Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b5/4591a9-56c6-40de-a124-45f61f871427/1/aNuMhZPoB5D8geUtVgUfLtn3hcA.roa
File:                     aNuMhZPoB5D8geUtVgUfLtn3hcA.roa (raw, json)
Hash identifier:          kR0Yb3G1j8U1LWYfw43kMYf1t4xNNQqgRVkQzHfelvk=
Subject key identifier:   68:DB:8C:85:93:E8:07:90:FC:81:E5:2D:56:05:1F:2E:D9:F7:85:C0
Certificate issuer:       /CN=4f412cd26994faf609bdad4e35d576c2cae46555
Certificate serial:       019425218DA00CD4B8381EB339B08E11D54D
Authority key identifier: 4F:41:2C:D2:69:94:FA:F6:09:BD:AD:4E:35:D5:76:C2:CA:E4:65:55
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T0Es0mmU-vYJva1ONdV2wsrkZVU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b5/4591a9-56c6-40de-a124-45f61f871427/1/aNuMhZPoB5D8geUtVgUfLtn3hcA.roa
Signing time:             Thu 02 Jan 2025 03:49:03 +0000
ROA not before:           Thu 02 Jan 2025 03:49:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     201688
IP address blocks:        185.67.32.0/22 maxlen: 24
                          2a03:23e0::/32 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b5/4591a9-56c6-40de-a124-45f61f871427/1/T0Es0mmU-vYJva1ONdV2wsrkZVU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b5/4591a9-56c6-40de-a124-45f61f871427/1/T0Es0mmU-vYJva1ONdV2wsrkZVU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T0Es0mmU-vYJva1ONdV2wsrkZVU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:21:8d:a0:0c:d4:b8:38:1e:b3:39:b0:8e:11:d5:4d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f412cd26994faf609bdad4e35d576c2cae46555
        Validity
            Not Before: Jan  2 03:49:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=68db8c8593e80790fc81e52d56051f2ed9f785c0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:26:5c:5d:0d:1f:23:5f:3e:91:47:b7:c8:4c:
                    fa:19:e9:1a:6c:e7:8e:33:2b:8a:d5:92:9f:dc:12:
                    86:62:6d:5b:cd:95:1e:de:a5:35:1d:0d:7c:6f:34:
                    3e:9a:b7:ed:07:ad:2c:c7:6e:0e:08:c4:60:ca:61:
                    d6:25:8d:e5:22:e3:38:1f:03:30:75:7b:f9:d2:69:
                    b3:86:f5:3f:5e:7a:4f:57:12:ba:e4:b6:0f:bf:b4:
                    43:e7:72:50:2d:48:45:d1:b8:82:a6:cb:b7:e4:9e:
                    34:23:5f:61:8b:32:7f:fd:6b:46:fd:53:43:8e:21:
                    8a:91:75:26:b9:d2:f5:dc:6e:2a:d7:70:9e:ad:bd:
                    15:76:02:b7:bf:4d:37:0f:8e:6e:7c:f0:7c:2c:68:
                    f5:20:c0:48:7f:1c:46:11:61:a9:89:00:1f:b6:ba:
                    c4:72:6b:63:c9:d5:e3:d0:cb:de:78:87:a7:48:01:
                    84:73:ff:86:ff:5f:c4:0b:19:28:3e:a1:63:c2:67:
                    4b:fe:54:55:e1:b1:79:18:14:51:d0:7a:5f:90:b5:
                    32:81:18:d1:8b:f8:9f:08:e9:44:b5:7e:85:32:74:
                    37:88:4b:7b:82:57:26:76:0a:03:82:01:5c:cf:33:
                    7a:47:81:60:9c:e2:ff:4b:37:13:a2:04:02:b0:d4:
                    fd:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                68:DB:8C:85:93:E8:07:90:FC:81:E5:2D:56:05:1F:2E:D9:F7:85:C0
            X509v3 Authority Key Identifier:
                keyid:4F:41:2C:D2:69:94:FA:F6:09:BD:AD:4E:35:D5:76:C2:CA:E4:65:55

