Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/69/a8d4ab-dc96-4c9c-af48-a0d48d0d7461/1/RvOaflHrUbGbCGM86DjNMJAz4Rw.roa
File:                     RvOaflHrUbGbCGM86DjNMJAz4Rw.roa (raw, json)
Hash identifier:          3Nyo7ThzTtGgNw1pACQDePiv05YOigx9XCdhwJe3hKs=
Subject key identifier:   46:F3:9A:7E:51:EB:51:B1:9B:08:63:3C:E8:38:CD:30:90:33:E1:1C
Certificate issuer:       /CN=14a4ba50b468fceeac194627e98ba1f57deb4fc0
Certificate serial:       019422FC4A9C28F3E1078AB5D59DF0DC3847
Authority key identifier: 14:A4:BA:50:B4:68:FC:EE:AC:19:46:27:E9:8B:A1:F5:7D:EB:4F:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/FKS6ULRo_O6sGUYn6Yuh9X3rT8A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/69/a8d4ab-dc96-4c9c-af48-a0d48d0d7461/1/RvOaflHrUbGbCGM86DjNMJAz4Rw.roa
Signing time:             Wed 01 Jan 2025 17:49:07 +0000
ROA not before:           Wed 01 Jan 2025 17:49:07 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     205579
IP address blocks:        185.30.248.0/22 maxlen: 22
                          185.30.248.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/69/a8d4ab-dc96-4c9c-af48-a0d48d0d7461/1/FKS6ULRo_O6sGUYn6Yuh9X3rT8A.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/69/a8d4ab-dc96-4c9c-af48-a0d48d0d7461/1/FKS6ULRo_O6sGUYn6Yuh9X3rT8A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/FKS6ULRo_O6sGUYn6Yuh9X3rT8A.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 20 Apr 2025 16:41:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:fc:4a:9c:28:f3:e1:07:8a:b5:d5:9d:f0:dc:38:47
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=14a4ba50b468fceeac194627e98ba1f57deb4fc0
        Validity
            Not Before: Jan  1 17:49:07 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=46f39a7e51eb51b19b08633ce838cd309033e11c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e2:31:fd:4e:e8:f5:17:ea:fb:7c:be:c3:14:2b:
                    6b:f6:f4:ee:d4:ba:e3:7d:03:dc:97:35:69:2c:4f:
                    26:a7:7d:ee:1d:b8:49:6e:d7:e6:a9:f4:a8:96:5a:
                    df:18:2f:b6:8c:53:c5:8a:f1:66:35:93:75:50:37:
                    8f:24:6c:ce:88:ce:f3:a8:5f:62:50:c2:6e:b3:85:
                    b3:00:fd:a5:78:17:b7:cf:35:67:3f:f5:36:a7:04:
                    24:87:0a:ca:78:eb:bc:96:f5:2f:10:99:16:4d:80:
                    86:ed:56:63:b1:7e:6c:94:0e:08:7d:26:4d:15:12:
                    eb:c8:b1:66:93:23:0f:40:b3:b5:ec:0b:6a:70:8c:
                    3f:12:74:af:fe:f2:7e:6a:aa:16:b1:ba:19:d3:a0:
                    38:9c:a0:ec:35:88:03:ec:45:da:7f:91:e7:ab:14:
                    fc:58:e5:be:91:ed:94:c1:c4:44:9a:08:78:63:47:
                    a0:25:ed:cc:cd:4d:70:b5:c7:be:6e:17:f7:17:8b:
                    0a:8a:22:aa:bd:6f:20:be:b1:d5:1a:8f:fc:94:bf:
                    cb:9a:9c:ae:22:82:e0:82:1b:b3:46:5d:bc:b1:a5:
                    51:3b:87:13:d6:0d:6b:3e:9c:92:12:10:32:68:20:
                    d1:b2:17:2e:d4:b8:fa:75:31:3c:69:48:08:d7:a0:
                    e4:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                46:F3:9A:7E:51:EB:51:B1:9B:08:63:3C:E8:38:CD:30:90:33:E1:1C
            X509v3 Authority Key Identifier:
                keyid:14:A4:BA:50:B4:68:FC:EE:AC:19:46:27:E9:8B:A1:F5:7D:EB:4F:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/FKS6ULRo_O6sGUYn6Yuh9X3rT8A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/69/a8d4ab-dc96-4c9c-af48-a0d48d0d7461/1/RvOaflHrUbGbCGM86DjNMJAz4Rw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/69/a8d4ab-dc96-4c9c-af48-a0d48d0d7461/1/FKS6ULRo_O6sGUYn6Yuh9X3rT8A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.30.248.0/22

    Signature Algorithm: sha256WithRSAEncryption
         2e:2d:67:37:14:60:a9:a6:f6:d9:82:0e:b4:f1:68:db:d4:51:
         9a:0b:6e:7f:f3:8a:a1:57:90:d4:9a:a0:d4:54:e7:7b:85:b2:
         57:c4:3a:40:6b:d8:14:33:44:01:22:49:de:73:e4:16:3e:ae:
         3a:5f:c6:13:f6:0a:0d:9c:58:9c:a0:1c:3a:5e:3d:e3:73:1f:
         ea:a4:30:cf:83:3f:69:50:5f:cf:34:88:5b:20:11:58:b4:b6:
         1a:61:2e:12:4c:12:a0:75:71:a0:59:c2:f6:f3:61:bc:c1:1f:
         32:f4:4b:ce:21:ae:6c:03:d1:90:2d:a0:05:33:54:36:7e:32:
         d0:d8:79:b9:2e:7a:21:91:36:5a:27:5e:86:fc:ae:f2:ff:ab:
         6c:ef:22:00:7d:df:73:f2:28:dc:c7:a4:f6:b4:e7:e2:97:52:
         79:7c:6b:66:47:27:26:a4:62:1e:84:13:3f:e5:1d:84:e5:67:
         9a:a3:27:74:fc:ac:2c:c8:35:3a:b7:76:84:cd:1c:85:2c:b2:
         ac:3b:9f:44:88:5e:a7:a7:75:f2:14:b2:a6:58:69:b4:7f:b2:
         db:8a:0a:63:94:ab:4b:28:9b:4b:30:d9:83:81:12:f5:18:c4:
         f6:c1:6d:5b:1c:cd:ad:b6:b7:a3:5e:71:89:c5:c9:60:88:4d:
         45:54:d7:fb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQi/EqcKPPhB4q11Z3w3DhHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE0YTRiYTUwYjQ2OGZjZWVhYzE5NDYyN2U5OGJhMWY1N2Rl
YjRmYzAwHhcNMjUwMTAxMTc0OTA3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NmYzOWE3ZTUxZWI1MWIxOWIwODYzM2NlODM4Y2QzMDkwMzNlMTFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4jH9Tuj1F+r7fL7DFCtr9vTu1Lrj
fQPclzVpLE8mp33uHbhJbtfmqfSollrfGC+2jFPFivFmNZN1UDePJGzOiM7zqF9i
UMJus4WzAP2leBe3zzVnP/U2pwQkhwrKeOu8lvUvEJkWTYCG7VZjsX5slA4IfSZN
FRLryLFmkyMPQLO17AtqcIw/EnSv/vJ+aqoWsboZ06A4nKDsNYgD7EXaf5HnqxT8
WOW+ke2UwcREmgh4Y0egJe3MzU1wtce+bhf3F4sKiiKqvW8gvrHVGo/8lL/Lmpyu
IoLgghuzRl28saVRO4cT1g1rPpySEhAyaCDRshcu1Lj6dTE8aUgI16DkNwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEbzmn5R61GxmwhjPOg4zTCQM+EcMB8GA1UdIwQY
MBaAFBSkulC0aPzurBlGJ+mLofV960/AMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRktTNlVMUm9fTzZzR1VZbjZZdWg5WDNyVDhBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82OS9hOGQ0YWItZGM5Ni00YzljLWFmNDgt
YTBkNDhkMGQ3NDYxLzEvUnZPYWZsSHJVYkdiQ0dNODZEak5NSkF6NFJ3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82OS9hOGQ0YWItZGM5Ni00YzljLWFmNDgtYTBkNDhkMGQ3NDYx
LzEvRktTNlVMUm9fTzZzR1VZbjZZdWg5WDNyVDhBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuR74MA0G
CSqGSIb3DQEBCwUAA4IBAQAuLWc3FGCppvbZgg608Wjb1FGaC25/84qhV5DUmqDU
VOd7hbJXxDpAa9gUM0QBIknec+QWPq46X8YT9goNnFicoBw6Xj3jcx/qpDDPgz9p
UF/PNIhbIBFYtLYaYS4STBKgdXGgWcL282G8wR8y9EvOIa5sA9GQLaAFM1Q2fjLQ
2Hm5LnohkTZaJ16G/K7y/6ts7yIAfd9z8ijcx6T2tOfil1J5fGtmRycmpGIehBM/
5R2E5Weaoyd0/KwsyDU6t3aEzRyFLLKsO59EiF6np3XyFLKmWGm0f7LbigpjlKtL
KJtLMNmDgRL1GMT2wW1bHM2ttrejXnGJxclgiE1FVNf7
-----END CERTIFICATE-----