Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a4/5e0489-17cf-422c-aa40-2fb0944b5194/1/pHhGl7hC09oju4TJunou2EvQcgs.roa
File:                     pHhGl7hC09oju4TJunou2EvQcgs.roa (raw, json)
Hash identifier:          2VlBpUDieZUHkJYBbPMMtM8Or6vr8jhJfvPVbdLnF2s=
Subject key identifier:   A4:78:46:97:B8:42:D3:DA:23:BB:84:C9:BA:7A:2E:D8:4B:D0:72:0B
Certificate issuer:       /CN=c1db041afabfd8c11f0b10b523799b65cfde3908
Certificate serial:       019422201F7E39DCA1BE05F49BF483F82CE3
Authority key identifier: C1:DB:04:1A:FA:BF:D8:C1:1F:0B:10:B5:23:79:9B:65:CF:DE:39:08
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wdsEGvq_2MEfCxC1I3mbZc_eOQg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a4/5e0489-17cf-422c-aa40-2fb0944b5194/1/pHhGl7hC09oju4TJunou2EvQcgs.roa
Signing time:             Wed 01 Jan 2025 13:48:38 +0000
ROA not before:           Wed 01 Jan 2025 13:48:38 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     49223
IP address blocks:        185.235.172.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a4/5e0489-17cf-422c-aa40-2fb0944b5194/1/wdsEGvq_2MEfCxC1I3mbZc_eOQg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a4/5e0489-17cf-422c-aa40-2fb0944b5194/1/wdsEGvq_2MEfCxC1I3mbZc_eOQg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wdsEGvq_2MEfCxC1I3mbZc_eOQg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 22:01:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:20:1f:7e:39:dc:a1:be:05:f4:9b:f4:83:f8:2c:e3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c1db041afabfd8c11f0b10b523799b65cfde3908
        Validity
            Not Before: Jan  1 13:48:38 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a4784697b842d3da23bb84c9ba7a2ed84bd0720b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:77:05:8c:9e:d4:8e:4c:ec:ec:b7:4f:72:00:
                    6e:5f:01:10:35:3e:42:05:59:d8:77:67:db:29:3d:
                    a9:be:3b:40:f6:a9:1e:48:66:f8:8f:e4:c9:93:f1:
                    c7:b8:59:62:c4:0c:2c:2f:f3:ad:a4:9f:a5:2f:f9:
                    79:95:6c:a0:7b:0e:08:5b:02:1f:6e:73:77:f2:0b:
                    a9:9f:6b:c6:fb:5e:4a:d4:06:1c:d6:af:15:7d:08:
                    fa:f7:c5:50:11:b1:9d:dc:6d:6a:0e:9f:cb:3c:0a:
                    d2:2b:ea:56:16:02:7d:d8:97:64:ef:82:72:5e:d2:
                    9f:d9:95:81:8b:9d:48:a8:54:bd:d9:e4:f9:f9:15:
                    dc:df:4c:25:66:9d:27:e5:8a:df:8a:78:05:bc:8a:
                    06:9b:3a:b5:b9:0b:d2:37:4d:6b:b4:79:01:a9:e4:
                    ac:c5:db:0a:48:c6:1c:11:07:d1:58:c2:88:3b:e6:
                    b2:ec:7d:b2:cd:18:43:82:bd:04:7e:55:c4:9b:76:
                    3b:64:e3:a8:9d:a1:c6:46:e7:d6:54:06:8e:e8:b0:
                    15:dc:ba:f7:31:c3:83:fa:dd:1f:40:37:51:9e:0e:
                    28:ea:b2:0c:b6:45:26:db:5e:ed:c2:c5:66:48:67:
                    a1:69:5d:c2:9f:00:27:01:0d:d0:9c:ca:ca:02:76:
                    f8:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A4:78:46:97:B8:42:D3:DA:23:BB:84:C9:BA:7A:2E:D8:4B:D0:72:0B
            X509v3 Authority Key Identifier:
