Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6b/c171ca-4b1b-4187-ba46-a4fc9e2458ec/1/I31zSlJ40fjjEolj5beTqF2Vpd4.roa
File:                     I31zSlJ40fjjEolj5beTqF2Vpd4.roa (raw, json)
Hash identifier:          Og0yQVlIZ0GIVCkTxKf0CrUvb1fixcYPJT0gMrkKe1k=
Subject key identifier:   23:7D:73:4A:52:78:D1:F8:E3:12:89:63:E5:B7:93:A8:5D:95:A5:DE
Certificate issuer:       /CN=77b8cf454b0962d16a4855808fd3abc15852bbd8
Certificate serial:       019424B3753FE45C5A6492F84E24A361DA7A
Authority key identifier: 77:B8:CF:45:4B:09:62:D1:6A:48:55:80:8F:D3:AB:C1:58:52:BB:D8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/d7jPRUsJYtFqSFWAj9OrwVhSu9g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6b/c171ca-4b1b-4187-ba46-a4fc9e2458ec/1/I31zSlJ40fjjEolj5beTqF2Vpd4.roa
Signing time:             Thu 02 Jan 2025 01:48:48 +0000
ROA not before:           Thu 02 Jan 2025 01:48:48 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     201980
IP address blocks:        185.56.4.0/22 maxlen: 24
                          2a02:4f20::/32 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6b/c171ca-4b1b-4187-ba46-a4fc9e2458ec/1/d7jPRUsJYtFqSFWAj9OrwVhSu9g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6b/c171ca-4b1b-4187-ba46-a4fc9e2458ec/1/d7jPRUsJYtFqSFWAj9OrwVhSu9g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/d7jPRUsJYtFqSFWAj9OrwVhSu9g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 14 Mar 2025 00:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:b3:75:3f:e4:5c:5a:64:92:f8:4e:24:a3:61:da:7a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=77b8cf454b0962d16a4855808fd3abc15852bbd8
        Validity
            Not Before: Jan  2 01:48:48 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=237d734a5278d1f8e3128963e5b793a85d95a5de
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:2f:f5:fe:fc:07:ba:36:0f:a6:48:a9:6f:4f:
                    f0:87:f3:69:64:2f:77:1f:ce:a4:47:be:ca:ee:fb:
                    3a:ec:e0:16:6d:e9:8d:45:c8:37:d4:49:7b:c5:33:
                    e9:9f:7c:9c:40:63:2d:37:76:54:7e:36:bf:9f:5b:
                    db:41:20:a8:d4:56:6f:f2:89:5b:aa:bd:b9:d6:06:
                    6a:bd:fc:f0:fc:91:c7:fc:ae:dd:2b:85:11:d8:a7:
                    7b:74:1a:84:fc:31:ea:e8:0d:64:fa:7e:7e:78:67:
                    fc:59:bd:98:d7:58:66:2f:95:e8:d5:9e:8a:2b:68:
                    a5:ab:ea:1c:ba:8d:5e:f0:8d:93:02:2f:72:17:97:
                    69:06:86:6b:1f:3d:cf:d8:a3:13:28:e8:83:8a:4e:
                    c3:83:41:6b:0f:3a:48:df:3d:c3:3a:3b:14:e8:8f:
                    da:1a:b2:10:ff:38:99:d1:7f:89:91:db:f2:3f:fc:
                    66:6b:24:af:6e:5f:be:62:c0:b0:70:a5:55:5d:85:
                    32:8e:8d:4d:e8:42:a4:da:88:9e:7b:b5:bb:33:f1:
                    e8:d0:f4:a0:5e:14:89:78:e4:01:c3:c9:72:10:3c:
                    38:60:19:52:c9:4a:0e:0d:87:26:b8:3f:0a:27:f7:
                    c7:80:77:7c:f4:36:b7:63:ce:e2:ea:ef:12:e9:a7:
                    3f:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                23:7D:73:4A:52:78:D1:F8:E3:12:89:63:E5:B7:93:A8:5D:95:A5:DE
            X509v3 Authority Key Identifier:
                keyid:77:B8:CF:45:4B:09:62:D1:6A:48:55:80:8F:D3:AB:C1:58:52:BB:D8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/d7jPRUsJYtFqSFWAj9OrwVhSu9g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6b/c171ca-4b1b-4187-ba46-a4fc9e2458ec/1/I31zSlJ40fjjEolj5beTqF2Vpd4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6b/c171ca-4b1b-4187-ba46-a4fc9e2458ec/1/d7jPRUsJYtFqSFWAj9OrwVhSu9g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.56.4.0/22
                IPv6:
                  2a02:4f20::/32

    Signature Algorithm: sha256WithRSAEncryption
         33:73:65:27:e5:56:b2:f8:e0:8e:a6:a1:88:f9:01:14:fa:92:
         26:75:b4:1c:0b:97:e0:1e:67:bc:d2:6e:62:e2:4d:98:b5:f9:
         40:c3:10:b7:51:fa:e6:d1:31:4f:a2:8d:98:d8:21:5e:f6:b9:
         64:77:d7:3d:c3:c9:05:4d:0c:13:95:f4:1f:2f:47:00:90:26:
         84:0d:ba:8c:b1:99:bd:bb:4b:d1:bc:ba:13:82:50:ef:46:9b:
         2c:2f:35:84:48:93:09:54:33:ce:95:b2:8b:b0:54:b2:e6:dc:
         d2:37:1a:12:20:36:8c:0b:02:bc:e1:c3:a1:19:a6:c3:d7:3d:
         28:ef:f7:6a:b6:a0:d3:51:c3:1d:5d:de:5f:ba:6a:b4:e8:ba:
         6e:df:82:40:e3:9a:83:94:ab:db:76:50:ea:2d:e1:01:a1:72:
         92:8f:b9:39:31:c4:87:0f:64:44:f2:cd:4f:07:36:f3:96:57:
         46:95:41:97:60:ee:1a:03:21:a1:55:56:8e:c0:8a:37:27:12:
         dc:db:e4:58:2d:85:80:79:eb:ee:96:3c:a0:52:50:46:c8:3a:
         e8:f9:06:6a:2a:41:28:2a:2d:d1:79:02:fd:85:3f:ec:bc:47:
         45:57:cf:35:b1:ce:c1:9e:9a:5f:f5:f4:73:29:81:fd:10:35:
         bb:ad:07:f5
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQks3U/5FxaZJL4TiSjYdp6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc3YjhjZjQ1NGIwOTYyZDE2YTQ4NTU4MDhmZDNhYmMxNTg1
MmJiZDgwHhcNMjUwMTAyMDE0ODQ4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMzdkNzM0YTUyNzhkMWY4ZTMxMjg5NjNlNWI3OTNhODVkOTVhNWRlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoi/1/vwHujYPpkipb0/wh/NpZC93
H86kR77K7vs67OAWbemNRcg31El7xTPpn3ycQGMtN3ZUfja/n1vbQSCo1FZv8olb
qr251gZqvfzw/JHH/K7dK4UR2Kd7dBqE/DHq6A1k+n5+eGf8Wb2Y11hmL5Xo1Z6K
K2ilq+ocuo1e8I2TAi9yF5dpBoZrHz3P2KMTKOiDik7Dg0FrDzpI3z3DOjsU6I/a
GrIQ/ziZ0X+JkdvyP/xmaySvbl++YsCwcKVVXYUyjo1N6EKk2oiee7W7M/Ho0PSg
XhSJeOQBw8lyEDw4YBlSyUoODYcmuD8KJ/fHgHd89Da3Y87i6u8S6ac/BwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFCN9c0pSeNH44xKJY+W3k6hdlaXeMB8GA1UdIwQY
MBaAFHe4z0VLCWLRakhVgI/Tq8FYUrvYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZDdqUFJVc0pZdEZxU0ZXQWo5T3J3VmhTdTlnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Yi9jMTcxY2EtNGIxYi00MTg3LWJhNDYt
YTRmYzllMjQ1OGVjLzEvSTMxelNsSjQwZmpqRW9sajViZVRxRjJWcGQ0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Yi9jMTcxY2EtNGIxYi00MTg3LWJhNDYtYTRmYzllMjQ1OGVj
LzEvZDdqUFJVc0pZdEZxU0ZXQWo5T3J3VmhTdTlnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuTgEMA0E
AgACMAcDBQAqAk8gMA0GCSqGSIb3DQEBCwUAA4IBAQAzc2Un5Vay+OCOpqGI+QEU
+pImdbQcC5fgHme80m5i4k2YtflAwxC3Ufrm0TFPoo2Y2CFe9rlkd9c9w8kFTQwT
lfQfL0cAkCaEDbqMsZm9u0vRvLoTglDvRpssLzWESJMJVDPOlbKLsFSy5tzSNxoS
IDaMCwK84cOhGabD1z0o7/dqtqDTUcMdXd5fumq06Lpu34JA45qDlKvbdlDqLeEB
oXKSj7k5McSHD2RE8s1PBzbzlldGlUGXYO4aAyGhVVaOwIo3JxLc2+RYLYWAeevu
ljygUlBGyDro+QZqKkEoKi3ReQL9hT/svEdFV881sc7Bnppf9fRzKYH9EDW7rQf1
-----END CERTIFICATE-----