Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4f/2d2eb6-05d5-47a0-8fed-ebf32a0469c7/1/rGUQbl63n9K0Wn_57q9XL0tQAuA.roa
File:                     rGUQbl63n9K0Wn_57q9XL0tQAuA.roa (raw, json)
Hash identifier:          vyvu3YaIjRy8oAh1PUr3JRdMW+KlCqlVTwrvF8kfQF4=
Subject key identifier:   AC:65:10:6E:5E:B7:9F:D2:B4:5A:7F:F9:EE:AF:57:2F:4B:50:02:E0
Certificate issuer:       /CN=4adcf19672965f51b16d87afab1b149082e6c3ee
Certificate serial:       01942067D4FAA0F417FD708401F79E05456F
Authority key identifier: 4A:DC:F1:96:72:96:5F:51:B1:6D:87:AF:AB:1B:14:90:82:E6:C3:EE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/StzxlnKWX1GxbYevqxsUkILmw-4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4f/2d2eb6-05d5-47a0-8fed-ebf32a0469c7/1/rGUQbl63n9K0Wn_57q9XL0tQAuA.roa
Signing time:             Wed 01 Jan 2025 05:47:43 +0000
ROA not before:           Wed 01 Jan 2025 05:47:43 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     205174
IP address blocks:        185.217.220.0/22 maxlen: 22
                          185.217.222.0/24 maxlen: 24
                          2a0c:e200::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4f/2d2eb6-05d5-47a0-8fed-ebf32a0469c7/1/StzxlnKWX1GxbYevqxsUkILmw-4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4f/2d2eb6-05d5-47a0-8fed-ebf32a0469c7/1/StzxlnKWX1GxbYevqxsUkILmw-4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/StzxlnKWX1GxbYevqxsUkILmw-4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:67:d4:fa:a0:f4:17:fd:70:84:01:f7:9e:05:45:6f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4adcf19672965f51b16d87afab1b149082e6c3ee
        Validity
            Not Before: Jan  1 05:47:43 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ac65106e5eb79fd2b45a7ff9eeaf572f4b5002e0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e9:cb:11:0b:69:f0:05:18:5a:ad:6c:db:26:0a:
                    37:ad:15:b9:91:e7:3c:98:d2:93:f1:1d:22:08:f5:
                    59:34:78:43:1b:f2:64:3b:a8:69:b8:b0:ff:7a:97:
                    87:a4:ad:20:43:76:21:53:64:5d:9f:62:9d:28:4f:
                    3d:e0:74:87:b4:03:8b:7c:04:2c:bf:f0:d1:92:e5:
                    7f:96:b3:f0:70:a4:60:39:91:ca:bb:3c:2b:d3:0c:
                    b8:73:df:bd:87:88:0d:27:24:6f:dc:51:3f:40:27:
                    8a:83:31:0a:08:cd:26:be:b9:d4:f0:b3:69:c7:0c:
                    46:ef:21:b7:37:e4:e4:3b:9c:d1:81:e5:f3:48:a8:
                    86:88:38:da:2b:ca:b5:c6:40:3a:65:83:08:35:09:
                    5b:d0:f8:83:24:79:86:97:48:e7:92:03:b9:e4:27:
                    37:c7:ca:7f:a9:5e:8f:f5:d6:0b:c2:a0:8c:2a:8b:
                    ad:d7:22:17:96:d6:75:aa:a7:26:8d:ea:49:bb:3d:
                    95:d7:af:e0:c3:99:27:ad:ac:f3:c8:6e:fb:d0:c9:
                    3b:35:09:5b:2f:98:89:97:22:41:53:63:f4:39:97:
                    b7:6a:ba:0e:71:cd:cf:ea:74:d5:0c:4b:f3:56:9f:
                    5a:c1:46:b0:9c:62:17:ca:ea:0f:73:46:f0:7c:3c:
                    ca:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AC:65:10:6E:5E:B7:9F:D2:B4:5A:7F:F9:EE:AF:57:2F:4B:50:02:E0
            X509v3 Authority Key Identifier:
