Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/fbcc32-33c8-41ff-89fa-2d1918ba1c0e/1/BD48RnLKhQNQSxwnTl5Ut3DTaaU.roa
File:                     BD48RnLKhQNQSxwnTl5Ut3DTaaU.roa (raw, json)
Hash identifier:          pJeqPcMqpwy5eeOtqwiuelICHhHnGVKN+Sk6N5/HqY4=
Subject key identifier:   04:3E:3C:46:72:CA:85:03:50:4B:1C:27:4E:5E:54:B7:70:D3:69:A5
Certificate issuer:       /CN=826605b4d27f13968e8794e6ef091223748817d8
Certificate serial:       019424456739764C9A74349396063766C2BD
Authority key identifier: 82:66:05:B4:D2:7F:13:96:8E:87:94:E6:EF:09:12:23:74:88:17:D8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gmYFtNJ_E5aOh5Tm7wkSI3SIF9g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/87/fbcc32-33c8-41ff-89fa-2d1918ba1c0e/1/BD48RnLKhQNQSxwnTl5Ut3DTaaU.roa
Signing time:             Wed 01 Jan 2025 23:48:35 +0000
ROA not before:           Wed 01 Jan 2025 23:48:35 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     2856
IP address blocks:        170.246.64.0/22 maxlen: 24
                          185.102.4.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/87/fbcc32-33c8-41ff-89fa-2d1918ba1c0e/1/gmYFtNJ_E5aOh5Tm7wkSI3SIF9g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/87/fbcc32-33c8-41ff-89fa-2d1918ba1c0e/1/gmYFtNJ_E5aOh5Tm7wkSI3SIF9g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gmYFtNJ_E5aOh5Tm7wkSI3SIF9g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 11:00:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:45:67:39:76:4c:9a:74:34:93:96:06:37:66:c2:bd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=826605b4d27f13968e8794e6ef091223748817d8
        Validity
            Not Before: Jan  1 23:48:35 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=043e3c4672ca8503504b1c274e5e54b770d369a5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:bb:2e:a7:13:a8:31:21:6b:1d:18:2c:c0:53:
                    7b:54:a0:6f:cb:a7:e5:cf:5d:f3:15:b6:e9:3c:7a:
                    af:db:3e:f8:98:7c:ac:a8:b0:0e:a7:8e:f5:2e:da:
                    28:69:29:65:b2:5b:e3:6e:57:73:c2:02:97:30:45:
                    5d:c8:1f:b1:42:42:88:2f:b2:3b:23:35:af:32:d0:
                    5c:e7:61:10:7e:1d:cb:ae:44:59:a9:2f:69:30:e9:
                    11:2a:47:e0:d4:50:d5:75:ad:c4:c6:2a:0c:ba:07:
                    ce:a7:e4:69:08:8c:c9:90:1e:48:a7:f9:bd:db:21:
                    49:56:a3:26:41:a3:14:90:32:c2:4f:46:e3:a2:61:
                    98:3d:e7:06:f9:2a:0e:4e:37:86:3e:2b:ec:08:bf:
                    e6:2f:81:60:b3:d9:e2:c0:0d:0f:b7:06:5b:c1:5d:
                    f0:9c:eb:4c:e2:5f:92:79:c9:e5:d9:53:80:91:e1:
                    c8:0f:8d:ef:54:cf:c6:88:92:89:b1:e3:67:c0:4a:
                    a6:0f:62:3a:28:e9:73:07:4a:ff:44:4e:35:11:2d:
                    84:d2:e6:1b:a7:6b:26:a2:27:3a:83:bb:9b:b4:82:
                    8c:66:64:4f:75:5a:05:59:8c:d9:22:e3:97:ef:25:
                    64:43:fb:2e:55:01:d5:6c:44:91:da:dd:60:3e:38:
                    c8:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                04:3E:3C:46:72:CA:85:03:50:4B:1C:27:4E:5E:54:B7:70:D3:69:A5
            X509v3 Authority Key Identifier:
