Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a0/9b34b0-301a-41a2-b4c5-a8866aa95c71/1/akH_-GUofRi3IR9WY9DWc-MBUHc.roa
File:                     akH_-GUofRi3IR9WY9DWc-MBUHc.roa (raw, json)
Hash identifier:          GH7ew6e0VLPyvTO+mxXZge5TTd6Djbt+GfnJ/q6zgIU=
Subject key identifier:   6A:41:FF:F8:65:28:7D:18:B7:21:1F:56:63:D0:D6:73:E3:01:50:77
Certificate issuer:       /CN=3066ad61c162df0650ee0ab60c68075b29a211c8
Certificate serial:       0194206844956A0E16E6A12F6CE788948611
Authority key identifier: 30:66:AD:61:C1:62:DF:06:50:EE:0A:B6:0C:68:07:5B:29:A2:11:C8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MGatYcFi3wZQ7gq2DGgHWymiEcg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a0/9b34b0-301a-41a2-b4c5-a8866aa95c71/1/akH_-GUofRi3IR9WY9DWc-MBUHc.roa
Signing time:             Wed 01 Jan 2025 05:48:11 +0000
ROA not before:           Wed 01 Jan 2025 05:48:11 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     41960
IP address blocks:        185.203.188.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a0/9b34b0-301a-41a2-b4c5-a8866aa95c71/1/MGatYcFi3wZQ7gq2DGgHWymiEcg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a0/9b34b0-301a-41a2-b4c5-a8866aa95c71/1/MGatYcFi3wZQ7gq2DGgHWymiEcg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MGatYcFi3wZQ7gq2DGgHWymiEcg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 23:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:68:44:95:6a:0e:16:e6:a1:2f:6c:e7:88:94:86:11
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3066ad61c162df0650ee0ab60c68075b29a211c8
        Validity
            Not Before: Jan  1 05:48:11 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6a41fff865287d18b7211f5663d0d673e3015077
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:51:56:7b:6e:d8:f9:70:91:ec:13:58:31:c2:
                    1e:6c:c4:c7:cc:b1:3f:6b:a7:a5:1b:fa:19:f2:96:
                    b0:d0:b1:37:71:3f:45:0d:18:00:b2:aa:99:2b:eb:
                    85:1d:bd:4e:ca:af:fb:93:87:b3:0a:4a:6b:be:65:
                    fb:63:8b:3f:da:72:d7:a7:7e:92:62:6e:4f:ea:82:
                    8d:b5:62:79:af:ca:9e:fc:f3:4b:0a:d6:f8:a6:0d:
                    63:33:23:49:79:2d:5e:8c:4f:2b:3e:b4:6b:76:60:
                    0b:c3:4e:9d:65:47:cb:1c:a2:6b:b2:54:ed:de:e8:
                    42:cd:97:61:55:2d:9c:8e:44:e6:79:12:fa:ff:d9:
                    4d:26:bb:20:64:33:09:a0:7a:c6:38:4b:27:80:0a:
                    13:c5:46:fc:78:a9:eb:31:f4:9e:58:49:6b:8d:2f:
                    75:d2:d9:5c:93:41:13:43:d1:41:70:f2:a3:f3:74:
                    4e:af:e5:90:16:1f:07:3d:cc:36:13:c3:ca:04:1e:
                    de:7d:16:36:68:c9:bd:9f:40:5e:db:c0:a1:8b:0a:
                    b9:b2:13:a5:8b:d9:ec:00:95:32:6a:02:d0:f4:a1:
                    3f:13:97:c2:92:e4:94:fb:b3:35:02:98:13:b7:48:
                    0b:ea:d1:6c:9c:00:21:b9:74:34:41:3c:f1:cb:47:
                    20:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6A:41:FF:F8:65:28:7D:18:B7:21:1F:56:63:D0:D6:73:E3:01:50:77
            X509v3 Authority Key Identifier:
