Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5b/326ae7-ed9f-4105-8b5d-3b68a84cd2b8/1/I72vD4clErn-KyL3Il94C9_-wtk.roa
File:                     I72vD4clErn-KyL3Il94C9_-wtk.roa (raw, json)
Hash identifier:          JxiFx7TuP4vOP+SWIC89SDMzWOz23TjJ939/vZhx0JU=
Subject key identifier:   23:BD:AF:0F:87:25:12:B9:FE:2B:22:F7:22:5F:78:0B:DF:FE:C2:D9
Certificate issuer:       /CN=4d69fe11ba001b12a6fbd189629a3fb181bd8c9b
Certificate serial:       01942143A42B4F2DF75C29E28F5432B9C9B5
Authority key identifier: 4D:69:FE:11:BA:00:1B:12:A6:FB:D1:89:62:9A:3F:B1:81:BD:8C:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TWn-EboAGxKm-9GJYpo_sYG9jJs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5b/326ae7-ed9f-4105-8b5d-3b68a84cd2b8/1/I72vD4clErn-KyL3Il94C9_-wtk.roa
Signing time:             Wed 01 Jan 2025 09:47:48 +0000
ROA not before:           Wed 01 Jan 2025 09:47:48 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     200539
IP address blocks:        185.103.152.0/22 maxlen: 22
                          185.239.12.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5b/326ae7-ed9f-4105-8b5d-3b68a84cd2b8/1/TWn-EboAGxKm-9GJYpo_sYG9jJs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5b/326ae7-ed9f-4105-8b5d-3b68a84cd2b8/1/TWn-EboAGxKm-9GJYpo_sYG9jJs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TWn-EboAGxKm-9GJYpo_sYG9jJs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 19 Apr 2025 23:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:43:a4:2b:4f:2d:f7:5c:29:e2:8f:54:32:b9:c9:b5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4d69fe11ba001b12a6fbd189629a3fb181bd8c9b
        Validity
            Not Before: Jan  1 09:47:48 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=23bdaf0f872512b9fe2b22f7225f780bdffec2d9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:63:d8:08:4b:aa:9b:7e:8d:c4:29:7a:a0:e4:
                    77:ec:48:0a:4b:b0:4f:d2:a3:17:84:dd:38:41:75:
                    7a:31:c7:ec:f2:11:5a:2c:1d:9f:f4:a2:4d:d4:0e:
                    76:90:1a:99:30:2a:68:3a:c3:d5:79:83:3a:2d:da:
                    20:d6:99:fa:9c:2d:37:de:4f:82:2b:8c:f8:ba:a3:
                    b5:9a:12:e7:ea:a8:bd:aa:5a:21:7d:0c:01:22:ca:
                    26:57:dc:cf:4f:62:89:b6:02:71:0b:7b:10:36:7f:
                    2d:e5:d6:28:84:ee:2f:ad:89:4b:3a:2a:85:27:76:
                    38:df:7d:e7:02:d2:9f:68:83:7b:31:ce:32:2e:ca:
                    76:84:57:e0:b3:93:a6:d2:36:f4:b2:9d:9b:f8:e2:
                    9e:7e:c2:a6:81:f0:32:31:68:93:e9:33:e0:e9:64:
                    18:af:43:de:6e:01:01:66:92:78:f2:2b:df:eb:b4:
                    f2:df:34:dc:ff:e5:4c:50:e9:34:7b:25:e7:6f:11:
                    39:aa:5e:6b:80:56:34:f4:67:0b:f9:70:98:f0:63:
                    b6:b6:ca:f1:db:b1:e4:d9:25:91:96:92:ea:d3:10:
                    6e:05:9e:95:88:fc:8b:60:eb:45:7b:fd:f0:0b:b8:
                    89:07:38:c7:cc:0f:27:cb:0d:4d:0f:2a:a3:72:41:
                    25:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                23:BD:AF:0F:87:25:12:B9:FE:2B:22:F7:22:5F:78:0B:DF:FE:C2:D9
            X509v3 Authority Key Identifier:
                keyid:4D:69:FE:11:BA:00:1B:12:A6:FB:D1:89:62:9A:3F:B1:81:BD:8C:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TWn-EboAGxKm-9GJYpo_sYG9jJs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/326ae7-ed9f-4105-8b5d-3b68a84cd2b8/1/I72vD4clErn-KyL3Il94C9_-wtk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/326ae7-ed9f-4105-8b5d-3b68a84cd2b8/1/TWn-EboAGxKm-9GJYpo_sYG9jJs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.103.152.0/22
                  185.239.12.0/22

    Signature Algorithm: sha256WithRSAEncryption
         5b:29:1e:24:88:9a:34:37:4c:0b:18:d7:66:7a:02:15:29:e0:
         16:20:92:46:88:67:46:d1:28:54:72:71:5b:ea:e0:58:1b:64:
         ab:7a:b6:5c:9d:82:e1:bc:00:cc:9d:a6:a0:40:87:04:a8:88:
         c8:31:7e:f6:49:59:d4:9e:ea:2d:c4:b8:c2:17:a1:ce:04:0e:
         ed:e9:bf:35:9a:56:df:fb:32:25:36:6b:40:cd:d8:61:9a:4e:
         6f:ef:a4:ca:ba:66:7b:bf:7f:65:95:34:03:08:98:86:3e:e2:
         ba:fe:5f:da:fc:07:b1:af:06:83:c5:a2:4f:73:d7:25:72:54:
         cf:12:ee:b6:44:4e:07:64:f9:c8:21:97:a2:b1:8a:d2:30:12:
         c3:85:41:c3:e3:2b:bf:c7:58:48:6f:73:e4:d6:ca:1a:70:a6:
         6a:2e:41:6c:6b:10:30:83:7d:f5:dd:50:00:16:b8:05:97:ba:
         e9:05:2e:42:6b:a0:f9:a8:bb:1d:5b:72:09:13:59:84:51:3c:
         fc:82:01:82:47:d7:44:0e:37:bd:e9:61:3f:c3:bd:10:16:74:
         99:00:cc:aa:ea:db:6e:ef:38:5e:a3:b9:3c:54:a7:71:47:88:
         e8:ff:b0:8b:d2:fe:77:db:95:67:5a:4e:91:bd:68:b5:46:ae:
         98:c7:97:1a
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQhQ6QrTy33XCnij1Qyucm1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRkNjlmZTExYmEwMDFiMTJhNmZiZDE4OTYyOWEzZmIxODFi
ZDhjOWIwHhcNMjUwMTAxMDk0NzQ4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyM2JkYWYwZjg3MjUxMmI5ZmUyYjIyZjcyMjVmNzgwYmRmZmVjMmQ5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApWPYCEuqm36NxCl6oOR37EgKS7BP
0qMXhN04QXV6Mcfs8hFaLB2f9KJN1A52kBqZMCpoOsPVeYM6Ldog1pn6nC033k+C
K4z4uqO1mhLn6qi9qlohfQwBIsomV9zPT2KJtgJxC3sQNn8t5dYohO4vrYlLOiqF
J3Y4333nAtKfaIN7Mc4yLsp2hFfgs5Om0jb0sp2b+OKefsKmgfAyMWiT6TPg6WQY
r0PebgEBZpJ48ivf67Ty3zTc/+VMUOk0eyXnbxE5ql5rgFY09GcL+XCY8GO2tsrx
27Hk2SWRlpLq0xBuBZ6ViPyLYOtFe/3wC7iJBzjHzA8nyw1NDyqjckElVQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFCO9rw+HJRK5/isi9yJfeAvf/sLZMB8GA1UdIwQY
MBaAFE1p/hG6ABsSpvvRiWKaP7GBvYybMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVFduLUVib0FHeEttLTlHSllwb19zWUc5akpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yi8zMjZhZTctZWQ5Zi00MTA1LThiNWQt
M2I2OGE4NGNkMmI4LzEvSTcydkQ0Y2xFcm4tS3lMM0lsOTRDOV8td3RrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yi8zMjZhZTctZWQ5Zi00MTA1LThiNWQtM2I2OGE4NGNkMmI4
LzEvVFduLUVib0FHeEttLTlHSllwb19zWUc5akpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCuWeYAwQC
ue8MMA0GCSqGSIb3DQEBCwUAA4IBAQBbKR4kiJo0N0wLGNdmegIVKeAWIJJGiGdG
0ShUcnFb6uBYG2SrerZcnYLhvADMnaagQIcEqIjIMX72SVnUnuotxLjCF6HOBA7t
6b81mlbf+zIlNmtAzdhhmk5v76TKumZ7v39llTQDCJiGPuK6/l/a/AexrwaDxaJP
c9clclTPEu62RE4HZPnIIZeisYrSMBLDhUHD4yu/x1hIb3Pk1soacKZqLkFsaxAw
g3313VAAFrgFl7rpBS5Ca6D5qLsdW3IJE1mEUTz8ggGCR9dEDje96WE/w70QFnSZ
AMyq6ttu7zheo7k8VKdxR4jo/7CL0v5325VnWk6RvWi1Rq6Yx5ca
-----END CERTIFICATE-----