Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6c/533416-5192-4944-ab50-813c76ff40b4/1/8c1jWLNSWx4cTuK9ZEnAPJAmwwU.roa
File:                     8c1jWLNSWx4cTuK9ZEnAPJAmwwU.roa (raw, json)
Hash identifier:          zNldb7jsDCF4ycQz0X2hLLJLeALZnhbBqN35ToOj1oI=
Subject key identifier:   F1:CD:63:58:B3:52:5B:1E:1C:4E:E2:BD:64:49:C0:3C:90:26:C3:05
Certificate issuer:       /CN=b545e434bba473706da8336fda016bb2e68b3623
Certificate serial:       019427484E0C188C2D53A33DEDF88CEA8457
Authority key identifier: B5:45:E4:34:BB:A4:73:70:6D:A8:33:6F:DA:01:6B:B2:E6:8B:36:23
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tUXkNLukc3BtqDNv2gFrsuaLNiM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6c/533416-5192-4944-ab50-813c76ff40b4/1/8c1jWLNSWx4cTuK9ZEnAPJAmwwU.roa
Signing time:             Thu 02 Jan 2025 13:50:37 +0000
ROA not before:           Thu 02 Jan 2025 13:50:37 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     200914
IP address blocks:        185.91.156.0/22 maxlen: 22
                          185.91.159.0/24 maxlen: 24
                          2a03:8960::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6c/533416-5192-4944-ab50-813c76ff40b4/1/tUXkNLukc3BtqDNv2gFrsuaLNiM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6c/533416-5192-4944-ab50-813c76ff40b4/1/tUXkNLukc3BtqDNv2gFrsuaLNiM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tUXkNLukc3BtqDNv2gFrsuaLNiM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 22 Apr 2025 10:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:48:4e:0c:18:8c:2d:53:a3:3d:ed:f8:8c:ea:84:57
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b545e434bba473706da8336fda016bb2e68b3623
        Validity
            Not Before: Jan  2 13:50:37 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f1cd6358b3525b1e1c4ee2bd6449c03c9026c305
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:85:66:6a:53:f3:73:b7:73:a6:9d:e4:b9:19:
                    d2:2c:3e:04:62:35:0d:07:59:cc:3c:47:6a:36:c3:
                    b6:bb:17:a5:b8:81:6d:4b:58:1f:af:4b:69:df:7c:
                    c7:31:81:01:21:df:52:97:f4:62:63:39:80:1d:d3:
                    26:b0:f3:9b:f7:2b:63:8c:6c:90:9f:58:64:88:ab:
                    a0:ee:35:44:87:a9:59:51:25:72:65:7a:aa:bf:42:
                    61:d9:78:3e:ed:85:67:27:0e:d3:4c:ba:8d:54:e3:
                    c5:92:bd:9a:cd:2a:20:2e:60:ac:3b:52:06:a8:2c:
                    df:50:52:21:7b:37:2a:bb:d3:51:39:c1:51:ee:95:
                    e5:eb:a8:f0:2a:a7:3d:31:b8:9e:4e:bc:80:e2:2c:
                    1c:2f:eb:f3:f3:54:38:d5:4a:b1:ac:e1:46:5b:a5:
                    a4:94:25:61:4c:8d:1b:bd:f3:cc:6d:16:ef:1d:92:
                    72:18:72:75:79:62:63:2a:b1:ca:f5:3e:15:95:a3:
                    09:f5:c1:63:2b:b4:43:9a:76:8a:ad:8a:ce:28:a0:
                    c2:72:a2:b8:1a:20:87:e9:06:a7:ec:8d:94:98:1e:
                    bc:f9:61:bf:6e:06:38:6c:d2:65:59:71:37:b1:6c:
                    bd:e5:d8:8c:5c:f3:22:eb:e4:a9:e8:d2:b7:39:13:
                    36:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F1:CD:63:58:B3:52:5B:1E:1C:4E:E2:BD:64:49:C0:3C:90:26:C3:05
            X509v3 Authority Key Identifier:
