Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9a/40d9a5-2566-49e1-a57b-d1abf4ee32cb/1/4qMGWpgEfUvVfuYkCpl-cDfdOi8.roa
File:                     4qMGWpgEfUvVfuYkCpl-cDfdOi8.roa (raw, json)
Hash identifier:          38HpzPTEyuA+scZwZQcFdTVJsXUC8CY1Kfy5zMrptq8=
Subject key identifier:   E2:A3:06:5A:98:04:7D:4B:D5:7E:E6:24:0A:99:7E:70:37:DD:3A:2F
Certificate issuer:       /CN=359f0f5ff620e0db5311f64736909973ac60f6f3
Certificate serial:       0194266B6492E9E5BB413406F2F9D5BCA373
Authority key identifier: 35:9F:0F:5F:F6:20:E0:DB:53:11:F6:47:36:90:99:73:AC:60:F6:F3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NZ8PX_Yg4NtTEfZHNpCZc6xg9vM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9a/40d9a5-2566-49e1-a57b-d1abf4ee32cb/1/4qMGWpgEfUvVfuYkCpl-cDfdOi8.roa
Signing time:             Thu 02 Jan 2025 09:49:19 +0000
ROA not before:           Thu 02 Jan 2025 09:49:19 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     206270
IP address blocks:        185.188.100.0/22 maxlen: 32
                          185.188.103.0/24 maxlen: 24
                          2a0a:10c0::/29 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9a/40d9a5-2566-49e1-a57b-d1abf4ee32cb/1/NZ8PX_Yg4NtTEfZHNpCZc6xg9vM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9a/40d9a5-2566-49e1-a57b-d1abf4ee32cb/1/NZ8PX_Yg4NtTEfZHNpCZc6xg9vM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NZ8PX_Yg4NtTEfZHNpCZc6xg9vM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 18 Apr 2025 16:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:6b:64:92:e9:e5:bb:41:34:06:f2:f9:d5:bc:a3:73
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=359f0f5ff620e0db5311f64736909973ac60f6f3
        Validity
            Not Before: Jan  2 09:49:19 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e2a3065a98047d4bd57ee6240a997e7037dd3a2f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:d5:2b:07:ea:e8:a7:a5:f7:da:9d:32:27:c7:
                    fc:57:82:4b:f1:3b:e4:90:41:ef:a8:f4:b3:20:9a:
                    c0:66:95:3f:d3:08:5a:ec:17:c7:60:ad:d5:60:2d:
                    f5:7a:b5:47:48:15:ca:36:6a:b6:76:8a:f2:01:39:
                    b6:b5:bb:b0:77:88:8a:7a:10:24:70:18:52:c2:83:
                    8c:35:83:c8:cf:22:f9:9f:a9:6e:6c:27:31:95:33:
                    c2:d5:bf:e5:3b:46:3f:8c:2f:f9:3e:29:ff:ac:8c:
                    13:f6:b6:44:df:a0:fb:06:21:4e:40:07:3f:49:29:
                    10:d4:51:31:9a:f8:3e:f6:ff:d6:7a:93:26:99:d2:
                    d3:d0:1e:c3:69:f8:10:a0:b4:fb:51:1a:a7:0c:d1:
                    37:3b:5f:52:db:d9:7c:89:06:68:6a:ac:33:5a:65:
                    9a:2f:b7:49:b4:de:58:30:15:1d:72:20:bf:0a:e9:
                    58:ed:9b:7a:ed:e8:02:0b:87:f2:15:ae:2c:e5:c0:
                    6b:25:23:ba:3e:bd:0e:fd:de:ee:b4:35:79:48:eb:
                    db:c2:fd:7b:be:a5:26:06:14:a2:4f:7c:6a:96:13:
                    1e:a2:82:fa:95:18:cc:c8:07:1b:aa:2b:32:9a:5d:
                    ed:a3:26:dc:01:01:87:9d:29:75:26:81:62:61:d3:
                    07:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E2:A3:06:5A:98:04:7D:4B:D5:7E:E6:24:0A:99:7E:70:37:DD:3A:2F
            X509v3 Authority Key Identifier:
                keyid:35:9F:0F:5F:F6:20:E0:DB:53:11:F6:47:36:90:99:73:AC:60:F6:F3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NZ8PX_Yg4NtTEfZHNpCZc6xg9vM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9a/40d9a5-2566-49e1-a57b-d1abf4ee32cb/1/4qMGWpgEfUvVfuYkCpl-cDfdOi8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9a/40d9a5-2566-49e1-a57b-d1abf4ee32cb/1/NZ8PX_Yg4NtTEfZHNpCZc6xg9vM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.188.100.0/22
                IPv6:
                  2a0a:10c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         49:b1:3c:e7:c2:11:90:2e:9c:3f:b3:62:30:39:a8:2a:8c:c6:
         69:36:4d:44:64:69:53:4c:f0:8f:6a:b3:74:12:b4:d9:34:7f:
         67:b6:44:61:0d:21:e3:fd:1e:9e:99:f2:58:c3:67:68:f6:8a:
         77:ef:2d:ee:56:11:f4:5f:ed:a7:c0:da:0d:8b:09:7a:70:db:
         78:0b:e5:28:14:b5:ae:08:37:6c:86:f3:84:07:92:1a:f1:a3:
         79:e6:dc:e6:ca:d9:2b:8b:22:0e:f3:c6:bb:ca:b5:df:8a:9c:
         5d:bd:a9:f8:85:8e:2b:0a:b4:0d:73:62:be:2e:62:fe:16:de:
         b0:9a:1a:63:30:f4:83:a8:60:7a:16:1b:41:43:32:4c:49:db:
         54:ab:1c:a4:11:9b:dd:48:48:8f:45:8f:03:20:e6:9f:13:27:
         cb:42:17:c9:f8:e3:01:b8:db:83:1e:b0:f5:d2:74:d5:8d:1e:
         7f:6f:0d:4b:62:31:cd:c0:d4:8f:89:cc:fc:42:ad:c5:e8:d9:
         10:c0:68:15:71:99:49:75:0a:6d:e8:16:20:1d:54:21:4f:55:
         10:c8:44:73:97:a7:a2:a1:40:29:d4:00:6e:2d:89:0a:2c:81:
         6e:71:d8:49:fc:24:5d:6f:57:7f:c0:2c:3e:ea:cf:38:46:a3:
         18:f1:03:c9
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQma2SS6eW7QTQG8vnVvKNzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1OWYwZjVmZjYyMGUwZGI1MzExZjY0NzM2OTA5OTczYWM2
MGY2ZjMwHhcNMjUwMTAyMDk0OTE5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMmEzMDY1YTk4MDQ3ZDRiZDU3ZWU2MjQwYTk5N2U3MDM3ZGQzYTJmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkNUrB+rop6X32p0yJ8f8V4JL8Tvk
kEHvqPSzIJrAZpU/0wha7BfHYK3VYC31erVHSBXKNmq2doryATm2tbuwd4iKehAk
cBhSwoOMNYPIzyL5n6lubCcxlTPC1b/lO0Y/jC/5Pin/rIwT9rZE36D7BiFOQAc/
SSkQ1FExmvg+9v/WepMmmdLT0B7DafgQoLT7URqnDNE3O19S29l8iQZoaqwzWmWa
L7dJtN5YMBUdciC/CulY7Zt67egCC4fyFa4s5cBrJSO6Pr0O/d7utDV5SOvbwv17
vqUmBhSiT3xqlhMeooL6lRjMyAcbqisyml3toybcAQGHnSl1JoFiYdMHwwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFOKjBlqYBH1L1X7mJAqZfnA33TovMB8GA1UdIwQY
MBaAFDWfD1/2IODbUxH2RzaQmXOsYPbzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTlo4UFhfWWc0TnRURWZaSE5wQ1pjNnhnOXZNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85YS80MGQ5YTUtMjU2Ni00OWUxLWE1N2It
ZDFhYmY0ZWUzMmNiLzEvNHFNR1dwZ0VmVXZWZnVZa0NwbC1jRGZkT2k4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85YS80MGQ5YTUtMjU2Ni00OWUxLWE1N2ItZDFhYmY0ZWUzMmNi
LzEvTlo4UFhfWWc0TnRURWZaSE5wQ1pjNnhnOXZNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCubxkMA0E
AgACMAcDBQMqChDAMA0GCSqGSIb3DQEBCwUAA4IBAQBJsTznwhGQLpw/s2IwOagq
jMZpNk1EZGlTTPCParN0ErTZNH9ntkRhDSHj/R6emfJYw2do9op37y3uVhH0X+2n
wNoNiwl6cNt4C+UoFLWuCDdshvOEB5Ia8aN55tzmytkriyIO88a7yrXfipxdvan4
hY4rCrQNc2K+LmL+Ft6wmhpjMPSDqGB6FhtBQzJMSdtUqxykEZvdSEiPRY8DIOaf
EyfLQhfJ+OMBuNuDHrD10nTVjR5/bw1LYjHNwNSPicz8Qq3F6NkQwGgVcZlJdQpt
6BYgHVQhT1UQyERzl6eioUAp1ABuLYkKLIFucdhJ/CRdb1d/wCw+6s84RqMY8QPJ
-----END CERTIFICATE-----