Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4c/5858f1-29c5-46e6-a76d-5a40e52cd481/1/Sp6LS-Lr7aNgCkiG-x4vIYL0m7M.roa
File:                     Sp6LS-Lr7aNgCkiG-x4vIYL0m7M.roa (raw, json)
Hash identifier:          4a/RW16MYDyNLA++zl3ynSiVWGswaNsaMa2lua4RkWg=
Subject key identifier:   4A:9E:8B:4B:E2:EB:ED:A3:60:0A:48:86:FB:1E:2F:21:82:F4:9B:B3
Certificate issuer:       /CN=9344b4879f19ee719a351463001726f686d659ef
Certificate serial:       01941FFA6DA556CB835028E9574E5DA3B05C
Authority key identifier: 93:44:B4:87:9F:19:EE:71:9A:35:14:63:00:17:26:F6:86:D6:59:EF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/k0S0h58Z7nGaNRRjABcm9obWWe8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4c/5858f1-29c5-46e6-a76d-5a40e52cd481/1/Sp6LS-Lr7aNgCkiG-x4vIYL0m7M.roa
Signing time:             Wed 01 Jan 2025 03:48:13 +0000
ROA not before:           Wed 01 Jan 2025 03:48:13 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     51432
IP address blocks:        185.55.208.0/22 maxlen: 32
                          2a02:22f8::/29 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4c/5858f1-29c5-46e6-a76d-5a40e52cd481/1/k0S0h58Z7nGaNRRjABcm9obWWe8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4c/5858f1-29c5-46e6-a76d-5a40e52cd481/1/k0S0h58Z7nGaNRRjABcm9obWWe8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/k0S0h58Z7nGaNRRjABcm9obWWe8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 23:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:fa:6d:a5:56:cb:83:50:28:e9:57:4e:5d:a3:b0:5c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9344b4879f19ee719a351463001726f686d659ef
        Validity
            Not Before: Jan  1 03:48:13 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4a9e8b4be2ebeda3600a4886fb1e2f2182f49bb3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:54:c1:3b:da:be:3f:b2:08:f0:75:41:d0:23:
                    6b:18:90:1c:65:35:ae:ae:dc:c6:dd:dc:50:df:31:
                    4a:fe:94:84:a9:d8:b9:a0:75:0a:98:88:cf:ab:6a:
                    49:b7:37:ee:1b:b7:33:4a:01:e4:be:0b:39:83:5e:
                    cd:a2:92:6f:7c:9c:d0:de:0f:6a:97:d5:5c:a2:34:
                    00:97:7f:90:6e:0e:58:f5:a8:e7:df:3c:63:51:34:
                    d1:08:73:6a:3c:cd:67:51:3c:b9:fb:f5:62:84:bb:
                    b3:56:76:30:10:52:7b:2a:8b:f2:6b:f7:b7:36:67:
                    e4:9a:e0:5c:01:87:ba:8c:ab:2a:3f:b5:93:ff:1a:
                    a1:36:42:5d:80:b1:58:3d:20:cd:ac:61:af:f5:a0:
                    e5:cd:88:cb:fb:af:76:33:cc:9d:ac:6a:05:6d:51:
                    0d:f8:cb:df:d4:a5:dd:56:7e:f0:b3:64:87:0d:aa:
                    33:85:fd:94:f2:59:0b:53:28:14:60:14:55:18:c4:
                    0a:6b:a8:6d:27:5b:73:f1:a9:ee:c1:47:59:69:d3:
                    8e:5a:cf:9c:09:49:33:a5:45:16:37:38:88:f0:7b:
                    d1:aa:46:3f:5c:a1:c4:7c:c8:fa:b5:13:b1:49:4b:
                    70:0a:3e:ff:8d:04:99:cf:2d:0e:d3:14:1b:a1:39:
                    fd:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4A:9E:8B:4B:E2:EB:ED:A3:60:0A:48:86:FB:1E:2F:21:82:F4:9B:B3
            X509v3 Authority Key Identifier:
                keyid:93:44:B4:87:9F:19:EE:71:9A:35:14:63:00:17:26:F6:86:D6:59:EF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/k0S0h58Z7nGaNRRjABcm9obWWe8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/5858f1-29c5-46e6-a76d-5a40e52cd481/1/Sp6LS-Lr7aNgCkiG-x4vIYL0m7M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/5858f1-29c5-46e6-a76d-5a40e52cd481/1/k0S0h58Z7nGaNRRjABcm9obWWe8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.55.208.0/22
                IPv6:
                  2a02:22f8::/29

    Signature Algorithm: sha256WithRSAEncryption
         20:6f:b5:4a:e3:f2:d8:94:6b:e8:7b:a3:35:b9:f5:60:a7:89:
         67:1a:8a:1e:d2:e3:fd:3b:d7:0e:7f:97:e2:f3:fa:b3:d5:f5:
         bb:57:a5:13:79:41:16:3c:be:a6:bf:db:7d:52:a5:2a:8d:61:
         ba:96:61:bd:5b:50:fb:5c:8b:de:b4:a7:d4:0a:9f:84:2f:5d:
         8c:f7:d1:37:e0:37:6f:ea:36:3b:40:37:ea:46:15:93:51:19:
         fe:92:84:67:17:19:9c:75:3e:2d:e9:3f:22:27:0d:12:9d:7a:
         a2:fc:b3:7f:6a:67:a2:d7:62:c5:66:f0:ae:d3:ed:cd:2a:4d:
         c3:30:03:17:c5:56:b8:08:48:ab:5b:bd:e1:94:f6:fd:46:07:
         38:61:f2:09:a1:04:5c:f0:af:94:21:49:0e:1f:23:05:30:2a:
         85:5b:9d:81:21:2e:d5:87:33:77:c2:2e:af:26:e7:1b:39:40:
         28:bc:75:2e:a2:a6:d0:c4:00:99:b6:38:60:82:dc:e6:74:ab:
         4a:30:8f:af:12:a8:7a:e7:17:c9:97:e6:ee:02:85:99:7d:e4:
         33:2b:e6:6e:39:80:08:b2:18:6e:e2:19:9d:c3:02:43:fd:ca:
         c4:d1:51:dd:d2:56:8e:60:45:9d:de:e3:48:2a:41:a4:9a:8e:
         90:f3:90:f0
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQf+m2lVsuDUCjpV05do7BcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkzNDRiNDg3OWYxOWVlNzE5YTM1MTQ2MzAwMTcyNmY2ODZk
NjU5ZWYwHhcNMjUwMTAxMDM0ODEzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YTllOGI0YmUyZWJlZGEzNjAwYTQ4ODZmYjFlMmYyMTgyZjQ5YmIzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvlTBO9q+P7II8HVB0CNrGJAcZTWu
rtzG3dxQ3zFK/pSEqdi5oHUKmIjPq2pJtzfuG7czSgHkvgs5g17NopJvfJzQ3g9q
l9VcojQAl3+Qbg5Y9ajn3zxjUTTRCHNqPM1nUTy5+/VihLuzVnYwEFJ7Kovya/e3
NmfkmuBcAYe6jKsqP7WT/xqhNkJdgLFYPSDNrGGv9aDlzYjL+692M8ydrGoFbVEN
+Mvf1KXdVn7ws2SHDaozhf2U8lkLUygUYBRVGMQKa6htJ1tz8anuwUdZadOOWs+c
CUkzpUUWNziI8HvRqkY/XKHEfMj6tROxSUtwCj7/jQSZzy0O0xQboTn9KQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFEqei0vi6+2jYApIhvseLyGC9JuzMB8GA1UdIwQY
MBaAFJNEtIefGe5xmjUUYwAXJvaG1lnvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvazBTMGg1OFo3bkdhTlJSakFCY205b2JXV2U4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yy81ODU4ZjEtMjljNS00NmU2LWE3NmQt
NWE0MGU1MmNkNDgxLzEvU3A2TFMtTHI3YU5nQ2tpRy14NHZJWUwwbTdNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yy81ODU4ZjEtMjljNS00NmU2LWE3NmQtNWE0MGU1MmNkNDgx
LzEvazBTMGg1OFo3bkdhTlJSakFCY205b2JXV2U4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuTfQMA0E
AgACMAcDBQMqAiL4MA0GCSqGSIb3DQEBCwUAA4IBAQAgb7VK4/LYlGvoe6M1ufVg
p4lnGooe0uP9O9cOf5fi8/qz1fW7V6UTeUEWPL6mv9t9UqUqjWG6lmG9W1D7XIve
tKfUCp+EL12M99E34Ddv6jY7QDfqRhWTURn+koRnFxmcdT4t6T8iJw0SnXqi/LN/
amei12LFZvCu0+3NKk3DMAMXxVa4CEirW73hlPb9Rgc4YfIJoQRc8K+UIUkOHyMF
MCqFW52BIS7VhzN3wi6vJucbOUAovHUuoqbQxACZtjhggtzmdKtKMI+vEqh65xfJ
l+buAoWZfeQzK+ZuOYAIshhu4hmdwwJD/crE0VHd0laOYEWd3uNIKkGkmo6Q85Dw
-----END CERTIFICATE-----