Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/79/6a48a7-0c01-4aca-b431-6cedcf234975/1/i7voySudmq1hRw6jZi6dhd7J9Lc.roa
File:                     i7voySudmq1hRw6jZi6dhd7J9Lc.roa (raw, json)
Hash identifier:          PJGOK5ogq6I9ytndA9V0Wf4xrfCGT+GN8CrZ63d1kO4=
Subject key identifier:   8B:BB:E8:C9:2B:9D:9A:AD:61:47:0E:A3:66:2E:9D:85:DE:C9:F4:B7
Certificate issuer:       /CN=1ff2cf1a6230cd62cb3ca8a1bc1d4a4bb4337c1d
Certificate serial:       0194228E36847FED27D8C633BBC46021A178
Authority key identifier: 1F:F2:CF:1A:62:30:CD:62:CB:3C:A8:A1:BC:1D:4A:4B:B4:33:7C:1D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/H_LPGmIwzWLLPKihvB1KS7QzfB0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/79/6a48a7-0c01-4aca-b431-6cedcf234975/1/i7voySudmq1hRw6jZi6dhd7J9Lc.roa
Signing time:             Wed 01 Jan 2025 15:48:52 +0000
ROA not before:           Wed 01 Jan 2025 15:48:52 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     49434
IP address blocks:        185.198.20.0/22 maxlen: 22
                          185.198.20.0/23 maxlen: 23
                          2a13:bf80::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/79/6a48a7-0c01-4aca-b431-6cedcf234975/1/H_LPGmIwzWLLPKihvB1KS7QzfB0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/79/6a48a7-0c01-4aca-b431-6cedcf234975/1/H_LPGmIwzWLLPKihvB1KS7QzfB0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/H_LPGmIwzWLLPKihvB1KS7QzfB0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 16:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:8e:36:84:7f:ed:27:d8:c6:33:bb:c4:60:21:a1:78
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1ff2cf1a6230cd62cb3ca8a1bc1d4a4bb4337c1d
        Validity
            Not Before: Jan  1 15:48:52 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8bbbe8c92b9d9aad61470ea3662e9d85dec9f4b7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:30:a0:e4:97:88:36:98:fe:2a:2f:01:7f:45:
                    d0:31:8e:bd:78:6e:92:9f:48:f2:be:85:f4:15:1a:
                    dd:76:c1:a2:bb:c0:be:f2:d1:81:39:13:b0:1c:43:
                    ad:c9:4b:c0:7e:9e:98:f7:ae:bb:56:b9:5c:62:6d:
                    4e:7f:28:2d:d6:36:d8:fb:e6:d7:e4:dd:69:e3:97:
                    b4:2f:d0:e8:76:63:68:f4:b8:35:1e:17:4c:35:f4:
                    f8:16:b6:4e:0c:ca:17:27:7f:3c:6d:6f:9d:f5:f0:
                    3d:0c:ef:76:36:31:a2:19:a3:4a:76:e0:89:3a:cf:
                    4b:83:19:5f:54:ea:fd:26:65:3d:17:75:d8:7c:bf:
                    f3:9e:ef:74:54:77:fa:bc:90:61:ca:5b:ba:60:cf:
                    dc:eb:6d:bf:f6:eb:2d:8c:cb:56:b7:0d:6b:5f:2e:
                    1a:fc:ed:6a:f4:4c:26:5b:d6:e2:4a:7e:a4:2f:8e:
                    12:28:da:7c:4f:01:09:3c:42:78:df:f3:3b:10:b7:
                    27:36:3e:43:ea:38:c5:52:19:0e:68:25:3d:39:26:
                    87:0c:47:f9:91:24:61:df:4e:b1:8b:ef:44:3e:8c:
                    3c:15:ef:19:07:66:91:8d:88:e8:36:fb:be:e1:73:
                    24:ce:79:56:b1:6d:51:cd:96:66:dd:47:bd:36:21:
                    0a:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8B:BB:E8:C9:2B:9D:9A:AD:61:47:0E:A3:66:2E:9D:85:DE:C9:F4:B7
            X509v3 Authority Key Identifier:
                keyid:1F:F2:CF:1A:62:30:CD:62:CB:3C:A8:A1:BC:1D:4A:4B:B4:33:7C:1D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/H_LPGmIwzWLLPKihvB1KS7QzfB0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/79/6a48a7-0c01-4aca-b431-6cedcf234975/1/i7voySudmq1hRw6jZi6dhd7J9Lc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/79/6a48a7-0c01-4aca-b431-6cedcf234975/1/H_LPGmIwzWLLPKihvB1KS7QzfB0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.198.20.0/22
                IPv6:
                  2a13:bf80::/29

    Signature Algorithm: sha256WithRSAEncryption
         21:09:9e:52:47:7b:ae:36:4f:f5:ca:05:aa:9f:e5:a7:06:16:
         d0:8b:1a:71:44:01:3e:99:56:3b:86:1f:30:1a:08:a5:0a:f7:
         af:76:1c:80:35:cb:e0:c5:58:6b:34:0a:b1:a4:53:03:85:9c:
         1d:db:50:cf:32:4c:a1:c9:68:d3:1b:bd:8d:16:9d:1c:5f:ca:
         44:0d:d1:d7:5a:a3:0c:77:43:28:6a:13:77:7e:71:45:3e:2b:
         e3:31:da:c8:94:2b:b9:30:18:10:db:af:e7:bc:47:ff:e6:41:
         83:84:70:da:1a:31:50:5a:83:88:dd:5e:90:f1:92:0b:9e:a9:
         d4:6f:43:3a:7b:ae:68:af:0d:5e:3a:88:fd:96:9d:b6:22:ee:
         60:2b:d3:b7:89:68:cf:49:6b:e2:33:ea:7b:5d:af:9c:67:e3:
         86:23:16:58:e7:94:e8:62:b7:3f:03:8e:bf:e2:c4:d5:1c:e3:
         96:96:89:1b:dd:df:a3:e9:80:11:74:2f:a0:3b:2e:12:ae:dc:
         1e:10:73:18:5e:2a:e3:81:f4:fa:f6:61:c0:30:fa:6e:0c:49:
         2a:fd:b7:51:d2:45:dd:76:1a:c7:c9:43:bb:1c:06:3f:a7:f2:
         40:0a:55:25:c3:65:cc:56:1e:20:63:d8:c0:1f:aa:12:fd:7b:
         b1:95:bd:88
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQijjaEf+0n2MYzu8RgIaF4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFmZjJjZjFhNjIzMGNkNjJjYjNjYThhMWJjMWQ0YTRiYjQz
MzdjMWQwHhcNMjUwMTAxMTU0ODUyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YmJiZThjOTJiOWQ5YWFkNjE0NzBlYTM2NjJlOWQ4NWRlYzlmNGI3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnTCg5JeINpj+Ki8Bf0XQMY69eG6S
n0jyvoX0FRrddsGiu8C+8tGBOROwHEOtyUvAfp6Y9667VrlcYm1Ofygt1jbY++bX
5N1p45e0L9DodmNo9Lg1HhdMNfT4FrZODMoXJ388bW+d9fA9DO92NjGiGaNKduCJ
Os9LgxlfVOr9JmU9F3XYfL/znu90VHf6vJBhylu6YM/c622/9ustjMtWtw1rXy4a
/O1q9EwmW9biSn6kL44SKNp8TwEJPEJ43/M7ELcnNj5D6jjFUhkOaCU9OSaHDEf5
kSRh306xi+9EPow8Fe8ZB2aRjYjoNvu+4XMkznlWsW1RzZZm3Ue9NiEKzQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFIu76MkrnZqtYUcOo2YunYXeyfS3MB8GA1UdIwQY
MBaAFB/yzxpiMM1iyzyoobwdSku0M3wdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSF9MUEdtSXd6V0xMUEtpaHZCMUtTN1F6ZkIwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83OS82YTQ4YTctMGMwMS00YWNhLWI0MzEt
NmNlZGNmMjM0OTc1LzEvaTd2b3lTdWRtcTFoUnc2alppNmRoZDdKOUxjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83OS82YTQ4YTctMGMwMS00YWNhLWI0MzEtNmNlZGNmMjM0OTc1
LzEvSF9MUEdtSXd6V0xMUEtpaHZCMUtTN1F6ZkIwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCucYUMA0E
AgACMAcDBQMqE7+AMA0GCSqGSIb3DQEBCwUAA4IBAQAhCZ5SR3uuNk/1ygWqn+Wn
BhbQixpxRAE+mVY7hh8wGgilCvevdhyANcvgxVhrNAqxpFMDhZwd21DPMkyhyWjT
G72NFp0cX8pEDdHXWqMMd0MoahN3fnFFPivjMdrIlCu5MBgQ26/nvEf/5kGDhHDa
GjFQWoOI3V6Q8ZILnqnUb0M6e65orw1eOoj9lp22Iu5gK9O3iWjPSWviM+p7Xa+c
Z+OGIxZY55ToYrc/A46/4sTVHOOWlokb3d+j6YARdC+gOy4SrtweEHMYXirjgfT6
9mHAMPpuDEkq/bdR0kXddhrHyUO7HAY/p/JAClUlw2XMVh4gY9jAH6oS/Xuxlb2I
-----END CERTIFICATE-----