Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a0/186a93-8e93-4652-9289-7ed51ca5af51/1/i4xZsK__v3rFAdp2I4QUrGdulkA.roa
File:                     i4xZsK__v3rFAdp2I4QUrGdulkA.roa (raw, json)
Hash identifier:          7y/IXk7zUN3UVxHCXKQjh1FoBdjvSc3K/G/mRr6+6Gg=
Subject key identifier:   8B:8C:59:B0:AF:FF:BF:7A:C5:01:DA:76:23:84:14:AC:67:6E:96:40
Certificate issuer:       /CN=964335563d9b6f9e3e28de368d85988bc141371e
Certificate serial:       01941FF9FFE96CE535BCF7E38D8E7DC8AD99
Authority key identifier: 96:43:35:56:3D:9B:6F:9E:3E:28:DE:36:8D:85:98:8B:C1:41:37:1E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/lkM1Vj2bb54-KN42jYWYi8FBNx4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a0/186a93-8e93-4652-9289-7ed51ca5af51/1/i4xZsK__v3rFAdp2I4QUrGdulkA.roa
Signing time:             Wed 01 Jan 2025 03:47:45 +0000
ROA not before:           Wed 01 Jan 2025 03:47:45 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     206608
IP address blocks:        185.180.80.0/22 maxlen: 22
                          185.180.80.0/24 maxlen: 24
                          185.180.81.0/24 maxlen: 24
                          185.180.83.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a0/186a93-8e93-4652-9289-7ed51ca5af51/1/lkM1Vj2bb54-KN42jYWYi8FBNx4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a0/186a93-8e93-4652-9289-7ed51ca5af51/1/lkM1Vj2bb54-KN42jYWYi8FBNx4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/lkM1Vj2bb54-KN42jYWYi8FBNx4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 14 Apr 2025 08:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:f9:ff:e9:6c:e5:35:bc:f7:e3:8d:8e:7d:c8:ad:99
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=964335563d9b6f9e3e28de368d85988bc141371e
        Validity
            Not Before: Jan  1 03:47:45 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8b8c59b0afffbf7ac501da76238414ac676e9640
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:40:d4:c1:78:30:b2:dc:21:bd:0d:7b:e1:de:
                    19:30:3f:2f:03:17:12:45:d2:7e:c9:f4:2f:7e:ab:
                    d1:02:ca:0c:b5:55:c0:9d:0e:8f:15:b2:c0:88:07:
                    c0:b8:dc:9c:e3:ec:32:4b:95:6f:01:af:9e:cc:4a:
                    b2:71:29:dc:22:02:9e:b7:4c:ea:7a:e5:b2:c0:ca:
                    51:42:af:76:92:d1:73:f9:6b:1e:ff:c9:d7:76:cd:
                    37:6a:98:b3:84:7a:ca:26:41:8d:fb:ea:59:19:41:
                    df:a8:77:a5:54:26:d1:eb:28:1a:fe:6d:63:6a:fb:
                    dd:65:4a:31:fc:cf:68:ce:c2:c9:b3:cb:bc:c8:44:
                    dd:a1:fb:2b:dc:58:a2:ae:38:7e:a8:ed:07:10:9c:
                    0d:92:a7:ed:1c:fe:f4:76:12:35:25:ca:0c:52:5c:
                    ed:4c:0e:66:1f:d1:d6:fd:15:fb:b1:0c:90:81:5a:
                    19:e0:ca:f3:dc:6f:ac:88:21:4d:00:df:39:f9:d3:
                    32:c2:ce:0a:ac:25:80:51:d8:61:c4:e1:98:a2:af:
                    d3:89:ef:a8:be:32:a6:05:0c:32:08:48:c2:75:f8:
                    45:3c:45:c4:13:56:c9:f1:7d:25:ce:45:0b:97:02:
                    bd:ef:db:b2:1b:ad:6a:f1:9f:8c:d9:17:d2:78:07:
                    85:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8B:8C:59:B0:AF:FF:BF:7A:C5:01:DA:76:23:84:14:AC:67:6E:96:40