                keyid:B5:45:E4:34:BB:A4:73:70:6D:A8:33:6F:DA:01:6B:B2:E6:8B:36:23

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tUXkNLukc3BtqDNv2gFrsuaLNiM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6c/533416-5192-4944-ab50-813c76ff40b4/1/8c1jWLNSWx4cTuK9ZEnAPJAmwwU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6c/533416-5192-4944-ab50-813c76ff40b4/1/tUXkNLukc3BtqDNv2gFrsuaLNiM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.91.156.0/22
                IPv6:
                  2a03:8960::/32

    Signature Algorithm: sha256WithRSAEncryption
         a3:5e:a6:98:28:03:20:8c:dc:ca:e3:b4:09:8f:f5:59:f2:25:
         e2:f7:89:1c:6f:62:3a:06:e7:5d:c0:60:15:68:fd:4b:8a:a6:
         7d:08:eb:5d:60:ad:9a:05:32:f0:f0:8d:fe:a4:7a:f0:df:02:
         c7:42:a1:ce:a3:83:18:d2:8e:9d:72:4c:23:57:b5:9d:0d:80:
         4d:67:e6:54:2b:2b:25:df:c8:bb:f6:4d:fd:0f:ad:30:6d:ce:
         54:01:2a:a6:5d:83:a9:8f:bc:38:6b:40:e0:48:28:b6:e0:92:
         ff:bf:da:28:e5:9b:6e:65:0c:99:e7:64:18:f2:00:cf:ed:4b:
         a5:cd:de:64:a5:11:32:49:6d:2b:cf:25:f8:af:f0:24:9c:c0:
         34:74:03:a6:d5:b0:4b:a7:81:9f:4f:42:8e:5d:9c:00:30:00:
         d0:21:7c:b5:f2:4c:64:29:53:c1:1a:99:b1:74:dc:e0:d3:97:
         24:02:41:bb:5a:60:a8:86:35:ec:ff:6c:7a:99:85:a2:b1:cf:
         c8:9c:30:22:06:55:42:6b:40:a3:a9:57:bb:15:09:29:bb:e7:
         72:a0:f3:e8:9d:34:10:82:6d:98:86:77:7f:30:23:a1:ae:94:
         52:3a:e8:9d:b3:9c:78:bd:e3:ff:db:e5:96:c5:6d:38:1a:e8:
         1f:e0:b2:42
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQnSE4MGIwtU6M97fiM6oRXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI1NDVlNDM0YmJhNDczNzA2ZGE4MzM2ZmRhMDE2YmIyZTY4
YjM2MjMwHhcNMjUwMTAyMTM1MDM3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMWNkNjM1OGIzNTI1YjFlMWM0ZWUyYmQ2NDQ5YzAzYzkwMjZjMzA1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsYVmalPzc7dzpp3kuRnSLD4EYjUN
B1nMPEdqNsO2uxeluIFtS1gfr0tp33zHMYEBId9Sl/RiYzmAHdMmsPOb9ytjjGyQ
n1hkiKug7jVEh6lZUSVyZXqqv0Jh2Xg+7YVnJw7TTLqNVOPFkr2azSogLmCsO1IG
qCzfUFIhezcqu9NROcFR7pXl66jwKqc9MbieTryA4iwcL+vz81Q41UqxrOFGW6Wk
lCVhTI0bvfPMbRbvHZJyGHJ1eWJjKrHK9T4VlaMJ9cFjK7RDmnaKrYrOKKDCcqK4
GiCH6Qan7I2UmB68+WG/bgY4bNJlWXE3sWy95diMXPMi6+Sp6NK3ORM2wwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFPHNY1izUlseHE7ivWRJwDyQJsMFMB8GA1UdIwQY
MBaAFLVF5DS7pHNwbagzb9oBa7LmizYjMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdFVYa05MdWtjM0J0cUROdjJnRnJzdWFMTmlNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Yy81MzM0MTYtNTE5Mi00OTQ0LWFiNTAt
ODEzYzc2ZmY0MGI0LzEvOGMxaldMTlNXeDRjVHVLOVpFbkFQSkFtd3dVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Yy81MzM0MTYtNTE5Mi00OTQ0LWFiNTAtODEzYzc2ZmY0MGI0
LzEvdFVYa05MdWtjM0J0cUROdjJnRnJzdWFMTmlNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuVucMA0E
AgACMAcDBQAqA4lgMA0GCSqGSIb3DQEBCwUAA4IBAQCjXqaYKAMgjNzK47QJj/VZ
8iXi94kcb2I6BuddwGAVaP1LiqZ9COtdYK2aBTLw8I3+pHrw3wLHQqHOo4MY0o6d
ckwjV7WdDYBNZ+ZUKysl38i79k39D60wbc5UASqmXYOpj7w4a0DgSCi24JL/v9oo
5ZtuZQyZ52QY8gDP7Uulzd5kpREySW0rzyX4r/AknMA0dAOm1bBLp4GfT0KOXZwA
MADQIXy18kxkKVPBGpmxdNzg05ckAkG7WmCohjXs/2x6mYWisc/InDAiBlVCa0Cj
qVe7FQkpu+dyoPPonTQQgm2Yhnd/MCOhrpRSOuids5x4veP/2+WWxW04Gugf4LJC
-----END CERTIFICATE-----