Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b1/3123d0-7caa-4df3-ad23-aba4e643058e/1/pFLpzrM-iV1fQ_hTxX2xOEHMjt0.roa
File:                     pFLpzrM-iV1fQ_hTxX2xOEHMjt0.roa (raw, json)
Hash identifier:          aLstNITfJuEBD1I0LdnhTrgtI2g65BeTn/qvRZrCSW8=
Subject key identifier:   A4:52:E9:CE:B3:3E:89:5D:5F:43:F8:53:C5:7D:B1:38:41:CC:8E:DD
Certificate issuer:       /CN=47014c926ea76d566e9e8a96d5861d4757c8b0ea
Certificate serial:       019426D967C688677EB7AB2F5EA4532A99F2
Authority key identifier: 47:01:4C:92:6E:A7:6D:56:6E:9E:8A:96:D5:86:1D:47:57:C8:B0:EA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RwFMkm6nbVZunoqW1YYdR1fIsOo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b1/3123d0-7caa-4df3-ad23-aba4e643058e/1/pFLpzrM-iV1fQ_hTxX2xOEHMjt0.roa
Signing time:             Thu 02 Jan 2025 11:49:29 +0000
ROA not before:           Thu 02 Jan 2025 11:49:29 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     208819
IP address blocks:        185.212.36.0/22 maxlen: 22
                          2a0b:7040::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b1/3123d0-7caa-4df3-ad23-aba4e643058e/1/RwFMkm6nbVZunoqW1YYdR1fIsOo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b1/3123d0-7caa-4df3-ad23-aba4e643058e/1/RwFMkm6nbVZunoqW1YYdR1fIsOo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RwFMkm6nbVZunoqW1YYdR1fIsOo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 13 Apr 2025 18:34:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:d9:67:c6:88:67:7e:b7:ab:2f:5e:a4:53:2a:99:f2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=47014c926ea76d566e9e8a96d5861d4757c8b0ea
        Validity
            Not Before: Jan  2 11:49:29 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a452e9ceb33e895d5f43f853c57db13841cc8edd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:bc:41:a4:ca:ad:00:3c:0c:8e:6d:87:5a:83:
                    6f:65:ed:f0:a9:2b:9f:77:2f:1f:03:73:32:27:21:
                    a4:5f:9f:f1:61:d5:8e:9d:5e:a9:c9:97:b0:d3:38:
                    45:e3:88:81:20:bf:60:69:c0:ad:33:db:1f:89:62:
                    35:70:7c:73:b4:9f:21:eb:52:0b:7c:18:7c:ca:16:
                    7f:0e:58:36:b4:6a:bf:5e:b8:bf:09:3d:a8:c9:00:
                    36:2e:2f:48:db:e1:0c:61:b8:36:4c:9b:62:a0:e4:
                    92:87:64:90:82:6e:ca:11:5b:c7:33:3f:d8:d9:eb:
                    52:bb:df:85:b4:71:cf:60:e5:c4:5e:5b:da:8a:98:
                    cd:17:b0:cf:b1:0d:e8:1d:3b:6a:57:89:88:c1:2c:
                    a3:a5:0a:e5:87:75:77:a0:00:e8:80:22:31:ab:ce:
                    6e:ae:69:43:92:ad:f5:ef:3e:b5:a5:b1:15:76:a6:
                    22:02:51:38:22:08:6b:f8:b6:38:9f:9f:9b:ec:ee:
                    02:f3:f0:9e:1c:3b:35:22:bf:97:dd:e1:22:fa:3a:
                    15:94:60:c4:bf:d8:51:9b:19:3d:ac:2e:6c:7c:61:
                    45:2c:e8:e2:92:e5:ae:ec:d9:e2:23:78:83:07:d4:
                    c0:0e:32:77:58:93:de:21:c0:24:f3:1a:80:14:36:
                    fc:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A4:52:E9:CE:B3:3E:89:5D:5F:43:F8:53:C5:7D:B1:38:41:CC:8E:DD
            X509v3 Authority Key Identifier:
                keyid:47:01:4C:92:6E:A7:6D:56:6E:9E:8A:96:D5:86:1D:47:57:C8:B0:EA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RwFMkm6nbVZunoqW1YYdR1fIsOo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/3123d0-7caa-4df3-ad23-aba4e643058e/1/pFLpzrM-iV1fQ_hTxX2xOEHMjt0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/3123d0-7caa-4df3-ad23-aba4e643058e/1/RwFMkm6nbVZunoqW1YYdR1fIsOo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.212.36.0/22
                IPv6:
                  2a0b:7040::/29

    Signature Algorithm: sha256WithRSAEncryption
         69:52:32:47:61:de:3a:f0:ca:31:1d:dc:17:d2:ba:e6:d1:78:
         2a:8a:95:da:eb:de:87:90:47:e4:47:cc:3c:eb:6b:22:fa:38:
         2f:7a:84:41:62:fa:b9:1e:61:00:64:49:77:d7:0b:83:97:8c:
         dc:29:70:68:f7:2d:04:53:d6:85:33:7e:39:13:f4:d0:dd:50:
         d9:49:fd:0d:1b:04:5c:27:59:84:4b:80:4f:7b:7b:d2:d1:94:
         61:79:54:16:7c:bb:a1:8d:d7:3d:18:81:d9:27:4e:68:cd:28:
         c4:0a:b3:1b:20:0d:8b:da:47:78:60:24:48:25:aa:9c:18:44:
         0f:2d:20:27:38:bb:77:6e:e1:22:06:4a:81:65:45:cc:2a:f5:
         22:3f:34:0e:72:fd:84:49:23:a2:1a:6d:e8:11:cc:ce:da:a1:
         80:d5:5e:51:04:17:b6:63:68:54:97:fa:25:b5:c8:b6:f3:f2:
         89:bc:ac:b0:58:74:d8:3e:04:a8:10:8b:33:ea:f4:cc:91:ee:
         81:ef:98:8c:51:62:d7:1e:18:ce:d8:22:2c:84:ad:b0:ca:6b:
         3a:9b:9a:03:50:71:8a:9b:13:c2:6f:23:1b:77:ee:0e:0b:52:
         9b:7f:4b:f9:8d:07:c8:1c:34:fa:c6:1e:b3:46:cb:ca:29:01:
         fd:1a:b2:44
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQm2WfGiGd+t6svXqRTKpnyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ3MDE0YzkyNmVhNzZkNTY2ZTllOGE5NmQ1ODYxZDQ3NTdj
OGIwZWEwHhcNMjUwMTAyMTE0OTI5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNDUyZTljZWIzM2U4OTVkNWY0M2Y4NTNjNTdkYjEzODQxY2M4ZWRkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArbxBpMqtADwMjm2HWoNvZe3wqSuf
dy8fA3MyJyGkX5/xYdWOnV6pyZew0zhF44iBIL9gacCtM9sfiWI1cHxztJ8h61IL
fBh8yhZ/Dlg2tGq/Xri/CT2oyQA2Li9I2+EMYbg2TJtioOSSh2SQgm7KEVvHMz/Y
2etSu9+FtHHPYOXEXlvaipjNF7DPsQ3oHTtqV4mIwSyjpQrlh3V3oADogCIxq85u
rmlDkq317z61pbEVdqYiAlE4Ighr+LY4n5+b7O4C8/CeHDs1Ir+X3eEi+joVlGDE
v9hRmxk9rC5sfGFFLOjikuWu7NniI3iDB9TADjJ3WJPeIcAk8xqAFDb8iwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFKRS6c6zPoldX0P4U8V9sThBzI7dMB8GA1UdIwQY
MBaAFEcBTJJup21Wbp6KltWGHUdXyLDqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUndGTWttNm5iVlp1bm9xVzFZWWRSMWZJc09vLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMS8zMTIzZDAtN2NhYS00ZGYzLWFkMjMt
YWJhNGU2NDMwNThlLzEvcEZMcHpyTS1pVjFmUV9oVHhYMnhPRUhNanQwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMS8zMTIzZDAtN2NhYS00ZGYzLWFkMjMtYWJhNGU2NDMwNThl
LzEvUndGTWttNm5iVlp1bm9xVzFZWWRSMWZJc09vLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCudQkMA0E
AgACMAcDBQMqC3BAMA0GCSqGSIb3DQEBCwUAA4IBAQBpUjJHYd468MoxHdwX0rrm
0XgqipXa696HkEfkR8w862si+jgveoRBYvq5HmEAZEl31wuDl4zcKXBo9y0EU9aF
M345E/TQ3VDZSf0NGwRcJ1mES4BPe3vS0ZRheVQWfLuhjdc9GIHZJ05ozSjECrMb
IA2L2kd4YCRIJaqcGEQPLSAnOLt3buEiBkqBZUXMKvUiPzQOcv2ESSOiGm3oEczO
2qGA1V5RBBe2Y2hUl/oltci28/KJvKywWHTYPgSoEIsz6vTMke6B75iMUWLXHhjO
2CIshK2wyms6m5oDUHGKmxPCbyMbd+4OC1Kbf0v5jQfIHDT6xh6zRsvKKQH9GrJE
-----END CERTIFICATE-----