Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/73/2f830f-af4d-4d33-a300-b98df544bc20/1/j4xQMv8fOD6vNafgvqaj-sinhSA.roa
File:                     j4xQMv8fOD6vNafgvqaj-sinhSA.roa (raw, json)
Hash identifier:          g/n7i1hhBBo3Q/tKawsn3d1mvtP+3frbkbuj6wZhZkE=
Subject key identifier:   8F:8C:50:32:FF:1F:38:3E:AF:35:A7:E0:BE:A6:A3:FA:C8:A7:85:20
Certificate issuer:       /CN=261b941dbe59651fafbba9724a12775e07edb635
Certificate serial:       019421B252FD41023F5D0E6A15EC078A7C1E
Authority key identifier: 26:1B:94:1D:BE:59:65:1F:AF:BB:A9:72:4A:12:77:5E:07:ED:B6:35
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JhuUHb5ZZR-vu6lyShJ3XgfttjU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/73/2f830f-af4d-4d33-a300-b98df544bc20/1/j4xQMv8fOD6vNafgvqaj-sinhSA.roa
Signing time:             Wed 01 Jan 2025 11:48:42 +0000
ROA not before:           Wed 01 Jan 2025 11:48:42 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     206903
IP address blocks:        185.172.152.0/22 maxlen: 22
                          185.172.154.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/73/2f830f-af4d-4d33-a300-b98df544bc20/1/JhuUHb5ZZR-vu6lyShJ3XgfttjU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/73/2f830f-af4d-4d33-a300-b98df544bc20/1/JhuUHb5ZZR-vu6lyShJ3XgfttjU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JhuUHb5ZZR-vu6lyShJ3XgfttjU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:b2:52:fd:41:02:3f:5d:0e:6a:15:ec:07:8a:7c:1e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=261b941dbe59651fafbba9724a12775e07edb635
        Validity
            Not Before: Jan  1 11:48:42 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8f8c5032ff1f383eaf35a7e0bea6a3fac8a78520
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:54:61:91:c6:e1:b7:10:a3:f5:e5:58:15:b4:
                    75:35:5d:47:cc:72:ad:44:4a:b5:67:ec:fc:7a:9e:
                    ed:fb:08:b3:8d:e5:44:b0:58:8f:a6:94:e0:0f:c5:
                    60:88:ca:1c:9b:a8:35:75:95:6d:53:8f:ad:64:bb:
                    33:85:da:60:29:cb:78:27:54:9b:82:06:88:64:27:
                    7d:ea:69:e2:48:9f:97:b4:14:fe:55:ae:94:a3:e5:
                    39:82:d2:33:47:17:e7:3e:0d:34:59:62:c1:62:3d:
                    3b:c9:18:14:b1:68:62:6c:52:db:53:79:b0:da:32:
                    60:b5:1c:51:bf:4e:4d:6d:7d:28:30:a0:81:76:2d:
                    de:3f:c6:1c:fe:15:4e:08:72:a9:af:88:ae:3e:72:
                    96:4f:cd:31:cb:74:52:c2:c5:f4:74:59:c5:f9:18:
                    34:54:eb:e4:1b:72:51:da:10:e2:a7:76:e1:dd:b4:
                    40:a7:c6:2d:53:02:73:33:7a:37:62:ba:7f:c9:4a:
                    7a:95:90:aa:00:d3:4e:5b:42:aa:2c:0c:2b:a3:cb:
                    95:ec:5e:9b:ad:87:fb:32:e4:97:a8:31:14:c2:22:
                    23:2d:75:65:a6:27:41:19:70:70:ae:3a:32:cb:d8:
                    93:f7:7f:15:83:d7:8f:27:f0:14:11:23:fe:e5:f3:
                    0d:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8F:8C:50:32:FF:1F:38:3E:AF:35:A7:E0:BE:A6:A3:FA:C8:A7:85:20
            X509v3 Authority Key Identifier:
