Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/46/e8f4b3-2120-4ecb-9609-cb9c58f510cb/1/Lddee0yGLa96EV9cff9j1b8lisk.roa
File:                     Lddee0yGLa96EV9cff9j1b8lisk.roa (raw, json)
Hash identifier:          4wmS8bLLBI0yCHZS6lNJzngX25UoSHi3CPRXK8eiy+g=
Subject key identifier:   2D:D7:5E:7B:4C:86:2D:AF:7A:11:5F:5C:7D:FF:63:D5:BF:25:8A:C9
Certificate issuer:       /CN=af4ef4a8ed3711b6acd68c0f48f621831fd5aaae
Certificate serial:       01942067FC841D15031136AB73E1581B1125
Authority key identifier: AF:4E:F4:A8:ED:37:11:B6:AC:D6:8C:0F:48:F6:21:83:1F:D5:AA:AE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/r070qO03Ebas1owPSPYhgx_Vqq4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/46/e8f4b3-2120-4ecb-9609-cb9c58f510cb/1/Lddee0yGLa96EV9cff9j1b8lisk.roa
Signing time:             Wed 01 Jan 2025 05:47:53 +0000
ROA not before:           Wed 01 Jan 2025 05:47:53 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     39650
IP address blocks:        185.164.254.0/24 maxlen: 24
                          185.164.255.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/46/e8f4b3-2120-4ecb-9609-cb9c58f510cb/1/r070qO03Ebas1owPSPYhgx_Vqq4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/46/e8f4b3-2120-4ecb-9609-cb9c58f510cb/1/r070qO03Ebas1owPSPYhgx_Vqq4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/r070qO03Ebas1owPSPYhgx_Vqq4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 09 Apr 2025 08:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:67:fc:84:1d:15:03:11:36:ab:73:e1:58:1b:11:25
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=af4ef4a8ed3711b6acd68c0f48f621831fd5aaae
        Validity
            Not Before: Jan  1 05:47:53 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=2dd75e7b4c862daf7a115f5c7dff63d5bf258ac9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:52:bf:be:c3:47:89:d4:c2:2a:f5:af:3b:8b:
                    1f:91:1e:1f:01:3f:44:66:f4:02:13:8f:03:94:84:
                    72:2e:5d:35:5e:ee:62:83:e9:95:8c:71:fa:55:19:
                    9d:7b:da:5f:f5:a1:d2:ee:0a:fa:e1:ad:46:85:b2:
                    53:98:45:ed:7d:de:55:b2:a7:ec:d0:ed:82:a7:9d:
                    d4:b7:af:21:ca:34:82:82:2d:0f:af:9f:34:4b:ee:
                    94:de:bc:e3:0f:e4:56:b3:0a:c6:68:69:c8:e9:57:
                    6a:20:52:3a:19:3c:82:76:10:2f:59:76:ad:ec:d2:
                    60:e7:85:ae:b8:52:02:90:0d:0e:76:5d:55:e8:da:
                    a8:0d:4b:97:76:9c:e2:f2:1f:80:b8:c7:ee:d9:54:
                    62:de:af:75:39:10:48:2a:28:6c:dc:24:9e:db:55:
                    aa:ea:86:d5:f9:8e:0f:a4:09:a6:90:60:af:f9:54:
                    d5:d5:ac:fd:f1:56:43:fb:b0:a0:09:a7:20:ab:69:
                    98:e8:39:bd:3e:4f:a7:53:94:73:e2:cd:b7:66:28:
                    28:6a:06:1f:ef:ca:77:30:cc:05:e4:06:13:e4:63:
                    09:5d:c8:0f:f5:b9:df:d4:c7:3e:eb:99:34:e7:f5:
                    98:09:42:dd:a4:27:d9:62:9b:27:0d:a2:8f:94:43:
                    fb:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2D:D7:5E:7B:4C:86:2D:AF:7A:11:5F:5C:7D:FF:63:D5:BF:25:8A:C9
            X509v3 Authority Key Identifier:
