Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ad/b2a2dc-c076-45e1-bec4-2bbf8faa00ca/1/kWqQsigWLE-Ov88YUeZJL-x7iCw.roa
File:                     kWqQsigWLE-Ov88YUeZJL-x7iCw.roa (raw, json)
Hash identifier:          Ge/EMSQE9osHtx1/BzfNSCkBRWxNw3C0d8zRkadzqgA=
Subject key identifier:   91:6A:90:B2:28:16:2C:4F:8E:BF:CF:18:51:E6:49:2F:EC:7B:88:2C
Certificate issuer:       /CN=8ecf78ba0275d1d3b6492a8e9d610613c0306a17
Certificate serial:       01942143BF8896B096CB4FC3C966414D29E7
Authority key identifier: 8E:CF:78:BA:02:75:D1:D3:B6:49:2A:8E:9D:61:06:13:C0:30:6A:17
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/js94ugJ10dO2SSqOnWEGE8Awahc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ad/b2a2dc-c076-45e1-bec4-2bbf8faa00ca/1/kWqQsigWLE-Ov88YUeZJL-x7iCw.roa
Signing time:             Wed 01 Jan 2025 09:47:55 +0000
ROA not before:           Wed 01 Jan 2025 09:47:55 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     15224
IP address blocks:        185.34.188.0/23 maxlen: 23
                          2a00:db60:2000::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ad/b2a2dc-c076-45e1-bec4-2bbf8faa00ca/1/js94ugJ10dO2SSqOnWEGE8Awahc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ad/b2a2dc-c076-45e1-bec4-2bbf8faa00ca/1/js94ugJ10dO2SSqOnWEGE8Awahc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/js94ugJ10dO2SSqOnWEGE8Awahc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 12:00:53 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:43:bf:88:96:b0:96:cb:4f:c3:c9:66:41:4d:29:e7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8ecf78ba0275d1d3b6492a8e9d610613c0306a17
        Validity
            Not Before: Jan  1 09:47:55 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=916a90b228162c4f8ebfcf1851e6492fec7b882c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:ee:ed:11:98:1a:60:09:37:b4:d6:f5:28:c4:
                    18:19:68:61:e9:14:03:be:36:29:15:d4:a8:8c:7b:
                    e7:9f:b7:4e:32:52:16:8b:54:28:66:16:fc:2d:70:
                    e3:06:3f:3c:da:7a:26:0a:a9:c4:ca:af:d4:e9:32:
                    be:cf:fa:1f:2b:7b:e0:29:d6:f9:53:64:e8:e8:ed:
                    43:f7:9f:e2:9e:04:4f:df:29:c9:23:58:d3:f4:03:
                    31:ee:9b:7d:72:06:a7:b5:ab:c2:22:61:8a:35:d1:
                    27:2b:a7:ab:18:f0:a9:5d:c6:ba:da:a4:06:7b:65:
                    a9:04:7e:3d:a3:c6:e4:08:19:d6:f7:b0:be:15:66:
                    ca:37:6f:d5:cc:80:6b:ad:c5:91:42:9a:54:73:98:
                    e4:cd:6a:59:d1:38:11:5c:94:6e:d4:8c:c3:a4:34:
                    7a:dd:6e:52:11:45:0b:36:f2:c3:03:2d:72:c9:e9:
                    99:30:14:72:2a:ad:c2:31:d6:5b:6d:9f:cd:98:8a:
                    2e:ac:a5:f4:a7:20:8c:f4:a4:ec:be:8e:2f:d8:c1:
                    11:72:13:53:ae:51:70:ad:8d:da:8b:7a:73:91:f3:
                    e0:02:b0:bd:13:de:e5:2b:23:d5:84:51:fe:c7:53:
                    4d:6f:92:19:36:8e:47:3a:ab:e4:27:e3:2b:9f:de:
                    b3:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                91:6A:90:B2:28:16:2C:4F:8E:BF:CF:18:51:E6:49:2F:EC:7B:88:2C
            X509v3 Authority Key Identifier:
                keyid:8E:CF:78:BA:02:75:D1:D3:B6:49:2A:8E:9D:61:06:13:C0:30:6A:17

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/js94ugJ10dO2SSqOnWEGE8Awahc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ad/b2a2dc-c076-45e1-bec4-2bbf8faa00ca/1/kWqQsigWLE-Ov88YUeZJL-x7iCw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ad/b2a2dc-c076-45e1-bec4-2bbf8faa00ca/1/js94ugJ10dO2SSqOnWEGE8Awahc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.34.188.0/23
                IPv6:
                  2a00:db60:2000::/48

    Signature Algorithm: sha256WithRSAEncryption
         38:a0:d6:e9:ed:11:05:92:4a:dd:87:7b:78:e5:3f:70:e0:17:
         34:18:ac:46:dc:b4:01:fa:a8:ed:26:52:f2:ce:c3:cb:f1:11:
         04:d7:0f:e4:f3:3f:63:1e:76:b0:4d:29:11:00:9f:c6:4b:9c:
         88:af:1e:3b:4a:4d:c9:fa:48:d1:46:44:87:bc:11:49:24:eb:
         5a:3f:3a:a3:e1:e5:a5:b0:9c:ad:bf:dc:fb:b6:ce:0b:8b:0b:
         eb:dd:b5:b4:6e:9a:ec:7d:d8:be:90:3c:59:a7:37:85:4b:49:
         fb:3e:da:80:49:5e:60:c3:cc:fa:92:92:b1:6a:f8:92:33:c6:
         d3:d5:3e:c8:74:25:59:77:2e:d0:ea:34:e6:79:bb:56:5d:cc:
         cd:56:8a:b6:0c:e8:6f:c7:3b:85:a2:e7:36:2b:93:40:fc:df:
         a8:ac:08:b1:f2:e0:0b:99:4a:26:33:87:e0:bb:54:67:d6:5d:
         e4:ce:79:64:fc:20:86:11:80:be:63:a1:9a:03:08:e6:44:8c:
         ac:00:3e:97:6e:16:0a:5b:20:cb:80:94:df:12:09:65:6d:6c:
         0f:4d:88:50:b5:2b:28:76:3b:cf:0a:22:06:90:12:8e:bd:ae:
         d4:9d:0b:c0:a9:e7:e6:80:38:67:38:fb:54:ef:00:d6:3a:86:
         a6:43:84:f3
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZQhQ7+IlrCWy0/DyWZBTSnnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhlY2Y3OGJhMDI3NWQxZDNiNjQ5MmE4ZTlkNjEwNjEzYzAz
MDZhMTcwHhcNMjUwMTAxMDk0NzU1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MTZhOTBiMjI4MTYyYzRmOGViZmNmMTg1MWU2NDkyZmVjN2I4ODJjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0u7tEZgaYAk3tNb1KMQYGWhh6RQD
vjYpFdSojHvnn7dOMlIWi1QoZhb8LXDjBj882nomCqnEyq/U6TK+z/ofK3vgKdb5
U2To6O1D95/ingRP3ynJI1jT9AMx7pt9cgantavCImGKNdEnK6erGPCpXca62qQG
e2WpBH49o8bkCBnW97C+FWbKN2/VzIBrrcWRQppUc5jkzWpZ0TgRXJRu1IzDpDR6
3W5SEUULNvLDAy1yyemZMBRyKq3CMdZbbZ/NmIourKX0pyCM9KTsvo4v2MERchNT
rlFwrY3ai3pzkfPgArC9E97lKyPVhFH+x1NNb5IZNo5HOqvkJ+Mrn96z9wIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFJFqkLIoFixPjr/PGFHmSS/se4gsMB8GA1UdIwQY
MBaAFI7PeLoCddHTtkkqjp1hBhPAMGoXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvanM5NHVnSjEwZE8yU1NxT25XRUdFOEF3YWhjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZC9iMmEyZGMtYzA3Ni00NWUxLWJlYzQt
MmJiZjhmYWEwMGNhLzEva1dxUXNpZ1dMRS1Pdjg4WVVlWkpMLXg3aUN3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZC9iMmEyZGMtYzA3Ni00NWUxLWJlYzQtMmJiZjhmYWEwMGNh
LzEvanM5NHVnSjEwZE8yU1NxT25XRUdFOEF3YWhjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQBuSK8MA8E
AgACMAkDBwAqANtgIAAwDQYJKoZIhvcNAQELBQADggEBADig1untEQWSSt2He3jl
P3DgFzQYrEbctAH6qO0mUvLOw8vxEQTXD+TzP2MedrBNKREAn8ZLnIivHjtKTcn6
SNFGRIe8EUkk61o/OqPh5aWwnK2/3Pu2zguLC+vdtbRumux92L6QPFmnN4VLSfs+
2oBJXmDDzPqSkrFq+JIzxtPVPsh0JVl3LtDqNOZ5u1ZdzM1WirYM6G/HO4Wi5zYr
k0D836isCLHy4AuZSiYzh+C7VGfWXeTOeWT8IIYRgL5joZoDCOZEjKwAPpduFgpb
IMuAlN8SCWVtbA9NiFC1Kyh2O88KIgaQEo69rtSdC8Cp5+aAOGc4+1TvANY6hqZD
hPM=
-----END CERTIFICATE-----