Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/58/ace9bd-f33d-486e-b394-f0d075a437f1/1/1skXawq2SahvYTA2mnEOEbVR1u8.roa
File:                     1skXawq2SahvYTA2mnEOEbVR1u8.roa (raw, json)
Hash identifier:          nHycrkajnYAr9VibtJNGtsv2Ftb47ENenxgpTd+DfzI=
Subject key identifier:   D6:C9:17:6B:0A:B6:49:A8:6F:61:30:36:9A:71:0E:11:B5:51:D6:EF
Certificate issuer:       /CN=7d66d19e5388f12c1d28a16c328d86c364e9cc79
Certificate serial:       0194258F17CFE305D381A73D1FE482CDD99F
Authority key identifier: 7D:66:D1:9E:53:88:F1:2C:1D:28:A1:6C:32:8D:86:C3:64:E9:CC:79
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fWbRnlOI8SwdKKFsMo2Gw2TpzHk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/58/ace9bd-f33d-486e-b394-f0d075a437f1/1/1skXawq2SahvYTA2mnEOEbVR1u8.roa
Signing time:             Thu 02 Jan 2025 05:48:42 +0000
ROA not before:           Thu 02 Jan 2025 05:48:42 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     56909
IP address blocks:        185.164.40.0/24 maxlen: 24
                          185.164.41.0/24 maxlen: 24
                          185.164.42.0/24 maxlen: 24
                          185.164.43.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/58/ace9bd-f33d-486e-b394-f0d075a437f1/1/fWbRnlOI8SwdKKFsMo2Gw2TpzHk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/58/ace9bd-f33d-486e-b394-f0d075a437f1/1/fWbRnlOI8SwdKKFsMo2Gw2TpzHk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fWbRnlOI8SwdKKFsMo2Gw2TpzHk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 13 Apr 2025 08:01:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:8f:17:cf:e3:05:d3:81:a7:3d:1f:e4:82:cd:d9:9f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7d66d19e5388f12c1d28a16c328d86c364e9cc79
        Validity
            Not Before: Jan  2 05:48:42 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d6c9176b0ab649a86f6130369a710e11b551d6ef
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:0e:08:ba:6e:af:19:e3:db:43:2a:24:59:58:
                    36:a6:1c:f3:70:76:43:22:01:71:9a:be:ab:b5:56:
                    35:2e:31:99:f9:2b:cf:17:70:2a:9d:ae:23:3b:b0:
                    68:53:70:00:c5:ce:46:b5:49:d3:73:88:70:d7:6c:
                    79:e9:63:41:4e:af:d9:73:7c:c9:86:7d:01:b7:19:
                    33:19:c6:85:52:09:07:46:7e:6e:aa:8c:9c:4d:96:
                    e6:8e:9a:6a:2f:55:21:be:85:16:6b:20:73:dd:fb:
                    53:0a:e6:e4:e8:e7:2d:98:92:e2:83:75:d4:e3:fd:
                    68:b9:03:83:2e:df:5c:0f:0a:1d:49:4e:7d:26:04:
                    aa:14:9d:fa:7b:a2:9a:8f:b3:cb:34:93:cc:35:ad:
                    c8:f8:01:aa:53:a1:6f:44:1f:1d:90:82:93:2e:f3:
                    45:7a:07:1f:61:de:74:91:d4:7e:23:09:79:81:1f:
                    e8:a8:37:1d:1c:76:fa:9a:3e:b7:ee:7a:4b:1f:e1:
                    a3:78:5a:e2:2c:ec:3d:04:3d:95:8b:cf:f3:d0:d6:
                    0c:48:b3:8e:05:80:a3:92:41:87:72:fa:89:a7:f9:
                    10:eb:39:9d:fe:97:88:59:2a:41:68:14:84:fa:9d:
                    eb:74:53:6a:2b:8e:29:1e:97:84:21:df:dc:1e:75:
                    ca:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D6:C9:17:6B:0A:B6:49:A8:6F:61:30:36:9A:71:0E:11:B5:51:D6:EF
