Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9e/ef1699-8c13-4235-a589-63fe6be62dc9/1/p41jrQB80nM3Fi93nL78jR6iBMo.roa
File:                     p41jrQB80nM3Fi93nL78jR6iBMo.roa (raw, json)
Hash identifier:          nJZUqGT5BG1vu4ck1mxKQBzWxDOQCEnlZy8FawGaQcs=
Subject key identifier:   A7:8D:63:AD:00:7C:D2:73:37:16:2F:77:9C:BE:FC:8D:1E:A2:04:CA
Certificate issuer:       /CN=fab65124aeb603a0dd5c5cee1a0ab6521397db60
Certificate serial:       0194252222DBCABED45E2CC37C19B82E23A3
Authority key identifier: FA:B6:51:24:AE:B6:03:A0:DD:5C:5C:EE:1A:0A:B6:52:13:97:DB:60
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-rZRJK62A6DdXFzuGgq2UhOX22A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9e/ef1699-8c13-4235-a589-63fe6be62dc9/1/p41jrQB80nM3Fi93nL78jR6iBMo.roa
Signing time:             Thu 02 Jan 2025 03:49:41 +0000
ROA not before:           Thu 02 Jan 2025 03:49:41 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     6730
IP address blocks:        185.51.184.0/22 maxlen: 22
                          2a01:b460::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9e/ef1699-8c13-4235-a589-63fe6be62dc9/1/1-rZRJK62A6DdXFzuGgq2UhOX22A.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9e/ef1699-8c13-4235-a589-63fe6be62dc9/1/1-rZRJK62A6DdXFzuGgq2UhOX22A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-rZRJK62A6DdXFzuGgq2UhOX22A.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 14 Apr 2025 09:01:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:22:22:db:ca:be:d4:5e:2c:c3:7c:19:b8:2e:23:a3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fab65124aeb603a0dd5c5cee1a0ab6521397db60
        Validity
            Not Before: Jan  2 03:49:41 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a78d63ad007cd27337162f779cbefc8d1ea204ca
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:42:d7:90:d6:74:a3:71:f3:5c:23:09:8f:10:
                    7e:84:1b:20:84:eb:eb:17:e8:c2:71:a1:88:e7:05:
                    4a:7c:d0:14:d7:e9:46:5f:7d:53:6b:2f:40:ac:e5:
                    9a:b7:de:49:01:af:cf:92:43:e1:12:b4:53:e4:d3:
                    21:14:23:d6:8f:5a:a1:f8:b9:86:47:7c:77:e5:6b:
                    0f:c3:93:3c:ce:89:01:8e:f1:a8:44:1e:3b:67:1c:
                    f7:fa:47:c1:e0:07:ed:f5:fc:45:ff:8c:a7:ef:05:
                    27:f2:5c:eb:af:f6:7b:71:a7:e0:10:de:7c:43:b7:
                    c1:53:c2:79:e2:56:8f:53:44:7a:30:62:00:76:58:
                    51:5b:f8:51:a7:a2:30:78:82:61:e9:51:ac:c7:ef:
                    23:17:32:a9:59:1a:00:97:24:d8:f3:36:c9:ed:f4:
                    0e:5b:bb:b5:39:6d:63:02:75:b8:63:9e:c6:fd:f5:
                    5d:4b:a1:7d:66:64:10:74:49:1f:c0:9d:1a:e1:74:
                    4a:51:6f:b0:88:d0:90:51:65:ce:b1:e1:e0:07:b5:
                    75:34:52:46:cb:a1:06:e2:36:b9:71:49:bf:fe:35:
                    70:c0:fd:a6:32:20:a5:1f:3e:60:ff:38:f4:34:35:
                    74:bb:df:37:fd:83:9a:dd:eb:3d:ce:8e:f1:ff:27:
                    a1:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A7:8D:63:AD:00:7C:D2:73:37:16:2F:77:9C:BE:FC:8D:1E:A2:04:CA
            X509v3 Authority Key Identifier:
                keyid:FA:B6:51:24:AE:B6:03:A0:DD:5C:5C:EE:1A:0A:B6:52:13:97:DB:60

