Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9c/c5bb63-30bf-48c8-a433-a2f67f2bf950/1/_k0OxqJ8CNa2nq6tzt4bUNoG6Sg.roa
File:                     _k0OxqJ8CNa2nq6tzt4bUNoG6Sg.roa (raw, json)
Hash identifier:          TBT+FD53tM1tzuAflJ2lZOj8tykRjtKXY5Xc3IXyQAc=
Subject key identifier:   FE:4D:0E:C6:A2:7C:08:D6:B6:9E:AE:AD:CE:DE:1B:50:DA:06:E9:28
Certificate issuer:       /CN=428e828829846f63465a37447ece3a746a48dd6c
Certificate serial:       0194266C0C05667528D989AB4EF7E1E373FE
Authority key identifier: 42:8E:82:88:29:84:6F:63:46:5A:37:44:7E:CE:3A:74:6A:48:DD:6C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Qo6CiCmEb2NGWjdEfs46dGpI3Ww.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9c/c5bb63-30bf-48c8-a433-a2f67f2bf950/1/_k0OxqJ8CNa2nq6tzt4bUNoG6Sg.roa
Signing time:             Thu 02 Jan 2025 09:50:02 +0000
ROA not before:           Thu 02 Jan 2025 09:50:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     59962
IP address blocks:        185.64.176.0/23 maxlen: 23
                          185.64.178.0/23 maxlen: 23
                          2a04:fb40::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9c/c5bb63-30bf-48c8-a433-a2f67f2bf950/1/Qo6CiCmEb2NGWjdEfs46dGpI3Ww.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9c/c5bb63-30bf-48c8-a433-a2f67f2bf950/1/Qo6CiCmEb2NGWjdEfs46dGpI3Ww.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Qo6CiCmEb2NGWjdEfs46dGpI3Ww.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 03:01:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:6c:0c:05:66:75:28:d9:89:ab:4e:f7:e1:e3:73:fe
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=428e828829846f63465a37447ece3a746a48dd6c
        Validity
            Not Before: Jan  2 09:50:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=fe4d0ec6a27c08d6b69eaeadcede1b50da06e928
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:2a:7a:ac:7c:05:0a:11:2b:0c:88:76:a0:61:
                    71:a1:24:a1:9c:c4:7a:27:31:3d:c7:9b:3a:b4:48:
                    05:1c:e2:b3:0a:58:26:ac:e6:a1:36:2e:5d:e3:96:
                    d6:56:7f:c7:6c:1b:30:b8:f6:5b:a4:27:87:df:8d:
                    67:82:66:bb:01:e2:33:f9:8b:1f:d5:36:52:73:a5:
                    35:34:e3:6c:56:ed:39:b9:36:fa:b7:83:47:fc:39:
                    bf:c0:82:25:54:55:a1:28:9e:27:df:25:a2:ec:b9:
                    e6:3c:1f:56:4b:f7:98:5b:55:8a:c5:c3:d5:79:18:
                    74:90:33:a0:39:ec:17:91:15:1f:05:ae:3b:a6:26:
                    6e:69:10:b0:71:1b:6b:77:6b:40:65:1c:e9:4f:e6:
                    21:1a:66:14:07:82:24:16:24:04:32:14:3a:68:3e:
                    70:7b:ad:82:e3:f3:3c:83:7d:62:46:88:29:12:2f:
                    ee:35:56:99:e5:14:ec:7a:09:33:62:f2:11:22:a7:
                    9c:da:c7:c9:65:63:93:26:56:5b:ed:6e:10:c3:51:
                    20:1f:9a:50:92:72:fd:06:62:35:19:4e:02:80:b8:
                    c2:fe:9b:7e:82:21:8c:91:db:66:b0:71:1d:9f:aa:
                    90:ca:6c:ca:93:38:84:bb:b9:66:88:a0:72:35:b6:
                    d3:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FE:4D:0E:C6:A2:7C:08:D6:B6:9E:AE:AD:CE:DE:1B:50:DA:06:E9:28
            X509v3 Authority Key Identifier:
                keyid:42:8E:82:88:29:84:6F:63:46:5A:37:44:7E:CE:3A:74:6A:48:DD:6C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Qo6CiCmEb2NGWjdEfs46dGpI3Ww.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9c/c5bb63-30bf-48c8-a433-a2f67f2bf950/1/_k0OxqJ8CNa2nq6tzt4bUNoG6Sg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9c/c5bb63-30bf-48c8-a433-a2f67f2bf950/1/Qo6CiCmEb2NGWjdEfs46dGpI3Ww.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.64.176.0/22
                IPv6:
                  2a04:fb40::/29

    Signature Algorithm: sha256WithRSAEncryption
         76:64:6c:2c:5f:28:fc:72:e0:98:50:97:8a:fb:08:85:c2:c9:
         75:bf:37:4f:0e:c3:9e:af:83:75:c8:d5:c2:47:56:c1:34:d2:
         5f:c2:ce:76:04:f8:63:70:21:43:74:9d:f5:49:9f:af:23:fd:
         2e:3d:c9:6a:34:d8:bd:fb:00:11:4f:be:1d:51:d4:61:b6:56:
         21:9a:d0:fb:a1:25:b9:a2:f1:0f:63:fd:ba:7f:df:27:ae:74:
         9f:db:32:cb:1a:4a:14:be:92:1f:2b:d5:e4:2d:53:8b:8f:d9:
         4e:b5:9e:d0:f0:ab:a3:18:23:08:29:ca:50:fb:4e:8a:68:0e:
         fb:da:d1:f7:99:fb:fc:db:c7:5f:c9:7e:6a:12:fc:d7:45:59:
         cb:fa:ed:28:6c:17:af:81:a4:51:65:13:18:c9:6a:cf:51:95:
         52:b7:fc:29:fe:78:2d:ef:85:5f:a1:fd:38:fc:ff:a7:08:eb:
         43:6b:d5:40:db:f7:92:e2:51:b0:62:f7:63:ed:15:d1:67:c1:
         41:62:4f:c4:d4:7c:c8:cf:da:ad:e2:4b:bf:cf:e5:9d:56:2e:
         3b:50:5d:2a:b0:37:3e:de:40:2f:52:c3:c4:11:bd:7c:8d:a7:
         f1:99:58:2c:25:04:fd:33:b1:57:13:14:7e:ee:32:16:a3:b6:
         fe:f0:10:ce
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQmbAwFZnUo2YmrTvfh43P+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQyOGU4Mjg4Mjk4NDZmNjM0NjVhMzc0NDdlY2UzYTc0NmE0
OGRkNmMwHhcNMjUwMTAyMDk1MDAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZTRkMGVjNmEyN2MwOGQ2YjY5ZWFlYWRjZWRlMWI1MGRhMDZlOTI4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApCp6rHwFChErDIh2oGFxoSShnMR6
JzE9x5s6tEgFHOKzClgmrOahNi5d45bWVn/HbBswuPZbpCeH341ngma7AeIz+Ysf
1TZSc6U1NONsVu05uTb6t4NH/Dm/wIIlVFWhKJ4n3yWi7LnmPB9WS/eYW1WKxcPV
eRh0kDOgOewXkRUfBa47piZuaRCwcRtrd2tAZRzpT+YhGmYUB4IkFiQEMhQ6aD5w
e62C4/M8g31iRogpEi/uNVaZ5RTsegkzYvIRIqec2sfJZWOTJlZb7W4Qw1EgH5pQ
knL9BmI1GU4CgLjC/pt+giGMkdtmsHEdn6qQymzKkziEu7lmiKByNbbTNQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFP5NDsaifAjWtp6urc7eG1DaBukoMB8GA1UdIwQY
MBaAFEKOgogphG9jRlo3RH7OOnRqSN1sMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUW82Q2lDbUViMk5HV2pkRWZzNDZkR3BJM1d3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Yy9jNWJiNjMtMzBiZi00OGM4LWE0MzMt
YTJmNjdmMmJmOTUwLzEvX2swT3hxSjhDTmEybnE2dHp0NGJVTm9HNlNnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Yy9jNWJiNjMtMzBiZi00OGM4LWE0MzMtYTJmNjdmMmJmOTUw
LzEvUW82Q2lDbUViMk5HV2pkRWZzNDZkR3BJM1d3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuUCwMA0E
AgACMAcDBQMqBPtAMA0GCSqGSIb3DQEBCwUAA4IBAQB2ZGwsXyj8cuCYUJeK+wiF
wsl1vzdPDsOer4N1yNXCR1bBNNJfws52BPhjcCFDdJ31SZ+vI/0uPclqNNi9+wAR
T74dUdRhtlYhmtD7oSW5ovEPY/26f98nrnSf2zLLGkoUvpIfK9XkLVOLj9lOtZ7Q
8KujGCMIKcpQ+06KaA772tH3mfv828dfyX5qEvzXRVnL+u0obBevgaRRZRMYyWrP
UZVSt/wp/ngt74Vfof04/P+nCOtDa9VA2/eS4lGwYvdj7RXRZ8FBYk/E1HzIz9qt
4ku/z+WdVi47UF0qsDc+3kAvUsPEEb18jafxmVgsJQT9M7FXExR+7jIWo7b+8BDO
-----END CERTIFICATE-----