Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4e/36e838-1bbf-4cc0-b5da-4180f9e30945/1/49hgdGQLZzb2UEr0v1DR3B_4G88.roa
File:                     49hgdGQLZzb2UEr0v1DR3B_4G88.roa (raw, json)
Hash identifier:          ieB3PoGbaENiV1L+4PpT2lhh7W1Z3Cv1HFM+GYljVmg=
Subject key identifier:   E3:D8:60:74:64:0B:67:36:F6:50:4A:F4:BF:50:D1:DC:1F:F8:1B:CF
Certificate issuer:       /CN=dac4cb51150802a4018cc256ad29f54720675ed5
Certificate serial:       01941F8C6120DF06AE66B15F535A23CAD77D
Authority key identifier: DA:C4:CB:51:15:08:02:A4:01:8C:C2:56:AD:29:F5:47:20:67:5E:D5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2sTLURUIAqQBjMJWrSn1RyBnXtU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4e/36e838-1bbf-4cc0-b5da-4180f9e30945/1/49hgdGQLZzb2UEr0v1DR3B_4G88.roa
Signing time:             Wed 01 Jan 2025 01:48:01 +0000
ROA not before:           Wed 01 Jan 2025 01:48:01 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     211457
IP address blocks:        185.218.105.0/24 maxlen: 24
                          2a10:d3c0::/29 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4e/36e838-1bbf-4cc0-b5da-4180f9e30945/1/2sTLURUIAqQBjMJWrSn1RyBnXtU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4e/36e838-1bbf-4cc0-b5da-4180f9e30945/1/2sTLURUIAqQBjMJWrSn1RyBnXtU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2sTLURUIAqQBjMJWrSn1RyBnXtU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 22 Feb 2025 10:00:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:8c:61:20:df:06:ae:66:b1:5f:53:5a:23:ca:d7:7d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dac4cb51150802a4018cc256ad29f54720675ed5
        Validity
            Not Before: Jan  1 01:48:01 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e3d86074640b6736f6504af4bf50d1dc1ff81bcf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:5e:e6:8b:c2:8b:94:e7:25:2f:39:43:e6:a0:
                    1d:46:05:f9:1e:3b:30:71:a4:c1:9b:c8:00:d7:ac:
                    7b:6e:3e:32:51:23:1d:33:cc:bf:ed:c1:7f:02:bf:
                    a4:05:70:73:af:e7:7e:20:15:dd:fa:7b:f3:5d:32:
                    bc:18:a4:78:d6:61:ae:32:d0:67:01:90:03:ab:12:
                    03:33:5e:b3:9b:2d:7f:47:d8:c3:62:25:28:d1:3a:
                    3d:55:58:7a:6c:fe:f0:6d:5d:07:01:1d:2a:86:e6:
                    5c:11:27:c0:de:7c:fc:01:57:06:46:00:4f:d5:d2:
                    e1:d4:c5:61:5c:62:2e:5d:d2:0a:d6:7b:00:6d:c9:
                    90:9a:b9:be:43:27:f4:47:a4:4c:c9:8d:57:f1:93:
                    69:9a:b7:a7:ca:8d:b4:77:59:88:54:18:89:65:da:
                    f5:19:15:33:09:9d:cc:bd:b5:94:80:5c:95:07:b8:
                    d0:0c:61:90:d7:25:be:35:72:81:ec:24:b7:3c:13:
                    fe:d4:3a:c6:1c:1d:fc:35:ba:64:1e:59:d4:dd:a3:
                    01:3f:ee:cc:40:4b:86:5b:5f:61:11:b4:37:3c:cc:
                    cc:0a:9a:93:54:97:e1:09:16:4d:df:73:cc:be:5d:
                    b2:6a:54:25:e1:87:16:27:dc:1f:58:4f:bb:47:a4:
                    c0:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E3:D8:60:74:64:0B:67:36:F6:50:4A:F4:BF:50:D1:DC:1F:F8:1B:CF
            X509v3 Authority Key Identifier:
