Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/49/c6d092-cc60-4a51-b010-0a6e6dfbd2e3/1/0MiQGDuP-2KHqgPkUVqX2ggP6Xw.roa
File:                     0MiQGDuP-2KHqgPkUVqX2ggP6Xw.roa (raw, json)
Hash identifier:          NonlM+H8k9TxA6ceFqWkm9nyMbEovf9PE4ZCtGqStgk=
Subject key identifier:   D0:C8:90:18:3B:8F:FB:62:87:AA:03:E4:51:5A:97:DA:08:0F:E9:7C
Certificate issuer:       /CN=454bf58119cfe99f1749bcd9bd124702ba9cb713
Certificate serial:       0194228D4E945CB266AADE9D4BD2CF978630
Authority key identifier: 45:4B:F5:81:19:CF:E9:9F:17:49:BC:D9:BD:12:47:02:BA:9C:B7:13
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RUv1gRnP6Z8XSbzZvRJHArqctxM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/49/c6d092-cc60-4a51-b010-0a6e6dfbd2e3/1/0MiQGDuP-2KHqgPkUVqX2ggP6Xw.roa
Signing time:             Wed 01 Jan 2025 15:47:53 +0000
ROA not before:           Wed 01 Jan 2025 15:47:53 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     201863
IP address blocks:        185.225.164.0/24 maxlen: 24
                          185.225.165.0/24 maxlen: 24
                          185.225.166.0/24 maxlen: 24
                          185.225.167.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/49/c6d092-cc60-4a51-b010-0a6e6dfbd2e3/1/RUv1gRnP6Z8XSbzZvRJHArqctxM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/49/c6d092-cc60-4a51-b010-0a6e6dfbd2e3/1/RUv1gRnP6Z8XSbzZvRJHArqctxM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RUv1gRnP6Z8XSbzZvRJHArqctxM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 16 Apr 2025 08:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:8d:4e:94:5c:b2:66:aa:de:9d:4b:d2:cf:97:86:30
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=454bf58119cfe99f1749bcd9bd124702ba9cb713
        Validity
            Not Before: Jan  1 15:47:53 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d0c890183b8ffb6287aa03e4515a97da080fe97c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:36:c2:e1:5a:51:01:62:6f:ae:6b:c0:88:ec:
                    92:b2:17:1e:0b:79:82:67:fd:40:89:c8:8d:28:47:
                    b5:bb:84:40:b8:e3:5a:4c:0d:6a:10:18:c1:9b:46:
                    57:e4:b1:20:3c:31:62:4f:6f:18:5d:b8:b2:67:f7:
                    19:98:93:2d:96:4c:fd:a8:e3:ff:48:95:a2:16:eb:
                    0a:1e:ab:7e:4e:03:d4:6f:1d:9a:9c:f8:ac:f5:16:
                    bc:78:a3:a3:4b:a0:55:fb:97:d3:a9:48:c8:85:7a:
                    8d:55:96:67:99:07:59:d2:d5:71:f3:c9:a5:5f:07:
                    f6:50:d9:51:07:a0:0c:7f:f8:c9:40:61:2b:67:e7:
                    d2:11:35:3a:01:e9:cc:24:37:77:ac:c1:ab:79:78:
                    5f:25:b6:28:e4:63:69:00:b9:06:1e:24:77:a9:fe:
                    ce:70:7d:ee:a4:8d:af:01:e9:01:1c:23:f4:84:11:
                    57:57:ed:bf:be:12:71:00:d3:1e:50:81:ff:f5:3a:
                    b1:42:b5:18:fa:b6:47:f9:da:4a:7b:b6:3c:a8:a6:
                    a2:7b:13:6c:58:f3:15:57:f3:00:86:a5:83:fb:2b:
                    23:d7:0e:bc:a6:2a:78:d5:4c:7d:f3:64:a4:97:07:
                    3c:fd:f0:86:bd:77:42:bc:ba:00:d8:30:48:88:20:
                    50:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D0:C8:90:18:3B:8F:FB:62:87:AA:03:E4:51:5A:97:DA:08:0F:E9:7C
