Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/89/f6fee6-c0a2-4a03-a981-f5fda0ea300d/1/salIHPhc1-U7JhA1wMdzrHIbzfs.roa
File:                     salIHPhc1-U7JhA1wMdzrHIbzfs.roa (raw, json)
Hash identifier:          nprIOebSdd8+BuExt2/8vOEgtfIuud16f9G3kU2RIx8=
Subject key identifier:   B1:A9:48:1C:F8:5C:D7:E5:3B:26:10:35:C0:C7:73:AC:72:1B:CD:FB
Certificate issuer:       /CN=80ab4c0945b738edda0583a274b63c1b8673a630
Certificate serial:       0195D68DC428F81F47AB0FE3F956253EA7F1
Authority key identifier: 80:AB:4C:09:45:B7:38:ED:DA:05:83:A2:74:B6:3C:1B:86:73:A6:30
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gKtMCUW3OO3aBYOidLY8G4ZzpjA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/89/f6fee6-c0a2-4a03-a981-f5fda0ea300d/1/salIHPhc1-U7JhA1wMdzrHIbzfs.roa
Signing time:             Thu 27 Mar 2025 07:42:49 +0000
ROA not before:           Thu 27 Mar 2025 07:42:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     43065
IP address blocks:        185.140.116.0/22 maxlen: 22
                          2001:67c:2448::/48 maxlen: 48
                          2a07:1c80::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/89/f6fee6-c0a2-4a03-a981-f5fda0ea300d/1/gKtMCUW3OO3aBYOidLY8G4ZzpjA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/89/f6fee6-c0a2-4a03-a981-f5fda0ea300d/1/gKtMCUW3OO3aBYOidLY8G4ZzpjA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gKtMCUW3OO3aBYOidLY8G4ZzpjA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 19 Apr 2025 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:d6:8d:c4:28:f8:1f:47:ab:0f:e3:f9:56:25:3e:a7:f1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=80ab4c0945b738edda0583a274b63c1b8673a630
        Validity
            Not Before: Mar 27 07:42:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b1a9481cf85cd7e53b261035c0c773ac721bcdfb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:5b:14:c2:9d:b3:26:64:84:47:8c:87:ae:30:
                    d9:3f:0f:98:d0:6d:ac:96:5d:fa:08:7c:0d:5f:5a:
                    4f:08:b7:5c:df:a8:79:c3:20:6b:75:bb:17:d2:97:
                    5d:ee:2a:b5:c0:6f:59:24:bd:e4:2e:ee:6c:1d:af:
                    9d:0b:cf:71:d2:2d:49:10:b9:20:6f:ad:8b:64:52:
                    a6:84:ce:84:44:a5:38:de:36:f0:58:3c:8a:bd:f3:
                    88:d6:81:fb:69:fa:08:18:f0:4f:14:1c:60:eb:1a:
                    84:fb:ca:74:a7:4b:01:e5:20:1f:78:f6:0f:58:e4:
                    8f:44:c9:9f:5f:4e:3b:1d:a5:01:4e:4c:9d:10:8c:
                    63:6a:4d:db:50:0d:95:0b:f4:22:e0:1e:70:3b:ce:
                    6c:38:f4:8f:52:92:65:4a:78:4a:90:8d:11:a0:ae:
                    89:23:40:2d:a6:80:e1:46:0b:e5:9a:24:8b:39:c6:
                    3a:bf:46:d3:38:47:72:06:4b:24:3a:1b:ef:74:80:
                    46:05:2d:ae:95:51:8d:5b:a9:a7:dc:4f:73:6c:00:
                    a0:6c:d2:6f:47:df:b8:fd:9d:77:4b:b3:01:2b:c5:
                    1d:70:1b:26:2d:8e:8f:d5:7d:dd:e0:03:e6:5e:22:
                    09:2d:46:a5:f9:18:f2:83:84:f1:5a:03:aa:c2:f7:
                    2d:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B1:A9:48:1C:F8:5C:D7:E5:3B:26:10:35:C0:C7:73:AC:72:1B:CD:FB
            X509v3 Authority Key Identifier:
                keyid:80:AB:4C:09:45:B7:38:ED:DA:05:83:A2:74:B6:3C:1B:86:73:A6:30