                keyid:26:1B:94:1D:BE:59:65:1F:AF:BB:A9:72:4A:12:77:5E:07:ED:B6:35

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JhuUHb5ZZR-vu6lyShJ3XgfttjU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/73/2f830f-af4d-4d33-a300-b98df544bc20/1/j4xQMv8fOD6vNafgvqaj-sinhSA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/73/2f830f-af4d-4d33-a300-b98df544bc20/1/JhuUHb5ZZR-vu6lyShJ3XgfttjU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.172.152.0/22

    Signature Algorithm: sha256WithRSAEncryption
         07:29:bd:6e:8b:77:8b:83:bc:a9:d8:c5:be:7c:da:fc:75:18:
         c5:d7:b6:dc:5b:b5:65:f3:3d:8a:86:be:ae:d4:86:b1:bd:aa:
         e0:59:b3:ea:8c:18:3a:da:6e:31:b0:4b:43:39:fa:3d:46:4a:
         a8:f9:66:ab:c5:67:8a:19:d0:5f:7d:73:67:15:2d:b2:28:51:
         29:fb:00:7f:ef:60:c2:8d:ba:c2:78:b9:d9:40:49:1b:32:20:
         d9:70:26:64:ef:ca:62:91:15:e4:23:05:07:71:97:46:d3:ec:
         cd:9f:38:b3:e6:ad:37:b0:b1:7d:6b:67:7f:54:04:b5:9b:0d:
         6c:98:55:1f:9b:76:03:db:8a:d6:38:35:91:07:65:76:cf:78:
         d2:0d:49:fe:e1:64:fc:7e:b7:d1:33:98:1a:64:25:e4:bf:35:
         81:60:07:f1:b5:9c:b5:3a:26:ed:7a:ad:fe:41:bb:d6:a0:2b:
         e4:40:a7:81:28:d3:d9:99:76:2f:04:c8:b0:e0:69:2f:b9:50:
         ad:68:1b:68:21:4d:07:93:ec:e5:e6:af:d4:d8:ef:0a:74:55:
         db:dc:e2:4e:d0:6a:5f:3d:68:f4:92:e3:11:ef:9e:63:21:76:
         5d:39:fc:2c:cb:dc:d4:88:42:4c:54:ed:f6:b6:ae:3c:13:4f:
         8f:44:56:4d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhslL9QQI/XQ5qFewHinweMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI2MWI5NDFkYmU1OTY1MWZhZmJiYTk3MjRhMTI3NzVlMDdl
ZGI2MzUwHhcNMjUwMTAxMTE0ODQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZjhjNTAzMmZmMWYzODNlYWYzNWE3ZTBiZWE2YTNmYWM4YTc4NTIwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyVRhkcbhtxCj9eVYFbR1NV1HzHKt
REq1Z+z8ep7t+wizjeVEsFiPppTgD8VgiMocm6g1dZVtU4+tZLszhdpgKct4J1Sb
ggaIZCd96mniSJ+XtBT+Va6Uo+U5gtIzRxfnPg00WWLBYj07yRgUsWhibFLbU3mw
2jJgtRxRv05NbX0oMKCBdi3eP8Yc/hVOCHKpr4iuPnKWT80xy3RSwsX0dFnF+Rg0
VOvkG3JR2hDip3bh3bRAp8YtUwJzM3o3Yrp/yUp6lZCqANNOW0KqLAwro8uV7F6b
rYf7MuSXqDEUwiIjLXVlpidBGXBwrjoyy9iT938Vg9ePJ/AUESP+5fMNzwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFI+MUDL/Hzg+rzWn4L6mo/rIp4UgMB8GA1UdIwQY
MBaAFCYblB2+WWUfr7upckoSd14H7bY1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSmh1VUhiNVpaUi12dTZseVNoSjNYZ2Z0dGpVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83My8yZjgzMGYtYWY0ZC00ZDMzLWEzMDAt
Yjk4ZGY1NDRiYzIwLzEvajR4UU12OGZPRDZ2TmFmZ3ZxYWotc2luaFNBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83My8yZjgzMGYtYWY0ZC00ZDMzLWEzMDAtYjk4ZGY1NDRiYzIw
LzEvSmh1VUhiNVpaUi12dTZseVNoSjNYZ2Z0dGpVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuayYMA0G
CSqGSIb3DQEBCwUAA4IBAQAHKb1ui3eLg7yp2MW+fNr8dRjF17bcW7Vl8z2Khr6u
1IaxvargWbPqjBg62m4xsEtDOfo9Rkqo+WarxWeKGdBffXNnFS2yKFEp+wB/72DC
jbrCeLnZQEkbMiDZcCZk78pikRXkIwUHcZdG0+zNnziz5q03sLF9a2d/VAS1mw1s
mFUfm3YD24rWODWRB2V2z3jSDUn+4WT8frfRM5gaZCXkvzWBYAfxtZy1Oibteq3+
QbvWoCvkQKeBKNPZmXYvBMiw4GkvuVCtaBtoIU0Hk+zl5q/U2O8KdFXb3OJO0Gpf
PWj0kuMR755jIXZdOfwsy9zUiEJMVO32tq48E0+PRFZN
-----END CERTIFICATE-----