Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/81/20a5a5-0ba2-4052-beb4-3cc85ad3c190/1/sPQj7GNvWjjtxqZ62JF9H42DMMI.roa
File:                     sPQj7GNvWjjtxqZ62JF9H42DMMI.roa (raw, json)
Hash identifier:          O8z6PYZ9T+hNLoZ+Aa1FEdADEMKWYr0nGcdPMi6X/6Q=
Subject key identifier:   B0:F4:23:EC:63:6F:5A:38:ED:C6:A6:7A:D8:91:7D:1F:8D:83:30:C2
Certificate issuer:       /CN=18101772248996b87d90840c2d27d62549458173
Certificate serial:       0195F5AB273FBDA7C8BEC50B999987623FAF
Authority key identifier: 18:10:17:72:24:89:96:B8:7D:90:84:0C:2D:27:D6:25:49:45:81:73
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GBAXciSJlrh9kIQMLSfWJUlFgXM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/81/20a5a5-0ba2-4052-beb4-3cc85ad3c190/1/sPQj7GNvWjjtxqZ62JF9H42DMMI.roa
Signing time:             Wed 02 Apr 2025 08:43:09 +0000
ROA not before:           Wed 02 Apr 2025 08:43:09 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     834
IP address blocks:        185.81.28.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/81/20a5a5-0ba2-4052-beb4-3cc85ad3c190/1/GBAXciSJlrh9kIQMLSfWJUlFgXM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/81/20a5a5-0ba2-4052-beb4-3cc85ad3c190/1/GBAXciSJlrh9kIQMLSfWJUlFgXM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GBAXciSJlrh9kIQMLSfWJUlFgXM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 14:01:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:f5:ab:27:3f:bd:a7:c8:be:c5:0b:99:99:87:62:3f:af
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=18101772248996b87d90840c2d27d62549458173
        Validity
            Not Before: Apr  2 08:43:09 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b0f423ec636f5a38edc6a67ad8917d1f8d8330c2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:55:cf:f3:37:9c:c1:44:61:97:1c:3f:a5:a4:
                    47:6c:8a:cc:23:e7:cd:80:ef:b8:ee:00:8d:eb:68:
                    47:49:bc:e1:31:1f:a1:ec:55:06:72:1d:98:dd:98:
                    a4:a7:44:cd:0f:ff:4e:c2:88:6a:b1:d1:1c:ce:b0:
                    a1:7d:2b:bb:dd:71:39:43:39:18:9e:1f:55:c7:9b:
                    4b:83:ea:92:12:dc:68:f2:1c:fa:7a:b5:98:4b:7b:
                    0e:bf:18:20:8c:52:ab:3b:68:6e:91:89:3b:20:15:
                    80:04:00:5a:10:76:10:fc:15:58:95:c3:65:7a:6b:
                    68:13:6c:d9:8b:19:8e:e8:53:aa:d1:bb:0b:ae:51:
                    f4:e3:66:cc:bb:a2:7d:aa:83:70:c4:04:ab:6d:bc:
                    e6:39:6d:c8:86:19:bc:17:cf:8a:68:2f:f2:d8:58:
                    64:d6:ed:72:d5:09:65:75:e3:74:36:0f:a0:37:71:
                    bc:e2:cf:10:61:d3:8e:1f:e7:21:c2:41:b1:fc:9c:
                    25:ca:d7:d7:34:06:25:88:b8:2c:d2:a8:7f:ce:08:
                    70:c0:39:29:b9:07:a9:0a:c9:3b:88:c6:21:12:62:
                    8d:e5:e3:ae:6d:93:7d:4e:f5:a4:64:7f:6f:4b:a0:
                    93:0e:a4:f1:37:42:95:57:b9:ff:ac:30:62:62:ad:
                    02:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B0:F4:23:EC:63:6F:5A:38:ED:C6:A6:7A:D8:91:7D:1F:8D:83:30:C2
            X509v3 Authority Key Identifier:
                keyid:18:10:17:72:24:89:96:B8:7D:90:84:0C:2D:27:D6:25:49:45:81:73

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GBAXciSJlrh9kIQMLSfWJUlFgXM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/81/20a5a5-0ba2-4052-beb4-3cc85ad3c190/1/sPQj7GNvWjjtxqZ62JF9H42DMMI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/81/20a5a5-0ba2-4052-beb4-3cc85ad3c190/1/GBAXciSJlrh9kIQMLSfWJUlFgXM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.81.28.0/22

    Signature Algorithm: sha256WithRSAEncryption
         2c:64:27:99:ad:e2:01:f3:e1:e3:c4:3d:d4:47:84:f1:f9:b9:
         0d:f5:2c:93:01:2e:0c:8f:28:70:fc:96:02:ff:8d:04:86:da:
         e2:71:52:81:8c:08:8b:4e:e2:c5:92:a1:2f:e5:a7:4b:a7:40:
         4c:7d:29:52:2e:63:16:19:56:5d:89:47:9b:c8:34:1a:24:44:
         80:32:28:2e:2e:7e:3a:c2:2f:ef:c4:34:a0:cc:60:95:bf:ef:
         77:64:c5:8c:f7:1c:bd:fe:d6:40:b9:e8:b1:e6:02:b6:33:e3:
         4f:f2:70:3c:10:20:f9:35:ab:53:f4:e1:d2:d7:a9:c1:d7:ac:
         9f:44:c0:b7:0f:38:33:90:fc:f4:56:a6:4e:60:61:75:6b:ba:
         9b:2e:3a:cd:55:80:78:3f:d4:60:f7:8f:33:aa:cc:a9:b6:4d:
         60:6b:3f:b1:fe:85:79:ce:0b:31:8e:ca:67:b2:f7:a7:e2:b8:
         6a:0c:a6:77:3a:27:5b:e9:85:fd:74:d5:0b:61:68:21:34:11:
         16:69:fb:9d:66:41:d9:9c:74:4d:38:b2:6f:ab:0e:26:e3:ab:
         03:94:e8:c9:b7:0f:58:bd:57:d6:48:55:98:3e:ee:5a:d8:30:
         41:1e:1f:80:8b:f8:e9:43:8e:40:4b:c6:d9:72:ad:a2:ba:b6:
         1a:94:39:a8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZX1qyc/vafIvsULmZmHYj+vMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE4MTAxNzcyMjQ4OTk2Yjg3ZDkwODQwYzJkMjdkNjI1NDk0
NTgxNzMwHhcNMjUwNDAyMDg0MzA5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMGY0MjNlYzYzNmY1YTM4ZWRjNmE2N2FkODkxN2QxZjhkODMzMGMyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1FXP8zecwURhlxw/paRHbIrMI+fN
gO+47gCN62hHSbzhMR+h7FUGch2Y3Zikp0TND/9OwohqsdEczrChfSu73XE5QzkY
nh9Vx5tLg+qSEtxo8hz6erWYS3sOvxggjFKrO2hukYk7IBWABABaEHYQ/BVYlcNl
emtoE2zZixmO6FOq0bsLrlH042bMu6J9qoNwxASrbbzmOW3Ihhm8F8+KaC/y2Fhk
1u1y1QlldeN0Ng+gN3G84s8QYdOOH+chwkGx/JwlytfXNAYliLgs0qh/zghwwDkp
uQepCsk7iMYhEmKN5eOubZN9TvWkZH9vS6CTDqTxN0KVV7n/rDBiYq0CbQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLD0I+xjb1o47cametiRfR+NgzDCMB8GA1UdIwQY
MBaAFBgQF3IkiZa4fZCEDC0n1iVJRYFzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR0JBWGNpU0pscmg5a0lRTUxTZldKVWxGZ1hNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MS8yMGE1YTUtMGJhMi00MDUyLWJlYjQt
M2NjODVhZDNjMTkwLzEvc1BRajdHTnZXamp0eHFaNjJKRjlINDJETU1JLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MS8yMGE1YTUtMGJhMi00MDUyLWJlYjQtM2NjODVhZDNjMTkw
LzEvR0JBWGNpU0pscmg5a0lRTUxTZldKVWxGZ1hNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuVEcMA0G
CSqGSIb3DQEBCwUAA4IBAQAsZCeZreIB8+HjxD3UR4Tx+bkN9SyTAS4Mjyhw/JYC
/40EhtricVKBjAiLTuLFkqEv5adLp0BMfSlSLmMWGVZdiUebyDQaJESAMiguLn46
wi/vxDSgzGCVv+93ZMWM9xy9/tZAueix5gK2M+NP8nA8ECD5NatT9OHS16nB16yf
RMC3DzgzkPz0VqZOYGF1a7qbLjrNVYB4P9Rg948zqsyptk1gaz+x/oV5zgsxjspn
sven4rhqDKZ3Oidb6YX9dNULYWghNBEWafudZkHZnHRNOLJvqw4m46sDlOjJtw9Y
vVfWSFWYPu5a2DBBHh+Ai/jpQ45AS8bZcq2iurYalDmo
-----END CERTIFICATE-----