Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8c/a87b6e-d842-4c0c-881b-210940da177b/1/xPDk5g3iPqXtBxmqurOe8EOGFWI.roa
File:                     xPDk5g3iPqXtBxmqurOe8EOGFWI.roa (raw, json)
Hash identifier:          cJRWS3KQ8AblO7sJXHhVYD57y1Z4KoSNUaFxyUCeoJM=
Subject key identifier:   C4:F0:E4:E6:0D:E2:3E:A5:ED:07:19:AA:BA:B3:9E:F0:43:86:15:62
Certificate issuer:       /CN=9042e83976e35fe29a01d3c43a9bc5964b37b443
Certificate serial:       019425FC19D8FDB8D901279BB3FAF2021B44
Authority key identifier: 90:42:E8:39:76:E3:5F:E2:9A:01:D3:C4:3A:9B:C5:96:4B:37:B4:43
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/kELoOXbjX-KaAdPEOpvFlks3tEM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8c/a87b6e-d842-4c0c-881b-210940da177b/1/xPDk5g3iPqXtBxmqurOe8EOGFWI.roa
Signing time:             Thu 02 Jan 2025 07:47:46 +0000
ROA not before:           Thu 02 Jan 2025 07:47:46 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     49374
IP address blocks:        185.1.136.0/24 maxlen: 24
                          2001:7f8:da::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8c/a87b6e-d842-4c0c-881b-210940da177b/1/kELoOXbjX-KaAdPEOpvFlks3tEM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8c/a87b6e-d842-4c0c-881b-210940da177b/1/kELoOXbjX-KaAdPEOpvFlks3tEM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/kELoOXbjX-KaAdPEOpvFlks3tEM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:fc:19:d8:fd:b8:d9:01:27:9b:b3:fa:f2:02:1b:44
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9042e83976e35fe29a01d3c43a9bc5964b37b443
        Validity
            Not Before: Jan  2 07:47:46 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c4f0e4e60de23ea5ed0719aabab39ef043861562
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:fa:22:e3:61:43:86:db:0d:ff:bc:e7:71:e5:
                    8b:8e:6d:78:71:f2:0e:27:df:df:5c:bd:4f:0c:1c:
                    34:4d:e9:2f:62:3d:f5:fb:80:da:2d:2b:64:fb:9b:
                    79:1f:38:41:29:18:03:0b:0a:f1:bb:a2:a0:09:0d:
                    cc:33:9b:8b:27:d2:b4:ca:f4:ed:56:b3:fd:60:48:
                    79:d2:be:17:84:36:2f:f4:23:32:c1:28:a4:da:25:
                    7f:ab:b2:c9:26:81:e7:2b:10:92:bc:c0:94:25:2d:
                    ff:6a:1c:99:0d:26:72:f0:0d:38:d6:13:b9:9b:b1:
                    37:c9:16:eb:db:c0:48:c6:61:97:74:b5:2f:79:fc:
                    7c:7f:42:44:28:4a:6c:06:79:70:14:45:90:1b:88:
                    9c:23:e6:02:43:25:ce:61:d2:f4:2e:e3:c3:56:04:
                    76:27:b2:bf:31:df:c2:ef:17:c7:c7:33:95:ef:15:
                    35:04:fa:1c:08:cb:f9:57:37:1a:7c:33:ae:7a:50:
                    a2:98:cd:83:8c:30:ce:b2:9c:b0:e7:d5:61:9e:7c:
                    73:a9:5d:68:81:32:a9:38:c2:65:76:05:c0:30:93:
                    3b:e1:c1:e8:5a:6b:50:ad:73:cc:30:9d:bf:55:3f:
                    4e:56:ff:6e:f9:8a:22:ae:f6:e8:6f:00:fe:5b:81:
                    3d:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C4:F0:E4:E6:0D:E2:3E:A5:ED:07:19:AA:BA:B3:9E:F0:43:86:15:62
            X509v3 Authority Key Identifier:
                keyid:90:42:E8:39:76:E3:5F:E2:9A:01:D3:C4:3A:9B:C5:96:4B:37:B4:43