            X509v3 Authority Key Identifier:
                keyid:96:43:35:56:3D:9B:6F:9E:3E:28:DE:36:8D:85:98:8B:C1:41:37:1E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lkM1Vj2bb54-KN42jYWYi8FBNx4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a0/186a93-8e93-4652-9289-7ed51ca5af51/1/i4xZsK__v3rFAdp2I4QUrGdulkA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a0/186a93-8e93-4652-9289-7ed51ca5af51/1/lkM1Vj2bb54-KN42jYWYi8FBNx4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.180.80.0/22

    Signature Algorithm: sha256WithRSAEncryption
         46:96:77:4c:d2:4f:d4:dc:94:ad:cd:85:18:3a:6a:e7:f3:90:
         90:4f:d3:03:ef:45:6c:10:4c:6d:dc:17:33:c3:d3:a7:76:40:
         97:eb:de:d5:6f:98:de:c6:bf:d3:6a:80:fa:66:85:34:5e:e5:
         af:52:c2:0e:51:e9:82:e1:85:a7:c2:c7:b4:d4:ec:53:8f:06:
         49:87:18:a9:af:6d:92:10:01:15:38:ca:bd:25:5f:6d:ff:95:
         02:84:45:a2:9b:cb:96:96:78:f3:79:6f:43:b3:5d:57:a9:e2:
         74:82:03:73:e4:d0:b1:93:3e:4b:95:a8:e7:19:94:d5:a5:c1:
         cd:2e:9d:89:6b:af:09:3f:a5:ce:00:a9:98:e3:31:3f:ab:5d:
         c9:4b:d6:54:33:ea:05:31:04:2f:0c:4f:5d:98:36:fe:87:90:
         b7:b9:a0:ea:66:4a:d3:c3:4e:81:f4:8d:5e:2d:a7:d8:09:3b:
         d4:ed:47:d8:7b:fa:bc:f6:f5:93:e4:08:0b:5a:d3:78:b9:0d:
         cd:57:52:84:af:c3:0c:e6:65:63:37:2e:98:3b:8a:ca:72:35:
         14:cb:d0:39:47:db:4f:a6:a2:62:67:f8:36:12:8a:cb:45:7e:
         86:30:1e:9d:d2:12:ac:c4:3b:cf:8e:05:54:88:f8:e1:49:0d:
         99:89:b1:a0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQf+f/pbOU1vPfjjY59yK2ZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk2NDMzNTU2M2Q5YjZmOWUzZTI4ZGUzNjhkODU5ODhiYzE0
MTM3MWUwHhcNMjUwMTAxMDM0NzQ1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YjhjNTliMGFmZmZiZjdhYzUwMWRhNzYyMzg0MTRhYzY3NmU5NjQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzEDUwXgwstwhvQ174d4ZMD8vAxcS
RdJ+yfQvfqvRAsoMtVXAnQ6PFbLAiAfAuNyc4+wyS5VvAa+ezEqycSncIgKet0zq
euWywMpRQq92ktFz+Wse/8nXds03apizhHrKJkGN++pZGUHfqHelVCbR6yga/m1j
avvdZUox/M9ozsLJs8u8yETdofsr3Fiirjh+qO0HEJwNkqftHP70dhI1JcoMUlzt
TA5mH9HW/RX7sQyQgVoZ4Mrz3G+siCFNAN85+dMyws4KrCWAUdhhxOGYoq/Tie+o
vjKmBQwyCEjCdfhFPEXEE1bJ8X0lzkULlwK979uyG61q8Z+M2RfSeAeFpwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIuMWbCv/796xQHadiOEFKxnbpZAMB8GA1UdIwQY
MBaAFJZDNVY9m2+ePijeNo2FmIvBQTceMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbGtNMVZqMmJiNTQtS040MmpZV1lpOEZCTng0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMC8xODZhOTMtOGU5My00NjUyLTkyODkt
N2VkNTFjYTVhZjUxLzEvaTR4WnNLX192M3JGQWRwMkk0UVVyR2R1bGtBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMC8xODZhOTMtOGU5My00NjUyLTkyODktN2VkNTFjYTVhZjUx
LzEvbGtNMVZqMmJiNTQtS040MmpZV1lpOEZCTng0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCubRQMA0G
CSqGSIb3DQEBCwUAA4IBAQBGlndM0k/U3JStzYUYOmrn85CQT9MD70VsEExt3Bcz
w9OndkCX697Vb5jexr/TaoD6ZoU0XuWvUsIOUemC4YWnwse01OxTjwZJhxipr22S
EAEVOMq9JV9t/5UChEWim8uWlnjzeW9Ds11XqeJ0ggNz5NCxkz5LlajnGZTVpcHN
Lp2Ja68JP6XOAKmY4zE/q13JS9ZUM+oFMQQvDE9dmDb+h5C3uaDqZkrTw06B9I1e
LafYCTvU7UfYe/q89vWT5AgLWtN4uQ3NV1KEr8MM5mVjNy6YO4rKcjUUy9A5R9tP
pqJiZ/g2EorLRX6GMB6d0hKsxDvPjgVUiPjhSQ2ZibGg
-----END CERTIFICATE-----