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gKtMCUW3OO3aBYOidLY8G4ZzpjA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/89/f6fee6-c0a2-4a03-a981-f5fda0ea300d/1/salIHPhc1-U7JhA1wMdzrHIbzfs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/89/f6fee6-c0a2-4a03-a981-f5fda0ea300d/1/gKtMCUW3OO3aBYOidLY8G4ZzpjA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.140.116.0/22
                IPv6:
                  2001:67c:2448::/48
                  2a07:1c80::/29

    Signature Algorithm: sha256WithRSAEncryption
         57:ea:2d:2a:d5:b4:bb:4b:13:60:55:0e:9f:6b:7e:3f:b1:e7:
         16:e9:b5:78:14:02:8e:76:40:04:7a:74:e7:2c:f0:aa:f8:91:
         a0:3d:12:52:9d:e3:a1:5c:1b:ee:6a:2d:a1:f2:c6:10:23:da:
         5a:49:62:34:15:c0:dc:e2:19:bf:36:56:ee:3d:95:af:13:6f:
         50:72:cf:cc:22:d8:76:dc:ac:f3:20:fc:05:66:e8:b3:19:af:
         4f:97:b8:d0:c7:1a:3b:f6:b6:3f:8f:76:32:6d:18:68:6e:38:
         66:11:eb:d3:41:8f:c5:ea:65:8a:02:35:83:b3:c9:4f:92:d8:
         9e:d0:bc:c7:7d:80:2b:2e:97:96:92:0e:23:29:88:d3:3b:0d:
         5d:62:c3:61:99:00:22:a5:ab:78:5d:ce:64:d2:e4:19:d2:33:
         4a:75:a6:46:62:c2:86:bf:61:f7:9b:98:36:9a:82:4b:70:dc:
         ea:2b:66:1b:b6:5c:b6:cd:6a:e2:a7:a6:c6:c4:0a:db:d7:c3:
         8c:e9:ce:84:e7:4e:cb:aa:9a:a4:33:c9:7b:0e:83:2d:2b:30:
         4b:bf:b8:72:6d:3a:bb:93:1e:c0:44:27:e0:2a:27:04:c2:4d:
         56:9d:ac:45:da:1c:7c:9f:f5:35:34:e4:62:a5:94:ed:04:3e:
         e9:86:cc:8b
-----BEGIN CERTIFICATE-----
MIIFFTCCA/2gAwIBAgISAZXWjcQo+B9Hqw/j+VYlPqfxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgwYWI0YzA5NDViNzM4ZWRkYTA1ODNhMjc0YjYzYzFiODY3
M2E2MzAwHhcNMjUwMzI3MDc0MjQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMWE5NDgxY2Y4NWNkN2U1M2IyNjEwMzVjMGM3NzNhYzcyMWJjZGZiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAslsUwp2zJmSER4yHrjDZPw+Y0G2s
ll36CHwNX1pPCLdc36h5wyBrdbsX0pdd7iq1wG9ZJL3kLu5sHa+dC89x0i1JELkg
b62LZFKmhM6ERKU43jbwWDyKvfOI1oH7afoIGPBPFBxg6xqE+8p0p0sB5SAfePYP
WOSPRMmfX047HaUBTkydEIxjak3bUA2VC/Qi4B5wO85sOPSPUpJlSnhKkI0RoK6J
I0AtpoDhRgvlmiSLOcY6v0bTOEdyBkskOhvvdIBGBS2ulVGNW6mn3E9zbACgbNJv
R9+4/Z13S7MBK8UdcBsmLY6P1X3d4APmXiIJLUal+Rjyg4TxWgOqwvctXwIDAQAB
o4ICITCCAh0wHQYDVR0OBBYEFLGpSBz4XNflOyYQNcDHc6xyG837MB8GA1UdIwQY
MBaAFICrTAlFtzjt2gWDonS2PBuGc6YwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ0t0TUNVVzNPTzNhQllPaWRMWThHNFp6cGpBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84OS9mNmZlZTYtYzBhMi00YTAzLWE5ODEt
ZjVmZGEwZWEzMDBkLzEvc2FsSUhQaGMxLVU3SmhBMXdNZHpySEliemZzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84OS9mNmZlZTYtYzBhMi00YTAzLWE5ODEtZjVmZGEwZWEzMDBk
LzEvZ0t0TUNVVzNPTzNhQllPaWRMWThHNFp6cGpBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDcGCCsGAQUFBwEHAQH/BCgwJjAMBAIAATAGAwQCuYx0MBYE
AgACMBADBwAgAQZ8JEgDBQMqBxyAMA0GCSqGSIb3DQEBCwUAA4IBAQBX6i0q1bS7
SxNgVQ6fa34/secW6bV4FAKOdkAEenTnLPCq+JGgPRJSneOhXBvuai2h8sYQI9pa
SWI0FcDc4hm/NlbuPZWvE29Qcs/MIth23KzzIPwFZuizGa9Pl7jQxxo79rY/j3Yy
bRhobjhmEevTQY/F6mWKAjWDs8lPktie0LzHfYArLpeWkg4jKYjTOw1dYsNhmQAi
pat4Xc5k0uQZ0jNKdaZGYsKGv2H3m5g2moJLcNzqK2Ybtly2zWrip6bGxArb18OM
6c6E507LqpqkM8l7DoMtKzBLv7hybTq7kx7ARCfgKicEwk1WnaxF2hx8n/U1NORi
pZTtBD7phsyL
-----END CERTIFICATE-----