Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/aa/0ac3ba-54d3-491f-9048-555a19833d8e/1/CIm7PdRT4tGc0ohUd0vMkXyk2Z4.roa
File:                     CIm7PdRT4tGc0ohUd0vMkXyk2Z4.roa (raw, json)
Hash identifier:          bKi9ERQ3HDvQWS3A9n+SnlJFymCAx7E6eQcIAFgcP7o=
Subject key identifier:   08:89:BB:3D:D4:53:E2:D1:9C:D2:88:54:77:4B:CC:91:7C:A4:D9:9E
Certificate issuer:       /CN=b33dcd20b5ae95c172d32ed729ebf306197b23e7
Certificate serial:       019422203C8151354F81F7C355190D8CFB8A
Authority key identifier: B3:3D:CD:20:B5:AE:95:C1:72:D3:2E:D7:29:EB:F3:06:19:7B:23:E7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sz3NILWulcFy0y7XKevzBhl7I-c.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/aa/0ac3ba-54d3-491f-9048-555a19833d8e/1/CIm7PdRT4tGc0ohUd0vMkXyk2Z4.roa
Signing time:             Wed 01 Jan 2025 13:48:45 +0000
ROA not before:           Wed 01 Jan 2025 13:48:45 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     48095
IP address blocks:        185.204.148.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/aa/0ac3ba-54d3-491f-9048-555a19833d8e/1/sz3NILWulcFy0y7XKevzBhl7I-c.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/aa/0ac3ba-54d3-491f-9048-555a19833d8e/1/sz3NILWulcFy0y7XKevzBhl7I-c.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/sz3NILWulcFy0y7XKevzBhl7I-c.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 13:01:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:20:3c:81:51:35:4f:81:f7:c3:55:19:0d:8c:fb:8a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b33dcd20b5ae95c172d32ed729ebf306197b23e7
        Validity
            Not Before: Jan  1 13:48:45 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0889bb3dd453e2d19cd28854774bcc917ca4d99e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:8a:08:e9:5b:b5:66:cd:f9:0e:e3:22:20:68:
                    cf:98:41:7a:c9:04:46:ce:9b:45:46:e5:1c:03:55:
                    ad:4b:4c:a2:d9:6d:d4:17:4f:32:de:ef:6f:cc:d9:
                    02:8e:40:a5:ce:b4:de:d5:9e:21:ef:8d:e6:b1:11:
                    3e:2a:70:2c:12:c6:d7:6c:08:c4:84:57:5c:b5:95:
                    70:20:ca:07:22:8c:94:a7:5b:a7:45:14:6e:ad:b1:
                    27:6f:e2:78:dc:d8:63:9b:49:96:48:b7:a1:6c:f4:
                    50:9e:37:79:03:11:7d:53:17:9b:58:dd:69:68:b7:
                    83:5e:3e:54:be:c1:de:83:a1:4b:48:36:08:a1:0f:
                    e6:48:b1:24:2c:46:17:65:8b:6d:09:c1:42:75:53:
                    99:f4:12:bd:f4:09:7e:1f:3d:1a:09:92:69:00:97:
                    87:e3:68:c5:6c:fb:7c:8e:8a:ff:df:48:ac:de:7c:
                    50:6c:80:9b:e9:ca:9b:7d:e7:95:ea:ee:3b:77:15:
                    73:3d:31:b2:1a:43:d8:ba:56:9b:b7:82:5f:d3:fb:
                    f5:90:95:26:f4:f3:52:fb:78:c4:7c:5f:d4:43:36:
                    b7:6f:7d:20:1d:8b:ee:ee:e0:fe:0e:7d:c6:af:c4:
                    7e:89:7d:2d:46:ee:e1:f8:cb:2e:7d:b0:ad:95:0b:
                    5a:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                08:89:BB:3D:D4:53:E2:D1:9C:D2:88:54:77:4B:CC:91:7C:A4:D9:9E
            X509v3 Authority Key Identifier:
                keyid:B3:3D:CD:20:B5:AE:95:C1:72:D3:2E:D7:29:EB:F3:06:19:7B:23:E7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sz3NILWulcFy0y7XKevzBhl7I-c.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/aa/0ac3ba-54d3-491f-9048-555a19833d8e/1/CIm7PdRT4tGc0ohUd0vMkXyk2Z4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/aa/0ac3ba-54d3-491f-9048-555a19833d8e/1/sz3NILWulcFy0y7XKevzBhl7I-c.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.204.148.0/22

    Signature Algorithm: sha256WithRSAEncryption
         98:46:02:f2:8c:df:b6:56:2f:50:db:40:73:0e:99:37:f1:51:
         16:9b:b4:f5:3c:6a:6d:59:d0:04:64:15:11:73:d6:84:5d:8a:
         bc:3d:33:44:56:66:62:88:86:c4:e3:6e:19:ab:58:00:fd:df:
         de:17:04:8b:de:5d:a4:6f:2e:8e:f5:c7:c5:2f:7b:c6:8a:68:
         aa:2e:59:92:41:7d:11:72:9f:93:e0:3c:77:98:84:69:97:64:
         20:c6:fb:d2:92:0d:91:c8:68:fc:09:9f:8e:97:17:8f:04:c4:
         4f:19:14:2c:82:f9:7c:9a:17:09:02:9c:3e:a6:8f:2d:cb:83:
         f7:d9:8f:68:18:0f:f5:2f:9b:86:96:02:2d:01:03:6f:5f:4e:
         31:41:e6:3b:93:83:f6:63:ca:25:cb:1e:24:39:fb:80:06:4a:
         48:a7:76:03:f0:0d:ac:89:5f:55:cc:8c:fc:4e:db:78:90:dd:
         1b:5b:81:e9:e3:1d:cd:65:4f:b5:d2:2c:98:1b:47:f8:c5:db:
         61:8b:d3:21:19:a4:e9:0b:63:cd:57:54:fb:10:fc:69:e5:e3:
         e7:0b:b3:20:90:4c:7a:21:f9:08:5a:d5:c6:d8:fc:86:15:cf:
         4f:e3:33:e0:d3:2c:60:43:d7:fb:a8:90:1c:a2:e4:b7:7d:45:
         ee:f5:33:6c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQiIDyBUTVPgffDVRkNjPuKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIzM2RjZDIwYjVhZTk1YzE3MmQzMmVkNzI5ZWJmMzA2MTk3
YjIzZTcwHhcNMjUwMTAxMTM0ODQ1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwODg5YmIzZGQ0NTNlMmQxOWNkMjg4NTQ3NzRiY2M5MTdjYTRkOTllMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyYoI6Vu1Zs35DuMiIGjPmEF6yQRG
zptFRuUcA1WtS0yi2W3UF08y3u9vzNkCjkClzrTe1Z4h743msRE+KnAsEsbXbAjE
hFdctZVwIMoHIoyUp1unRRRurbEnb+J43Nhjm0mWSLehbPRQnjd5AxF9UxebWN1p
aLeDXj5UvsHeg6FLSDYIoQ/mSLEkLEYXZYttCcFCdVOZ9BK99Al+Hz0aCZJpAJeH
42jFbPt8jor/30is3nxQbICb6cqbfeeV6u47dxVzPTGyGkPYulabt4Jf0/v1kJUm
9PNS+3jEfF/UQza3b30gHYvu7uD+Dn3Gr8R+iX0tRu7h+MsufbCtlQtaAQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAiJuz3UU+LRnNKIVHdLzJF8pNmeMB8GA1UdIwQY
MBaAFLM9zSC1rpXBctMu1ynr8wYZeyPnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc3ozTklMV3VsY0Z5MHk3WEtldnpCaGw3SS1jLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYS8wYWMzYmEtNTRkMy00OTFmLTkwNDgt
NTU1YTE5ODMzZDhlLzEvQ0ltN1BkUlQ0dEdjMG9oVWQwdk1rWHlrMlo0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYS8wYWMzYmEtNTRkMy00OTFmLTkwNDgtNTU1YTE5ODMzZDhl
LzEvc3ozTklMV3VsY0Z5MHk3WEtldnpCaGw3SS1jLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCucyUMA0G
CSqGSIb3DQEBCwUAA4IBAQCYRgLyjN+2Vi9Q20BzDpk38VEWm7T1PGptWdAEZBUR
c9aEXYq8PTNEVmZiiIbE424Zq1gA/d/eFwSL3l2kby6O9cfFL3vGimiqLlmSQX0R
cp+T4Dx3mIRpl2QgxvvSkg2RyGj8CZ+OlxePBMRPGRQsgvl8mhcJApw+po8ty4P3
2Y9oGA/1L5uGlgItAQNvX04xQeY7k4P2Y8olyx4kOfuABkpIp3YD8A2siV9VzIz8
Ttt4kN0bW4Hp4x3NZU+10iyYG0f4xdthi9MhGaTpC2PNV1T7EPxp5ePnC7MgkEx6
IfkIWtXG2PyGFc9P4zPg0yxgQ9f7qJAcouS3fUXu9TNs
-----END CERTIFICATE-----