:e8:0b:34:11:b9:0d:d8:46:34:5a:fc:92:
                    ca:13:8d:e7:b3:50:ca:59:15:db:d7:d6:ec:d3:3b:
                    aa:98:55:bc:f8:9a:ea:b3:72:36:34:39:07:40:fa:
                    7f:57:e4:c7:87:23:89:71:53:7d:0d:91:3e:93:44:
                    30:ad:f2:23:08:35:2a:dc:45:03:2b:ec:3a:6e:45:
                    e8:79:6c:d4:f0:c7:99:50:1c:0e:2d:d9:9c:74:47:
                    c2:92:e1:de:91:9d:0d:f0:13:6e:8f:96:a2:ca:0a:
                    dd:01:a4:10:97:86:7f:4c:56:dc:f8:23:30:bc:49:
                    c6:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8A:09:0B:9A:A1:AF:76:8D:D9:A6:D2:F6:38:1B:40:4F:9B:60:06:BF
            X509v3 Authority Key Identifier:
                keyid:4B:D4:44:C8:64:E9:E8:5D:35:37:6E:0F:68:28:17:99:F6:28:1F:14

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/S9REyGTp6F01N24PaCgXmfYoHxQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/45/4a0cdc-e7fe-450e-97ec-29095ad1cced/1/igkLmqGvdo3ZptL2OBtAT5tgBr8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/45/4a0cdc-e7fe-450e-97ec-29095ad1cced/1/S9REyGTp6F01N24PaCgXmfYoHxQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.13.92.0/22
                IPv6:
                  2a02:f480::/29

    Signature Algorithm: sha256WithRSAEncryption
         46:5a:80:a6:5f:f5:e7:9d:96:cb:c7:93:70:fd:51:db:78:50:
         6f:f6:c8:9e:95:ff:7d:c1:c5:c2:69:d2:29:d2:80:24:88:b1:
         e4:85:8f:e0:92:2c:ab:38:58:87:14:b0:2b:e4:76:64:38:15:
         81:17:dc:5d:00:03:6a:c6:dd:3d:be:c9:4c:d0:71:55:5b:69:
         5d:43:dc:7b:52:64:6a:61:1b:04:43:66:53:3d:52:80:04:fc:
         c3:8b:55:8c:f2:af:1d:02:9c:82:f2:c1:f6:6e:a7:ec:de:dd:
         95:c7:f5:5c:92:9b:21:d3:81:e1:5f:5f:78:25:37:d3:c0:64:
         8e:86:99:0e:5f:cc:b8:7d:13:d4:b6:83:a4:3b:5d:45:ee:44:
         d4:24:85:cf:c5:8d:1e:6b:b6:b3:a7:7f:3c:64:55:65:bf:84:
         2d:72:df:db:61:06:44:c4:40:1c:56:f8:d7:52:50:97:0d:bc:
         17:a3:c6:33:20:73:d3:63:8d:2b:8b:83:44:9b:14:c8:47:2b:
         ff:88:18:65:13:63:75:df:c6:61:b9:d7:77:95:d9:6c:36:3c:
         45:82:4c:48:83:78:97:db:38:da:48:1f:e6:f8:71:2a:02:dd:
         a2:91:aa:56:40:fa:c3:8b:78:c2:63:8a:57:49:bf:4d:da:99:
         94:17:45:9e
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQfjEwk8/Tgx0VSJK3YjFFVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRiZDQ0NGM4NjRlOWU4NWQzNTM3NmUwZjY4MjgxNzk5ZjYy
ODFmMTQwHhcNMjUwMTAxMDE0NzU1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YTA5MGI5YWExYWY3NjhkZDlhNmQyZjYzODFiNDA0ZjliNjAwNmJmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmyeQrQRt9lG0Bez0Cls5q1svAHQU
qhvGUVdmC+CVZ804/xeru0IYLuMkVm3193GkjjELtGciPRxZt0i4oDCE+8Q2DJn/
kCJbxgI/kNs83phSoOcX6KKBe/8kfxHZmVuiFX9CbO6m30N5JdJi2pLDILBYjAKn
V5Zr0EkIBziqQ228EoC/2lRWujvoCzQRuQ3YRjRa/JLKE43ns1DKWRXb19bs0zuq
mFW8+Jrqs3I2NDkHQPp/V+THhyOJcVN9DZE+k0QwrfIjCDUq3EUDK+w6bkXoeWzU
8MeZUBwOLdmcdEfCkuHekZ0N8BNuj5aiygrdAaQQl4Z/TFbc+CMwvEnGDwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFIoJC5qhr3aN2abS9jgbQE+bYAa/MB8GA1UdIwQY
MBaAFEvURMhk6ehdNTduD2goF5n2KB8UMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUzlSRXlHVHA2RjAxTjI0UGFDZ1htZllvSHhRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80NS80YTBjZGMtZTdmZS00NTBlLTk3ZWMt
MjkwOTVhZDFjY2VkLzEvaWdrTG1xR3ZkbzNacHRMMk9CdEFUNXRnQnI4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80NS80YTBjZGMtZTdmZS00NTBlLTk3ZWMtMjkwOTVhZDFjY2Vk
LzEvUzlSRXlHVHA2RjAxTjI0UGFDZ1htZllvSHhRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuQ1cMA0E
AgACMAcDBQMqAvSAMA0GCSqGSIb3DQEBCwUAA4IBAQBGWoCmX/XnnZbLx5Nw/VHb
eFBv9sielf99wcXCadIp0oAkiLHkhY/gkiyrOFiHFLAr5HZkOBWBF9xdAANqxt09
vslM0HFVW2ldQ9x7UmRqYRsEQ2ZTPVKABPzDi1WM8q8dApyC8sH2bqfs3t2Vx/Vc
kpsh04HhX194JTfTwGSOhpkOX8y4fRPUtoOkO11F7kTUJIXPxY0ea7azp388ZFVl
v4Qtct/bYQZExEAcVvjXUlCXDbwXo8YzIHPTY40ri4NEmxTIRyv/iBhlE2N138Zh
udd3ldlsNjxFgkxIg3iX2zjaSB/m+HEqAt2ikapWQPrDi3jCY4pXSb9N2pmUF0We
-----END CERTIFICATE-----