Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5f/b48bfd-797d-47a9-8a62-44313b43e594/1/Rh1-3odcKsHE-cbcsOPqzTGwaik.roa
File:                     Rh1-3odcKsHE-cbcsOPqzTGwaik.roa (raw, json)
Hash identifier:          gW+wBKfqraJTbuMXfCglcuvN6Kb55qCQd+sGLIt/fpk=
Subject key identifier:   46:1D:7E:DE:87:5C:2A:C1:C4:F9:C6:DC:B0:E3:EA:CD:31:B0:6A:29
Certificate issuer:       /CN=64c0bc594af811753dfc116af459b1b874471489
Certificate serial:       0194885395B502AA1454AABC585D111E95C5
Authority key identifier: 64:C0:BC:59:4A:F8:11:75:3D:FC:11:6A:F4:59:B1:B8:74:47:14:89
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ZMC8WUr4EXU9_BFq9FmxuHRHFIk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5f/b48bfd-797d-47a9-8a62-44313b43e594/1/Rh1-3odcKsHE-cbcsOPqzTGwaik.roa
Signing time:             Tue 21 Jan 2025 10:06:06 +0000
ROA not before:           Tue 21 Jan 2025 10:06:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     9009
IP address blocks:        185.30.212.0/23 maxlen: 23
                          2a00:b320::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5f/b48bfd-797d-47a9-8a62-44313b43e594/1/ZMC8WUr4EXU9_BFq9FmxuHRHFIk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5f/b48bfd-797d-47a9-8a62-44313b43e594/1/ZMC8WUr4EXU9_BFq9FmxuHRHFIk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ZMC8WUr4EXU9_BFq9FmxuHRHFIk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:88:53:95:b5:02:aa:14:54:aa:bc:58:5d:11:1e:95:c5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=64c0bc594af811753dfc116af459b1b874471489
        Validity
            Not Before: Jan 21 10:06:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=461d7ede875c2ac1c4f9c6dcb0e3eacd31b06a29
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:ea:4a:ab:61:a6:08:b0:3e:ae:a3:dd:40:40:
                    0c:b6:ac:ac:8c:22:fb:36:fa:2a:4e:50:21:3e:7f:
                    f6:69:84:b4:83:bc:e7:41:89:31:be:d1:46:78:09:
                    94:5a:70:83:78:d3:7a:3e:ad:49:47:6e:14:d8:54:
                    39:a0:f7:d9:13:58:da:4f:6d:5c:18:a3:b4:1a:56:
                    67:8f:07:ac:c3:c4:86:0a:73:00:51:82:91:f4:64:
                    b6:8a:55:85:02:42:ff:53:a0:9b:e3:af:44:a3:db:
                    20:36:21:db:0c:29:75:15:c1:46:a6:d6:47:b8:da:
                    05:46:ad:0a:ba:2b:92:87:ec:6c:7c:e6:13:0d:fa:
                    39:bf:4e:a0:65:66:7f:5f:8b:cc:d5:87:6b:b5:73:
                    d7:f3:a9:c1:85:cd:30:48:d8:2f:4f:f7:97:2b:8c:
                    fa:e2:a3:98:8a:a2:4a:24:7a:e7:1a:38:58:b9:54:
                    68:74:71:55:ee:df:17:b6:00:62:a1:5d:e2:f5:cb:
                    21:bf:11:a5:cc:f0:12:8d:75:fa:cd:18:30:71:5a:
                    04:44:54:c1:ef:3b:ef:51:d2:92:dc:d7:9c:33:be:
                    2a:32:28:d0:4c:d7:25:65:39:be:df:8b:c8:ea:61:
                    ea:19:e8:b4:c8:de:f3:69:c5:04:b0:35:80:cc:be:
                    89:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                46:1D:7E:DE:87:5C:2A:C1:C4:F9:C6:DC:B0:E3:EA:CD:31:B0:6A:29
            X509v3 Authority Key Identifier:
                keyid:64:C0:BC:59:4A:F8:11:75:3D:FC:11:6A:F4:59:B1:B8:74:47:14:89

