Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/70/24875c-f159-464f-a8a7-1119b7fedfec/1/u_s4QKsF9p1kSN0KedlqNHJpJkI.roa
File:                     u_s4QKsF9p1kSN0KedlqNHJpJkI.roa (raw, json)
Hash identifier:          8YDGRlWAcN7f5DRHYPeywi/SAyIqYgv/xJQxk+e27Qg=
Subject key identifier:   BB:FB:38:40:AB:05:F6:9D:64:48:DD:0A:79:D9:6A:34:72:69:26:42
Certificate issuer:       /CN=f12b1b68ea1093bcee78d07192e6d8c3f70302cf
Certificate serial:       01942368CA4B296BB364E407B739E5C9A213
Authority key identifier: F1:2B:1B:68:EA:10:93:BC:EE:78:D0:71:92:E6:D8:C3:F7:03:02:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8SsbaOoQk7zueNBxkubYw_cDAs8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/70/24875c-f159-464f-a8a7-1119b7fedfec/1/u_s4QKsF9p1kSN0KedlqNHJpJkI.roa
Signing time:             Wed 01 Jan 2025 19:47:37 +0000
ROA not before:           Wed 01 Jan 2025 19:47:37 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     42913
IP address blocks:        185.193.148.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/70/24875c-f159-464f-a8a7-1119b7fedfec/1/8SsbaOoQk7zueNBxkubYw_cDAs8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/70/24875c-f159-464f-a8a7-1119b7fedfec/1/8SsbaOoQk7zueNBxkubYw_cDAs8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8SsbaOoQk7zueNBxkubYw_cDAs8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 22:01:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:68:ca:4b:29:6b:b3:64:e4:07:b7:39:e5:c9:a2:13
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f12b1b68ea1093bcee78d07192e6d8c3f70302cf
        Validity
            Not Before: Jan  1 19:47:37 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=bbfb3840ab05f69d6448dd0a79d96a3472692642
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:71:1a:96:8f:17:d8:53:3a:06:13:f9:ab:9d:
                    dd:21:f1:73:a2:b2:a8:d4:a3:f4:81:8a:2e:63:c5:
                    73:7e:b8:c8:2c:2b:68:29:c8:a3:47:78:00:4c:f5:
                    b4:fd:b4:1e:1a:6c:fd:76:26:42:61:a5:d8:95:34:
                    42:9e:7a:b9:cc:aa:3f:f2:85:97:6c:7f:ad:d7:59:
                    fa:3b:17:47:04:0f:9f:1d:c0:9d:61:61:43:cc:91:
                    59:12:01:f4:73:0d:43:61:1e:be:a1:01:55:f3:f3:
                    c9:c7:d5:31:97:5d:df:eb:76:3a:fa:ce:99:5e:f4:
                    02:86:c2:e2:c7:3b:bc:f1:8e:7f:e6:a3:8e:9c:30:
                    54:33:86:9a:26:10:6e:56:68:99:23:71:d2:b3:15:
                    2d:64:92:8b:9a:3a:33:ad:40:63:ac:a9:2c:97:24:
                    da:a7:ba:1c:83:b2:73:6c:38:3c:5b:d1:03:43:3c:
                    a9:16:f3:1f:30:ec:c1:d3:bd:67:2c:b3:5f:45:0e:
                    ee:4e:6d:49:6c:46:13:91:ff:0d:af:e1:3d:e2:fd:
                    68:b4:40:7c:7e:58:08:30:00:a0:c0:89:f9:ca:dd:
                    32:b1:dd:6a:3b:7e:4b:48:dd:b9:16:d4:04:f3:d1:
                    de:dc:65:dc:89:4a:a1:a7:a2:c0:d2:ab:c3:e2:a1:
                    b8:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BB:FB:38:40:AB:05:F6:9D:64:48:DD:0A:79:D9:6A:34:72:69:26:42
            X509v3 Authority Key Identifier:
                keyid:F1:2B:1B:68:EA:10:93:BC:EE:78:D0:71:92:E6:D8:C3:F7:03:02:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8SsbaOoQk7zueNBxkubYw_cDAs8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/70/24875c-f159-464f-a8a7-1119b7fedfec/1/u_s4QKsF9p1kSN0KedlqNHJpJkI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/70/24875c-f159-464f-a8a7-1119b7fedfec/1/8SsbaOoQk7zueNBxkubYw_cDAs8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.193.148.0/22

    Signature Algorithm: sha256WithRSAEncryption
         12:4a:82:f1:ed:39:46:09:0d:82:1d:30:89:5c:04:cc:da:2d:
         c0:57:9a:76:ea:c5:13:59:8f:d2:32:b6:85:fc:9f:5e:0b:96:
         44:0e:07:82:1c:1d:fb:d7:fa:cf:3b:93:b0:0a:8b:25:8d:3f:
         21:82:7c:81:ce:53:26:b8:2f:57:17:c9:20:e1:a4:4c:60:09:
         5c:c5:74:b8:76:cc:4c:3c:d7:e4:c5:c0:52:cd:42:2f:87:82:
         1d:1d:d3:a2:44:96:79:ed:e9:4d:93:b6:79:c2:d6:aa:fe:58:
         fd:6a:29:84:82:08:19:56:e7:48:e0:4d:8e:a8:38:7a:a7:2a:
         4d:47:51:59:ac:b6:98:62:71:80:d8:ae:7e:ff:1b:1c:45:ff:
         71:63:d3:b2:42:b9:d0:69:c8:6d:1a:eb:d1:df:7f:89:dd:5a:
         2d:59:e5:45:e6:fe:06:55:14:59:3e:54:ea:57:33:69:4b:fa:
         06:63:74:16:4f:8e:45:76:b9:76:3c:9d:d0:f2:23:4e:21:b3:
         3c:30:a5:8c:73:65:cc:20:31:d2:92:75:b1:fb:e3:8a:38:13:
         1f:0b:cb:74:7e:3a:ee:3d:53:ce:7a:b8:5b:b4:f5:2e:b6:9c:
         12:68:b0:2c:3c:2d:b0:fc:a9:cf:35:ba:b7:fe:df:60:2e:d3:
         6e:8c:29:81
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQjaMpLKWuzZOQHtznlyaITMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYxMmIxYjY4ZWExMDkzYmNlZTc4ZDA3MTkyZTZkOGMzZjcw
MzAyY2YwHhcNMjUwMTAxMTk0NzM3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYmZiMzg0MGFiMDVmNjlkNjQ0OGRkMGE3OWQ5NmEzNDcyNjkyNjQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqXEalo8X2FM6BhP5q53dIfFzorKo
1KP0gYouY8VzfrjILCtoKcijR3gATPW0/bQeGmz9diZCYaXYlTRCnnq5zKo/8oWX
bH+t11n6OxdHBA+fHcCdYWFDzJFZEgH0cw1DYR6+oQFV8/PJx9Uxl13f63Y6+s6Z
XvQChsLixzu88Y5/5qOOnDBUM4aaJhBuVmiZI3HSsxUtZJKLmjozrUBjrKkslyTa
p7ocg7JzbDg8W9EDQzypFvMfMOzB071nLLNfRQ7uTm1JbEYTkf8Nr+E94v1otEB8
flgIMACgwIn5yt0ysd1qO35LSN25FtQE89He3GXciUqhp6LA0qvD4qG4OwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLv7OECrBfadZEjdCnnZajRyaSZCMB8GA1UdIwQY
MBaAFPErG2jqEJO87njQcZLm2MP3AwLPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOFNzYmFPb1FrN3p1ZU5CeGt1Yll3X2NEQXM4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MC8yNDg3NWMtZjE1OS00NjRmLWE4YTct
MTExOWI3ZmVkZmVjLzEvdV9zNFFLc0Y5cDFrU04wS2VkbHFOSEpwSmtJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MC8yNDg3NWMtZjE1OS00NjRmLWE4YTctMTExOWI3ZmVkZmVj
LzEvOFNzYmFPb1FrN3p1ZU5CeGt1Yll3X2NEQXM4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCucGUMA0G
CSqGSIb3DQEBCwUAA4IBAQASSoLx7TlGCQ2CHTCJXATM2i3AV5p26sUTWY/SMraF
/J9eC5ZEDgeCHB371/rPO5OwCosljT8hgnyBzlMmuC9XF8kg4aRMYAlcxXS4dsxM
PNfkxcBSzUIvh4IdHdOiRJZ57elNk7Z5wtaq/lj9aimEgggZVudI4E2OqDh6pypN
R1FZrLaYYnGA2K5+/xscRf9xY9OyQrnQachtGuvR33+J3VotWeVF5v4GVRRZPlTq
VzNpS/oGY3QWT45Fdrl2PJ3Q8iNOIbM8MKWMc2XMIDHSknWx++OKOBMfC8t0fjru
PVPOerhbtPUutpwSaLAsPC2w/KnPNbq3/t9gLtNujCmB
-----END CERTIFICATE-----