Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4b/014a63-ca18-41df-91e9-c28ee869faa0/1/Giw6c3ykUw3nYPNE5UpuuM_ybFY.roa
File:                     Giw6c3ykUw3nYPNE5UpuuM_ybFY.roa (raw, json)
Hash identifier:          4QE8zLtdTCj1Z8B1PqQUFcIb6Is1jjshW97EzIqWBB0=
Subject key identifier:   1A:2C:3A:73:7C:A4:53:0D:E7:60:F3:44:E5:4A:6E:B8:CF:F2:6C:56
Certificate issuer:       /CN=341fbe0751e211889374d15d6312c224f695faa2
Certificate serial:       0194244491BC6E4330FD87FBBDAD8B9E33DA
Authority key identifier: 34:1F:BE:07:51:E2:11:88:93:74:D1:5D:63:12:C2:24:F6:95:FA:A2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NB--B1HiEYiTdNFdYxLCJPaV-qI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4b/014a63-ca18-41df-91e9-c28ee869faa0/1/Giw6c3ykUw3nYPNE5UpuuM_ybFY.roa
Signing time:             Wed 01 Jan 2025 23:47:40 +0000
ROA not before:           Wed 01 Jan 2025 23:47:40 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     197046
IP address blocks:        178.248.56.0/21 maxlen: 21
                          185.22.236.0/22 maxlen: 22
                          2a03:ab00::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4b/014a63-ca18-41df-91e9-c28ee869faa0/1/NB--B1HiEYiTdNFdYxLCJPaV-qI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4b/014a63-ca18-41df-91e9-c28ee869faa0/1/NB--B1HiEYiTdNFdYxLCJPaV-qI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NB--B1HiEYiTdNFdYxLCJPaV-qI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:44:91:bc:6e:43:30:fd:87:fb:bd:ad:8b:9e:33:da
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=341fbe0751e211889374d15d6312c224f695faa2
        Validity
            Not Before: Jan  1 23:47:40 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1a2c3a737ca4530de760f344e54a6eb8cff26c56
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:23:e4:17:d0:a3:f1:2f:fe:6f:8e:4b:48:e1:
                    9f:61:23:e0:85:ea:ca:e9:3f:79:21:77:3f:86:54:
                    9b:e8:97:f4:8f:3d:0e:e5:e7:d7:f2:86:9e:b5:88:
                    e8:93:2d:4f:eb:55:d6:a5:e4:a4:17:32:9c:b9:9a:
                    a8:ab:9f:4b:cf:2d:53:d7:60:f0:20:d9:74:10:9b:
                    72:f5:f1:ab:ef:3f:20:09:a1:71:c5:6c:cf:56:1a:
                    ab:51:99:7b:f8:ae:10:c5:3c:57:38:35:85:28:96:
                    06:5b:0a:41:6b:34:2b:fd:66:8b:c9:77:86:4a:a6:
                    a1:6a:46:21:1d:94:9d:40:c0:d6:1f:77:9a:ad:20:
                    5c:2d:da:56:f9:65:26:41:0a:83:b9:90:dd:05:b7:
                    e9:66:32:10:3d:43:a1:0e:25:67:0f:7d:ee:ae:7e:
                    da:35:c6:36:4a:3f:86:45:bd:8a:c4:a7:69:77:13:
                    ec:79:81:1f:6d:52:45:27:72:7f:2b:df:28:75:24:
                    66:01:b8:da:7a:78:8d:5f:c2:23:75:c3:c2:9c:d9:
                    33:72:d2:05:e1:f3:30:65:b1:8a:8e:fd:a2:12:c4:
                    05:3d:44:12:93:13:b7:71:76:1b:a3:38:cf:92:ed:
                    53:ba:88:fd:81:cc:e7:5d:ba:38:39:6f:b6:83:4f:
                    3d:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1A:2C:3A:73:7C:A4:53:0D:E7:60:F3:44:E5:4A:6E:B8:CF:F2:6C:56
            X509v3 Authority Key Identifier:
