Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/56/a9ceb8-0c86-49ac-a392-acecad53c815/1/dq4NGDrJihdpAYEQ3owreA6iQU4.roa
File:                     dq4NGDrJihdpAYEQ3owreA6iQU4.roa (raw, json)
Hash identifier:          1bpSRQ6nEHSR6H3DF+6pLQte0es+3qQ4qeng8ZdjLzc=
Subject key identifier:   76:AE:0D:18:3A:C9:8A:17:69:01:81:10:DE:8C:2B:78:0E:A2:41:4E
Certificate issuer:       /CN=e64682adb0238cc772d1c5b4986c7a33986364a0
Certificate serial:       019423D76443C349F191717CC8CEBD344F3E
Authority key identifier: E6:46:82:AD:B0:23:8C:C7:72:D1:C5:B4:98:6C:7A:33:98:63:64:A0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5kaCrbAjjMdy0cW0mGx6M5hjZKA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/56/a9ceb8-0c86-49ac-a392-acecad53c815/1/dq4NGDrJihdpAYEQ3owreA6iQU4.roa
Signing time:             Wed 01 Jan 2025 21:48:25 +0000
ROA not before:           Wed 01 Jan 2025 21:48:25 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     197075
IP address blocks:        185.250.164.0/22 maxlen: 22
                          2a03:ff80::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/56/a9ceb8-0c86-49ac-a392-acecad53c815/1/5kaCrbAjjMdy0cW0mGx6M5hjZKA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/56/a9ceb8-0c86-49ac-a392-acecad53c815/1/5kaCrbAjjMdy0cW0mGx6M5hjZKA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/5kaCrbAjjMdy0cW0mGx6M5hjZKA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 10:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:d7:64:43:c3:49:f1:91:71:7c:c8:ce:bd:34:4f:3e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e64682adb0238cc772d1c5b4986c7a33986364a0
        Validity
            Not Before: Jan  1 21:48:25 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=76ae0d183ac98a1769018110de8c2b780ea2414e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:e8:ce:b2:9c:3c:78:48:3a:20:fe:60:42:1d:
                    5e:3b:c9:eb:58:70:72:0a:f4:a0:29:fd:b6:38:9f:
                    29:99:12:83:cf:e1:51:8e:af:32:32:14:a3:4b:f3:
                    42:11:b0:1c:85:2e:9a:0e:ac:0a:85:6c:e6:cb:53:
                    7f:69:9d:b8:29:d7:18:17:e3:ad:39:8e:d7:5b:ce:
                    b8:92:39:9d:4c:c7:ca:1d:ca:6d:85:78:11:a9:bc:
                    b5:45:b8:9a:e9:82:7d:d4:27:3e:bc:14:2f:74:a6:
                    d6:9d:67:20:40:e0:1f:a6:c7:1d:38:d2:7a:fb:11:
                    66:bb:1c:eb:46:4a:bf:9b:f6:4c:98:44:a4:42:20:
                    95:96:02:a5:af:05:e3:ae:04:6c:6e:b1:85:16:9b:
                    66:0b:f2:48:f6:23:2b:fa:9c:71:a2:9d:01:cd:22:
                    4e:0e:e5:e9:7f:8f:8e:ce:76:e3:6e:9e:68:d2:ae:
                    6e:36:26:67:4f:8a:c2:bf:ba:d8:36:33:36:94:5f:
                    17:31:22:33:c2:50:4c:a2:dd:d2:c6:df:09:33:59:
                    80:fd:2c:d9:8e:cc:11:29:4f:b2:31:a2:6a:cb:80:
                    05:00:c7:96:38:47:4b:31:c7:99:79:97:07:8e:fe:
                    10:6d:02:37:a2:c3:26:16:1b:79:33:2b:12:bf:f2:
                    a0:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                76:AE:0D:18:3A:C9:8A:17:69:01:81:10:DE:8C:2B:78:0E:A2:41:4E
            X509v3 Authority Key Identifier:
                keyid:E6:46:82:AD:B0:23:8C:C7:72:D1:C5:B4:98:6C:7A:33:98:63:64:A0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5kaCrbAjjMdy0cW0mGx6M5hjZKA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/56/a9ceb8-0c86-49ac-a392-acecad53c815/1/dq4NGDrJihdpAYEQ3owreA6iQU4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/56/a9ceb8-0c86-49ac-a392-acecad53c815/1/5kaCrbAjjMdy0cW0mGx6M5hjZKA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.250.164.0/22
                IPv6:
                  2a03:ff80::/29

    Signature Algorithm: sha256WithRSAEncryption
         73:70:90:1f:37:72:1b:fa:63:15:a1:ed:00:4f:0b:92:bf:0f:
         54:52:17:2c:c9:2b:73:cc:06:89:b1:78:e6:68:09:9a:40:c0:
         74:05:9b:8b:71:24:ce:b5:df:bf:a9:a4:05:bb:2e:25:be:dc:
         7f:eb:c7:80:54:fd:5c:98:e0:3d:8d:1f:5e:9e:d2:4e:1d:f3:
         8c:52:27:da:6d:f5:1c:10:db:11:d6:47:56:24:b0:98:17:8c:
         26:64:14:36:b8:91:db:09:37:85:c2:81:2f:22:e5:be:43:c9:
         a4:a7:d9:a1:21:60:f6:b5:5d:01:d2:95:d0:41:f5:8d:e9:34:
         a9:f0:ac:d7:8d:80:48:d3:9d:3d:9a:71:8b:de:87:19:8d:19:
         18:c9:78:c4:6f:b5:3a:cc:0b:e4:84:a1:ea:f2:5f:7e:b3:f0:
         7f:31:20:43:80:6b:57:cb:13:12:16:29:15:5b:e1:59:93:9f:
         82:f0:4b:2e:74:6f:e5:4a:ef:61:3c:96:27:8c:50:7d:4d:8f:
         56:ca:db:81:77:c1:31:7e:12:bb:d8:33:da:61:b0:21:a6:73:
         1d:59:e5:66:3a:af:d9:36:2b:72:de:6b:a5:91:40:8b:50:f7:
         30:9b:29:84:f9:d5:53:58:23:27:be:b6:b6:e1:1b:f3:f0:d0:
         57:1e:8f:51
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQj12RDw0nxkXF8yM69NE8+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU2NDY4MmFkYjAyMzhjYzc3MmQxYzViNDk4NmM3YTMzOTg2
MzY0YTAwHhcNMjUwMTAxMjE0ODI1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NmFlMGQxODNhYzk4YTE3NjkwMTgxMTBkZThjMmI3ODBlYTI0MTRlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoujOspw8eEg6IP5gQh1eO8nrWHBy
CvSgKf22OJ8pmRKDz+FRjq8yMhSjS/NCEbAchS6aDqwKhWzmy1N/aZ24KdcYF+Ot
OY7XW864kjmdTMfKHcpthXgRqby1Rbia6YJ91Cc+vBQvdKbWnWcgQOAfpscdONJ6
+xFmuxzrRkq/m/ZMmESkQiCVlgKlrwXjrgRsbrGFFptmC/JI9iMr+pxxop0BzSJO
DuXpf4+Oznbjbp5o0q5uNiZnT4rCv7rYNjM2lF8XMSIzwlBMot3Sxt8JM1mA/SzZ
jswRKU+yMaJqy4AFAMeWOEdLMceZeZcHjv4QbQI3osMmFht5MysSv/KgQQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFHauDRg6yYoXaQGBEN6MK3gOokFOMB8GA1UdIwQY
MBaAFOZGgq2wI4zHctHFtJhsejOYY2SgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNWthQ3JiQWpqTWR5MGNXMG1HeDZNNWhqWktBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Ni9hOWNlYjgtMGM4Ni00OWFjLWEzOTIt
YWNlY2FkNTNjODE1LzEvZHE0TkdEckppaGRwQVlFUTNvd3JlQTZpUVU0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Ni9hOWNlYjgtMGM4Ni00OWFjLWEzOTItYWNlY2FkNTNjODE1
LzEvNWthQ3JiQWpqTWR5MGNXMG1HeDZNNWhqWktBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCufqkMA0E
AgACMAcDBQMqA/+AMA0GCSqGSIb3DQEBCwUAA4IBAQBzcJAfN3Ib+mMVoe0ATwuS
vw9UUhcsyStzzAaJsXjmaAmaQMB0BZuLcSTOtd+/qaQFuy4lvtx/68eAVP1cmOA9
jR9entJOHfOMUifabfUcENsR1kdWJLCYF4wmZBQ2uJHbCTeFwoEvIuW+Q8mkp9mh
IWD2tV0B0pXQQfWN6TSp8KzXjYBI0509mnGL3ocZjRkYyXjEb7U6zAvkhKHq8l9+
s/B/MSBDgGtXyxMSFikVW+FZk5+C8EsudG/lSu9hPJYnjFB9TY9WytuBd8ExfhK7
2DPaYbAhpnMdWeVmOq/ZNity3mulkUCLUPcwmymE+dVTWCMnvra24Rvz8NBXHo9R
-----END CERTIFICATE-----