Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/80/e4fa48-3be8-4fa3-a436-8a0d0bf0b577/1/1-B4mnYUsJDtWU5_HUQ7FJC6tCSw.roa
File:                     1-B4mnYUsJDtWU5_HUQ7FJC6tCSw.roa (raw, json)
Hash identifier:          sHcyd6IuGZiLkLEHDVFO8zkeKGMSe2epXGrDt7jtZiY=
Subject key identifier:   F8:1E:26:9D:85:2C:24:3B:56:53:9F:C7:51:0E:C5:24:2E:AD:09:2C
Certificate issuer:       /CN=addd2a815060aa7e621a2094349758b2036896f0
Certificate serial:       0194B10960D64852C1AB339C7A60E8E8487B
Authority key identifier: AD:DD:2A:81:50:60:AA:7E:62:1A:20:94:34:97:58:B2:03:68:96:F0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/rd0qgVBgqn5iGiCUNJdYsgNolvA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/80/e4fa48-3be8-4fa3-a436-8a0d0bf0b577/1/1-B4mnYUsJDtWU5_HUQ7FJC6tCSw.roa
Signing time:             Wed 29 Jan 2025 07:49:29 +0000
ROA not before:           Wed 29 Jan 2025 07:49:29 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     47203
IP address blocks:        185.94.212.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/80/e4fa48-3be8-4fa3-a436-8a0d0bf0b577/1/rd0qgVBgqn5iGiCUNJdYsgNolvA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/80/e4fa48-3be8-4fa3-a436-8a0d0bf0b577/1/rd0qgVBgqn5iGiCUNJdYsgNolvA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/rd0qgVBgqn5iGiCUNJdYsgNolvA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:b1:09:60:d6:48:52:c1:ab:33:9c:7a:60:e8:e8:48:7b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=addd2a815060aa7e621a2094349758b2036896f0
        Validity
            Not Before: Jan 29 07:49:29 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f81e269d852c243b56539fc7510ec5242ead092c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:bd:a7:98:6c:d6:48:b9:d3:23:29:61:c2:6a:
                    1a:9c:29:80:02:e8:70:45:31:85:01:8e:0c:9b:fd:
                    41:e9:31:80:ff:81:b6:b0:8c:7f:ec:08:a8:aa:a7:
                    e7:7f:12:52:34:c2:51:20:dc:0b:a4:a3:b2:e2:7d:
                    d1:06:50:cd:f5:63:5a:99:b1:00:5c:87:c5:2b:f8:
                    45:4c:9d:36:55:3a:64:92:59:9c:a7:f1:d9:39:ce:
                    11:2c:b7:4c:5b:b1:c5:db:a1:3d:e5:c4:28:19:18:
                    3f:eb:91:f9:3f:58:50:40:44:04:99:6f:61:12:47:
                    fe:ac:ac:33:47:3f:05:5c:a3:d6:81:e0:d9:32:28:
                    33:2e:90:81:ca:36:43:42:5a:7b:2b:b7:a1:0f:4c:
                    db:29:2e:f7:a3:b4:ce:3b:ac:c1:fe:70:d1:99:cf:
                    fe:2a:e3:06:13:e5:d8:d6:9b:52:b3:76:18:f1:18:
                    17:c5:7f:9e:12:40:79:56:cc:2e:b3:fe:c4:47:d6:
                    fd:31:99:f7:30:d9:89:a5:99:eb:fa:8f:96:3f:c3:
                    53:de:db:43:ee:ab:c6:03:17:88:ba:a1:09:d3:00:
                    f1:d7:8f:f9:10:ee:38:6d:cf:71:25:57:48:5d:26:
                    df:64:39:75:f6:24:b7:30:1d:82:fc:ed:88:49:e3:
                    71:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F8:1E:26:9D:85:2C:24:3B:56:53:9F:C7:51:0E:C5:24:2E:AD:09:2C
            X509v3 Authority Key Identifier:
                keyid:AD:DD:2A:81:50:60:AA:7E:62:1A:20:94:34:97:58:B2:03:68:96:F0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rd0qgVBgqn5iGiCUNJdYsgNolvA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/80/e4fa48-3be8-4fa3-a436-8a0d0bf0b577/1/1-B4mnYUsJDtWU5_HUQ7FJC6tCSw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/80/e4fa48-3be8-4fa3-a436-8a0d0bf0b577/1/rd0qgVBgqn5iGiCUNJdYsgNolvA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.94.212.0/22

    Signature Algorithm: sha256WithRSAEncryption
         7e:74:d8:28:9f:7a:8e:e9:9b:4d:90:c4:bc:c4:e3:50:e8:dd:
         a0:60:e5:2a:a5:99:e3:f4:56:80:d5:5d:1b:04:f4:b7:74:7b:
         8f:23:f9:00:3f:29:63:b8:4d:38:06:68:58:80:1c:0b:f4:8f:
         77:6d:e1:26:fe:f4:cf:ff:29:3d:a5:81:6c:5f:93:69:76:c4:
         cf:77:40:55:36:0c:18:38:b1:ad:3a:12:5d:86:6e:c8:22:af:
         eb:e3:7e:81:32:90:b3:0e:54:9b:03:b9:65:98:f8:67:82:4e:
         b8:73:19:9a:13:66:44:d5:53:82:15:5f:35:63:43:a7:28:10:
         0f:ff:81:ed:db:ca:a2:18:e1:f9:ff:03:10:aa:33:a9:18:60:
         c9:3e:49:3c:ef:cc:2e:64:37:a2:d3:6d:2a:48:cf:fc:ba:76:
         10:6e:b6:2c:2e:de:85:f4:b3:7f:d9:21:cd:20:fe:9c:1d:27:
         6d:3e:de:26:07:0c:03:7f:44:09:7b:54:89:b7:6c:41:80:da:
         4b:15:81:81:33:16:f2:75:70:76:a5:33:97:f2:04:bc:26:9a:
         5c:6e:28:8b:cb:c4:f9:ed:0d:35:1c:e3:9d:2a:41:c3:92:c7:
         8b:d3:18:5d:a8:7d:a2:2b:9b:a8:78:3a:0b:af:3b:c6:bf:dd:
         25:57:54:09
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZSxCWDWSFLBqzOcemDo6Eh7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFkZGQyYTgxNTA2MGFhN2U2MjFhMjA5NDM0OTc1OGIyMDM2
ODk2ZjAwHhcNMjUwMTI5MDc0OTI5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmODFlMjY5ZDg1MmMyNDNiNTY1MzlmYzc1MTBlYzUyNDJlYWQwOTJjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAh72nmGzWSLnTIylhwmoanCmAAuhw
RTGFAY4Mm/1B6TGA/4G2sIx/7AioqqfnfxJSNMJRINwLpKOy4n3RBlDN9WNambEA
XIfFK/hFTJ02VTpkklmcp/HZOc4RLLdMW7HF26E95cQoGRg/65H5P1hQQEQEmW9h
Ekf+rKwzRz8FXKPWgeDZMigzLpCByjZDQlp7K7ehD0zbKS73o7TOO6zB/nDRmc/+
KuMGE+XY1ptSs3YY8RgXxX+eEkB5Vswus/7ER9b9MZn3MNmJpZnr+o+WP8NT3ttD
7qvGAxeIuqEJ0wDx14/5EO44bc9xJVdIXSbfZDl19iS3MB2C/O2ISeNxTwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFPgeJp2FLCQ7VlOfx1EOxSQurQksMB8GA1UdIwQY
MBaAFK3dKoFQYKp+YhoglDSXWLIDaJbwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcmQwcWdWQmdxbjVpR2lDVU5KZFlzZ05vbHZBLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MC9lNGZhNDgtM2JlOC00ZmEzLWE0MzYt
OGEwZDBiZjBiNTc3LzEvMS1CNG1uWVVzSkR0V1U1X0hVUTdGSkM2dENTdy5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvODAvZTRmYTQ4LTNiZTgtNGZhMy1hNDM2LThhMGQwYmYwYjU3
Ny8xL3JkMHFnVkJncW41aUdpQ1VOSmRZc2dOb2x2QS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEArle1DAN
BgkqhkiG9w0BAQsFAAOCAQEAfnTYKJ96jumbTZDEvMTjUOjdoGDlKqWZ4/RWgNVd
GwT0t3R7jyP5AD8pY7hNOAZoWIAcC/SPd23hJv70z/8pPaWBbF+TaXbEz3dAVTYM
GDixrToSXYZuyCKv6+N+gTKQsw5UmwO5ZZj4Z4JOuHMZmhNmRNVTghVfNWNDpygQ
D/+B7dvKohjh+f8DEKozqRhgyT5JPO/MLmQ3otNtKkjP/Lp2EG62LC7ehfSzf9kh
zSD+nB0nbT7eJgcMA39ECXtUibdsQYDaSxWBgTMW8nVwdqUzl/IEvCaaXG4oi8vE
+e0NNRzjnSpBw5LHi9MYXah9oiubqHg6C687xr/dJVdUCQ==
-----END CERTIFICATE-----