Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a4/80393f-2bd5-4668-acbd-152b463aa3ca/1/CMFtvIRrP8F50u4CVRtzzHXRYto.roa
File:                     CMFtvIRrP8F50u4CVRtzzHXRYto.roa (raw, json)
Hash identifier:          zBitZQVL6CHlOMMwjKpEh8Pxjt6+cJBsedg4te+yLPA=
Subject key identifier:   08:C1:6D:BC:84:6B:3F:C1:79:D2:EE:02:55:1B:73:CC:75:D1:62:DA
Certificate issuer:       /CN=c126122b4ceee41f97ffb8cc22550be3fa0a53dc
Certificate serial:       019427488FA8275F3297F5BDE4FFC58DCCB5
Authority key identifier: C1:26:12:2B:4C:EE:E4:1F:97:FF:B8:CC:22:55:0B:E3:FA:0A:53:DC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wSYSK0zu5B-X_7jMIlUL4_oKU9w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a4/80393f-2bd5-4668-acbd-152b463aa3ca/1/CMFtvIRrP8F50u4CVRtzzHXRYto.roa
Signing time:             Thu 02 Jan 2025 13:50:54 +0000
ROA not before:           Thu 02 Jan 2025 13:50:54 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     43391
IP address blocks:        185.131.208.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a4/80393f-2bd5-4668-acbd-152b463aa3ca/1/wSYSK0zu5B-X_7jMIlUL4_oKU9w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a4/80393f-2bd5-4668-acbd-152b463aa3ca/1/wSYSK0zu5B-X_7jMIlUL4_oKU9w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wSYSK0zu5B-X_7jMIlUL4_oKU9w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 07:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:48:8f:a8:27:5f:32:97:f5:bd:e4:ff:c5:8d:cc:b5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c126122b4ceee41f97ffb8cc22550be3fa0a53dc
        Validity
            Not Before: Jan  2 13:50:54 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=08c16dbc846b3fc179d2ee02551b73cc75d162da
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:64:64:f9:ce:55:4c:7f:09:3b:87:61:50:5e:
                    50:6a:e8:95:e3:8b:97:b7:19:5e:37:ab:ac:3b:28:
                    5b:6d:29:0f:7b:24:a7:7e:70:a9:61:ca:db:8b:7e:
                    10:b7:17:80:40:50:27:e4:47:21:c1:60:47:9e:cb:
                    ae:3f:68:4e:66:0e:bf:68:05:96:a4:01:67:17:e6:
                    ad:c3:09:d3:2b:34:33:3f:87:b0:ea:1e:e5:e8:31:
                    5a:15:da:c4:31:8c:a5:cd:0e:dc:e6:67:e7:98:40:
                    9b:37:b9:6e:3b:cb:56:ca:51:23:40:bc:d7:77:78:
                    6e:63:b7:8b:d6:2b:99:e6:47:3f:ef:e6:7a:0c:5b:
                    26:4a:81:65:f4:13:88:1a:38:c3:ee:cb:8c:0c:60:
                    26:f3:24:4c:81:f5:80:98:d9:7f:fe:1e:c5:b0:84:
                    10:d7:86:9b:02:cd:7b:66:d5:14:cc:d8:cb:ea:b0:
                    01:a3:ec:cd:b3:52:15:b6:74:50:65:a5:9b:1c:7e:
                    0c:b4:5d:16:a3:6d:5f:87:3c:49:83:b0:b4:18:62:
                    ac:9c:14:50:3d:b6:a0:2a:c2:a8:26:3d:e9:cc:88:
                    f3:d4:5c:e2:f5:6d:23:7b:c5:6d:c7:3d:37:6c:1a:
                    68:8a:67:92:1c:8e:a3:08:6a:a8:01:9d:e7:03:ef:
                    38:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                08:C1:6D:BC:84:6B:3F:C1:79:D2:EE:02:55:1B:73:CC:75:D1:62:DA
            X509v3 Authority Key Identifier:
                keyid:C1:26:12:2B:4C:EE:E4:1F:97:FF:B8:CC:22:55:0B:E3:FA:0A:53:DC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wSYSK0zu5B-X_7jMIlUL4_oKU9w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a4/80393f-2bd5-4668-acbd-152b463aa3ca/1/CMFtvIRrP8F50u4CVRtzzHXRYto.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a4/80393f-2bd5-4668-acbd-152b463aa3ca/1/wSYSK0zu5B-X_7jMIlUL4_oKU9w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.131.208.0/22

    Signature Algorithm: sha256WithRSAEncryption
         1e:f9:eb:b8:7c:65:0d:1e:c8:89:43:61:b2:8e:ac:22:38:5c:
         30:4f:bb:43:22:68:4f:6d:93:af:91:fa:15:56:56:b4:b3:74:
         ef:78:6f:11:db:2a:ce:0e:0f:81:34:ae:39:14:f1:79:44:f2:
         ec:5a:07:ca:ac:c1:d8:76:f3:1a:c1:a5:aa:03:36:06:33:4f:
         28:7d:22:c0:44:43:a6:97:93:76:2b:fd:2a:63:8d:a2:63:6b:
         5d:1b:bf:17:23:2b:ca:d7:09:ff:1b:6e:ea:60:e7:83:40:a4:
         8c:33:49:40:f4:a7:9a:d8:b5:de:e3:16:e4:fa:ef:6e:26:50:
         0d:48:c3:7b:36:eb:10:07:7a:1a:ce:a3:6e:3e:98:1b:d0:7d:
         79:64:ec:a0:73:11:8f:d8:55:0b:a7:b2:c6:b7:56:65:76:1d:
         b8:cd:61:b7:7d:f6:0e:97:70:90:97:67:1f:85:69:6b:3a:52:
         da:87:c9:7f:26:a4:42:7d:62:8c:b6:e6:1f:6c:d5:4d:23:cd:
         89:5c:e1:82:bb:12:8e:ef:db:58:27:df:4c:fa:27:42:42:f4:
         df:4b:f1:67:61:6b:85:3c:4a:32:ed:58:be:7e:79:8f:f7:57:
         14:3f:ee:3e:6b:99:e2:b5:d3:eb:d1:5b:ed:0c:ac:d7:16:7f:
         02:9e:a8:33
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQnSI+oJ18yl/W95P/Fjcy1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMxMjYxMjJiNGNlZWU0MWY5N2ZmYjhjYzIyNTUwYmUzZmEw
YTUzZGMwHhcNMjUwMTAyMTM1MDU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwOGMxNmRiYzg0NmIzZmMxNzlkMmVlMDI1NTFiNzNjYzc1ZDE2MmRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoGRk+c5VTH8JO4dhUF5QauiV44uX
txleN6usOyhbbSkPeySnfnCpYcrbi34QtxeAQFAn5EchwWBHnsuuP2hOZg6/aAWW
pAFnF+atwwnTKzQzP4ew6h7l6DFaFdrEMYylzQ7c5mfnmECbN7luO8tWylEjQLzX
d3huY7eL1iuZ5kc/7+Z6DFsmSoFl9BOIGjjD7suMDGAm8yRMgfWAmNl//h7FsIQQ
14abAs17ZtUUzNjL6rABo+zNs1IVtnRQZaWbHH4MtF0Wo21fhzxJg7C0GGKsnBRQ
PbagKsKoJj3pzIjz1Fzi9W0je8Vtxz03bBpoimeSHI6jCGqoAZ3nA+84rQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAjBbbyEaz/BedLuAlUbc8x10WLaMB8GA1UdIwQY
MBaAFMEmEitM7uQfl/+4zCJVC+P6ClPcMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd1NZU0swenU1Qi1YXzdqTUlsVUw0X29LVTl3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNC84MDM5M2YtMmJkNS00NjY4LWFjYmQt
MTUyYjQ2M2FhM2NhLzEvQ01GdHZJUnJQOEY1MHU0Q1ZSdHp6SFhSWXRvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNC84MDM5M2YtMmJkNS00NjY4LWFjYmQtMTUyYjQ2M2FhM2Nh
LzEvd1NZU0swenU1Qi1YXzdqTUlsVUw0X29LVTl3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuYPQMA0G
CSqGSIb3DQEBCwUAA4IBAQAe+eu4fGUNHsiJQ2GyjqwiOFwwT7tDImhPbZOvkfoV
Vla0s3TveG8R2yrODg+BNK45FPF5RPLsWgfKrMHYdvMawaWqAzYGM08ofSLAREOm
l5N2K/0qY42iY2tdG78XIyvK1wn/G27qYOeDQKSMM0lA9Kea2LXe4xbk+u9uJlAN
SMN7NusQB3oazqNuPpgb0H15ZOygcxGP2FULp7LGt1Zldh24zWG3ffYOl3CQl2cf
hWlrOlLah8l/JqRCfWKMtuYfbNVNI82JXOGCuxKO79tYJ99M+idCQvTfS/FnYWuF
PEoy7Vi+fnmP91cUP+4+a5nitdPr0VvtDKzXFn8Cnqgz
-----END CERTIFICATE-----