Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/82/abe6c0-e79d-4cdd-92ad-f21363071591/1/h0ikqrJ3SuzqEepqLjnvsNWJNVQ.roa
File:                     h0ikqrJ3SuzqEepqLjnvsNWJNVQ.roa (raw, json)
Hash identifier:          RvDiiQJF7vKX50IA4ffr+9+bGA5/Q5Ynq2tViwpnB40=
Subject key identifier:   87:48:A4:AA:B2:77:4A:EC:EA:11:EA:6A:2E:39:EF:B0:D5:89:35:54
Certificate issuer:       /CN=4c18a44d54a47a5ea97dedfd5ed8379d7eea02d0
Certificate serial:       0194BC57ED322F3F7A01578806D424F520DA
Authority key identifier: 4C:18:A4:4D:54:A4:7A:5E:A9:7D:ED:FD:5E:D8:37:9D:7E:EA:02:D0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TBikTVSkel6pfe39Xtg3nX7qAtA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/82/abe6c0-e79d-4cdd-92ad-f21363071591/1/h0ikqrJ3SuzqEepqLjnvsNWJNVQ.roa
Signing time:             Fri 31 Jan 2025 12:31:06 +0000
ROA not before:           Fri 31 Jan 2025 12:31:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     43824
IP address blocks:        185.111.160.0/24 maxlen: 24
                          185.111.161.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/82/abe6c0-e79d-4cdd-92ad-f21363071591/1/TBikTVSkel6pfe39Xtg3nX7qAtA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/82/abe6c0-e79d-4cdd-92ad-f21363071591/1/TBikTVSkel6pfe39Xtg3nX7qAtA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TBikTVSkel6pfe39Xtg3nX7qAtA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 07:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:bc:57:ed:32:2f:3f:7a:01:57:88:06:d4:24:f5:20:da
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4c18a44d54a47a5ea97dedfd5ed8379d7eea02d0
        Validity
            Not Before: Jan 31 12:31:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8748a4aab2774aecea11ea6a2e39efb0d5893554
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:4d:78:02:40:e9:29:56:ba:ef:75:ef:19:ae:
                    16:fe:9e:f5:f7:c7:b5:5f:1b:59:02:47:0e:84:c8:
                    42:96:69:26:8c:73:d6:c3:e2:d1:f1:2a:63:0e:61:
                    10:3f:07:4b:aa:2d:f5:fb:68:0c:d0:ec:af:1b:d7:
                    f8:b9:d4:91:a8:c3:6a:29:ab:5e:17:75:af:f4:3b:
                    6d:c6:28:f7:1c:c0:cd:a2:3c:94:97:9c:cd:ab:de:
                    e8:c4:47:19:c6:92:c3:e2:f1:a6:21:1c:d7:aa:2b:
                    4a:19:bc:05:3c:2d:78:c0:2d:e2:1f:63:83:37:6b:
                    7a:3c:4c:44:88:06:a5:45:77:dd:de:a4:63:95:46:
                    d1:71:f3:60:af:84:a9:70:ed:11:6e:d7:d1:5c:1f:
                    af:29:7e:da:c5:13:aa:9d:ca:a0:d4:dc:dc:33:07:
                    25:51:16:19:61:18:4d:01:65:b1:40:1f:75:3f:96:
                    83:21:36:d3:9a:1a:68:94:1e:d7:59:45:4e:21:5e:
                    15:1e:8b:53:b6:5b:0f:13:e0:4f:f1:80:f5:43:74:
                    77:87:a4:c6:45:0a:83:2f:40:9d:41:f9:e9:05:a4:
                    21:0a:a9:03:10:44:18:d1:a0:f4:d4:42:87:73:8f:
                    8a:81:d1:74:b2:b1:f3:18:ef:4e:c1:92:57:0c:9c:
                    37:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                87:48:A4:AA:B2:77:4A:EC:EA:11:EA:6A:2E:39:EF:B0:D5:89:35:54
            X509v3 Authority Key Identifier:
                keyid:4C:18:A4:4D:54:A4:7A:5E:A9:7D:ED:FD:5E:D8:37:9D:7E:EA:02:D0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TBikTVSkel6pfe39Xtg3nX7qAtA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/82/abe6c0-e79d-4cdd-92ad-f21363071591/1/h0ikqrJ3SuzqEepqLjnvsNWJNVQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/82/abe6c0-e79d-4cdd-92ad-f21363071591/1/TBikTVSkel6pfe39Xtg3nX7qAtA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.111.160.0/23

    Signature Algorithm: sha256WithRSAEncryption
         61:b4:1a:de:a7:4e:18:ef:30:4a:f2:d3:9a:3a:38:57:52:6b:
         7d:bd:bd:e0:93:7e:7d:1f:01:cd:de:bb:a6:bc:61:9b:84:a5:
         86:f6:44:42:0e:50:81:ff:50:2d:3f:1e:91:6a:2d:37:a1:fa:
         22:8b:8b:c3:4b:97:cb:68:49:ca:16:cb:a8:24:82:f8:0b:f6:
         23:93:94:ef:57:db:7b:ab:60:28:0f:6b:b0:eb:af:b8:8a:2f:
         cd:9a:5e:4f:0f:1d:69:66:ea:f3:15:d5:1d:08:23:04:be:61:
         54:c1:c9:92:8a:6c:53:11:66:ce:ed:c7:9c:bc:70:f8:22:43:
         8a:3d:f0:63:fa:08:1b:3a:d5:e2:f6:50:ff:10:37:51:28:4a:
         58:46:b9:6b:68:d0:ae:49:83:db:21:26:d5:37:49:6e:aa:a4:
         56:17:3c:a9:65:d1:06:0b:f7:b2:36:84:10:68:76:66:08:7f:
         80:9e:d2:e9:8d:7a:70:35:1e:fa:d3:9b:0a:6c:a5:98:82:1e:
         98:6b:e9:93:b9:c0:5a:7a:29:3c:fa:e1:fa:10:dc:b4:01:6a:
         be:be:72:ef:5b:c0:58:2b:b0:b9:17:8b:0f:8f:f5:81:a9:bd:
         e5:52:ce:98:d4:28:dd:53:ca:cd:47:94:a0:ce:d3:e0:b9:27:
         9a:fd:45:3c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZS8V+0yLz96AVeIBtQk9SDaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRjMThhNDRkNTRhNDdhNWVhOTdkZWRmZDVlZDgzNzlkN2Vl
YTAyZDAwHhcNMjUwMTMxMTIzMTA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NzQ4YTRhYWIyNzc0YWVjZWExMWVhNmEyZTM5ZWZiMGQ1ODkzNTU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz014AkDpKVa673XvGa4W/p7198e1
XxtZAkcOhMhClmkmjHPWw+LR8SpjDmEQPwdLqi31+2gM0OyvG9f4udSRqMNqKate
F3Wv9Dttxij3HMDNojyUl5zNq97oxEcZxpLD4vGmIRzXqitKGbwFPC14wC3iH2OD
N2t6PExEiAalRXfd3qRjlUbRcfNgr4SpcO0RbtfRXB+vKX7axROqncqg1NzcMwcl
URYZYRhNAWWxQB91P5aDITbTmhpolB7XWUVOIV4VHotTtlsPE+BP8YD1Q3R3h6TG
RQqDL0CdQfnpBaQhCqkDEEQY0aD01EKHc4+KgdF0srHzGO9OwZJXDJw3oQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIdIpKqyd0rs6hHqai4577DViTVUMB8GA1UdIwQY
MBaAFEwYpE1UpHpeqX3t/V7YN51+6gLQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVEJpa1RWU2tlbDZwZmUzOVh0ZzNuWDdxQXRBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Mi9hYmU2YzAtZTc5ZC00Y2RkLTkyYWQt
ZjIxMzYzMDcxNTkxLzEvaDBpa3FySjNTdXpxRWVwcUxqbnZzTldKTlZRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Mi9hYmU2YzAtZTc5ZC00Y2RkLTkyYWQtZjIxMzYzMDcxNTkx
LzEvVEJpa1RWU2tlbDZwZmUzOVh0ZzNuWDdxQXRBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBuW+gMA0G
CSqGSIb3DQEBCwUAA4IBAQBhtBrep04Y7zBK8tOaOjhXUmt9vb3gk359HwHN3rum
vGGbhKWG9kRCDlCB/1AtPx6Rai03ofoii4vDS5fLaEnKFsuoJIL4C/Yjk5TvV9t7
q2AoD2uw66+4ii/Nml5PDx1pZurzFdUdCCMEvmFUwcmSimxTEWbO7cecvHD4IkOK
PfBj+ggbOtXi9lD/EDdRKEpYRrlraNCuSYPbISbVN0luqqRWFzypZdEGC/eyNoQQ
aHZmCH+AntLpjXpwNR7605sKbKWYgh6Ya+mTucBaeik8+uH6ENy0AWq+vnLvW8BY
K7C5F4sPj/WBqb3lUs6Y1CjdU8rNR5SgztPguSea/UU8
-----END CERTIFICATE-----