                keyid:DA:C4:CB:51:15:08:02:A4:01:8C:C2:56:AD:29:F5:47:20:67:5E:D5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2sTLURUIAqQBjMJWrSn1RyBnXtU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/36e838-1bbf-4cc0-b5da-4180f9e30945/1/49hgdGQLZzb2UEr0v1DR3B_4G88.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/36e838-1bbf-4cc0-b5da-4180f9e30945/1/2sTLURUIAqQBjMJWrSn1RyBnXtU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.218.105.0/24
                IPv6:
                  2a10:d3c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         02:40:74:78:c5:95:de:18:5f:91:3f:11:87:e9:a1:87:8c:37:
         27:3a:21:63:e7:ff:b2:01:6c:1f:cf:d6:47:a6:62:d5:67:5e:
         d1:6d:d0:77:30:04:b7:85:b5:86:2d:51:d5:a9:a1:18:85:1f:
         64:76:e2:c3:1d:1d:ad:b7:95:01:eb:43:9b:b7:68:c9:e4:d8:
         a8:fb:71:1b:5f:17:51:10:ef:9d:11:94:00:31:52:f7:31:6a:
         af:59:f7:e4:8e:20:ed:f3:b0:0a:6c:a6:1e:03:62:ab:1e:1d:
         fa:95:1a:cf:93:64:db:72:90:8f:8b:82:26:45:2e:9d:aa:4b:
         39:08:8d:8c:c8:96:66:60:cf:58:53:ec:2a:63:70:9c:cc:94:
         8d:98:f7:21:40:73:c2:29:23:ad:ec:0e:bf:f9:c1:1b:4a:46:
         22:80:7b:e9:d9:8b:cd:a4:44:d4:ef:07:46:7e:08:1b:66:72:
         82:fc:d7:39:48:f5:fa:25:27:62:bd:f7:b2:03:07:b4:2c:a8:
         33:6c:f6:e1:93:dc:0d:27:43:aa:10:68:a3:4e:27:a2:46:0b:
         ba:2e:e3:9f:63:79:3b:e1:08:c7:01:17:ff:a6:de:a4:8f:64:
         37:0b:bf:49:e1:fa:6e:dc:74:f0:8f:d7:e7:ab:98:8c:c7:ed:
         f6:d4:8e:6c
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQfjGEg3wauZrFfU1ojytd9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRhYzRjYjUxMTUwODAyYTQwMThjYzI1NmFkMjlmNTQ3MjA2
NzVlZDUwHhcNMjUwMTAxMDE0ODAxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlM2Q4NjA3NDY0MGI2NzM2ZjY1MDRhZjRiZjUwZDFkYzFmZjgxYmNmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu17mi8KLlOclLzlD5qAdRgX5Hjsw
caTBm8gA16x7bj4yUSMdM8y/7cF/Ar+kBXBzr+d+IBXd+nvzXTK8GKR41mGuMtBn
AZADqxIDM16zmy1/R9jDYiUo0To9VVh6bP7wbV0HAR0qhuZcESfA3nz8AVcGRgBP
1dLh1MVhXGIuXdIK1nsAbcmQmrm+Qyf0R6RMyY1X8ZNpmrenyo20d1mIVBiJZdr1
GRUzCZ3MvbWUgFyVB7jQDGGQ1yW+NXKB7CS3PBP+1DrGHB38NbpkHlnU3aMBP+7M
QEuGW19hEbQ3PMzMCpqTVJfhCRZN33PMvl2yalQl4YcWJ9wfWE+7R6TAOwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFOPYYHRkC2c29lBK9L9Q0dwf+BvPMB8GA1UdIwQY
MBaAFNrEy1EVCAKkAYzCVq0p9UcgZ17VMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMnNUTFVSVUlBcVFCak1KV3JTbjFSeUJuWHRVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZS8zNmU4MzgtMWJiZi00Y2MwLWI1ZGEt
NDE4MGY5ZTMwOTQ1LzEvNDloZ2RHUUxaemIyVUVyMHYxRFIzQl80Rzg4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZS8zNmU4MzgtMWJiZi00Y2MwLWI1ZGEtNDE4MGY5ZTMwOTQ1
LzEvMnNUTFVSVUlBcVFCak1KV3JTbjFSeUJuWHRVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAudppMA0E
AgACMAcDBQMqENPAMA0GCSqGSIb3DQEBCwUAA4IBAQACQHR4xZXeGF+RPxGH6aGH
jDcnOiFj5/+yAWwfz9ZHpmLVZ17RbdB3MAS3hbWGLVHVqaEYhR9kduLDHR2tt5UB
60Obt2jJ5Nio+3EbXxdREO+dEZQAMVL3MWqvWffkjiDt87AKbKYeA2KrHh36lRrP
k2TbcpCPi4ImRS6dqks5CI2MyJZmYM9YU+wqY3CczJSNmPchQHPCKSOt7A6/+cEb
SkYigHvp2YvNpETU7wdGfggbZnKC/Nc5SPX6JSdivfeyAwe0LKgzbPbhk9wNJ0Oq
EGijTieiRgu6LuOfY3k74QjHARf/pt6kj2Q3C79J4fpu3HTwj9fnq5iMx+321I5s
-----END CERTIFICATE-----