Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/54/487962-8588-4f0a-bb7d-aaa8d3a940ac/1/4ZmOjsOwgULv_B_QMvBBmXG9f0w.roa
File:                     4ZmOjsOwgULv_B_QMvBBmXG9f0w.roa (raw, json)
Hash identifier:          x7k9BFugEad58s4inzjh5oIEa4SPB8OHd1xRzbFg5n8=
Subject key identifier:   E1:99:8E:8E:C3:B0:81:42:EF:FC:1F:D0:32:F0:41:99:71:BD:7F:4C
Certificate issuer:       /CN=452e7d87922129df90c4870da2a7738404724858
Certificate serial:       019425215FF4EE6CD2E98094042F5342CA74
Authority key identifier: 45:2E:7D:87:92:21:29:DF:90:C4:87:0D:A2:A7:73:84:04:72:48:58
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RS59h5IhKd-QxIcNoqdzhARySFg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/54/487962-8588-4f0a-bb7d-aaa8d3a940ac/1/4ZmOjsOwgULv_B_QMvBBmXG9f0w.roa
Signing time:             Thu 02 Jan 2025 03:48:51 +0000
ROA not before:           Thu 02 Jan 2025 03:48:51 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     200583
IP address blocks:        185.34.248.0/22 maxlen: 22
                          185.34.248.0/24 maxlen: 24
                          185.102.41.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/54/487962-8588-4f0a-bb7d-aaa8d3a940ac/1/RS59h5IhKd-QxIcNoqdzhARySFg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/54/487962-8588-4f0a-bb7d-aaa8d3a940ac/1/RS59h5IhKd-QxIcNoqdzhARySFg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RS59h5IhKd-QxIcNoqdzhARySFg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 22 Feb 2025 02:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:21:5f:f4:ee:6c:d2:e9:80:94:04:2f:53:42:ca:74
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=452e7d87922129df90c4870da2a7738404724858
        Validity
            Not Before: Jan  2 03:48:51 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e1998e8ec3b08142effc1fd032f0419971bd7f4c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f7:29:e2:7a:a1:48:7d:75:8f:90:91:f3:65:2b:
                    6d:6c:04:f9:9f:fa:b6:0f:b0:ed:db:e8:df:02:c4:
                    e2:5e:6d:f9:83:4a:e7:74:a7:fa:c2:29:a5:20:cf:
                    33:12:64:2b:10:75:83:b6:ad:1a:ca:b7:ed:fe:fd:
                    3d:cf:bc:f8:9a:7c:8e:7b:24:b0:6c:a5:d8:e3:bc:
                    1b:1f:bd:f4:2c:30:a7:9f:20:37:64:41:bc:de:2d:
                    bd:09:fe:66:14:87:91:3c:ed:cb:95:b7:c7:6f:e1:
                    bc:22:06:10:0d:49:35:c2:e7:36:db:9d:8e:ff:8c:
                    8a:37:ae:f2:7f:d0:bb:08:9b:19:71:14:4a:e7:00:
                    9c:ac:c2:7d:03:c8:96:2f:a6:a8:b2:43:c0:da:9a:
                    20:a6:04:ae:aa:9b:77:2f:38:89:b3:92:b6:a4:3e:
                    9f:2b:ec:9f:97:51:35:41:bd:99:71:45:5c:6b:2b:
                    92:40:6f:d7:09:34:0d:7d:c0:23:cd:9d:33:b8:0b:
                    a2:1b:45:b3:45:2c:89:7e:6d:f3:72:d3:70:d1:5c:
                    b0:7e:c8:86:18:41:55:08:a8:8f:94:fb:af:3f:a8:
                    1f:cb:84:02:f1:d0:1b:4b:2e:20:39:56:c1:44:90:
                    dc:16:b5:ef:ef:22:eb:37:31:f3:60:97:71:dc:08:
                    cc:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E1:99:8E:8E:C3:B0:81:42:EF:FC:1F:D0:32:F0:41:99:71:BD:7F:4C
            X509v3 Authority Key Identifier:
                keyid:45:2E:7D:87:92:21:29:DF:90:C4:87:0D:A2:A7:73:84:04:72:48:58

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RS59h5IhKd-QxIcNoqdzhARySFg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/54/487962-8588-4f0a-bb7d-aaa8d3a940ac/1/4ZmOjsOwgULv_B_QMvBBmXG9f0w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/54/487962-8588-4f0a-bb7d-aaa8d3a940ac/1/RS59h5IhKd-QxIcNoqdzhARySFg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.34.248.0/22
                  185.102.41.0/24

    Signature Algorithm: sha256WithRSAEncryption
         57:57:7b:2b:35:99:db:5e:3e:cb:04:2f:eb:17:8a:3d:93:5f:
         4d:f2:f8:a9:15:4a:b2:b1:3c:ce:d9:8d:3c:4e:a8:2f:6d:0e:
         71:d2:73:fc:d3:83:d6:e3:46:1b:b6:b9:d2:88:3f:97:ac:3c:
         3b:f4:67:47:b3:fd:0c:7c:f1:4f:2e:79:b7:62:0e:3c:33:52:
         af:c6:4a:dc:39:9c:bf:dc:74:d5:e8:37:21:af:9b:5e:99:5a:
         25:af:39:af:07:99:e3:6a:c0:e7:47:8f:99:f5:a7:ff:25:04:
         c2:e2:d2:ab:87:52:52:c8:d9:5e:16:71:e7:8e:3d:12:9c:af:
         51:d1:7e:3e:d7:f9:0f:d4:97:2e:96:66:a5:a8:44:b6:1b:10:
         fc:1b:1f:69:bf:e1:fc:2c:5e:b9:02:05:f8:b8:04:4a:3d:b8:
         e6:a7:e4:fa:94:0f:c9:3f:4d:f8:f3:9e:4f:8a:26:68:f2:de:
         8c:de:0e:5d:c9:5b:21:45:e9:09:fb:4c:c9:a0:72:68:05:0e:
         67:36:23:7c:36:ae:f4:f1:44:28:2e:f6:bd:8d:16:48:92:62:
         0c:77:51:56:cc:49:2a:ee:9f:df:e1:17:39:48:bd:df:b3:ef:
         47:e0:ea:a3:b7:9b:a6:ef:90:3f:ef:a5:88:64:7e:77:57:2d:
         27:bc:2a:07
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQlIV/07mzS6YCUBC9TQsp0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ1MmU3ZDg3OTIyMTI5ZGY5MGM0ODcwZGEyYTc3Mzg0MDQ3
MjQ4NTgwHhcNMjUwMTAyMDM0ODUxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMTk5OGU4ZWMzYjA4MTQyZWZmYzFmZDAzMmYwNDE5OTcxYmQ3ZjRjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA9ynieqFIfXWPkJHzZSttbAT5n/q2
D7Dt2+jfAsTiXm35g0rndKf6wimlIM8zEmQrEHWDtq0ayrft/v09z7z4mnyOeySw
bKXY47wbH730LDCnnyA3ZEG83i29Cf5mFIeRPO3LlbfHb+G8IgYQDUk1wuc2252O
/4yKN67yf9C7CJsZcRRK5wCcrMJ9A8iWL6aoskPA2pogpgSuqpt3LziJs5K2pD6f
K+yfl1E1Qb2ZcUVcayuSQG/XCTQNfcAjzZ0zuAuiG0WzRSyJfm3zctNw0VywfsiG
GEFVCKiPlPuvP6gfy4QC8dAbSy4gOVbBRJDcFrXv7yLrNzHzYJdx3AjMHQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFOGZjo7DsIFC7/wf0DLwQZlxvX9MMB8GA1UdIwQY
MBaAFEUufYeSISnfkMSHDaKnc4QEckhYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUlM1OWg1SWhLZC1ReEljTm9xZHpoQVJ5U0ZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81NC80ODc5NjItODU4OC00ZjBhLWJiN2Qt
YWFhOGQzYTk0MGFjLzEvNFptT2pzT3dnVUx2X0JfUU12QkJtWEc5ZjB3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81NC80ODc5NjItODU4OC00ZjBhLWJiN2QtYWFhOGQzYTk0MGFj
LzEvUlM1OWg1SWhLZC1ReEljTm9xZHpoQVJ5U0ZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCuSL4AwQA
uWYpMA0GCSqGSIb3DQEBCwUAA4IBAQBXV3srNZnbXj7LBC/rF4o9k19N8vipFUqy
sTzO2Y08TqgvbQ5x0nP804PW40YbtrnSiD+XrDw79GdHs/0MfPFPLnm3Yg48M1Kv
xkrcOZy/3HTV6Dchr5temVolrzmvB5njasDnR4+Z9af/JQTC4tKrh1JSyNleFnHn
jj0SnK9R0X4+1/kP1JculmalqES2GxD8Gx9pv+H8LF65AgX4uARKPbjmp+T6lA/J
P034855PiiZo8t6M3g5dyVshRekJ+0zJoHJoBQ5nNiN8Nq708UQoLva9jRZIkmIM
d1FWzEkq7p/f4Rc5SL3fs+9H4Oqjt5um75A/76WIZH53Vy0nvCoH
-----END CERTIFICATE-----