                keyid:C1:DB:04:1A:FA:BF:D8:C1:1F:0B:10:B5:23:79:9B:65:CF:DE:39:08

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wdsEGvq_2MEfCxC1I3mbZc_eOQg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a4/5e0489-17cf-422c-aa40-2fb0944b5194/1/pHhGl7hC09oju4TJunou2EvQcgs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a4/5e0489-17cf-422c-aa40-2fb0944b5194/1/wdsEGvq_2MEfCxC1I3mbZc_eOQg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.235.172.0/22

    Signature Algorithm: sha256WithRSAEncryption
         06:d3:f3:85:a7:c7:ed:c8:7a:95:6e:b3:f4:65:3d:f4:e2:9b:
         6b:eb:be:e7:87:93:e3:92:da:39:5f:bf:8c:e5:cc:5f:60:3f:
         cf:1c:5e:b7:c9:ed:57:42:6b:dd:9e:5a:ad:99:67:84:63:a5:
         48:31:c4:24:c4:e1:ba:a4:89:d6:d3:bc:91:dc:27:6c:1c:9f:
         33:e5:e8:e6:1f:6c:25:a4:ea:96:f5:07:53:4a:a9:ae:46:e3:
         4f:e4:dc:62:71:17:24:75:3f:54:b1:41:9f:75:37:93:c1:93:
         fd:af:01:23:1f:57:b7:97:6a:51:16:bc:f2:ab:d9:cd:9e:07:
         8a:1f:95:71:b8:05:56:50:8e:c7:37:e1:0e:87:d6:3d:cd:ed:
         e0:81:24:a3:5f:b3:a9:ae:c3:f9:3d:ff:a5:3b:f3:de:a1:77:
         fc:59:0a:31:e9:04:57:cd:49:95:97:fa:b1:fd:5b:77:62:3a:
         b1:01:7a:8b:db:c6:c1:ca:40:6f:28:18:69:e8:9e:3e:90:b1:
         4b:c7:ea:04:6a:ba:48:c5:e5:eb:b4:22:30:40:90:74:a3:e8:
         10:8d:76:19:dc:16:f4:0f:f1:13:bd:13:20:c8:e9:35:d2:ec:
         25:d9:b9:9a:64:df:b6:d0:8d:27:2a:7a:8a:11:c8:4a:ae:25:
         31:a2:3f:6a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQiIB9+OdyhvgX0m/SD+CzjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMxZGIwNDFhZmFiZmQ4YzExZjBiMTBiNTIzNzk5YjY1Y2Zk
ZTM5MDgwHhcNMjUwMTAxMTM0ODM4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNDc4NDY5N2I4NDJkM2RhMjNiYjg0YzliYTdhMmVkODRiZDA3MjBiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo3cFjJ7Ujkzs7LdPcgBuXwEQNT5C
BVnYd2fbKT2pvjtA9qkeSGb4j+TJk/HHuFlixAwsL/OtpJ+lL/l5lWygew4IWwIf
bnN38gupn2vG+15K1AYc1q8VfQj698VQEbGd3G1qDp/LPArSK+pWFgJ92Jdk74Jy
XtKf2ZWBi51IqFS92eT5+RXc30wlZp0n5YrfingFvIoGmzq1uQvSN01rtHkBqeSs
xdsKSMYcEQfRWMKIO+ay7H2yzRhDgr0EflXEm3Y7ZOOonaHGRufWVAaO6LAV3Lr3
McOD+t0fQDdRng4o6rIMtkUm217twsVmSGehaV3CnwAnAQ3QnMrKAnb49wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKR4Rpe4QtPaI7uEybp6LthL0HILMB8GA1UdIwQY
MBaAFMHbBBr6v9jBHwsQtSN5m2XP3jkIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd2RzRUd2cV8yTUVmQ3hDMUkzbWJaY19lT1FnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNC81ZTA0ODktMTdjZi00MjJjLWFhNDAt
MmZiMDk0NGI1MTk0LzEvcEhoR2w3aEMwOW9qdTRUSnVub3UyRXZRY2dzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNC81ZTA0ODktMTdjZi00MjJjLWFhNDAtMmZiMDk0NGI1MTk0
LzEvd2RzRUd2cV8yTUVmQ3hDMUkzbWJaY19lT1FnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCueusMA0G
CSqGSIb3DQEBCwUAA4IBAQAG0/OFp8ftyHqVbrP0ZT304ptr677nh5Pjkto5X7+M
5cxfYD/PHF63ye1XQmvdnlqtmWeEY6VIMcQkxOG6pInW07yR3CdsHJ8z5ejmH2wl
pOqW9QdTSqmuRuNP5NxicRckdT9UsUGfdTeTwZP9rwEjH1e3l2pRFrzyq9nNngeK
H5VxuAVWUI7HN+EOh9Y9ze3ggSSjX7OprsP5Pf+lO/PeoXf8WQox6QRXzUmVl/qx
/Vt3YjqxAXqL28bBykBvKBhp6J4+kLFLx+oEarpIxeXrtCIwQJB0o+gQjXYZ3Bb0
D/ETvRMgyOk10uwl2bmaZN+20I0nKnqKEchKriUxoj9q
-----END CERTIFICATE-----