Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/48/affaa1-0e7b-401e-a7c5-06270ea82154/1/0_2q2dp_nihFIcTaoAnETvnQKo4.roa
File:                     0_2q2dp_nihFIcTaoAnETvnQKo4.roa (raw, json)
Hash identifier:          bKtto0Xp3QOWNDaUxe4CkFxL1b1NtMArjGe69yHE/5w=
Subject key identifier:   D3:FD:AA:D9:DA:7F:9E:28:45:21:C4:DA:A0:09:C4:4E:F9:D0:2A:8E
Certificate issuer:       /CN=348566061e368caff1881be2bac6737dfd3c1dba
Certificate serial:       019422FBC9537B2B3080990B66EE26E1D524
Authority key identifier: 34:85:66:06:1E:36:8C:AF:F1:88:1B:E2:BA:C6:73:7D:FD:3C:1D:BA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NIVmBh42jK_xiBviusZzff08Hbo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/48/affaa1-0e7b-401e-a7c5-06270ea82154/1/0_2q2dp_nihFIcTaoAnETvnQKo4.roa
Signing time:             Wed 01 Jan 2025 17:48:33 +0000
ROA not before:           Wed 01 Jan 2025 17:48:33 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     206521
IP address blocks:        185.140.156.0/22 maxlen: 24
                          185.140.156.0/24 maxlen: 24
                          185.140.157.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/48/affaa1-0e7b-401e-a7c5-06270ea82154/1/NIVmBh42jK_xiBviusZzff08Hbo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/48/affaa1-0e7b-401e-a7c5-06270ea82154/1/NIVmBh42jK_xiBviusZzff08Hbo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NIVmBh42jK_xiBviusZzff08Hbo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 19 Apr 2025 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:fb:c9:53:7b:2b:30:80:99:0b:66:ee:26:e1:d5:24
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=348566061e368caff1881be2bac6737dfd3c1dba
        Validity
            Not Before: Jan  1 17:48:33 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d3fdaad9da7f9e284521c4daa009c44ef9d02a8e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:bd:ac:d2:10:4f:2c:89:76:29:c9:8a:e3:ce:
                    f8:08:10:f2:3d:8e:19:a8:1b:0b:a6:bb:a5:eb:f7:
                    b0:f8:ac:47:7c:ff:59:47:d6:0a:f8:09:a4:3f:98:
                    25:ec:27:87:89:8a:f7:98:4f:4a:49:94:29:eb:f1:
                    83:f4:96:7c:69:ea:d0:e9:56:b0:a3:93:96:ef:4b:
                    d0:f1:11:a2:46:bc:83:cc:26:20:6b:52:33:62:72:
                    6d:4f:2c:e5:52:ae:bc:84:61:e9:64:fb:bf:e9:11:
                    48:8e:8c:46:d3:bf:83:a3:b5:46:2c:6d:c1:6c:ae:
                    3a:28:15:62:37:93:15:e2:b2:d9:6c:f6:8c:cb:9d:
                    ec:bb:6c:65:b7:bb:fc:bc:8f:04:88:b2:1e:a4:d8:
                    ec:84:40:b3:ac:15:04:a3:db:fc:e7:98:b5:e3:fa:
                    b6:80:f7:d7:1f:d4:91:d6:6e:5a:ee:d3:49:db:c7:
                    b1:32:56:ba:cb:cf:70:db:cf:04:82:28:67:c3:55:
                    96:b4:3c:36:ad:8d:77:29:5d:5d:cb:0b:a1:3b:ca:
                    07:38:8e:a0:65:37:e3:14:af:f4:1d:8c:54:e4:a2:
                    02:7f:86:92:53:4c:05:31:a0:9d:0f:70:f7:b0:96:
                    05:c8:e0:a8:a2:80:15:6e:cb:c2:3b:f8:ec:8f:ba:
                    16:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D3:FD:AA:D9:DA:7F:9E:28:45:21:C4:DA:A0:09:C4:4E:F9:D0:2A:8E