                keyid:34:1F:BE:07:51:E2:11:88:93:74:D1:5D:63:12:C2:24:F6:95:FA:A2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NB--B1HiEYiTdNFdYxLCJPaV-qI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4b/014a63-ca18-41df-91e9-c28ee869faa0/1/Giw6c3ykUw3nYPNE5UpuuM_ybFY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4b/014a63-ca18-41df-91e9-c28ee869faa0/1/NB--B1HiEYiTdNFdYxLCJPaV-qI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.248.56.0/21
                  185.22.236.0/22
                IPv6:
                  2a03:ab00::/32

    Signature Algorithm: sha256WithRSAEncryption
         8f:44:a1:6a:74:3b:2d:e9:a1:c5:e0:70:18:bd:f1:4c:59:be:
         be:96:47:13:67:a1:e0:0a:8f:49:20:a9:a8:d5:0f:88:44:42:
         21:35:bd:1b:a5:61:bb:9a:e7:19:c0:ae:d1:88:8c:3e:c8:e4:
         b5:95:fc:ab:26:19:4c:23:f9:ac:14:66:72:df:07:5e:43:4b:
         bc:04:10:95:69:3b:df:fb:49:bd:a7:f3:b8:e4:2c:28:c7:93:
         94:4d:c7:00:b2:de:b9:ca:f6:01:fd:b8:ab:de:bf:f4:04:36:
         8f:68:b5:fe:e2:55:83:cc:e0:84:3a:1f:78:45:49:75:5c:de:
         60:53:0b:45:5e:07:86:9b:c6:36:1e:dc:4d:64:e5:45:5f:7a:
         5a:9b:47:de:cf:ed:61:20:56:41:ed:b5:aa:13:f6:67:38:29:
         11:50:a7:a1:23:af:c8:a7:45:7a:92:ca:7a:81:b5:fe:60:af:
         12:8e:fd:42:89:6c:04:a3:52:7c:31:a2:83:10:bb:63:38:a7:
         4b:da:e4:08:24:07:0a:51:48:dc:6b:58:4e:47:78:6f:4e:16:
         2c:3b:fb:22:bc:95:63:de:ed:38:70:c9:ee:01:f8:73:4d:f0:
         33:2d:e1:b7:ab:1e:24:1f:29:1f:26:b3:fa:20:17:88:48:06:
         f5:69:3c:31
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZQkRJG8bkMw/Yf7va2LnjPaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM0MWZiZTA3NTFlMjExODg5Mzc0ZDE1ZDYzMTJjMjI0ZjY5
NWZhYTIwHhcNMjUwMTAxMjM0NzQwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYTJjM2E3MzdjYTQ1MzBkZTc2MGYzNDRlNTRhNmViOGNmZjI2YzU2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlCPkF9Cj8S/+b45LSOGfYSPgherK
6T95IXc/hlSb6Jf0jz0O5efX8oaetYjoky1P61XWpeSkFzKcuZqoq59Lzy1T12Dw
INl0EJty9fGr7z8gCaFxxWzPVhqrUZl7+K4QxTxXODWFKJYGWwpBazQr/WaLyXeG
SqahakYhHZSdQMDWH3earSBcLdpW+WUmQQqDuZDdBbfpZjIQPUOhDiVnD33urn7a
NcY2Sj+GRb2KxKdpdxPseYEfbVJFJ3J/K98odSRmAbjaeniNX8IjdcPCnNkzctIF
4fMwZbGKjv2iEsQFPUQSkxO3cXYbozjPku1Tuoj9gcznXbo4OW+2g089xQIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFBosOnN8pFMN52DzROVKbrjP8mxWMB8GA1UdIwQY
MBaAFDQfvgdR4hGIk3TRXWMSwiT2lfqiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTkItLUIxSGlFWWlUZE5GZFl4TENKUGFWLXFJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yi8wMTRhNjMtY2ExOC00MWRmLTkxZTkt
YzI4ZWU4NjlmYWEwLzEvR2l3NmMzeWtVdzNuWVBORTVVcHV1TV95YkZZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yi8wMTRhNjMtY2ExOC00MWRmLTkxZTktYzI4ZWU4NjlmYWEw
LzEvTkItLUIxSGlFWWlUZE5GZFl4TENKUGFWLXFJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQDsvg4AwQC
uRbsMA0EAgACMAcDBQAqA6sAMA0GCSqGSIb3DQEBCwUAA4IBAQCPRKFqdDst6aHF
4HAYvfFMWb6+lkcTZ6HgCo9JIKmo1Q+IREIhNb0bpWG7mucZwK7RiIw+yOS1lfyr
JhlMI/msFGZy3wdeQ0u8BBCVaTvf+0m9p/O45Cwox5OUTccAst65yvYB/bir3r/0
BDaPaLX+4lWDzOCEOh94RUl1XN5gUwtFXgeGm8Y2HtxNZOVFX3pam0fez+1hIFZB
7bWqE/ZnOCkRUKehI6/Ip0V6ksp6gbX+YK8Sjv1CiWwEo1J8MaKDELtjOKdL2uQI
JAcKUUjca1hOR3hvThYsO/sivJVj3u04cMnuAfhzTfAzLeG3qx4kHykfJrP6IBeI
SAb1aTwx
-----END CERTIFICATE-----