Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5f/44cc7c-a6b5-4da6-af8e-eecd09d90c65/1/CG9KoNDYQYANjw8jkpEMfgifFYg.roa
File:                     CG9KoNDYQYANjw8jkpEMfgifFYg.roa (raw, json)
Hash identifier:          a/8GNnkxdjWR/BpDGvDmUNc0bdNHqrlCI9YD9Z7wQW0=
Subject key identifier:   08:6F:4A:A0:D0:D8:41:80:0D:8F:0F:23:92:91:0C:7E:08:9F:15:88
Certificate issuer:       /CN=d6843cd61d8fff1f6cfb380ae243be0b1d9435ab
Certificate serial:       019483D2EE7FF3AC7B08332CEC9205535C91
Authority key identifier: D6:84:3C:D6:1D:8F:FF:1F:6C:FB:38:0A:E2:43:BE:0B:1D:94:35:AB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1oQ81h2P_x9s-zgK4kO-Cx2UNas.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5f/44cc7c-a6b5-4da6-af8e-eecd09d90c65/1/CG9KoNDYQYANjw8jkpEMfgifFYg.roa
Signing time:             Mon 20 Jan 2025 13:07:06 +0000
ROA not before:           Mon 20 Jan 2025 13:07:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     202212
IP address blocks:        185.50.16.0/22 maxlen: 22
                          2a01:a860::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5f/44cc7c-a6b5-4da6-af8e-eecd09d90c65/1/1oQ81h2P_x9s-zgK4kO-Cx2UNas.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5f/44cc7c-a6b5-4da6-af8e-eecd09d90c65/1/1oQ81h2P_x9s-zgK4kO-Cx2UNas.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1oQ81h2P_x9s-zgK4kO-Cx2UNas.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:83:d2:ee:7f:f3:ac:7b:08:33:2c:ec:92:05:53:5c:91
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d6843cd61d8fff1f6cfb380ae243be0b1d9435ab
        Validity
            Not Before: Jan 20 13:07:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=086f4aa0d0d841800d8f0f2392910c7e089f1588
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:ae:4c:f5:6b:54:cd:70:c5:49:29:74:46:ab:
                    f7:74:22:75:a0:28:dd:4d:1b:c6:56:d0:03:ff:69:
                    a0:47:99:4d:41:4f:e6:f5:f8:a7:49:76:0b:3e:08:
                    4b:ae:27:c4:e0:9f:5d:c1:df:cc:e5:29:b6:e8:58:
                    3b:5b:c2:90:31:4b:28:c3:77:8f:c8:82:40:ea:57:
                    10:75:7d:1a:d4:e1:ae:6c:c7:aa:9a:6a:27:a7:f9:
                    a9:a9:aa:e3:dd:38:aa:ff:c0:05:84:58:b2:97:c8:
                    75:bf:58:cc:e0:c0:8f:8e:33:e8:bb:7e:0a:94:50:
                    36:88:9f:6e:f7:b6:d2:fc:14:82:8e:25:48:43:8c:
                    7d:cd:99:f3:a9:02:ed:c3:5e:c4:cb:29:c5:12:c0:
                    b9:a2:4f:1e:21:01:6c:d6:0c:ba:88:94:4b:e0:06:
                    f5:c0:a0:e9:e4:b6:f6:4d:35:7d:12:5f:0f:ad:7f:
                    2c:b0:d1:5c:ce:63:e2:37:93:51:4c:15:82:62:41:
                    63:fe:9c:78:d7:41:6d:99:e1:df:cb:e4:c1:2a:b2:
                    a7:6d:cc:81:18:90:6a:12:41:a7:c2:61:bf:d4:9c:
                    cd:12:a2:5a:57:b6:77:14:a7:1a:cb:32:23:de:17:
                    ba:9d:e6:16:a6:6d:74:f2:0d:1a:51:65:b4:38:a2:
                    c0:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                08:6F:4A:A0:D0:D8:41:80:0D:8F:0F:23:92:91:0C:7E:08:9F:15:88
            X509v3 Authority Key Identifier:
                keyid:D6:84:3C:D6:1D:8F:FF:1F:6C:FB:38:0A:E2:43:BE:0B:1D:94:35:AB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1oQ81h2P_x9s-zgK4kO-Cx2UNas.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5f/44cc7c-a6b5-4da6-af8e-eecd09d90c65/1/CG9KoNDYQYANjw8jkpEMfgifFYg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5f/44cc7c-a6b5-4da6-af8e-eecd09d90c65/1/1oQ81h2P_x9s-zgK4kO-Cx2UNas.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.50.16.0/22
                IPv6:
                  2a01:a860::/32

    Signature Algorithm: sha256WithRSAEncryption
         0f:0f:98:25:a6:46:60:45:70:4e:d7:a3:a6:96:94:a7:8a:25:
         e7:3a:f6:0b:61:ea:5e:b6:d8:88:29:ad:14:13:fa:9e:1a:cf:
         81:32:d6:97:9b:77:46:9a:99:f3:31:4e:47:34:f7:d0:2b:6c:
         e1:43:f8:43:5b:4c:b2:b4:a3:a1:f8:7a:a5:5c:aa:17:bb:13:
         0b:04:20:75:05:db:69:e1:aa:9b:a6:12:6c:11:6c:f9:f6:cd:
         19:8d:ee:90:38:ed:26:a0:bb:43:cf:c1:f1:6b:e6:8d:8d:92:
         7a:ae:8f:8d:10:e0:03:86:95:b6:7e:98:4e:a1:75:ac:37:c2:
         2b:69:89:8c:bb:3b:cb:53:ec:92:32:53:ac:37:9d:ae:d1:0a:
         f7:8d:bc:9a:3b:e3:0a:94:43:ac:9c:22:fe:36:75:f6:fd:8a:
         35:77:24:14:71:49:ed:60:1b:bd:91:1f:ce:b3:5b:3e:dc:bc:
         3c:17:c9:95:05:2b:43:c4:9a:db:89:22:67:35:0a:65:7a:df:
         39:db:91:0f:e4:2b:e4:25:e9:0c:ac:ab:0e:ba:f0:63:98:34:
         b8:d1:65:84:b8:c7:51:92:ad:5d:57:4f:84:cd:b8:3f:b0:20:
         37:c6:1c:57:c8:68:00:09:72:39:5e:81:cb:9c:3f:17:b7:f6:
         88:97:6a:2a
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZSD0u5/86x7CDMs7JIFU1yRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ2ODQzY2Q2MWQ4ZmZmMWY2Y2ZiMzgwYWUyNDNiZTBiMWQ5
NDM1YWIwHhcNMjUwMTIwMTMwNzA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwODZmNGFhMGQwZDg0MTgwMGQ4ZjBmMjM5MjkxMGM3ZTA4OWYxNTg4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu65M9WtUzXDFSSl0Rqv3dCJ1oCjd
TRvGVtAD/2mgR5lNQU/m9finSXYLPghLrifE4J9dwd/M5Sm26Fg7W8KQMUsow3eP
yIJA6lcQdX0a1OGubMeqmmonp/mpqarj3Tiq/8AFhFiyl8h1v1jM4MCPjjPou34K
lFA2iJ9u97bS/BSCjiVIQ4x9zZnzqQLtw17EyynFEsC5ok8eIQFs1gy6iJRL4Ab1
wKDp5Lb2TTV9El8PrX8ssNFczmPiN5NRTBWCYkFj/px410FtmeHfy+TBKrKnbcyB
GJBqEkGnwmG/1JzNEqJaV7Z3FKcayzIj3he6neYWpm108g0aUWW0OKLATQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFAhvSqDQ2EGADY8PI5KRDH4InxWIMB8GA1UdIwQY
MBaAFNaEPNYdj/8fbPs4CuJDvgsdlDWrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMW9RODFoMlBfeDlzLXpnSzRrTy1DeDJVTmFzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Zi80NGNjN2MtYTZiNS00ZGE2LWFmOGUt
ZWVjZDA5ZDkwYzY1LzEvQ0c5S29ORFlRWUFOanc4amtwRU1mZ2lmRllnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Zi80NGNjN2MtYTZiNS00ZGE2LWFmOGUtZWVjZDA5ZDkwYzY1
LzEvMW9RODFoMlBfeDlzLXpnSzRrTy1DeDJVTmFzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuTIQMA0E
AgACMAcDBQAqAahgMA0GCSqGSIb3DQEBCwUAA4IBAQAPD5glpkZgRXBO16OmlpSn
iiXnOvYLYepettiIKa0UE/qeGs+BMtaXm3dGmpnzMU5HNPfQK2zhQ/hDW0yytKOh
+HqlXKoXuxMLBCB1Bdtp4aqbphJsEWz59s0Zje6QOO0moLtDz8Hxa+aNjZJ6ro+N
EOADhpW2fphOoXWsN8IraYmMuzvLU+ySMlOsN52u0Qr3jbyaO+MKlEOsnCL+NnX2
/Yo1dyQUcUntYBu9kR/Os1s+3Lw8F8mVBStDxJrbiSJnNQplet8525EP5CvkJekM
rKsOuvBjmDS40WWEuMdRkq1dV0+Ezbg/sCA3xhxXyGgACXI5XoHLnD8Xt/aIl2oq
-----END CERTIFICATE-----