                keyid:82:66:05:B4:D2:7F:13:96:8E:87:94:E6:EF:09:12:23:74:88:17:D8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gmYFtNJ_E5aOh5Tm7wkSI3SIF9g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/fbcc32-33c8-41ff-89fa-2d1918ba1c0e/1/BD48RnLKhQNQSxwnTl5Ut3DTaaU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/87/fbcc32-33c8-41ff-89fa-2d1918ba1c0e/1/gmYFtNJ_E5aOh5Tm7wkSI3SIF9g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  170.246.64.0/22
                  185.102.4.0/22

    Signature Algorithm: sha256WithRSAEncryption
         16:fc:d1:de:7d:d9:5e:be:57:54:af:68:51:63:22:10:4d:a5:
         c5:20:48:57:0a:48:b9:7d:4e:0f:3e:80:8c:0b:7f:0c:a8:41:
         a5:7f:e5:27:3e:03:1f:3d:2d:8e:5d:11:23:5c:ad:1e:34:9d:
         4e:13:a4:10:03:0a:9d:91:50:a1:cd:c0:03:5c:7c:f6:20:80:
         fb:d8:06:de:8f:f9:cb:89:9b:c7:f7:76:80:46:af:b8:0a:b3:
         47:63:10:85:b6:20:76:8a:0e:b2:45:bf:99:c1:7f:f6:69:95:
         88:96:61:93:a4:3b:0f:ae:b0:73:27:b6:89:06:29:95:a5:51:
         a9:08:8b:c9:d4:69:04:d0:15:e8:a7:7e:b9:1a:96:18:70:27:
         00:f0:32:17:bd:34:8e:f4:02:b9:a2:b2:ef:58:48:04:e3:94:
         99:67:77:6c:18:e7:d8:f5:85:cc:b8:a1:b7:90:21:05:5c:a6:
         c9:9a:dd:3f:b8:d2:16:a4:fb:8b:8d:bb:fb:72:72:06:bb:b5:
         60:87:a2:d8:08:7d:f3:93:a5:48:66:08:f7:55:ff:34:45:a9:
         0c:5d:72:2a:c4:84:e7:5a:08:01:ae:b7:bb:9d:d0:56:7e:3c:
         ce:1a:70:08:0b:20:98:11:13:42:b6:23:31:48:43:f2:fd:a3:
         14:dc:bd:4b
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQkRWc5dkyadDSTlgY3ZsK9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgyNjYwNWI0ZDI3ZjEzOTY4ZTg3OTRlNmVmMDkxMjIzNzQ4
ODE3ZDgwHhcNMjUwMTAxMjM0ODM1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNDNlM2M0NjcyY2E4NTAzNTA0YjFjMjc0ZTVlNTRiNzcwZDM2OWE1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArbsupxOoMSFrHRgswFN7VKBvy6fl
z13zFbbpPHqv2z74mHysqLAOp471LtooaSllslvjbldzwgKXMEVdyB+xQkKIL7I7
IzWvMtBc52EQfh3LrkRZqS9pMOkRKkfg1FDVda3ExioMugfOp+RpCIzJkB5Ip/m9
2yFJVqMmQaMUkDLCT0bjomGYPecG+SoOTjeGPivsCL/mL4Fgs9niwA0PtwZbwV3w
nOtM4l+Secnl2VOAkeHID43vVM/GiJKJseNnwEqmD2I6KOlzB0r/RE41ES2E0uYb
p2smoic6g7ubtIKMZmRPdVoFWYzZIuOX7yVkQ/suVQHVbESR2t1gPjjImQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFAQ+PEZyyoUDUEscJ05eVLdw02mlMB8GA1UdIwQY
MBaAFIJmBbTSfxOWjoeU5u8JEiN0iBfYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ21ZRnROSl9FNWFPaDVUbTd3a1NJM1NJRjlnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny9mYmNjMzItMzNjOC00MWZmLTg5ZmEt
MmQxOTE4YmExYzBlLzEvQkQ0OFJuTEtoUU5RU3h3blRsNVV0M0RUYWFVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ny9mYmNjMzItMzNjOC00MWZmLTg5ZmEtMmQxOTE4YmExYzBl
LzEvZ21ZRnROSl9FNWFPaDVUbTd3a1NJM1NJRjlnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCqvZAAwQC
uWYEMA0GCSqGSIb3DQEBCwUAA4IBAQAW/NHefdlevldUr2hRYyIQTaXFIEhXCki5
fU4PPoCMC38MqEGlf+UnPgMfPS2OXREjXK0eNJ1OE6QQAwqdkVChzcADXHz2IID7
2Abej/nLiZvH93aARq+4CrNHYxCFtiB2ig6yRb+ZwX/2aZWIlmGTpDsPrrBzJ7aJ
BimVpVGpCIvJ1GkE0BXop365GpYYcCcA8DIXvTSO9AK5orLvWEgE45SZZ3dsGOfY
9YXMuKG3kCEFXKbJmt0/uNIWpPuLjbv7cnIGu7Vgh6LYCH3zk6VIZgj3Vf80RakM
XXIqxITnWggBrre7ndBWfjzOGnAICyCYERNCtiMxSEPy/aMU3L1L
-----END CERTIFICATE-----