Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/547f51-0b39-4b8e-ade6-f400dabb9bc2/1/n5eJkZFicuorP_7YUyglUyaxuUw.roa
File:                     n5eJkZFicuorP_7YUyglUyaxuUw.roa (raw, json)
Hash identifier:          X7lChHAuDqiBzbpN9aFseejb0s7SiAcnR2Lo7vuWZMI=
Subject key identifier:   9F:97:89:91:91:62:72:EA:2B:3F:FE:D8:53:28:25:53:26:B1:B9:4C
Certificate issuer:       /CN=a8180bf1a7750b3d22f9358556e11f0ff766a619
Certificate serial:       019421B2598C605AFA06CBBF71B42C8364BB
Authority key identifier: A8:18:0B:F1:A7:75:0B:3D:22:F9:35:85:56:E1:1F:0F:F7:66:A6:19
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qBgL8ad1Cz0i-TWFVuEfD_dmphk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/547f51-0b39-4b8e-ade6-f400dabb9bc2/1/n5eJkZFicuorP_7YUyglUyaxuUw.roa
Signing time:             Wed 01 Jan 2025 11:48:43 +0000
ROA not before:           Wed 01 Jan 2025 11:48:43 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     216037
IP address blocks:        185.164.204.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/547f51-0b39-4b8e-ade6-f400dabb9bc2/1/qBgL8ad1Cz0i-TWFVuEfD_dmphk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/547f51-0b39-4b8e-ade6-f400dabb9bc2/1/qBgL8ad1Cz0i-TWFVuEfD_dmphk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qBgL8ad1Cz0i-TWFVuEfD_dmphk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 15 Mar 2025 11:01:01 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:b2:59:8c:60:5a:fa:06:cb:bf:71:b4:2c:83:64:bb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a8180bf1a7750b3d22f9358556e11f0ff766a619
        Validity
            Not Before: Jan  1 11:48:43 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9f978991916272ea2b3ffed85328255326b1b94c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:27:51:35:67:59:ca:41:e2:9e:31:fa:6a:56:
                    c1:4f:b9:45:54:af:af:8e:5c:4a:be:c7:d3:85:9f:
                    f5:37:8e:e7:e2:c8:b4:24:75:b0:9c:58:6d:6b:8c:
                    4d:9b:5d:a7:75:96:e2:ac:af:eb:65:92:27:4d:41:
                    d9:1c:a2:98:bf:ba:2a:aa:b1:50:da:21:57:fb:e0:
                    b8:22:e7:b0:37:b0:28:ee:de:45:ee:36:8f:30:31:
                    2a:47:c0:a2:af:d2:17:f8:07:7f:5c:37:ec:e0:c9:
                    88:61:8e:ae:2c:12:23:e8:d9:1a:9e:8e:b3:30:11:
                    61:b7:42:40:b5:a2:9f:10:21:67:54:bf:e8:2c:06:
                    9b:3d:d2:de:cc:fc:de:56:23:ac:3e:bc:93:d0:92:
                    6d:37:f4:da:9d:dd:e2:f4:0d:6a:fe:3f:f2:8d:a1:
                    3a:a1:2a:12:0b:82:da:35:37:7a:87:fb:c9:26:1e:
                    75:b7:63:24:1a:7f:08:9e:f3:16:54:31:ca:9a:0c:
                    b9:3f:57:e6:e5:44:1b:41:9d:77:ef:82:ed:21:f8:
                    c6:2d:8b:fb:4f:c5:89:7a:5e:57:5d:bb:6c:e4:7d:
                    43:c6:83:82:08:bf:95:36:17:5f:03:ca:3a:27:fc:
                    15:c1:ce:95:94:95:92:7e:78:2f:43:92:3a:48:85:
                    24:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9F:97:89:91:91:62:72:EA:2B:3F:FE:D8:53:28:25:53:26:B1:B9:4C
            X509v3 Authority Key Identifier:
                keyid:A8:18:0B:F1:A7:75:0B:3D:22:F9:35:85:56:E1:1F:0F:F7:66:A6:19

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qBgL8ad1Cz0i-TWFVuEfD_dmphk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/547f51-0b39-4b8e-ade6-f400dabb9bc2/1/n5eJkZFicuorP_7YUyglUyaxuUw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/547f51-0b39-4b8e-ade6-f400dabb9bc2/1/qBgL8ad1Cz0i-TWFVuEfD_dmphk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.164.204.0/22

    Signature Algorithm: sha256WithRSAEncryption
         2a:23:d2:12:77:f2:41:1a:ec:35:2d:17:85:b1:e2:74:db:56:
         70:d0:6f:77:05:d7:61:b0:a9:e2:e8:42:d3:3b:f0:58:64:86:
         bf:d4:35:72:2d:20:e9:41:75:03:d8:e3:e4:60:34:3d:58:80:
         83:d5:58:e8:71:4c:ed:6d:0b:67:14:da:42:c9:51:a2:f9:bf:
         6f:1a:75:f7:e4:10:46:49:f5:7a:b7:6e:54:4b:a4:d0:b8:22:
         07:da:f6:62:cb:d7:fb:18:8e:a4:4a:46:d3:84:c0:17:db:2f:
         7a:2b:fa:67:12:6a:28:26:bb:32:b2:6d:d1:1e:45:04:f3:3d:
         12:5f:60:74:9e:a8:a5:43:48:1e:df:13:9b:c1:23:e4:26:08:
         c8:cd:93:04:66:fb:8d:f0:19:ce:fa:50:b1:3f:06:63:f2:37:
         f7:a2:ae:c6:14:07:46:d0:91:c1:93:94:31:8c:ac:f3:2b:1c:
         b9:c3:8f:18:72:b7:e0:47:76:46:6d:d8:a5:75:39:02:6f:25:
         2d:cb:9e:64:e4:2a:8e:d2:7b:68:2f:29:f9:6e:ba:dc:bf:2f:
         b3:40:ea:a0:6b:23:e6:d2:82:41:d1:e9:21:96:47:e9:f5:12:
         19:d6:0d:a2:7c:34:99:48:37:7d:81:e6:11:c0:83:3b:81:e0:
         dc:57:42:9c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhslmMYFr6Bsu/cbQsg2S7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE4MTgwYmYxYTc3NTBiM2QyMmY5MzU4NTU2ZTExZjBmZjc2
NmE2MTkwHhcNMjUwMTAxMTE0ODQzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5Zjk3ODk5MTkxNjI3MmVhMmIzZmZlZDg1MzI4MjU1MzI2YjFiOTRjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuCdRNWdZykHinjH6albBT7lFVK+v
jlxKvsfThZ/1N47n4si0JHWwnFhta4xNm12ndZbirK/rZZInTUHZHKKYv7oqqrFQ
2iFX++C4IuewN7Ao7t5F7jaPMDEqR8Cir9IX+Ad/XDfs4MmIYY6uLBIj6Nkano6z
MBFht0JAtaKfECFnVL/oLAabPdLezPzeViOsPryT0JJtN/Tand3i9A1q/j/yjaE6
oSoSC4LaNTd6h/vJJh51t2MkGn8InvMWVDHKmgy5P1fm5UQbQZ1374LtIfjGLYv7
T8WJel5XXbts5H1DxoOCCL+VNhdfA8o6J/wVwc6VlJWSfngvQ5I6SIUkiQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJ+XiZGRYnLqKz/+2FMoJVMmsblMMB8GA1UdIwQY
MBaAFKgYC/GndQs9Ivk1hVbhHw/3ZqYZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcUJnTDhhZDFDejBpLVRXRlZ1RWZEX2RtcGhrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS81NDdmNTEtMGIzOS00YjhlLWFkZTYt
ZjQwMGRhYmI5YmMyLzEvbjVlSmtaRmljdW9yUF83WVV5Z2xVeWF4dVV3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS81NDdmNTEtMGIzOS00YjhlLWFkZTYtZjQwMGRhYmI5YmMy
LzEvcUJnTDhhZDFDejBpLVRXRlZ1RWZEX2RtcGhrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuaTMMA0G
CSqGSIb3DQEBCwUAA4IBAQAqI9ISd/JBGuw1LReFseJ021Zw0G93BddhsKni6ELT
O/BYZIa/1DVyLSDpQXUD2OPkYDQ9WICD1VjocUztbQtnFNpCyVGi+b9vGnX35BBG
SfV6t25US6TQuCIH2vZiy9f7GI6kSkbThMAX2y96K/pnEmooJrsysm3RHkUE8z0S
X2B0nqilQ0ge3xObwSPkJgjIzZMEZvuN8BnO+lCxPwZj8jf3oq7GFAdG0JHBk5Qx
jKzzKxy5w48YcrfgR3ZGbdildTkCbyUty55k5CqO0ntoLyn5brrcvy+zQOqgayPm
0oJB0ekhlkfp9RIZ1g2ifDSZSDd9geYRwIM7geDcV0Kc
-----END CERTIFICATE-----