            X509v3 Authority Key Identifier:
                keyid:34:85:66:06:1E:36:8C:AF:F1:88:1B:E2:BA:C6:73:7D:FD:3C:1D:BA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NIVmBh42jK_xiBviusZzff08Hbo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/48/affaa1-0e7b-401e-a7c5-06270ea82154/1/0_2q2dp_nihFIcTaoAnETvnQKo4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/48/affaa1-0e7b-401e-a7c5-06270ea82154/1/NIVmBh42jK_xiBviusZzff08Hbo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.140.156.0/22

    Signature Algorithm: sha256WithRSAEncryption
         35:ea:e0:6e:b2:87:94:db:76:1e:15:f2:73:6e:42:e9:a9:60:
         09:79:bb:5d:ed:64:1c:75:e6:c1:81:a1:13:e4:f3:46:8e:87:
         b9:cf:d9:2c:62:3d:f9:64:bf:91:01:f6:ce:fd:d3:34:e1:e1:
         e9:f6:4b:c9:0c:9e:bf:17:64:46:70:60:4e:f8:6e:27:c2:f4:
         76:44:02:8c:ff:0f:ec:73:c2:1e:61:d4:dc:24:f0:f1:9a:9d:
         2a:db:6b:2e:90:20:8a:10:fa:28:5e:b8:50:63:78:3e:1d:b5:
         88:d1:33:21:33:c7:ae:81:9a:07:51:3e:42:2d:db:07:e3:b5:
         b8:94:46:4d:c1:31:08:b0:ca:d2:b2:64:db:d0:69:92:61:72:
         9d:52:84:c0:8e:8c:22:52:7f:7e:de:d6:56:97:a7:59:f3:5d:
         09:c0:84:cd:2b:82:34:27:b8:a3:cd:38:e0:6d:50:5b:dd:db:
         a0:1e:27:3b:32:23:c1:1c:45:58:e4:3f:b3:af:f1:4b:32:62:
         60:ad:a8:50:f3:1b:8d:b9:c4:a9:b3:86:63:bf:7f:85:13:79:
         44:82:ec:3d:9f:9e:d0:52:6d:ac:ac:40:7e:3f:f6:56:bd:c1:
         65:cc:5d:61:c5:f5:d8:99:2a:ce:47:c5:05:a8:f4:5f:a1:24:
         fc:a7:c3:6b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQi+8lTeyswgJkLZu4m4dUkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM0ODU2NjA2MWUzNjhjYWZmMTg4MWJlMmJhYzY3MzdkZmQz
YzFkYmEwHhcNMjUwMTAxMTc0ODMzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkM2ZkYWFkOWRhN2Y5ZTI4NDUyMWM0ZGFhMDA5YzQ0ZWY5ZDAyYThlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyL2s0hBPLIl2KcmK4874CBDyPY4Z
qBsLprul6/ew+KxHfP9ZR9YK+AmkP5gl7CeHiYr3mE9KSZQp6/GD9JZ8aerQ6Vaw
o5OW70vQ8RGiRryDzCYga1IzYnJtTyzlUq68hGHpZPu/6RFIjoxG07+Do7VGLG3B
bK46KBViN5MV4rLZbPaMy53su2xlt7v8vI8EiLIepNjshECzrBUEo9v855i14/q2
gPfXH9SR1m5a7tNJ28exMla6y89w288Egihnw1WWtDw2rY13KV1dywuhO8oHOI6g
ZTfjFK/0HYxU5KICf4aSU0wFMaCdD3D3sJYFyOCoooAVbsvCO/jsj7oWdwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNP9qtnaf54oRSHE2qAJxE750CqOMB8GA1UdIwQY
MBaAFDSFZgYeNoyv8Ygb4rrGc339PB26MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTklWbUJoNDJqS194aUJ2aXVzWnpmZjA4SGJvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80OC9hZmZhYTEtMGU3Yi00MDFlLWE3YzUt
MDYyNzBlYTgyMTU0LzEvMF8ycTJkcF9uaWhGSWNUYW9BbkVUdm5RS280LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80OC9hZmZhYTEtMGU3Yi00MDFlLWE3YzUtMDYyNzBlYTgyMTU0
LzEvTklWbUJoNDJqS194aUJ2aXVzWnpmZjA4SGJvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuYycMA0G
CSqGSIb3DQEBCwUAA4IBAQA16uBusoeU23YeFfJzbkLpqWAJebtd7WQcdebBgaET
5PNGjoe5z9ksYj35ZL+RAfbO/dM04eHp9kvJDJ6/F2RGcGBO+G4nwvR2RAKM/w/s
c8IeYdTcJPDxmp0q22sukCCKEPooXrhQY3g+HbWI0TMhM8eugZoHUT5CLdsH47W4
lEZNwTEIsMrSsmTb0GmSYXKdUoTAjowiUn9+3tZWl6dZ810JwITNK4I0J7ijzTjg
bVBb3dugHic7MiPBHEVY5D+zr/FLMmJgrahQ8xuNucSps4Zjv3+FE3lEguw9n57Q
Um2srEB+P/ZWvcFlzF1hxfXYmSrOR8UFqPRfoST8p8Nr
-----END CERTIFICATE-----