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/kELoOXbjX-KaAdPEOpvFlks3tEM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8c/a87b6e-d842-4c0c-881b-210940da177b/1/xPDk5g3iPqXtBxmqurOe8EOGFWI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8c/a87b6e-d842-4c0c-881b-210940da177b/1/kELoOXbjX-KaAdPEOpvFlks3tEM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.1.136.0/24
                IPv6:
                  2001:7f8:da::/48

    Signature Algorithm: sha256WithRSAEncryption
         9e:9c:fb:94:87:15:2e:b3:96:6f:b8:e9:15:f4:7a:df:d7:56:
         17:71:b3:40:74:f2:d4:5f:fa:97:4c:df:53:17:2f:cc:04:98:
         fc:02:1a:70:07:c7:03:43:f2:3f:39:73:d3:82:70:04:bf:2a:
         a0:07:46:0b:d5:d9:45:41:18:72:a2:1a:13:ee:b5:45:01:09:
         9c:77:f1:af:45:c7:7c:60:b8:18:7d:9b:4f:f6:ee:3c:f1:3c:
         a8:16:c3:98:65:3b:2d:b8:07:37:da:e7:24:74:ae:41:93:60:
         58:0d:28:85:03:2f:02:0a:96:59:ca:96:4c:bc:35:cf:0e:d4:
         eb:1e:5f:86:6c:cc:ca:36:d0:9d:e4:27:1c:17:ad:14:f7:26:
         3e:f5:d4:e7:6d:ba:64:5c:d6:db:0d:45:a8:6c:e4:74:6b:f5:
         51:b5:4b:91:e7:58:ee:ba:a7:13:55:b3:da:97:62:1e:d2:c6:
         66:19:21:e9:a3:7c:80:9e:40:06:9b:9b:ec:85:05:5d:3a:5f:
         8b:d4:9d:f5:1d:00:a1:f3:fb:32:11:c5:93:0e:19:da:ac:3a:
         be:62:bd:cd:69:61:b8:04:41:10:da:d5:e6:42:fa:27:30:34:
         6a:e4:4a:eb:cd:31:d6:68:25:a2:aa:18:fb:da:a6:c7:90:2e:
         ad:57:39:4a
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZQl/BnY/bjZASebs/ryAhtEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkwNDJlODM5NzZlMzVmZTI5YTAxZDNjNDNhOWJjNTk2NGIz
N2I0NDMwHhcNMjUwMTAyMDc0NzQ2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNGYwZTRlNjBkZTIzZWE1ZWQwNzE5YWFiYWIzOWVmMDQzODYxNTYyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvvoi42FDhtsN/7znceWLjm14cfIO
J9/fXL1PDBw0TekvYj31+4DaLStk+5t5HzhBKRgDCwrxu6KgCQ3MM5uLJ9K0yvTt
VrP9YEh50r4XhDYv9CMywSik2iV/q7LJJoHnKxCSvMCUJS3/ahyZDSZy8A041hO5
m7E3yRbr28BIxmGXdLUvefx8f0JEKEpsBnlwFEWQG4icI+YCQyXOYdL0LuPDVgR2
J7K/Md/C7xfHxzOV7xU1BPocCMv5VzcafDOuelCimM2DjDDOspyw59VhnnxzqV1o
gTKpOMJldgXAMJM74cHoWmtQrXPMMJ2/VT9OVv9u+YoirvbobwD+W4E9GQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFMTw5OYN4j6l7QcZqrqznvBDhhViMB8GA1UdIwQY
MBaAFJBC6Dl241/imgHTxDqbxZZLN7RDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva0VMb09YYmpYLUthQWRQRU9wdkZsa3MzdEVNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Yy9hODdiNmUtZDg0Mi00YzBjLTg4MWIt
MjEwOTQwZGExNzdiLzEveFBEazVnM2lQcVh0QnhtcXVyT2U4RU9HRldJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Yy9hODdiNmUtZDg0Mi00YzBjLTg4MWItMjEwOTQwZGExNzdi
LzEva0VMb09YYmpYLUthQWRQRU9wdkZsa3MzdEVNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAuQGIMA8E
AgACMAkDBwAgAQf4ANowDQYJKoZIhvcNAQELBQADggEBAJ6c+5SHFS6zlm+46RX0
et/XVhdxs0B08tRf+pdM31MXL8wEmPwCGnAHxwND8j85c9OCcAS/KqAHRgvV2UVB
GHKiGhPutUUBCZx38a9Fx3xguBh9m0/27jzxPKgWw5hlOy24Bzfa5yR0rkGTYFgN
KIUDLwIKllnKlky8Nc8O1OseX4ZszMo20J3kJxwXrRT3Jj711OdtumRc1tsNRahs
5HRr9VG1S5HnWO66pxNVs9qXYh7SxmYZIemjfICeQAabm+yFBV06X4vUnfUdAKHz
+zIRxZMOGdqsOr5ivc1pYbgEQRDa1eZC+icwNGrkSuvNMdZoJaKqGPvapseQLq1X
OUo=
-----END CERTIFICATE-----