Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4d/8fad67-bb6b-4773-b81e-c900a89f20f1/1/_O08NAMTRYiI66s3j5CAN1Tnfbs.roa
File:                     _O08NAMTRYiI66s3j5CAN1Tnfbs.roa (raw, json)
Hash identifier:          tT0fH123IaRd9D3zuV26RbVwu75ai0sfSAd21oMJcLM=
Subject key identifier:   FC:ED:3C:34:03:13:45:88:88:EB:AB:37:8F:90:80:37:54:E7:7D:BB
Certificate issuer:       /CN=541fdc7a2f11a5766d3ad7bdf625ce5e119a8fdf
Certificate serial:       019427B661CF4B47F1948ED2FB87186A04CD
Authority key identifier: 54:1F:DC:7A:2F:11:A5:76:6D:3A:D7:BD:F6:25:CE:5E:11:9A:8F:DF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VB_cei8RpXZtOte99iXOXhGaj98.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4d/8fad67-bb6b-4773-b81e-c900a89f20f1/1/_O08NAMTRYiI66s3j5CAN1Tnfbs.roa
Signing time:             Thu 02 Jan 2025 15:50:51 +0000
ROA not before:           Thu 02 Jan 2025 15:50:51 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     48881
IP address blocks:        185.104.48.0/21 maxlen: 21
                          185.104.180.0/22 maxlen: 22
                          2a06:1fc0::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4d/8fad67-bb6b-4773-b81e-c900a89f20f1/1/VB_cei8RpXZtOte99iXOXhGaj98.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4d/8fad67-bb6b-4773-b81e-c900a89f20f1/1/VB_cei8RpXZtOte99iXOXhGaj98.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VB_cei8RpXZtOte99iXOXhGaj98.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 19:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:b6:61:cf:4b:47:f1:94:8e:d2:fb:87:18:6a:04:cd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=541fdc7a2f11a5766d3ad7bdf625ce5e119a8fdf
        Validity
            Not Before: Jan  2 15:50:51 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=fced3c340313458888ebab378f90803754e77dbb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:45:4b:98:ea:ce:50:4f:d1:1e:8f:c3:ee:c3:
                    7b:0f:9b:f6:fd:e8:a5:9d:2b:cc:a6:43:82:1e:2a:
                    40:4e:d7:42:b0:1a:25:4a:e6:8a:1a:98:02:ec:f5:
                    ac:cb:e5:ef:0d:52:8b:83:96:2c:07:a8:3c:bd:55:
                    9b:65:26:38:3d:3b:c4:18:01:42:0e:47:20:e3:52:
                    c9:93:46:b5:49:78:26:32:3c:13:50:ae:50:2d:09:
                    9d:62:d9:b5:23:11:49:48:a2:77:7c:12:4e:9f:e2:
                    eb:7e:4c:8d:bf:d2:c6:24:73:d2:a5:8f:b4:a6:98:
                    0f:7d:55:81:a1:3a:2f:27:6c:fd:b4:de:2c:34:39:
                    2b:7a:80:12:7b:c4:a0:43:61:f1:2f:b8:5c:15:33:
                    6f:bc:1c:c1:02:64:f3:7f:dc:1d:f2:f1:42:e4:91:
                    e0:1d:ef:85:a9:0a:e5:72:87:dd:00:d6:99:ab:9a:
                    fa:b0:04:e2:15:01:70:7e:9a:d2:30:23:23:4f:2f:
                    6f:45:30:3b:ae:32:a6:07:7d:98:45:2b:fe:6e:32:
                    6d:97:da:18:3f:6d:1c:ee:c5:10:2a:55:88:db:7a:
                    75:41:ff:1d:5f:36:ef:e1:af:64:ae:ce:da:9d:a8:
                    01:74:17:99:85:87:f9:b4:bc:e5:18:a5:c8:ec:93:
                    53:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FC:ED:3C:34:03:13:45:88:88:EB:AB:37:8F:90:80:37:54:E7:7D:BB
            X509v3 Authority Key Identifier:
                keyid:54:1F:DC:7A:2F:11:A5:76:6D:3A:D7:BD:F6:25:CE:5E:11:9A:8F:DF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VB_cei8RpXZtOte99iXOXhGaj98.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/8fad67-bb6b-4773-b81e-c900a89f20f1/1/_O08NAMTRYiI66s3j5CAN1Tnfbs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/8fad67-bb6b-4773-b81e-c900a89f20f1/1/VB_cei8RpXZtOte99iXOXhGaj98.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.104.48.0/21
                  185.104.180.0/22
                IPv6:
                  2a06:1fc0::/29

    Signature Algorithm: sha256WithRSAEncryption
         45:ec:98:d4:62:f9:06:54:04:20:2f:21:5b:86:5b:e8:89:8a:
         89:e5:50:ce:76:b2:7a:98:62:46:96:63:ef:9d:31:76:63:77:
         ba:ff:30:cb:bc:48:5a:20:81:97:95:3f:0b:84:d0:5f:21:ea:
         86:cc:c9:95:e1:bc:54:ec:a9:d4:58:17:4d:af:4a:a9:84:bc:
         fe:ab:91:0c:39:50:d8:78:5e:33:e5:0b:cf:f8:0b:ea:92:1b:
         4a:07:2b:b8:b4:2c:98:fc:17:06:6b:19:5f:e0:9b:72:06:c2:
         c0:91:7c:40:cd:cb:5d:ec:7a:3f:6d:69:8e:5f:e1:44:cd:46:
         3d:72:0c:19:98:5f:f9:a3:60:71:1e:e2:45:a8:73:a3:d1:53:
         15:e9:aa:46:ed:6a:ad:a9:b0:71:87:f0:19:5b:06:62:0b:a1:
         53:cb:2c:76:a5:59:60:f8:89:8d:2b:e8:cd:23:f8:61:fb:6b:
         da:48:70:18:89:f9:f4:da:c3:95:5e:3f:be:c6:0e:22:93:75:
         19:53:db:c2:f9:aa:88:cb:8a:bf:ff:d4:01:cd:2e:27:a5:2f:
         23:4b:f9:3a:e5:15:7e:b0:f4:d2:30:f5:4b:8b:36:8c:84:d5:
         d3:b2:b9:66:32:3a:23:3a:0b:f0:f3:d5:a1:b3:79:b8:25:2f:
         52:3b:42:5b
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZQntmHPS0fxlI7S+4cYagTNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU0MWZkYzdhMmYxMWE1NzY2ZDNhZDdiZGY2MjVjZTVlMTE5
YThmZGYwHhcNMjUwMTAyMTU1MDUxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmY2VkM2MzNDAzMTM0NTg4ODhlYmFiMzc4ZjkwODAzNzU0ZTc3ZGJiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj0VLmOrOUE/RHo/D7sN7D5v2/eil
nSvMpkOCHipATtdCsBolSuaKGpgC7PWsy+XvDVKLg5YsB6g8vVWbZSY4PTvEGAFC
Dkcg41LJk0a1SXgmMjwTUK5QLQmdYtm1IxFJSKJ3fBJOn+LrfkyNv9LGJHPSpY+0
ppgPfVWBoTovJ2z9tN4sNDkreoASe8SgQ2HxL7hcFTNvvBzBAmTzf9wd8vFC5JHg
He+FqQrlcofdANaZq5r6sATiFQFwfprSMCMjTy9vRTA7rjKmB32YRSv+bjJtl9oY
P20c7sUQKlWI23p1Qf8dXzbv4a9krs7anagBdBeZhYf5tLzlGKXI7JNTrwIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFPztPDQDE0WIiOurN4+QgDdU5327MB8GA1UdIwQY
MBaAFFQf3HovEaV2bTrXvfYlzl4Rmo/fMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVkJfY2VpOFJwWFp0T3RlOTlpWE9YaEdhajk4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZC84ZmFkNjctYmI2Yi00NzczLWI4MWUt
YzkwMGE4OWYyMGYxLzEvX08wOE5BTVRSWWlJNjZzM2o1Q0FOMVRuZmJzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZC84ZmFkNjctYmI2Yi00NzczLWI4MWUtYzkwMGE4OWYyMGYx
LzEvVkJfY2VpOFJwWFp0T3RlOTlpWE9YaEdhajk4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQDuWgwAwQC
uWi0MA0EAgACMAcDBQMqBh/AMA0GCSqGSIb3DQEBCwUAA4IBAQBF7JjUYvkGVAQg
LyFbhlvoiYqJ5VDOdrJ6mGJGlmPvnTF2Y3e6/zDLvEhaIIGXlT8LhNBfIeqGzMmV
4bxU7KnUWBdNr0qphLz+q5EMOVDYeF4z5QvP+AvqkhtKByu4tCyY/BcGaxlf4Jty
BsLAkXxAzctd7Ho/bWmOX+FEzUY9cgwZmF/5o2BxHuJFqHOj0VMV6apG7WqtqbBx
h/AZWwZiC6FTyyx2pVlg+ImNK+jNI/hh+2vaSHAYifn02sOVXj++xg4ik3UZU9vC
+aqIy4q//9QBzS4npS8jS/k65RV+sPTSMPVLizaMhNXTsrlmMjojOgvw89Whs3m4
JS9SO0Jb
-----END CERTIFICATE-----