Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a8/e6ba81-b38e-4bb3-b005-56fde5e715b1/1/Q0tX8C3mAUGr4XLZlc4tVpO7Am4.roa
File:                     Q0tX8C3mAUGr4XLZlc4tVpO7Am4.roa (raw, json)
Hash identifier:          hVicWWTtt7YlyO3V3zzscqDP1fMclWoLBHVq6weE/Lo=
Subject key identifier:   43:4B:57:F0:2D:E6:01:41:AB:E1:72:D9:95:CE:2D:56:93:BB:02:6E
Certificate issuer:       /CN=4721bf48e401660ee9611b35c04b5d1d1f3fabfa
Certificate serial:       01942521D503AD0620D6FDB023D69795A214
Authority key identifier: 47:21:BF:48:E4:01:66:0E:E9:61:1B:35:C0:4B:5D:1D:1F:3F:AB:FA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RyG_SOQBZg7pYRs1wEtdHR8_q_o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a8/e6ba81-b38e-4bb3-b005-56fde5e715b1/1/Q0tX8C3mAUGr4XLZlc4tVpO7Am4.roa
Signing time:             Thu 02 Jan 2025 03:49:21 +0000
ROA not before:           Thu 02 Jan 2025 03:49:21 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     203350
IP address blocks:        185.18.223.0/24 maxlen: 24
                          2a05:4240::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a8/e6ba81-b38e-4bb3-b005-56fde5e715b1/1/RyG_SOQBZg7pYRs1wEtdHR8_q_o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a8/e6ba81-b38e-4bb3-b005-56fde5e715b1/1/RyG_SOQBZg7pYRs1wEtdHR8_q_o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RyG_SOQBZg7pYRs1wEtdHR8_q_o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 18 Apr 2025 16:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:21:d5:03:ad:06:20:d6:fd:b0:23:d6:97:95:a2:14
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4721bf48e401660ee9611b35c04b5d1d1f3fabfa
        Validity
            Not Before: Jan  2 03:49:21 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=434b57f02de60141abe172d995ce2d5693bb026e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:22:11:80:fb:96:bb:ca:6f:c9:27:1a:4c:73:
                    34:6b:40:72:f7:64:49:7c:c7:21:50:fc:50:1d:5a:
                    06:2d:5b:22:39:fb:31:54:d3:34:58:0d:e3:9c:51:
                    ed:ac:57:b9:43:e3:ba:3c:60:70:91:59:4d:fc:f7:
                    21:d7:00:87:97:36:a0:ae:9f:a3:ce:c3:f1:64:da:
                    45:c7:4e:07:9c:9e:58:b1:ce:d7:2d:de:82:48:91:
                    ab:36:00:91:47:d3:e8:09:a8:60:88:6e:a0:ea:9c:
                    a4:08:55:46:92:d8:bb:fc:e1:b8:41:b1:03:a8:b5:
                    ca:98:cc:a1:29:de:00:42:6e:c5:5d:a1:0f:a5:ed:
                    98:b6:f0:a6:24:73:4f:ac:bd:12:b7:26:0f:7f:54:
                    13:f9:ab:ae:fd:61:74:aa:f3:e7:13:bf:d0:f9:79:
                    b1:c3:22:65:82:d3:87:6b:80:db:29:98:36:ab:24:
                    38:06:ec:62:b2:fa:73:66:37:ac:a5:38:d7:9a:8e:
                    9f:46:9f:92:4f:2e:d4:14:22:c5:70:c4:e5:5d:51:
                    5d:c6:5a:9d:b6:b2:a8:53:2b:31:ba:1d:01:e6:ab:
                    1b:14:98:16:c7:70:69:08:27:a3:7c:62:83:be:f5:
                    ed:22:fe:62:30:8b:64:3a:aa:ce:b2:9e:97:f5:60:
                    5e:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                43:4B:57:F0:2D:E6:01:41:AB:E1:72:D9:95:CE:2D:56:93:BB:02:6E
            X509v3 Authority Key Identifier:
                keyid:47:21:BF:48:E4:01:66:0E:E9:61:1B:35:C0:4B:5D:1D:1F:3F:AB:FA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RyG_SOQBZg7pYRs1wEtdHR8_q_o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/e6ba81-b38e-4bb3-b005-56fde5e715b1/1/Q0tX8C3mAUGr4XLZlc4tVpO7Am4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/e6ba81-b38e-4bb3-b005-56fde5e715b1/1/RyG_SOQBZg7pYRs1wEtdHR8_q_o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.18.223.0/24
                IPv6:
                  2a05:4240::/32

    Signature Algorithm: sha256WithRSAEncryption
         2c:03:14:f8:bb:bd:2c:5e:9d:89:0a:ca:21:05:7e:8e:b6:2d:
         6c:8b:d2:b8:05:45:65:c5:08:c9:5b:53:99:ec:65:ac:7b:22:
         48:e4:2a:2b:86:bb:cc:0d:ee:d9:26:f6:5d:86:68:76:83:f6:
         b3:4e:9c:38:55:ae:27:e4:28:a5:0c:fa:58:27:b1:72:4f:b0:
         f7:78:fc:c3:69:f0:5b:12:92:04:47:e4:42:c5:ea:58:92:88:
         d5:14:b3:d7:f7:95:68:32:f3:9f:03:02:e4:0e:ef:ca:9e:23:
         87:3d:fc:e5:e3:b6:d0:99:67:dd:57:97:c1:d3:4d:3c:b3:e5:
         8d:74:d7:9a:ea:9d:7b:32:82:0c:09:7f:95:62:de:be:03:79:
         db:4a:6c:b0:8a:88:a9:2f:0c:f1:a7:69:d9:6b:3f:03:e9:17:
         1f:44:7f:e4:1d:e7:69:a1:be:7a:a5:98:4b:07:3b:35:5f:ad:
         12:f2:3a:57:21:31:e8:c8:28:20:d7:fa:c0:cc:88:14:7e:7c:
         38:52:29:45:f7:29:23:d0:e4:0c:83:2d:d8:55:b3:cc:82:a8:
         e3:eb:11:78:f6:d2:58:39:f2:23:1d:64:57:5e:47:37:75:a0:
         e4:b6:37:0c:b2:25:9c:25:93:6d:0b:55:ec:c0:c6:74:50:fe:
         c1:3d:c4:34
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQlIdUDrQYg1v2wI9aXlaIUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ3MjFiZjQ4ZTQwMTY2MGVlOTYxMWIzNWMwNGI1ZDFkMWYz
ZmFiZmEwHhcNMjUwMTAyMDM0OTIxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MzRiNTdmMDJkZTYwMTQxYWJlMTcyZDk5NWNlMmQ1NjkzYmIwMjZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApyIRgPuWu8pvyScaTHM0a0By92RJ
fMchUPxQHVoGLVsiOfsxVNM0WA3jnFHtrFe5Q+O6PGBwkVlN/Pch1wCHlzagrp+j
zsPxZNpFx04HnJ5Ysc7XLd6CSJGrNgCRR9PoCahgiG6g6pykCFVGkti7/OG4QbED
qLXKmMyhKd4AQm7FXaEPpe2YtvCmJHNPrL0StyYPf1QT+auu/WF0qvPnE7/Q+Xmx
wyJlgtOHa4DbKZg2qyQ4BuxisvpzZjespTjXmo6fRp+STy7UFCLFcMTlXVFdxlqd
trKoUysxuh0B5qsbFJgWx3BpCCejfGKDvvXtIv5iMItkOqrOsp6X9WBe8wIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFENLV/At5gFBq+Fy2ZXOLVaTuwJuMB8GA1UdIwQY
MBaAFEchv0jkAWYO6WEbNcBLXR0fP6v6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUnlHX1NPUUJaZzdwWVJzMXdFdGRIUjhfcV9vLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOC9lNmJhODEtYjM4ZS00YmIzLWIwMDUt
NTZmZGU1ZTcxNWIxLzEvUTB0WDhDM21BVUdyNFhMWmxjNHRWcE83QW00LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hOC9lNmJhODEtYjM4ZS00YmIzLWIwMDUtNTZmZGU1ZTcxNWIx
LzEvUnlHX1NPUUJaZzdwWVJzMXdFdGRIUjhfcV9vLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAuRLfMA0E
AgACMAcDBQAqBUJAMA0GCSqGSIb3DQEBCwUAA4IBAQAsAxT4u70sXp2JCsohBX6O
ti1si9K4BUVlxQjJW1OZ7GWseyJI5CorhrvMDe7ZJvZdhmh2g/azTpw4Va4n5Cil
DPpYJ7FyT7D3ePzDafBbEpIER+RCxepYkojVFLPX95VoMvOfAwLkDu/KniOHPfzl
47bQmWfdV5fB0008s+WNdNea6p17MoIMCX+VYt6+A3nbSmywioipLwzxp2nZaz8D
6RcfRH/kHedpob56pZhLBzs1X60S8jpXITHoyCgg1/rAzIgUfnw4UilF9ykj0OQM
gy3YVbPMgqjj6xF49tJYOfIjHWRXXkc3daDktjcMsiWcJZNtC1XswMZ0UP7BPcQ0
-----END CERTIFICATE-----