Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/61/95d71d-f41b-4171-8350-e0892a28aac9/1/rwCcNCLFriBxsD0bJomvJ0xlQ9c.roa
File:                     rwCcNCLFriBxsD0bJomvJ0xlQ9c.roa (raw, json)
Hash identifier:          PsKxZJF6yIek93GITDSEpyvFVPew4gbr5lDkhG4UbEw=
Subject key identifier:   AF:00:9C:34:22:C5:AE:20:71:B0:3D:1B:26:89:AF:27:4C:65:43:D7
Certificate issuer:       /CN=7400d5013c12852242343093cbf5148d4eaeaaf9
Certificate serial:       019424B39046EB3F52F58281E872CC2A72A2
Authority key identifier: 74:00:D5:01:3C:12:85:22:42:34:30:93:CB:F5:14:8D:4E:AE:AA:F9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dADVATwShSJCNDCTy_UUjU6uqvk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/61/95d71d-f41b-4171-8350-e0892a28aac9/1/rwCcNCLFriBxsD0bJomvJ0xlQ9c.roa
Signing time:             Thu 02 Jan 2025 01:48:55 +0000
ROA not before:           Thu 02 Jan 2025 01:48:55 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212440
IP address blocks:        185.112.180.0/22 maxlen: 24
                          2a0e:6f00::/29 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/61/95d71d-f41b-4171-8350-e0892a28aac9/1/dADVATwShSJCNDCTy_UUjU6uqvk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/61/95d71d-f41b-4171-8350-e0892a28aac9/1/dADVATwShSJCNDCTy_UUjU6uqvk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dADVATwShSJCNDCTy_UUjU6uqvk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 21 Apr 2025 07:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:b3:90:46:eb:3f:52:f5:82:81:e8:72:cc:2a:72:a2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7400d5013c12852242343093cbf5148d4eaeaaf9
        Validity
            Not Before: Jan  2 01:48:55 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=af009c3422c5ae2071b03d1b2689af274c6543d7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:00:92:8c:40:36:73:ec:f0:4b:ae:d1:21:d9:
                    67:76:70:d7:44:51:28:ad:98:c9:67:dc:2d:99:3b:
                    1f:2c:60:2e:4b:69:34:4e:d6:89:1f:29:c9:14:d0:
                    fa:45:04:32:e0:14:91:91:9a:52:59:95:e5:50:8b:
                    96:22:7e:b5:1a:ab:01:d9:65:67:23:74:0b:f5:f2:
                    4a:4d:75:be:8a:f7:c2:a8:46:d0:06:95:37:2a:fb:
                    39:51:b4:b2:3d:f4:38:e5:e5:b4:5e:0a:5f:65:15:
                    45:7a:11:48:aa:2d:a1:ff:8e:72:ef:be:ae:83:2f:
                    d0:15:b3:b6:22:85:d0:d7:76:ae:33:8d:6d:b2:94:
                    25:4b:3e:be:27:62:15:03:ba:ef:cf:c2:4e:d3:a7:
                    30:20:a1:1b:ba:b9:38:95:3d:41:c1:d1:68:0c:ae:
                    00:8b:b7:88:8f:7a:4e:6e:54:ff:01:3c:8e:ca:43:
                    e2:6a:87:2d:8b:ca:27:d3:3e:5e:70:18:87:45:d0:
                    e9:61:41:0a:4e:4d:82:f4:57:27:68:3f:ff:52:52:
                    ff:d5:6e:14:50:fb:4e:b2:dd:a8:9b:64:32:06:a5:
                    1b:67:58:02:9c:8e:a2:de:59:31:25:1c:03:2a:30:
                    6e:75:03:6e:83:4b:d1:e1:3d:7b:b2:cd:c9:3d:33:
                    1e:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AF:00:9C:34:22:C5:AE:20:71:B0:3D:1B:26:89:AF:27:4C:65:43:D7
            X509v3 Authority Key Identifier:
                keyid:74:00:D5:01:3C:12:85:22:42:34:30:93:CB:F5:14:8D:4E:AE:AA:F9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dADVATwShSJCNDCTy_UUjU6uqvk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/61/95d71d-f41b-4171-8350-e0892a28aac9/1/rwCcNCLFriBxsD0bJomvJ0xlQ9c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/61/95d71d-f41b-4171-8350-e0892a28aac9/1/dADVATwShSJCNDCTy_UUjU6uqvk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.112.180.0/22
                IPv6:
                  2a0e:6f00::/29

    Signature Algorithm: sha256WithRSAEncryption
         7a:55:51:34:32:35:c8:c0:54:f5:66:52:27:d8:0f:a0:1e:b6:
         b1:99:21:6d:58:04:b5:d2:97:c3:8b:1d:dd:0f:5b:62:bf:52:
         80:50:c7:53:b1:14:87:f7:d2:ef:4e:bd:1f:67:cc:b7:df:0a:
         eb:ff:07:04:da:13:c7:ff:54:0e:ec:ef:70:2e:b4:b3:f6:46:
         96:9c:33:ad:e8:4d:dc:5f:83:8c:7a:b8:4d:d6:23:80:7a:b7:
         14:b0:ee:94:39:33:f8:6e:f6:b4:2d:ec:db:83:99:97:13:85:
         c8:81:86:79:12:74:81:34:60:03:d3:65:90:e3:21:43:48:eb:
         20:ed:a8:b3:15:cc:78:92:71:4f:3c:51:2c:27:65:fd:b7:d2:
         62:88:cc:fa:8b:7a:78:37:d9:99:bd:25:37:10:34:8f:ed:7b:
         32:f8:25:cd:e0:67:c9:22:4d:1a:13:6b:b1:e5:3d:cd:7d:5b:
         0b:67:69:24:1f:d0:c5:39:5a:c5:6b:62:05:ac:d1:79:ff:8a:
         dd:72:15:28:b2:dd:a2:c4:99:b9:ca:58:a5:ae:03:c4:a3:30:
         ae:80:bd:b2:db:ff:f6:25:f7:60:dd:dc:ef:0a:4c:6f:08:a6:
         65:fa:32:ed:4a:d6:44:3c:9d:0a:77:e0:58:a6:80:7a:54:1d:
         0e:08:88:0e
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQks5BG6z9S9YKB6HLMKnKiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc0MDBkNTAxM2MxMjg1MjI0MjM0MzA5M2NiZjUxNDhkNGVh
ZWFhZjkwHhcNMjUwMTAyMDE0ODU1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZjAwOWMzNDIyYzVhZTIwNzFiMDNkMWIyNjg5YWYyNzRjNjU0M2Q3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAugCSjEA2c+zwS67RIdlndnDXRFEo
rZjJZ9wtmTsfLGAuS2k0TtaJHynJFND6RQQy4BSRkZpSWZXlUIuWIn61GqsB2WVn
I3QL9fJKTXW+ivfCqEbQBpU3Kvs5UbSyPfQ45eW0XgpfZRVFehFIqi2h/45y776u
gy/QFbO2IoXQ13auM41tspQlSz6+J2IVA7rvz8JO06cwIKEburk4lT1BwdFoDK4A
i7eIj3pOblT/ATyOykPiaocti8on0z5ecBiHRdDpYUEKTk2C9FcnaD//UlL/1W4U
UPtOst2om2QyBqUbZ1gCnI6i3lkxJRwDKjBudQNug0vR4T17ss3JPTMerQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFK8AnDQixa4gcbA9GyaJrydMZUPXMB8GA1UdIwQY
MBaAFHQA1QE8EoUiQjQwk8v1FI1Orqr5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZEFEVkFUd1NoU0pDTkRDVHlfVVVqVTZ1cXZrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82MS85NWQ3MWQtZjQxYi00MTcxLTgzNTAt
ZTA4OTJhMjhhYWM5LzEvcndDY05DTEZyaUJ4c0QwYkpvbXZKMHhsUTljLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82MS85NWQ3MWQtZjQxYi00MTcxLTgzNTAtZTA4OTJhMjhhYWM5
LzEvZEFEVkFUd1NoU0pDTkRDVHlfVVVqVTZ1cXZrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuXC0MA0E
AgACMAcDBQMqDm8AMA0GCSqGSIb3DQEBCwUAA4IBAQB6VVE0MjXIwFT1ZlIn2A+g
HraxmSFtWAS10pfDix3dD1tiv1KAUMdTsRSH99LvTr0fZ8y33wrr/wcE2hPH/1QO
7O9wLrSz9kaWnDOt6E3cX4OMerhN1iOAercUsO6UOTP4bva0Lezbg5mXE4XIgYZ5
EnSBNGAD02WQ4yFDSOsg7aizFcx4knFPPFEsJ2X9t9JiiMz6i3p4N9mZvSU3EDSP
7Xsy+CXN4GfJIk0aE2ux5T3NfVsLZ2kkH9DFOVrFa2IFrNF5/4rdchUost2ixJm5
ylilrgPEozCugL2y2//2Jfdg3dzvCkxvCKZl+jLtStZEPJ0Kd+BYpoB6VB0OCIgO
-----END CERTIFICATE-----