Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7e/c7c83f-fac2-4551-8f78-91a77ea05df1/1/pjAqX2bP9pU3f40InIlu9D-wPb0.roa
File:                     pjAqX2bP9pU3f40InIlu9D-wPb0.roa (raw, json)
Hash identifier:          KDEL4lm2CO6MjB78JN8LmOeXK44ZRV1/lJ1Gn3B2Wt4=
Subject key identifier:   A6:30:2A:5F:66:CF:F6:95:37:7F:8D:08:9C:89:6E:F4:3F:B0:3D:BD
Certificate issuer:       /CN=1efcab4deded66abef7cd7ed72657bc03a8229d6
Certificate serial:       0195DBCDC2BF583243C78190A8C0B1676EEC
Authority key identifier: 1E:FC:AB:4D:ED:ED:66:AB:EF:7C:D7:ED:72:65:7B:C0:3A:82:29:D6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HvyrTe3tZqvvfNftcmV7wDqCKdY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7e/c7c83f-fac2-4551-8f78-91a77ea05df1/1/pjAqX2bP9pU3f40InIlu9D-wPb0.roa
Signing time:             Fri 28 Mar 2025 08:10:49 +0000
ROA not before:           Fri 28 Mar 2025 08:10:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     47180
IP address blocks:        185.28.46.0/24 maxlen: 24
                          194.179.140.0/22 maxlen: 22
                          2a13:f8c0::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7e/c7c83f-fac2-4551-8f78-91a77ea05df1/1/HvyrTe3tZqvvfNftcmV7wDqCKdY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7e/c7c83f-fac2-4551-8f78-91a77ea05df1/1/HvyrTe3tZqvvfNftcmV7wDqCKdY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HvyrTe3tZqvvfNftcmV7wDqCKdY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 17 Apr 2025 11:00:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:db:cd:c2:bf:58:32:43:c7:81:90:a8:c0:b1:67:6e:ec
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1efcab4deded66abef7cd7ed72657bc03a8229d6
        Validity
            Not Before: Mar 28 08:10:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a6302a5f66cff695377f8d089c896ef43fb03dbd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:d8:8f:3d:17:c2:19:aa:a6:5a:3c:53:0a:df:
                    29:c7:f4:7f:86:06:1d:10:1c:48:0e:20:f0:60:d4:
                    19:55:a7:60:b8:44:86:c2:78:fb:ea:20:34:17:41:
                    41:e6:84:e7:2e:79:75:5c:b5:35:44:e2:cb:43:ce:
                    cb:65:30:94:3a:80:78:1b:4b:04:dc:c8:89:81:d0:
                    c7:95:07:0d:7d:2d:48:93:4d:e2:0f:90:7c:75:ff:
                    10:cf:8e:95:65:4b:58:32:4d:41:3b:b8:27:57:62:
                    66:66:1a:57:32:25:2b:91:3b:8e:0e:d8:47:4d:d5:
                    4c:e3:35:b6:cd:43:46:7a:7a:14:34:fe:8d:90:39:
                    38:6f:a5:d2:80:7a:e3:6a:4a:54:0b:e2:bf:66:6d:
                    47:3d:7f:b8:95:d4:a7:94:fd:d4:01:97:d6:1d:e8:
                    69:49:35:f6:cb:3d:5f:42:83:c5:e1:13:ae:8b:05:
                    d4:fe:bb:0b:8c:55:aa:22:b0:db:3e:31:fb:cc:06:
                    f0:ea:0d:0d:a0:ac:21:22:90:12:34:12:41:84:8a:
                    6e:5f:9b:9e:b0:9f:b0:f7:b7:ba:ec:72:1b:99:fb:
                    da:ad:65:5f:cd:76:4d:a4:1f:45:dd:35:58:ff:75:
                    6d:4b:a0:b9:28:58:f1:88:e3:19:4a:dc:98:66:92:
                    23:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A6:30:2A:5F:66:CF:F6:95:37:7F:8D:08:9C:89:6E:F4:3F:B0:3D:BD
            X509v3 Authority Key Identifier:
                keyid:1E:FC:AB:4D:ED:ED:66:AB:EF:7C:D7:ED:72:65:7B:C0:3A:82:29:D6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HvyrTe3tZqvvfNftcmV7wDqCKdY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7e/c7c83f-fac2-4551-8f78-91a77ea05df1/1/pjAqX2bP9pU3f40InIlu9D-wPb0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7e/c7c83f-fac2-4551-8f78-91a77ea05df1/1/HvyrTe3tZqvvfNftcmV7wDqCKdY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.28.46.0/24
                  194.179.140.0/22
                IPv6:
                  2a13:f8c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         4f:0c:d3:e5:a8:b5:68:d5:63:d6:e0:e6:9b:91:6d:96:ed:65:
         5d:bd:4e:d9:87:fa:9f:4a:0d:3f:81:ea:75:be:f7:38:2b:8f:
         0f:85:2e:cd:ae:12:11:38:c9:a4:fc:03:3b:68:14:8b:e9:dc:
         d7:8a:af:5f:9b:52:92:99:f9:22:cf:86:60:3a:a7:f7:19:28:
         79:07:7f:05:f0:6f:fe:d2:49:90:0c:72:14:f4:1b:de:d3:f8:
         63:c2:a5:36:9d:ac:56:4e:a4:0a:fc:b7:94:19:47:2d:c8:8c:
         8f:e4:29:c6:18:05:ed:39:c4:ad:e5:72:3e:84:f7:9f:89:88:
         c7:ba:89:95:b7:2a:7c:5d:0e:19:90:a1:44:7f:fa:45:93:c9:
         e3:d4:66:32:83:1b:3b:c7:41:ac:c0:e7:8c:58:93:7b:69:07:
         e2:3f:2f:eb:c4:0a:67:70:9c:73:dd:c2:15:0c:6a:23:66:ff:
         1a:07:8b:5f:c3:22:fb:f0:a3:ca:91:3a:ab:5a:45:34:6b:55:
         fa:24:4d:d9:b5:c1:91:15:4a:57:c7:9c:3a:38:17:df:2e:84:
         3e:93:33:74:bb:86:7f:0c:13:42:f7:e3:19:ed:73:2e:4f:5c:
         d0:4f:a7:41:d9:98:c3:8a:03:f1:80:b0:8e:b4:70:51:8f:f1:
         40:fe:6c:db
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZXbzcK/WDJDx4GQqMCxZ27sMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFlZmNhYjRkZWRlZDY2YWJlZjdjZDdlZDcyNjU3YmMwM2E4
MjI5ZDYwHhcNMjUwMzI4MDgxMDQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNjMwMmE1ZjY2Y2ZmNjk1Mzc3ZjhkMDg5Yzg5NmVmNDNmYjAzZGJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAptiPPRfCGaqmWjxTCt8px/R/hgYd
EBxIDiDwYNQZVadguESGwnj76iA0F0FB5oTnLnl1XLU1ROLLQ87LZTCUOoB4G0sE
3MiJgdDHlQcNfS1Ik03iD5B8df8Qz46VZUtYMk1BO7gnV2JmZhpXMiUrkTuODthH
TdVM4zW2zUNGenoUNP6NkDk4b6XSgHrjakpUC+K/Zm1HPX+4ldSnlP3UAZfWHehp
STX2yz1fQoPF4ROuiwXU/rsLjFWqIrDbPjH7zAbw6g0NoKwhIpASNBJBhIpuX5ue
sJ+w97e67HIbmfvarWVfzXZNpB9F3TVY/3VtS6C5KFjxiOMZStyYZpIjxQIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFKYwKl9mz/aVN3+NCJyJbvQ/sD29MB8GA1UdIwQY
MBaAFB78q03t7War73zX7XJle8A6ginWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSHZ5clRlM3RacXZ2Zk5mdGNtVjd3RHFDS2RZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83ZS9jN2M4M2YtZmFjMi00NTUxLThmNzgt
OTFhNzdlYTA1ZGYxLzEvcGpBcVgyYlA5cFUzZjQwSW5JbHU5RC13UGIwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83ZS9jN2M4M2YtZmFjMi00NTUxLThmNzgtOTFhNzdlYTA1ZGYx
LzEvSHZ5clRlM3RacXZ2Zk5mdGNtVjd3RHFDS2RZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQAuRwuAwQC
wrOMMA0EAgACMAcDBQMqE/jAMA0GCSqGSIb3DQEBCwUAA4IBAQBPDNPlqLVo1WPW
4OabkW2W7WVdvU7Zh/qfSg0/gep1vvc4K48PhS7NrhIROMmk/AM7aBSL6dzXiq9f
m1KSmfkiz4ZgOqf3GSh5B38F8G/+0kmQDHIU9Bve0/hjwqU2naxWTqQK/LeUGUct
yIyP5CnGGAXtOcSt5XI+hPefiYjHuomVtyp8XQ4ZkKFEf/pFk8nj1GYygxs7x0Gs
wOeMWJN7aQfiPy/rxApncJxz3cIVDGojZv8aB4tfwyL78KPKkTqrWkU0a1X6JE3Z
tcGRFUpXx5w6OBffLoQ+kzN0u4Z/DBNC9+MZ7XMuT1zQT6dB2ZjDigPxgLCOtHBR
j/FA/mzb
-----END CERTIFICATE-----