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-rZRJK62A6DdXFzuGgq2UhOX22A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9e/ef1699-8c13-4235-a589-63fe6be62dc9/1/p41jrQB80nM3Fi93nL78jR6iBMo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9e/ef1699-8c13-4235-a589-63fe6be62dc9/1/1-rZRJK62A6DdXFzuGgq2UhOX22A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.51.184.0/22
                IPv6:
                  2a01:b460::/32

    Signature Algorithm: sha256WithRSAEncryption
         17:08:79:06:6f:1e:8a:d9:2a:24:12:08:d1:e2:b7:5a:d6:71:
         3f:8a:c0:49:fe:fb:ec:27:8e:b0:98:ff:91:c1:a2:35:6b:a5:
         be:b6:1c:12:c4:d3:5e:91:40:89:64:e2:10:9c:e3:8c:e9:f2:
         43:e1:c3:f8:7e:be:0f:97:04:91:3c:5d:e8:78:d4:e3:9e:69:
         7b:48:5a:51:d6:9c:ef:ab:05:a1:6e:55:e3:e4:af:11:f2:9b:
         01:45:c2:03:34:0b:54:80:af:86:84:77:2d:21:a4:84:5c:5e:
         6f:f8:e4:d5:eb:34:95:04:9e:a6:4c:bd:36:56:e0:68:3c:c2:
         c4:6c:d0:c2:f4:e9:3f:19:b2:1a:35:e2:80:7d:31:e7:9b:4e:
         a2:6d:5d:b9:cf:3c:be:be:78:4e:ba:47:77:08:82:54:a4:80:
         b0:a3:33:a5:51:25:17:08:5a:58:6d:98:6f:7c:36:23:71:66:
         b9:9b:74:67:b3:dd:1e:2f:71:8a:03:16:47:7a:b6:2d:1b:b7:
         73:2c:78:dc:51:11:21:2b:35:62:bb:20:ae:ca:35:d8:d1:52:
         10:8b:c1:7a:ce:e9:59:09:8e:2c:9f:6d:c6:a9:3a:2f:c7:ee:
         98:0f:b8:53:6c:df:58:23:cf:57:89:0d:d4:79:14:d2:fa:a3:
         8b:3f:af:65
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZQlIiLbyr7UXizDfBm4LiOjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZhYjY1MTI0YWViNjAzYTBkZDVjNWNlZTFhMGFiNjUyMTM5
N2RiNjAwHhcNMjUwMTAyMDM0OTQxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNzhkNjNhZDAwN2NkMjczMzcxNjJmNzc5Y2JlZmM4ZDFlYTIwNGNhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuULXkNZ0o3HzXCMJjxB+hBsghOvr
F+jCcaGI5wVKfNAU1+lGX31Tay9ArOWat95JAa/PkkPhErRT5NMhFCPWj1qh+LmG
R3x35WsPw5M8zokBjvGoRB47Zxz3+kfB4Aft9fxF/4yn7wUn8lzrr/Z7cafgEN58
Q7fBU8J54laPU0R6MGIAdlhRW/hRp6IweIJh6VGsx+8jFzKpWRoAlyTY8zbJ7fQO
W7u1OW1jAnW4Y57G/fVdS6F9ZmQQdEkfwJ0a4XRKUW+wiNCQUWXOseHgB7V1NFJG
y6EG4ja5cUm//jVwwP2mMiClHz5g/zj0NDV0u983/YOa3es9zo7x/yeh7QIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFKeNY60AfNJzNxYvd5y+/I0eogTKMB8GA1UdIwQY
MBaAFPq2USSutgOg3Vxc7hoKtlITl9tgMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1yWlJKSzYyQTZEZFhGenVHZ3EyVWhPWDIyQS5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvOWUvZWYxNjk5LThjMTMtNDIzNS1hNTg5
LTYzZmU2YmU2MmRjOS8xL3A0MWpyUUI4MG5NM0ZpOTNuTDc4alI2aUJNby5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvOWUvZWYxNjk5LThjMTMtNDIzNS1hNTg5LTYzZmU2YmU2MmRj
OS8xLzEtclpSSks2MkE2RGRYRnp1R2dxMlVoT1gyMkEuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwLgYIKwYBBQUHAQcBAf8EHzAdMAwEAgABMAYDBAK5M7gw
DQQCAAIwBwMFACoBtGAwDQYJKoZIhvcNAQELBQADggEBABcIeQZvHorZKiQSCNHi
t1rWcT+KwEn+++wnjrCY/5HBojVrpb62HBLE016RQIlk4hCc44zp8kPhw/h+vg+X
BJE8Xeh41OOeaXtIWlHWnO+rBaFuVePkrxHymwFFwgM0C1SAr4aEdy0hpIRcXm/4
5NXrNJUEnqZMvTZW4Gg8wsRs0ML06T8Zsho14oB9MeebTqJtXbnPPL6+eE66R3cI
glSkgLCjM6VRJRcIWlhtmG98NiNxZrmbdGez3R4vcYoDFkd6ti0bt3MseNxRESEr
NWK7IK7KNdjRUhCLwXrO6VkJjiyfbcapOi/H7pgPuFNs31gjz1eJDdR5FNL6o4s/
r2U=
-----END CERTIFICATE-----