                keyid:30:66:AD:61:C1:62:DF:06:50:EE:0A:B6:0C:68:07:5B:29:A2:11:C8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MGatYcFi3wZQ7gq2DGgHWymiEcg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a0/9b34b0-301a-41a2-b4c5-a8866aa95c71/1/akH_-GUofRi3IR9WY9DWc-MBUHc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a0/9b34b0-301a-41a2-b4c5-a8866aa95c71/1/MGatYcFi3wZQ7gq2DGgHWymiEcg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.203.188.0/22

    Signature Algorithm: sha256WithRSAEncryption
         96:24:82:c0:6b:a0:bf:e9:11:6c:f0:60:86:b6:78:b9:16:82:
         8e:82:48:4d:7a:75:8c:91:87:11:68:8a:79:0c:b5:06:42:cb:
         3e:53:e5:c0:84:c7:79:6e:85:75:6b:3a:8e:87:0f:e9:9a:3b:
         1e:32:29:32:fd:90:3e:30:af:22:52:96:26:10:93:c5:2f:0e:
         08:0b:46:7d:74:63:93:48:c6:20:e0:7f:fa:3a:25:06:5e:fa:
         0f:e9:88:2b:62:82:28:2a:b9:b6:d1:9b:d0:aa:32:20:de:64:
         cd:ef:14:03:0a:34:6c:f4:59:93:be:db:bd:6a:c1:b3:98:29:
         f5:2a:29:0a:e9:69:31:a6:f3:ed:ce:ca:89:4a:26:23:3c:0a:
         f9:ba:9a:1b:06:5a:e4:e0:d9:37:2a:30:89:fe:80:31:81:e4:
         7a:4e:4a:12:c3:3c:91:7f:7b:0c:21:2a:2e:f5:4e:15:f4:4e:
         1b:9c:81:da:58:5c:c9:46:82:20:d7:27:e5:f1:d0:87:33:c6:
         fc:6f:93:59:f2:58:25:7c:58:d9:f1:54:6b:af:a7:98:20:7e:
         34:49:c9:21:b3:7b:22:76:6d:b6:de:94:15:b3:46:57:67:98:
         16:21:cc:e7:09:9c:24:56:9a:f3:3f:df:5d:52:cd:b1:43:da:
         ed:37:23:3d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQgaESVag4W5qEvbOeIlIYRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMwNjZhZDYxYzE2MmRmMDY1MGVlMGFiNjBjNjgwNzViMjlh
MjExYzgwHhcNMjUwMTAxMDU0ODExWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YTQxZmZmODY1Mjg3ZDE4YjcyMTFmNTY2M2QwZDY3M2UzMDE1MDc3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2lFWe27Y+XCR7BNYMcIebMTHzLE/
a6elG/oZ8paw0LE3cT9FDRgAsqqZK+uFHb1Oyq/7k4ezCkprvmX7Y4s/2nLXp36S
Ym5P6oKNtWJ5r8qe/PNLCtb4pg1jMyNJeS1ejE8rPrRrdmALw06dZUfLHKJrslTt
3uhCzZdhVS2cjkTmeRL6/9lNJrsgZDMJoHrGOEsngAoTxUb8eKnrMfSeWElrjS91
0tlck0ETQ9FBcPKj83ROr+WQFh8HPcw2E8PKBB7efRY2aMm9n0Be28Chiwq5shOl
i9nsAJUyagLQ9KE/E5fCkuSU+7M1ApgTt0gL6tFsnAAhuXQ0QTzxy0cg1wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGpB//hlKH0YtyEfVmPQ1nPjAVB3MB8GA1UdIwQY
MBaAFDBmrWHBYt8GUO4KtgxoB1spohHIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTUdhdFljRmkzd1pRN2dxMkRHZ0hXeW1pRWNnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMC85YjM0YjAtMzAxYS00MWEyLWI0YzUt
YTg4NjZhYTk1YzcxLzEvYWtIXy1HVW9mUmkzSVI5V1k5RFdjLU1CVUhjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMC85YjM0YjAtMzAxYS00MWEyLWI0YzUtYTg4NjZhYTk1Yzcx
LzEvTUdhdFljRmkzd1pRN2dxMkRHZ0hXeW1pRWNnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCucu8MA0G
CSqGSIb3DQEBCwUAA4IBAQCWJILAa6C/6RFs8GCGtni5FoKOgkhNenWMkYcRaIp5
DLUGQss+U+XAhMd5boV1azqOhw/pmjseMiky/ZA+MK8iUpYmEJPFLw4IC0Z9dGOT
SMYg4H/6OiUGXvoP6YgrYoIoKrm20ZvQqjIg3mTN7xQDCjRs9FmTvtu9asGzmCn1
KikK6WkxpvPtzsqJSiYjPAr5upobBlrk4Nk3KjCJ/oAxgeR6TkoSwzyRf3sMISou
9U4V9E4bnIHaWFzJRoIg1yfl8dCHM8b8b5NZ8lglfFjZ8VRrr6eYIH40Sckhs3si
dm223pQVs0ZXZ5gWIcznCZwkVprzP99dUs2xQ9rtNyM9
-----END CERTIFICATE-----