                keyid:4A:DC:F1:96:72:96:5F:51:B1:6D:87:AF:AB:1B:14:90:82:E6:C3:EE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/StzxlnKWX1GxbYevqxsUkILmw-4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4f/2d2eb6-05d5-47a0-8fed-ebf32a0469c7/1/rGUQbl63n9K0Wn_57q9XL0tQAuA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4f/2d2eb6-05d5-47a0-8fed-ebf32a0469c7/1/StzxlnKWX1GxbYevqxsUkILmw-4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.217.220.0/22
                IPv6:
                  2a0c:e200::/29

    Signature Algorithm: sha256WithRSAEncryption
         45:fe:74:f0:f4:0f:b5:9e:c3:43:25:69:d0:60:f4:99:19:bd:
         5c:0c:0b:0b:e0:17:3e:b5:c3:af:0e:5d:45:57:e4:a5:3e:0b:
         d4:89:cc:46:7e:ef:93:a2:6a:e8:ac:9f:d8:18:49:37:2d:8f:
         0a:08:7b:91:9b:6d:71:d6:73:f3:17:9e:28:f4:87:41:e0:41:
         e3:12:7b:d7:c3:46:d0:d0:b6:24:d6:7a:5f:c6:f8:fe:f4:00:
         67:e5:62:e6:f0:f4:8e:f2:71:59:26:38:22:d2:4b:b3:a9:9c:
         ae:ad:6e:ba:8c:c0:af:64:04:23:a2:39:4b:92:0c:be:14:e1:
         e2:99:1a:2b:f0:1a:35:83:bc:5f:f4:8b:f4:5e:70:e1:24:4a:
         4a:22:91:f0:0f:2d:fa:18:2c:4f:30:af:56:91:9c:0b:63:22:
         44:84:0b:40:d1:b4:fd:e8:fe:dc:c9:8e:b3:54:17:46:d3:b8:
         5a:98:73:da:eb:69:97:50:63:2b:2d:4a:fc:5c:fa:8a:7d:df:
         06:30:f2:0e:d6:0f:8b:2a:06:35:ba:a8:5a:0d:e4:6d:b3:ab:
         14:6c:96:af:54:76:b1:77:2f:3b:23:26:26:ae:c0:1d:d5:99:
         a6:9f:8a:f7:aa:f0:3a:77:fe:5d:ec:19:f3:7d:00:7e:a0:87:
         61:66:5a:7c
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQgZ9T6oPQX/XCEAfeeBUVvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRhZGNmMTk2NzI5NjVmNTFiMTZkODdhZmFiMWIxNDkwODJl
NmMzZWUwHhcNMjUwMTAxMDU0NzQzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYzY1MTA2ZTVlYjc5ZmQyYjQ1YTdmZjllZWFmNTcyZjRiNTAwMmUwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6csRC2nwBRharWzbJgo3rRW5kec8
mNKT8R0iCPVZNHhDG/JkO6hpuLD/epeHpK0gQ3YhU2Rdn2KdKE894HSHtAOLfAQs
v/DRkuV/lrPwcKRgOZHKuzwr0wy4c9+9h4gNJyRv3FE/QCeKgzEKCM0mvrnU8LNp
xwxG7yG3N+TkO5zRgeXzSKiGiDjaK8q1xkA6ZYMINQlb0PiDJHmGl0jnkgO55Cc3
x8p/qV6P9dYLwqCMKout1yIXltZ1qqcmjepJuz2V16/gw5knrazzyG770Mk7NQlb
L5iJlyJBU2P0OZe3aroOcc3P6nTVDEvzVp9awUawnGIXyuoPc0bwfDzK4wIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFKxlEG5et5/StFp/+e6vVy9LUALgMB8GA1UdIwQY
MBaAFErc8ZZyll9RsW2Hr6sbFJCC5sPuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU3R6eGxuS1dYMUd4YllldnF4c1VrSUxtdy00LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Zi8yZDJlYjYtMDVkNS00N2EwLThmZWQt
ZWJmMzJhMDQ2OWM3LzEvckdVUWJsNjNuOUswV25fNTdxOVhMMHRRQXVBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Zi8yZDJlYjYtMDVkNS00N2EwLThmZWQtZWJmMzJhMDQ2OWM3
LzEvU3R6eGxuS1dYMUd4YllldnF4c1VrSUxtdy00LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCudncMA0E
AgACMAcDBQMqDOIAMA0GCSqGSIb3DQEBCwUAA4IBAQBF/nTw9A+1nsNDJWnQYPSZ
Gb1cDAsL4Bc+tcOvDl1FV+SlPgvUicxGfu+TomrorJ/YGEk3LY8KCHuRm21x1nPz
F54o9IdB4EHjEnvXw0bQ0LYk1npfxvj+9ABn5WLm8PSO8nFZJjgi0kuzqZyurW66
jMCvZAQjojlLkgy+FOHimRor8Bo1g7xf9Iv0XnDhJEpKIpHwDy36GCxPMK9WkZwL
YyJEhAtA0bT96P7cyY6zVBdG07hamHPa62mXUGMrLUr8XPqKfd8GMPIO1g+LKgY1
uqhaDeRts6sUbJavVHaxdy87IyYmrsAd1Zmmn4r3qvA6d/5d7BnzfQB+oIdhZlp8
-----END CERTIFICATE-----