Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/55/297d54-bd82-42e0-9c42-6fdbca600e00/1/yEMlFNYIo_7PBG15hC66LWSw4E0.roa
File:                     yEMlFNYIo_7PBG15hC66LWSw4E0.roa (raw, json)
Hash identifier:          0NF8QaEpF30c3qMJTec6Bga4N+I8Ns4AqntJ51k9D0k=
Subject key identifier:   C8:43:25:14:D6:08:A3:FE:CF:04:6D:79:84:2E:BA:2D:64:B0:E0:4D
Certificate issuer:       /CN=c8df337cea56a083f46b799072e70da345cc2364
Certificate serial:       0194222022D501E32B7119F7BB836C705605
Authority key identifier: C8:DF:33:7C:EA:56:A0:83:F4:6B:79:90:72:E7:0D:A3:45:CC:23:64
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/yN8zfOpWoIP0a3mQcucNo0XMI2Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/55/297d54-bd82-42e0-9c42-6fdbca600e00/1/yEMlFNYIo_7PBG15hC66LWSw4E0.roa
Signing time:             Wed 01 Jan 2025 13:48:38 +0000
ROA not before:           Wed 01 Jan 2025 13:48:38 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     202907
IP address blocks:        185.150.144.0/22 maxlen: 22
                          2a07:7140::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/55/297d54-bd82-42e0-9c42-6fdbca600e00/1/yN8zfOpWoIP0a3mQcucNo0XMI2Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/55/297d54-bd82-42e0-9c42-6fdbca600e00/1/yN8zfOpWoIP0a3mQcucNo0XMI2Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/yN8zfOpWoIP0a3mQcucNo0XMI2Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 22 Feb 2025 04:00:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:20:22:d5:01:e3:2b:71:19:f7:bb:83:6c:70:56:05
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c8df337cea56a083f46b799072e70da345cc2364
        Validity
            Not Before: Jan  1 13:48:38 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c8432514d608a3fecf046d79842eba2d64b0e04d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:c2:b1:e9:2b:78:eb:db:93:7a:cf:65:8f:cc:
                    c1:e6:92:1c:48:1f:51:52:cb:1e:33:80:eb:4b:17:
                    1a:be:37:b3:3e:4d:d3:70:d3:ea:cb:d1:60:2e:0f:
                    c1:68:24:b1:97:f0:b9:fe:e7:36:97:06:1a:e4:5c:
                    23:e4:a9:52:5f:81:90:48:88:32:bf:d8:97:ea:db:
                    af:2a:4d:e1:ec:86:e6:83:35:02:83:c5:89:70:8c:
                    3a:2f:b2:be:15:0a:f7:95:55:c2:a2:2e:0a:2a:f8:
                    14:cd:9e:0f:bc:7d:8f:c0:2f:6f:34:90:80:fd:05:
                    9c:42:ba:b3:e2:5b:d3:0d:2e:f9:7f:1f:e3:ce:e2:
                    27:b7:89:f5:e9:04:6b:bb:40:81:6f:3c:be:90:5a:
                    45:c8:46:b4:b7:7b:35:6b:fb:8a:9b:44:c2:5d:c1:
                    1b:64:71:51:a8:7d:57:6c:3f:00:4e:33:ee:3b:63:
                    39:b5:a1:7b:0f:b9:76:b1:64:b2:30:ff:50:49:90:
                    0e:0b:31:65:21:fa:20:d2:de:0e:4f:38:98:02:d0:
                    87:f7:ab:a8:ff:01:71:27:c0:00:41:e3:e4:96:db:
                    ba:82:6f:dd:ec:76:5d:a7:8b:55:5b:5d:5d:35:b2:
                    11:b8:e1:40:7c:6a:a0:01:08:36:51:3b:f7:e2:7d:
                    c3:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C8:43:25:14:D6:08:A3:FE:CF:04:6D:79:84:2E:BA:2D:64:B0:E0:4D
            X509v3 Authority Key Identifier:
                keyid:C8:DF:33:7C:EA:56:A0:83:F4:6B:79:90:72:E7:0D:A3:45:CC:23:64

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/yN8zfOpWoIP0a3mQcucNo0XMI2Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/55/297d54-bd82-42e0-9c42-6fdbca600e00/1/yEMlFNYIo_7PBG15hC66LWSw4E0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/55/297d54-bd82-42e0-9c42-6fdbca600e00/1/yN8zfOpWoIP0a3mQcucNo0XMI2Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.150.144.0/22
                IPv6:
                  2a07:7140::/29

    Signature Algorithm: sha256WithRSAEncryption
         4a:1f:bc:59:77:d9:75:a3:9c:5b:8c:6c:2b:17:11:aa:67:ae:
         24:9d:8d:51:f3:6d:55:54:43:24:58:67:df:1f:b6:c1:38:68:
         0b:62:60:cc:b0:88:84:99:05:d7:e1:73:ae:6b:ef:f8:53:0c:
         04:5a:e5:d9:db:5c:6b:0b:11:6f:15:6d:e9:ee:69:2a:3c:70:
         ad:57:07:3e:17:85:80:ff:be:b8:b2:50:b7:e6:72:04:e4:48:
         76:f4:33:53:2e:33:7b:fa:81:ce:83:c1:15:d2:1e:46:b5:68:
         54:0e:d5:e3:91:23:d7:f7:35:05:85:2a:24:a0:ad:57:e0:68:
         b6:90:e1:2a:19:a3:3d:ae:6d:d5:4a:83:f6:64:53:5c:6d:38:
         39:54:9d:5e:2f:c6:9e:85:41:0d:6b:e1:83:3e:66:e8:98:07:
         47:82:8a:46:c6:fc:86:83:9f:07:b2:b0:ae:75:48:fb:a2:32:
         6b:c7:32:85:0b:26:cf:93:9b:fc:d9:99:be:5f:fb:2f:09:03:
         65:9b:10:34:4a:51:aa:c9:cc:62:f1:ca:7f:11:cd:ad:5f:38:
         01:15:bd:2a:ef:09:c3:32:99:7a:3d:86:27:ac:3c:5a:15:24:
         6d:46:5f:4b:75:a4:c3:52:99:ed:dd:92:fd:72:be:60:42:6f:
         2e:b6:ae:ca
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQiICLVAeMrcRn3u4NscFYFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM4ZGYzMzdjZWE1NmEwODNmNDZiNzk5MDcyZTcwZGEzNDVj
YzIzNjQwHhcNMjUwMTAxMTM0ODM4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjODQzMjUxNGQ2MDhhM2ZlY2YwNDZkNzk4NDJlYmEyZDY0YjBlMDRkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA18Kx6St469uTes9lj8zB5pIcSB9R
UsseM4DrSxcavjezPk3TcNPqy9FgLg/BaCSxl/C5/uc2lwYa5Fwj5KlSX4GQSIgy
v9iX6tuvKk3h7IbmgzUCg8WJcIw6L7K+FQr3lVXCoi4KKvgUzZ4PvH2PwC9vNJCA
/QWcQrqz4lvTDS75fx/jzuInt4n16QRru0CBbzy+kFpFyEa0t3s1a/uKm0TCXcEb
ZHFRqH1XbD8ATjPuO2M5taF7D7l2sWSyMP9QSZAOCzFlIfog0t4OTziYAtCH96uo
/wFxJ8AAQePkltu6gm/d7HZdp4tVW11dNbIRuOFAfGqgAQg2UTv34n3D3wIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFMhDJRTWCKP+zwRteYQuui1ksOBNMB8GA1UdIwQY
MBaAFMjfM3zqVqCD9Gt5kHLnDaNFzCNkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveU44emZPcFdvSVAwYTNtUWN1Y05vMFhNSTJRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81NS8yOTdkNTQtYmQ4Mi00MmUwLTljNDIt
NmZkYmNhNjAwZTAwLzEveUVNbEZOWUlvXzdQQkcxNWhDNjZMV1N3NEUwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81NS8yOTdkNTQtYmQ4Mi00MmUwLTljNDItNmZkYmNhNjAwZTAw
LzEveU44emZPcFdvSVAwYTNtUWN1Y05vMFhNSTJRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuZaQMA0E
AgACMAcDBQMqB3FAMA0GCSqGSIb3DQEBCwUAA4IBAQBKH7xZd9l1o5xbjGwrFxGq
Z64knY1R821VVEMkWGffH7bBOGgLYmDMsIiEmQXX4XOua+/4UwwEWuXZ21xrCxFv
FW3p7mkqPHCtVwc+F4WA/764slC35nIE5Eh29DNTLjN7+oHOg8EV0h5GtWhUDtXj
kSPX9zUFhSokoK1X4Gi2kOEqGaM9rm3VSoP2ZFNcbTg5VJ1eL8aehUENa+GDPmbo
mAdHgopGxvyGg58HsrCudUj7ojJrxzKFCybPk5v82Zm+X/svCQNlmxA0SlGqycxi
8cp/Ec2tXzgBFb0q7wnDMpl6PYYnrDxaFSRtRl9LdaTDUpnt3ZL9cr5gQm8utq7K
-----END CERTIFICATE-----