            X509v3 Authority Key Identifier:
                keyid:45:4B:F5:81:19:CF:E9:9F:17:49:BC:D9:BD:12:47:02:BA:9C:B7:13

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RUv1gRnP6Z8XSbzZvRJHArqctxM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/49/c6d092-cc60-4a51-b010-0a6e6dfbd2e3/1/0MiQGDuP-2KHqgPkUVqX2ggP6Xw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/49/c6d092-cc60-4a51-b010-0a6e6dfbd2e3/1/RUv1gRnP6Z8XSbzZvRJHArqctxM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.225.164.0/22

    Signature Algorithm: sha256WithRSAEncryption
         29:83:1d:7f:7b:06:a1:ee:86:68:47:1e:d2:d0:31:6a:b2:3a:
         c0:c8:45:87:e3:18:3c:8e:7e:c2:dd:7f:11:27:59:15:e5:e1:
         e6:98:9b:4e:d7:43:d3:e2:d3:0f:d0:b5:e8:40:c6:bc:12:19:
         cc:6a:54:ee:2f:79:5b:e0:f0:39:0b:1d:74:fa:02:ab:0b:a6:
         17:f8:05:02:1f:a4:cc:06:28:61:74:67:a3:0a:40:88:9c:18:
         9f:bc:de:75:0b:58:03:62:99:e9:3b:09:9c:63:b5:be:48:2d:
         02:4b:3a:c9:ee:3f:c4:78:3b:e6:fd:7c:ca:44:fb:b8:8a:c0:
         fa:75:3b:8b:b3:c4:b3:24:c5:76:d8:e5:b0:af:78:f8:e1:ca:
         dd:d3:1f:1f:f1:93:8f:a5:7b:b5:79:c6:9c:39:60:a4:7c:0a:
         0b:d2:9e:56:5c:4f:0f:15:b7:9f:7a:d8:18:3e:fb:53:0a:05:
         a8:a0:d2:50:ef:e5:ee:74:27:b8:b0:c5:0a:18:81:6e:f1:27:
         54:05:da:24:9f:95:92:99:5c:64:db:62:b1:7c:ae:81:70:6c:
         7b:82:80:4b:d2:14:ec:42:99:42:64:46:3d:48:ee:e4:48:0a:
         ed:70:8f:d8:4f:df:cc:3e:6f:2b:91:6c:0c:c9:8e:d5:9c:b1:
         8e:fa:d9:e6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQijU6UXLJmqt6dS9LPl4YwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ1NGJmNTgxMTljZmU5OWYxNzQ5YmNkOWJkMTI0NzAyYmE5
Y2I3MTMwHhcNMjUwMTAxMTU0NzUzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMGM4OTAxODNiOGZmYjYyODdhYTAzZTQ1MTVhOTdkYTA4MGZlOTdjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmTbC4VpRAWJvrmvAiOySshceC3mC
Z/1AiciNKEe1u4RAuONaTA1qEBjBm0ZX5LEgPDFiT28YXbiyZ/cZmJMtlkz9qOP/
SJWiFusKHqt+TgPUbx2anPis9Ra8eKOjS6BV+5fTqUjIhXqNVZZnmQdZ0tVx88ml
Xwf2UNlRB6AMf/jJQGErZ+fSETU6AenMJDd3rMGreXhfJbYo5GNpALkGHiR3qf7O
cH3upI2vAekBHCP0hBFXV+2/vhJxANMeUIH/9TqxQrUY+rZH+dpKe7Y8qKaiexNs
WPMVV/MAhqWD+ysj1w68pip41Ux982Sklwc8/fCGvXdCvLoA2DBIiCBQrQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNDIkBg7j/tih6oD5FFal9oID+l8MB8GA1UdIwQY
MBaAFEVL9YEZz+mfF0m82b0SRwK6nLcTMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUlV2MWdSblA2WjhYU2J6WnZSSkhBcnFjdHhNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80OS9jNmQwOTItY2M2MC00YTUxLWIwMTAt
MGE2ZTZkZmJkMmUzLzEvME1pUUdEdVAtMktIcWdQa1VWcVgyZ2dQNlh3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80OS9jNmQwOTItY2M2MC00YTUxLWIwMTAtMGE2ZTZkZmJkMmUz
LzEvUlV2MWdSblA2WjhYU2J6WnZSSkhBcnFjdHhNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCueGkMA0G
CSqGSIb3DQEBCwUAA4IBAQApgx1/ewah7oZoRx7S0DFqsjrAyEWH4xg8jn7C3X8R
J1kV5eHmmJtO10PT4tMP0LXoQMa8EhnMalTuL3lb4PA5Cx10+gKrC6YX+AUCH6TM
BihhdGejCkCInBifvN51C1gDYpnpOwmcY7W+SC0CSzrJ7j/EeDvm/XzKRPu4isD6
dTuLs8SzJMV22OWwr3j44crd0x8f8ZOPpXu1ecacOWCkfAoL0p5WXE8PFbefetgY
PvtTCgWooNJQ7+XudCe4sMUKGIFu8SdUBdokn5WSmVxk22KxfK6BcGx7goBL0hTs
QplCZEY9SO7kSArtcI/YT9/MPm8rkWwMyY7VnLGO+tnm
-----END CERTIFICATE-----