                keyid:AF:4E:F4:A8:ED:37:11:B6:AC:D6:8C:0F:48:F6:21:83:1F:D5:AA:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/r070qO03Ebas1owPSPYhgx_Vqq4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/46/e8f4b3-2120-4ecb-9609-cb9c58f510cb/1/Lddee0yGLa96EV9cff9j1b8lisk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/46/e8f4b3-2120-4ecb-9609-cb9c58f510cb/1/r070qO03Ebas1owPSPYhgx_Vqq4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.164.254.0/23

    Signature Algorithm: sha256WithRSAEncryption
         96:d8:a1:97:47:ab:2d:eb:ef:3b:01:89:2d:ae:b3:4d:13:9c:
         03:49:fd:a5:b6:f1:27:82:ec:7f:5d:df:9a:96:1e:41:57:69:
         11:bc:12:da:97:e8:4a:ed:45:e4:73:e5:4b:ca:7f:69:4b:07:
         d2:ed:f8:4a:b5:ff:63:93:cc:73:cc:69:b4:ed:3f:ea:ad:27:
         ad:17:1e:a2:a4:91:8b:f8:59:ee:23:d3:d9:74:9b:23:ed:37:
         a9:6f:20:73:bc:4c:2f:49:3b:a7:71:35:14:0d:e6:5b:f9:21:
         9f:8d:17:82:47:b3:3e:49:fa:22:00:a3:3d:b7:51:52:3a:35:
         e5:0e:5b:e3:55:1b:2d:0a:74:0e:ad:51:02:11:53:05:64:e9:
         6d:cf:a8:21:3d:54:94:71:ed:1b:23:94:6f:b7:a0:ed:7f:42:
         4c:e6:4d:b3:0e:d9:04:81:55:d1:4c:9d:71:06:d7:ce:15:93:
         be:89:7a:84:ed:4d:49:56:ab:74:00:bd:38:c5:20:fc:cf:64:
         cd:d1:96:54:78:22:5d:0a:c7:63:6a:f6:6a:c5:29:f9:90:c7:
         9e:ad:6a:11:74:80:fe:ec:58:d5:36:c1:ba:13:39:3d:b7:07:
         f5:38:f2:15:47:8d:41:49:45:3e:06:db:a5:c4:33:9a:95:18:
         f5:f5:90:af
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQgZ/yEHRUDETarc+FYGxElMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFmNGVmNGE4ZWQzNzExYjZhY2Q2OGMwZjQ4ZjYyMTgzMWZk
NWFhYWUwHhcNMjUwMTAxMDU0NzUzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZGQ3NWU3YjRjODYyZGFmN2ExMTVmNWM3ZGZmNjNkNWJmMjU4YWM5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAolK/vsNHidTCKvWvO4sfkR4fAT9E
ZvQCE48DlIRyLl01Xu5ig+mVjHH6VRmde9pf9aHS7gr64a1GhbJTmEXtfd5Vsqfs
0O2Cp53Ut68hyjSCgi0Pr580S+6U3rzjD+RWswrGaGnI6VdqIFI6GTyCdhAvWXat
7NJg54WuuFICkA0Odl1V6NqoDUuXdpzi8h+AuMfu2VRi3q91ORBIKihs3CSe21Wq
6obV+Y4PpAmmkGCv+VTV1az98VZD+7CgCacgq2mY6Dm9Pk+nU5Rz4s23ZigoagYf
78p3MMwF5AYT5GMJXcgP9bnf1Mc+65k05/WYCULdpCfZYpsnDaKPlEP7YwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFC3XXntMhi2vehFfXH3/Y9W/JYrJMB8GA1UdIwQY
MBaAFK9O9KjtNxG2rNaMD0j2IYMf1aquMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcjA3MHFPMDNFYmFzMW93UFNQWWhneF9WcXE0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ni9lOGY0YjMtMjEyMC00ZWNiLTk2MDkt
Y2I5YzU4ZjUxMGNiLzEvTGRkZWUweUdMYTk2RVY5Y2ZmOWoxYjhsaXNrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ni9lOGY0YjMtMjEyMC00ZWNiLTk2MDktY2I5YzU4ZjUxMGNi
LzEvcjA3MHFPMDNFYmFzMW93UFNQWWhneF9WcXE0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBuaT+MA0G
CSqGSIb3DQEBCwUAA4IBAQCW2KGXR6st6+87AYktrrNNE5wDSf2ltvEngux/Xd+a
lh5BV2kRvBLal+hK7UXkc+VLyn9pSwfS7fhKtf9jk8xzzGm07T/qrSetFx6ipJGL
+FnuI9PZdJsj7TepbyBzvEwvSTuncTUUDeZb+SGfjReCR7M+SfoiAKM9t1FSOjXl
DlvjVRstCnQOrVECEVMFZOltz6ghPVSUce0bI5Rvt6Dtf0JM5k2zDtkEgVXRTJ1x
BtfOFZO+iXqE7U1JVqt0AL04xSD8z2TN0ZZUeCJdCsdjavZqxSn5kMeerWoRdID+
7FjVNsG6Ezk9twf1OPIVR41BSUU+BtulxDOalRj19ZCv
-----END CERTIFICATE-----