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T0Es0mmU-vYJva1ONdV2wsrkZVU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b5/4591a9-56c6-40de-a124-45f61f871427/1/aNuMhZPoB5D8geUtVgUfLtn3hcA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b5/4591a9-56c6-40de-a124-45f61f871427/1/T0Es0mmU-vYJva1ONdV2wsrkZVU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.67.32.0/22
                IPv6:
                  2a03:23e0::/32

    Signature Algorithm: sha256WithRSAEncryption
         a4:72:29:56:bb:1f:50:09:f3:11:ba:07:71:1c:e9:65:7a:36:
         8c:ce:fe:cf:47:d8:65:d3:bc:b9:dd:9a:88:ea:25:4c:38:60:
         43:84:97:3a:7b:12:57:7d:3b:ee:e8:af:95:59:ff:2e:c7:96:
         e0:d0:cf:d5:7d:f4:d5:e4:48:66:5c:f3:bb:bd:7e:7a:a2:60:
         63:c0:11:ce:32:d3:f8:f2:57:bf:cb:9f:ae:d4:ab:07:a2:2e:
         8b:48:fe:88:65:7a:f5:84:0b:af:e8:c6:7b:6e:dd:b5:42:fa:
         56:bb:21:0e:aa:cb:3b:f8:47:b6:3a:7b:46:64:0c:01:03:b7:
         03:a4:07:4b:d0:9f:58:ab:21:4c:83:19:68:78:41:03:4d:20:
         6e:53:76:15:2c:84:5d:54:c6:db:71:54:12:61:6e:07:b6:94:
         f1:4d:75:c4:d7:9d:c0:2a:d2:bc:85:a9:1a:8a:6e:ab:ee:b4:
         c2:78:a5:80:d7:8c:f9:9d:fd:f0:74:1c:78:da:c4:5e:41:8f:
         75:14:09:7e:a6:d3:36:e3:fe:c9:06:8e:7a:dd:d5:a6:9a:43:
         66:b9:c8:6a:de:1a:af:d5:22:9a:5d:cb:77:21:cb:9f:71:02:
         de:a7:d6:fb:24:70:b2:03:81:0c:f2:ce:34:9d:ec:58:cd:3f:
         7f:d4:b9:7d
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQlIY2gDNS4OB6zObCOEdVNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmNDEyY2QyNjk5NGZhZjYwOWJkYWQ0ZTM1ZDU3NmMyY2Fl
NDY1NTUwHhcNMjUwMTAyMDM0OTAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2OGRiOGM4NTkzZTgwNzkwZmM4MWU1MmQ1NjA1MWYyZWQ5Zjc4NWMwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxyZcXQ0fI18+kUe3yEz6GekabOeO
MyuK1ZKf3BKGYm1bzZUe3qU1HQ18bzQ+mrftB60sx24OCMRgymHWJY3lIuM4HwMw
dXv50mmzhvU/XnpPVxK65LYPv7RD53JQLUhF0biCpsu35J40I19hizJ//WtG/VND
jiGKkXUmudL13G4q13Cerb0VdgK3v003D45ufPB8LGj1IMBIfxxGEWGpiQAftrrE
cmtjydXj0MveeIenSAGEc/+G/1/ECxkoPqFjwmdL/lRV4bF5GBRR0HpfkLUygRjR
i/ifCOlEtX6FMnQ3iEt7glcmdgoDggFczzN6R4FgnOL/SzcTogQCsNT9VQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFGjbjIWT6AeQ/IHlLVYFHy7Z94XAMB8GA1UdIwQY
MBaAFE9BLNJplPr2Cb2tTjXVdsLK5GVVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVDBFczBtbVUtdllKdmExT05kVjJ3c3JrWlZVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNS80NTkxYTktNTZjNi00MGRlLWExMjQt
NDVmNjFmODcxNDI3LzEvYU51TWhaUG9CNUQ4Z2VVdFZnVWZMdG4zaGNBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNS80NTkxYTktNTZjNi00MGRlLWExMjQtNDVmNjFmODcxNDI3
LzEvVDBFczBtbVUtdllKdmExT05kVjJ3c3JrWlZVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuUMgMA0E
AgACMAcDBQAqAyPgMA0GCSqGSIb3DQEBCwUAA4IBAQCkcilWux9QCfMRugdxHOll
ejaMzv7PR9hl07y53ZqI6iVMOGBDhJc6exJXfTvu6K+VWf8ux5bg0M/VffTV5Ehm
XPO7vX56omBjwBHOMtP48le/y5+u1KsHoi6LSP6IZXr1hAuv6MZ7bt21QvpWuyEO
qss7+Ee2OntGZAwBA7cDpAdL0J9YqyFMgxloeEEDTSBuU3YVLIRdVMbbcVQSYW4H
tpTxTXXE153AKtK8hakaim6r7rTCeKWA14z5nf3wdBx42sReQY91FAl+ptM24/7J
Bo563dWmmkNmuchq3hqv1SKaXct3IcufcQLep9b7JHCyA4EM8s40nexYzT9/1Ll9
-----END CERTIFICATE-----