            X509v3 Authority Key Identifier:
                keyid:7D:66:D1:9E:53:88:F1:2C:1D:28:A1:6C:32:8D:86:C3:64:E9:CC:79

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fWbRnlOI8SwdKKFsMo2Gw2TpzHk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/58/ace9bd-f33d-486e-b394-f0d075a437f1/1/1skXawq2SahvYTA2mnEOEbVR1u8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/58/ace9bd-f33d-486e-b394-f0d075a437f1/1/fWbRnlOI8SwdKKFsMo2Gw2TpzHk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.164.40.0/22

    Signature Algorithm: sha256WithRSAEncryption
         6d:ce:df:74:bd:3f:1f:13:55:20:9d:21:3f:90:89:5b:9c:fb:
         27:c5:d6:ae:91:fe:89:8e:1a:04:08:4d:26:3f:33:5a:72:6f:
         37:8e:85:82:3b:5a:9b:35:c1:55:5a:22:75:75:47:ed:0e:20:
         5e:7c:72:63:36:dc:a5:c3:89:87:03:15:6d:91:e3:8a:03:85:
         f2:0c:50:43:cf:dc:70:7d:7b:71:af:e4:9d:da:76:1d:bd:ab:
         81:64:ae:76:d1:42:40:9b:4b:1b:36:a0:9b:b9:e5:66:44:21:
         9a:81:a4:08:3b:e1:78:36:75:1b:05:b7:50:35:31:e6:e3:41:
         f4:8a:3e:9f:3e:b3:3a:dc:15:c4:95:6b:eb:a3:e4:a0:cd:50:
         27:1a:2b:d0:52:71:ec:67:ac:e4:01:16:1c:f6:30:d1:dc:65:
         27:c4:b4:d4:0a:13:f1:3e:71:53:a7:c7:73:34:9b:34:8d:c3:
         c3:7a:8e:47:5a:3a:a3:ea:5b:37:75:3f:0b:d8:6b:b6:a6:85:
         fe:7f:bf:e1:ca:9d:ab:0c:05:11:ae:70:f6:50:3f:a4:da:e6:
         ae:c3:d1:d8:5c:21:5d:37:96:e0:eb:89:aa:fc:9a:c7:ff:f8:
         c0:10:1d:a2:f5:aa:1a:ad:68:ed:b3:88:41:77:37:81:f8:1b:
         e6:60:02:fb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQljxfP4wXTgac9H+SCzdmfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkNjZkMTllNTM4OGYxMmMxZDI4YTE2YzMyOGQ4NmMzNjRl
OWNjNzkwHhcNMjUwMTAyMDU0ODQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNmM5MTc2YjBhYjY0OWE4NmY2MTMwMzY5YTcxMGUxMWI1NTFkNmVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsw4Ium6vGePbQyokWVg2phzzcHZD
IgFxmr6rtVY1LjGZ+SvPF3Aqna4jO7BoU3AAxc5GtUnTc4hw12x56WNBTq/Zc3zJ
hn0BtxkzGcaFUgkHRn5uqoycTZbmjppqL1UhvoUWayBz3ftTCubk6OctmJLig3XU
4/1ouQODLt9cDwodSU59JgSqFJ36e6Kaj7PLNJPMNa3I+AGqU6FvRB8dkIKTLvNF
egcfYd50kdR+Iwl5gR/oqDcdHHb6mj637npLH+GjeFriLOw9BD2Vi8/z0NYMSLOO
BYCjkkGHcvqJp/kQ6zmd/peIWSpBaBSE+p3rdFNqK44pHpeEId/cHnXKSQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNbJF2sKtkmob2EwNppxDhG1UdbvMB8GA1UdIwQY
MBaAFH1m0Z5TiPEsHSihbDKNhsNk6cx5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZldiUm5sT0k4U3dkS0tGc01vMkd3MlRwekhrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OC9hY2U5YmQtZjMzZC00ODZlLWIzOTQt
ZjBkMDc1YTQzN2YxLzEvMXNrWGF3cTJTYWh2WVRBMm1uRU9FYlZSMXU4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OC9hY2U5YmQtZjMzZC00ODZlLWIzOTQtZjBkMDc1YTQzN2Yx
LzEvZldiUm5sT0k4U3dkS0tGc01vMkd3MlRwekhrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuaQoMA0G
CSqGSIb3DQEBCwUAA4IBAQBtzt90vT8fE1UgnSE/kIlbnPsnxdaukf6JjhoECE0m
PzNacm83joWCO1qbNcFVWiJ1dUftDiBefHJjNtylw4mHAxVtkeOKA4XyDFBDz9xw
fXtxr+Sd2nYdvauBZK520UJAm0sbNqCbueVmRCGagaQIO+F4NnUbBbdQNTHm40H0
ij6fPrM63BXElWvro+SgzVAnGivQUnHsZ6zkARYc9jDR3GUnxLTUChPxPnFTp8dz
NJs0jcPDeo5HWjqj6ls3dT8L2Gu2poX+f7/hyp2rDAURrnD2UD+k2uauw9HYXCFd
N5bg64mq/JrH//jAEB2i9aoarWjts4hBdzeB+BvmYAL7
-----END CERTIFICATE-----