Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/80/416bc7-ce87-42b6-8c68-4ba5f206f65a/1/9v4uAwYJrvb2Yfzwn7vUGRJFfrA.roa
File:                     9v4uAwYJrvb2Yfzwn7vUGRJFfrA.roa (raw, json)
Hash identifier:          Q7fvWDsdQ9HQh+wgSlc858kuPmBuOrnOtrTzOH5aOA4=
Subject key identifier:   F6:FE:2E:03:06:09:AE:F6:F6:61:FC:F0:9F:BB:D4:19:12:45:7E:B0
Certificate issuer:       /CN=3bad9cd5034f81558f83d238eca406332bd7ba85
Certificate serial:       019426D97BD25455DEB6AA04891B1BF0A77A
Authority key identifier: 3B:AD:9C:D5:03:4F:81:55:8F:83:D2:38:EC:A4:06:33:2B:D7:BA:85
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/O62c1QNPgVWPg9I47KQGMyvXuoU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/80/416bc7-ce87-42b6-8c68-4ba5f206f65a/1/9v4uAwYJrvb2Yfzwn7vUGRJFfrA.roa
Signing time:             Thu 02 Jan 2025 11:49:34 +0000
ROA not before:           Thu 02 Jan 2025 11:49:34 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     198949
IP address blocks:        185.253.12.0/22 maxlen: 24
                          2a0c:3040::/29 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/80/416bc7-ce87-42b6-8c68-4ba5f206f65a/1/O62c1QNPgVWPg9I47KQGMyvXuoU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/80/416bc7-ce87-42b6-8c68-4ba5f206f65a/1/O62c1QNPgVWPg9I47KQGMyvXuoU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/O62c1QNPgVWPg9I47KQGMyvXuoU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 20:00:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:d9:7b:d2:54:55:de:b6:aa:04:89:1b:1b:f0:a7:7a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3bad9cd5034f81558f83d238eca406332bd7ba85
        Validity
            Not Before: Jan  2 11:49:34 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f6fe2e030609aef6f661fcf09fbbd41912457eb0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:fa:f7:4a:1f:8c:2b:bb:19:7f:24:8c:a6:8b:55:
                    e5:59:9e:63:5c:87:d3:4d:89:c4:dd:2f:c7:80:52:
                    91:f5:71:9f:1e:e2:c5:2e:20:91:aa:07:83:82:48:
                    02:c6:a1:dc:4c:31:e5:60:8c:53:d0:ba:ea:fd:44:
                    81:f8:33:0e:c8:fd:55:41:6a:89:14:81:94:36:8f:
                    7c:96:12:f8:91:75:e0:26:20:b1:b6:65:94:f7:c9:
                    4c:a7:8b:21:8d:9f:30:bb:2f:83:ee:ee:29:69:7e:
                    f0:a2:6d:cb:3e:ed:ea:ab:42:61:f4:4a:e8:8a:f6:
                    26:28:aa:a1:bc:cd:43:8a:72:33:a8:e4:4e:74:8d:
                    d5:52:42:8c:ee:23:f7:27:26:ee:0e:81:1c:fc:47:
                    16:5f:a5:2f:3b:c2:7a:2a:d8:cd:39:0b:ef:f5:fc:
                    ba:e1:f6:87:82:1b:2e:41:62:3d:d5:ce:e8:ce:7a:
                    e3:e1:7d:2d:21:80:9a:e9:df:aa:1f:52:36:18:80:
                    03:97:8d:8e:46:90:78:dd:4f:f7:00:6e:80:6d:82:
                    36:d5:58:95:b3:a0:e7:bb:d7:de:c9:a8:c7:86:82:
                    65:69:4d:55:e1:42:cd:81:f5:77:75:91:14:40:ad:
                    cd:63:ce:94:cd:68:e8:3b:67:a1:5a:ea:c6:c2:40:
                    ce:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F6:FE:2E:03:06:09:AE:F6:F6:61:FC:F0:9F:BB:D4:19:12:45:7E:B0
            X509v3 Authority Key Identifier:
                keyid:3B:AD:9C:D5:03:4F:81:55:8F:83:D2:38:EC:A4:06:33:2B:D7:BA:85

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/O62c1QNPgVWPg9I47KQGMyvXuoU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/80/416bc7-ce87-42b6-8c68-4ba5f206f65a/1/9v4uAwYJrvb2Yfzwn7vUGRJFfrA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/80/416bc7-ce87-42b6-8c68-4ba5f206f65a/1/O62c1QNPgVWPg9I47KQGMyvXuoU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.253.12.0/22
                IPv6:
                  2a0c:3040::/29

    Signature Algorithm: sha256WithRSAEncryption
         57:ac:a1:61:50:32:46:32:dc:d5:a7:b5:19:f4:bb:c5:af:cd:
         09:bf:42:8e:e8:6a:15:f0:18:ac:7b:b2:3d:86:87:90:d7:4a:
         ee:d9:f9:94:05:c8:6b:b7:9b:d9:e7:b3:1d:71:ee:7d:c3:2e:
         86:de:ad:70:dc:5d:cf:db:fd:42:b6:a5:cc:16:49:15:88:ff:
         aa:45:c0:cc:cd:b7:42:84:15:c8:d1:ac:d4:d8:87:17:9a:57:
         65:5c:70:43:95:3f:dc:41:c9:1f:1d:5a:85:d9:d4:d6:f0:d7:
         35:45:99:80:08:57:df:95:8c:5d:78:a7:c2:d8:c7:6c:75:85:
         4b:5f:35:fa:47:a0:83:ca:42:52:3f:c2:12:aa:01:30:c0:ee:
         2d:b1:78:5d:6f:e6:85:42:dd:ac:62:8e:85:84:a9:c3:fb:00:
         f0:9b:bb:c0:75:a9:99:2c:6c:db:e7:fd:10:f2:4f:57:66:57:
         d5:8c:ce:65:53:07:a5:9e:b2:65:a4:43:a7:1d:77:eb:55:d7:
         0c:a6:32:d9:58:15:ec:ab:f9:d7:2e:b8:6d:56:ee:b8:21:8d:
         0e:7f:35:97:7b:15:56:92:56:0a:80:21:a0:75:58:18:88:ae:
         81:c3:17:33:b7:16:26:6d:d9:84:44:6d:a1:c4:a8:8d:10:26:
         ed:24:f3:3a
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQm2XvSVFXetqoEiRsb8Kd6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNiYWQ5Y2Q1MDM0ZjgxNTU4ZjgzZDIzOGVjYTQwNjMzMmJk
N2JhODUwHhcNMjUwMTAyMTE0OTM0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNmZlMmUwMzA2MDlhZWY2ZjY2MWZjZjA5ZmJiZDQxOTEyNDU3ZWIwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA+vdKH4wruxl/JIymi1XlWZ5jXIfT
TYnE3S/HgFKR9XGfHuLFLiCRqgeDgkgCxqHcTDHlYIxT0Lrq/USB+DMOyP1VQWqJ
FIGUNo98lhL4kXXgJiCxtmWU98lMp4shjZ8wuy+D7u4paX7wom3LPu3qq0Jh9Ero
ivYmKKqhvM1DinIzqOROdI3VUkKM7iP3JybuDoEc/EcWX6UvO8J6KtjNOQvv9fy6
4faHghsuQWI91c7oznrj4X0tIYCa6d+qH1I2GIADl42ORpB43U/3AG6AbYI21ViV
s6Dnu9feyajHhoJlaU1V4ULNgfV3dZEUQK3NY86UzWjoO2ehWurGwkDOrQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFPb+LgMGCa729mH88J+71BkSRX6wMB8GA1UdIwQY
MBaAFDutnNUDT4FVj4PSOOykBjMr17qFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTzYyYzFRTlBnVldQZzlJNDdLUUdNeXZYdW9VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MC80MTZiYzctY2U4Ny00MmI2LThjNjgt
NGJhNWYyMDZmNjVhLzEvOXY0dUF3WUpydmIyWWZ6d243dlVHUkpGZnJBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MC80MTZiYzctY2U4Ny00MmI2LThjNjgtNGJhNWYyMDZmNjVh
LzEvTzYyYzFRTlBnVldQZzlJNDdLUUdNeXZYdW9VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuf0MMA0E
AgACMAcDBQMqDDBAMA0GCSqGSIb3DQEBCwUAA4IBAQBXrKFhUDJGMtzVp7UZ9LvF
r80Jv0KO6GoV8Bise7I9hoeQ10ru2fmUBchrt5vZ57Mdce59wy6G3q1w3F3P2/1C
tqXMFkkViP+qRcDMzbdChBXI0azU2IcXmldlXHBDlT/cQckfHVqF2dTW8Nc1RZmA
CFfflYxdeKfC2MdsdYVLXzX6R6CDykJSP8ISqgEwwO4tsXhdb+aFQt2sYo6FhKnD
+wDwm7vAdamZLGzb5/0Q8k9XZlfVjM5lUwelnrJlpEOnHXfrVdcMpjLZWBXsq/nX
LrhtVu64IY0OfzWXexVWklYKgCGgdVgYiK6BwxcztxYmbdmERG2hxKiNECbtJPM6
-----END CERTIFICATE-----