Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/7b8b6f-e44c-49cb-8c93-0f08559d7d18/1/aBjEn09c9jlvq3tyQ6uQKbAuHow.roa
File:                     aBjEn09c9jlvq3tyQ6uQKbAuHow.roa (raw, json)
Hash identifier:          k2Il8Q6rfTX6EoDV8IvCybU7+NvXuouKuK8ZTUniptc=
Subject key identifier:   68:18:C4:9F:4F:5C:F6:39:6F:AB:7B:72:43:AB:90:29:B0:2E:1E:8C
Certificate issuer:       /CN=2698a5754dee9eef6f224562cb8239ac8bdb05b8
Certificate serial:       0194266C45628AAF0BAA1F73700B64A66B0F
Authority key identifier: 26:98:A5:75:4D:EE:9E:EF:6F:22:45:62:CB:82:39:AC:8B:DB:05:B8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JpildU3unu9vIkViy4I5rIvbBbg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/7b8b6f-e44c-49cb-8c93-0f08559d7d18/1/aBjEn09c9jlvq3tyQ6uQKbAuHow.roa
Signing time:             Thu 02 Jan 2025 09:50:17 +0000
ROA not before:           Thu 02 Jan 2025 09:50:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     64396
IP address blocks:        185.167.80.0/22 maxlen: 24
                          2a0b:5200::/29 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/7b8b6f-e44c-49cb-8c93-0f08559d7d18/1/JpildU3unu9vIkViy4I5rIvbBbg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/7b8b6f-e44c-49cb-8c93-0f08559d7d18/1/JpildU3unu9vIkViy4I5rIvbBbg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JpildU3unu9vIkViy4I5rIvbBbg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 14 Apr 2025 15:01:01 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:6c:45:62:8a:af:0b:aa:1f:73:70:0b:64:a6:6b:0f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2698a5754dee9eef6f224562cb8239ac8bdb05b8
        Validity
            Not Before: Jan  2 09:50:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6818c49f4f5cf6396fab7b7243ab9029b02e1e8c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:e8:0b:ff:33:af:dd:84:d8:98:c0:90:59:86:
                    64:95:a6:7a:dc:00:d2:aa:d1:72:12:e2:f7:1c:dc:
                    ec:e5:f3:9b:bb:d3:2a:40:3a:3f:61:33:04:85:43:
                    33:7e:af:e1:0d:24:79:93:76:60:22:8e:fc:3b:b8:
                    d7:7d:47:49:4b:6f:19:23:46:c0:1b:77:09:0d:c0:
                    e6:d3:08:f2:30:00:9d:0a:bd:78:ad:b7:d1:f3:b5:
                    d3:d1:55:b6:56:36:81:d0:da:c7:54:e5:3a:57:ac:
                    12:1a:22:2e:91:b9:f0:c4:33:03:68:3d:f0:5c:d0:
                    f4:ac:98:47:1f:59:86:ea:61:13:52:72:71:87:84:
                    7c:c7:52:9e:47:51:05:7c:cf:d0:d3:39:02:94:5d:
                    8b:71:f4:dd:85:20:7b:70:92:08:a8:9c:de:b0:4a:
                    69:8d:48:46:5e:c8:f8:32:48:b4:6f:91:4f:17:ce:
                    2d:12:24:d2:62:98:85:a8:24:d5:c8:84:a6:06:fa:
                    ac:35:01:f4:7c:82:6b:7e:88:5d:62:ce:06:49:e5:
                    e6:93:1d:cd:75:b3:24:2c:ba:d4:47:cb:f9:6a:2d:
                    30:41:49:cd:66:a6:51:84:f0:27:43:73:d9:d8:51:
                    da:46:7b:47:fc:74:5a:65:b5:67:64:9a:3d:b2:55:
                    8d:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                68:18:C4:9F:4F:5C:F6:39:6F:AB:7B:72:43:AB:90:29:B0:2E:1E:8C
            X509v3 Authority Key Identifier:
                keyid:26:98:A5:75:4D:EE:9E:EF:6F:22:45:62:CB:82:39:AC:8B:DB:05:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JpildU3unu9vIkViy4I5rIvbBbg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/7b8b6f-e44c-49cb-8c93-0f08559d7d18/1/aBjEn09c9jlvq3tyQ6uQKbAuHow.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/7b8b6f-e44c-49cb-8c93-0f08559d7d18/1/JpildU3unu9vIkViy4I5rIvbBbg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.167.80.0/22
                IPv6:
                  2a0b:5200::/29

    Signature Algorithm: sha256WithRSAEncryption
         45:ce:5d:f1:09:df:2f:c3:8e:66:0f:a7:5d:92:8d:49:d0:63:
         49:06:be:74:d7:51:96:32:52:d7:01:a7:bf:2f:bb:c2:76:5d:
         48:ce:3f:22:83:5d:d3:1d:a0:40:44:b0:ae:c5:54:14:80:e1:
         e5:b9:19:dd:76:72:48:40:72:be:62:65:ff:18:f8:69:b2:8d:
         4b:d4:15:05:b1:6c:fc:2d:f1:08:9e:92:2a:11:34:4c:88:79:
         20:3a:3f:e7:6e:0d:05:e0:01:cb:a1:ff:89:9b:9f:b5:9f:62:
         de:16:2b:f0:c2:97:0a:6a:ff:d7:37:75:7a:c3:66:76:6b:6b:
         d4:28:96:4e:f7:0a:0e:a4:4c:20:44:0b:60:0e:3d:e2:c2:2b:
         d6:30:a6:49:7c:e6:94:5c:6f:c4:a5:22:c7:62:9d:cc:c8:9b:
         79:f7:33:0e:f8:5f:2f:f6:37:dc:8d:3c:33:9d:b0:9a:2f:21:
         30:b0:7e:b0:bc:b9:9e:dc:ac:ca:14:64:cc:26:d8:a3:fe:5c:
         6f:bf:92:f7:7c:88:92:ec:15:22:ad:17:ab:be:fd:3c:59:d9:
         b4:51:af:bf:77:c7:2e:d9:59:fd:3a:e2:18:9d:1a:ae:64:8e:
         1f:c7:a7:77:44:72:48:b4:8d:5e:94:38:f9:13:eb:8e:92:30:
         a2:86:17:25
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQmbEViiq8Lqh9zcAtkpmsPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI2OThhNTc1NGRlZTllZWY2ZjIyNDU2MmNiODIzOWFjOGJk
YjA1YjgwHhcNMjUwMTAyMDk1MDE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ODE4YzQ5ZjRmNWNmNjM5NmZhYjdiNzI0M2FiOTAyOWIwMmUxZThjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0egL/zOv3YTYmMCQWYZklaZ63ADS
qtFyEuL3HNzs5fObu9MqQDo/YTMEhUMzfq/hDSR5k3ZgIo78O7jXfUdJS28ZI0bA
G3cJDcDm0wjyMACdCr14rbfR87XT0VW2VjaB0NrHVOU6V6wSGiIukbnwxDMDaD3w
XND0rJhHH1mG6mETUnJxh4R8x1KeR1EFfM/Q0zkClF2LcfTdhSB7cJIIqJzesEpp
jUhGXsj4Mki0b5FPF84tEiTSYpiFqCTVyISmBvqsNQH0fIJrfohdYs4GSeXmkx3N
dbMkLLrUR8v5ai0wQUnNZqZRhPAnQ3PZ2FHaRntH/HRaZbVnZJo9slWNlQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFGgYxJ9PXPY5b6t7ckOrkCmwLh6MMB8GA1UdIwQY
MBaAFCaYpXVN7p7vbyJFYsuCOayL2wW4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSnBpbGRVM3VudTl2SWtWaXk0STVySXZiQmJnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS83YjhiNmYtZTQ0Yy00OWNiLThjOTMt
MGYwODU1OWQ3ZDE4LzEvYUJqRW4wOWM5amx2cTN0eVE2dVFLYkF1SG93LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS83YjhiNmYtZTQ0Yy00OWNiLThjOTMtMGYwODU1OWQ3ZDE4
LzEvSnBpbGRVM3VudTl2SWtWaXk0STVySXZiQmJnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuadQMA0E
AgACMAcDBQMqC1IAMA0GCSqGSIb3DQEBCwUAA4IBAQBFzl3xCd8vw45mD6ddko1J
0GNJBr5011GWMlLXAae/L7vCdl1Izj8ig13THaBARLCuxVQUgOHluRnddnJIQHK+
YmX/GPhpso1L1BUFsWz8LfEInpIqETRMiHkgOj/nbg0F4AHLof+Jm5+1n2LeFivw
wpcKav/XN3V6w2Z2a2vUKJZO9woOpEwgRAtgDj3iwivWMKZJfOaUXG/EpSLHYp3M
yJt59zMO+F8v9jfcjTwznbCaLyEwsH6wvLme3KzKFGTMJtij/lxvv5L3fIiS7BUi
rRervv08Wdm0Ua+/d8cu2Vn9OuIYnRquZI4fx6d3RHJItI1elDj5E+uOkjCihhcl
-----END CERTIFICATE-----