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZMC8WUr4EXU9_BFq9FmxuHRHFIk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5f/b48bfd-797d-47a9-8a62-44313b43e594/1/Rh1-3odcKsHE-cbcsOPqzTGwaik.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5f/b48bfd-797d-47a9-8a62-44313b43e594/1/ZMC8WUr4EXU9_BFq9FmxuHRHFIk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.30.212.0/23
                IPv6:
                  2a00:b320::/48

    Signature Algorithm: sha256WithRSAEncryption
         08:58:e1:4f:53:81:f7:48:9d:23:90:e6:86:8b:d2:fe:e2:98:
         3f:0b:73:bb:16:b6:56:ef:09:15:34:0c:62:be:e4:9e:3c:c4:
         93:4f:3b:87:5f:cb:1d:92:54:bb:9b:41:30:80:fb:d0:e8:2f:
         8f:2d:a2:c0:62:ac:2c:a2:a9:87:5d:00:cd:76:fa:e5:c3:57:
         47:cd:c1:37:ec:fe:df:30:e7:4d:53:e5:35:7f:e6:4a:d4:97:
         2d:bf:44:d9:3e:51:60:02:ac:b8:83:07:14:e2:1f:8e:7d:fe:
         ec:9d:09:f3:de:a7:71:ce:f1:0e:86:2d:b8:43:f9:2a:e2:f8:
         44:97:e1:28:d7:9f:93:ed:d9:e6:05:39:d9:26:e3:f1:d5:af:
         5d:49:9e:33:e2:7a:1e:ab:33:46:49:73:c3:e2:43:3a:85:fb:
         66:69:c5:30:f4:f9:ff:bf:b5:b9:83:8b:05:83:ed:89:e1:9d:
         20:b4:2e:ab:50:b3:fe:4a:9c:98:b7:55:09:19:ae:ff:11:a7:
         03:fc:43:91:5c:e3:6b:85:bb:51:92:95:05:7b:e8:a2:34:db:
         33:90:2d:40:f0:a3:4e:b9:a9:71:64:e7:8b:85:f8:21:87:e1:
         94:aa:93:81:04:bb:a9:ce:6f:03:c2:5f:84:ab:12:ce:10:f8:
         a8:69:18:93
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZSIU5W1AqoUVKq8WF0RHpXFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY0YzBiYzU5NGFmODExNzUzZGZjMTE2YWY0NTliMWI4NzQ0
NzE0ODkwHhcNMjUwMTIxMTAwNjA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NjFkN2VkZTg3NWMyYWMxYzRmOWM2ZGNiMGUzZWFjZDMxYjA2YTI5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqepKq2GmCLA+rqPdQEAMtqysjCL7
NvoqTlAhPn/2aYS0g7znQYkxvtFGeAmUWnCDeNN6Pq1JR24U2FQ5oPfZE1jaT21c
GKO0GlZnjwesw8SGCnMAUYKR9GS2ilWFAkL/U6Cb469Eo9sgNiHbDCl1FcFGptZH
uNoFRq0KuiuSh+xsfOYTDfo5v06gZWZ/X4vM1YdrtXPX86nBhc0wSNgvT/eXK4z6
4qOYiqJKJHrnGjhYuVRodHFV7t8XtgBioV3i9cshvxGlzPASjXX6zRgwcVoERFTB
7zvvUdKS3NecM74qMijQTNclZTm+34vI6mHqGei0yN7zacUEsDWAzL6JYwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFEYdft6HXCrBxPnG3LDj6s0xsGopMB8GA1UdIwQY
MBaAFGTAvFlK+BF1PfwRavRZsbh0RxSJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWk1DOFdVcjRFWFU5X0JGcTlGbXh1SFJIRklrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Zi9iNDhiZmQtNzk3ZC00N2E5LThhNjIt
NDQzMTNiNDNlNTk0LzEvUmgxLTNvZGNLc0hFLWNiY3NPUHF6VEd3YWlrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Zi9iNDhiZmQtNzk3ZC00N2E5LThhNjItNDQzMTNiNDNlNTk0
LzEvWk1DOFdVcjRFWFU5X0JGcTlGbXh1SFJIRklrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQBuR7UMA8E
AgACMAkDBwAqALMgAAAwDQYJKoZIhvcNAQELBQADggEBAAhY4U9TgfdInSOQ5oaL
0v7imD8Lc7sWtlbvCRU0DGK+5J48xJNPO4dfyx2SVLubQTCA+9DoL48tosBirCyi
qYddAM12+uXDV0fNwTfs/t8w501T5TV/5krUly2/RNk+UWACrLiDBxTiH459/uyd
CfPep3HO8Q6GLbhD+Sri+ESX4SjXn5Pt2eYFOdkm4/HVr11JnjPieh6rM0ZJc8Pi
QzqF+2ZpxTD0+f+/tbmDiwWD7YnhnSC0LqtQs/5KnJi3VQkZrv8RpwP8Q5Fc42uF
u1GSlQV76KI02zOQLUDwo065qXFk54uF+CGH4ZSqk4EEu6nObwPCX4SrEs4Q+Khp
GJM=
-----END CERTIFICATE-----