Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bb/387136-3c70-4619-8321-3d93fe6d20aa/1/Pi13Jn_f8QNwlYweA6cENA4uaSs.roa
File:                     Pi13Jn_f8QNwlYweA6cENA4uaSs.roa (raw, json)
Hash identifier:          UZD7c+7NUs2opXS6uWJEcxhLpAXCSZYdWwe68q1uABI=
Subject key identifier:   3E:2D:77:26:7F:DF:F1:03:70:95:8C:1E:03:A7:04:34:0E:2E:69:2B
Certificate issuer:       /CN=848d9800d69debae11b7f8161c3ce88181fde7b4
Certificate serial:       019424449FD96F1C486ED0633AFEBEC59942
Authority key identifier: 84:8D:98:00:D6:9D:EB:AE:11:B7:F8:16:1C:3C:E8:81:81:FD:E7:B4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hI2YANad664Rt_gWHDzogYH957Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bb/387136-3c70-4619-8321-3d93fe6d20aa/1/Pi13Jn_f8QNwlYweA6cENA4uaSs.roa
Signing time:             Wed 01 Jan 2025 23:47:44 +0000
ROA not before:           Wed 01 Jan 2025 23:47:44 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     8412
IP address blocks:        185.237.168.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bb/387136-3c70-4619-8321-3d93fe6d20aa/1/hI2YANad664Rt_gWHDzogYH957Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bb/387136-3c70-4619-8321-3d93fe6d20aa/1/hI2YANad664Rt_gWHDzogYH957Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hI2YANad664Rt_gWHDzogYH957Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 14:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:44:9f:d9:6f:1c:48:6e:d0:63:3a:fe:be:c5:99:42
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=848d9800d69debae11b7f8161c3ce88181fde7b4
        Validity
            Not Before: Jan  1 23:47:44 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3e2d77267fdff10370958c1e03a704340e2e692b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:af:57:ae:28:08:06:58:d8:0b:96:6d:78:80:
                    d5:3c:a7:ba:46:ec:bb:1b:f8:2e:e4:b4:fb:ba:35:
                    e6:b8:90:83:a9:23:bb:a6:c5:18:f4:48:21:63:04:
                    6e:b8:0c:eb:60:9e:02:f6:1c:57:96:3e:3b:3f:6d:
                    95:04:74:48:c5:5c:fd:00:99:d9:8a:7f:69:85:be:
                    cc:01:f5:b5:7d:b3:bc:fd:eb:75:22:4c:f3:75:b8:
                    3b:dd:cd:46:ae:c0:3d:80:7e:2c:df:1e:15:cb:e3:
                    25:33:3e:44:df:86:3f:d3:d3:f1:3b:ed:7f:0a:6d:
                    ec:f4:30:e8:bb:c3:93:85:52:a5:b5:b7:0c:d1:dc:
                    70:1d:19:ca:c6:9e:fd:36:15:67:f9:46:a3:98:19:
                    0e:07:5a:3b:26:13:d5:1f:16:0a:8c:83:23:12:6f:
                    40:c2:4f:33:ec:76:a9:40:97:b7:d0:92:e6:c5:0a:
                    bc:8c:67:f9:65:a0:1e:19:fd:d9:59:b1:e0:2c:32:
                    1b:47:54:d4:c9:2e:4d:86:5b:e3:25:9b:22:3d:7a:
                    0a:8d:04:a4:0c:d3:8d:f3:e6:91:79:75:2b:17:b2:
                    b0:63:b6:d6:df:26:06:71:6f:63:58:2c:0f:3d:60:
                    5a:88:f4:a0:eb:87:63:19:a0:57:25:26:3c:32:a0:
                    ea:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3E:2D:77:26:7F:DF:F1:03:70:95:8C:1E:03:A7:04:34:0E:2E:69:2B
            X509v3 Authority Key Identifier:
                keyid:84:8D:98:00:D6:9D:EB:AE:11:B7:F8:16:1C:3C:E8:81:81:FD:E7:B4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hI2YANad664Rt_gWHDzogYH957Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bb/387136-3c70-4619-8321-3d93fe6d20aa/1/Pi13Jn_f8QNwlYweA6cENA4uaSs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bb/387136-3c70-4619-8321-3d93fe6d20aa/1/hI2YANad664Rt_gWHDzogYH957Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.237.168.0/24

    Signature Algorithm: sha256WithRSAEncryption
         26:9f:90:f3:9b:97:b2:77:33:8b:75:64:33:ff:38:a4:c4:fd:
         37:4c:2e:88:1e:65:e4:b9:ba:e1:10:31:84:d7:dc:fc:d9:8a:
         c8:b6:1f:f7:50:42:99:83:8d:9c:42:16:74:ec:c2:9f:9b:17:
         19:8d:62:41:74:3a:f4:0e:7a:79:60:62:9e:21:6f:36:ac:bd:
         c0:f9:40:2d:a3:05:c7:78:35:2d:6a:63:99:36:cf:4a:e9:f5:
         72:4b:a4:08:fe:dc:0c:e6:06:55:02:c8:6d:55:db:f6:39:b2:
         c1:37:04:e9:41:38:75:d6:8f:01:15:64:ce:ba:5f:77:8e:0d:
         87:e2:4e:7b:d9:a6:fb:fa:e3:6e:7f:f4:d4:0b:a8:df:75:f1:
         f7:15:7c:79:b6:e8:0a:e7:32:c8:75:fc:7e:68:b6:d6:0e:88:
         ea:1c:fb:08:24:80:c2:2c:a2:4b:1f:30:13:ac:bd:82:17:ff:
         c7:8d:e3:98:ed:db:f3:44:5b:bb:88:51:2a:6c:33:05:b6:f8:
         7c:e6:29:87:10:c3:f7:af:62:d3:c1:2d:4b:08:c9:76:44:3f:
         1f:93:b8:44:a2:49:05:23:1f:9e:04:86:46:30:64:42:e6:9d:
         31:13:a9:5c:2e:ac:f8:37:fd:d5:38:2b:3e:fb:da:67:d5:c1:
         d8:eb:49:85
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQkRJ/ZbxxIbtBjOv6+xZlCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg0OGQ5ODAwZDY5ZGViYWUxMWI3ZjgxNjFjM2NlODgxODFm
ZGU3YjQwHhcNMjUwMTAxMjM0NzQ0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZTJkNzcyNjdmZGZmMTAzNzA5NThjMWUwM2E3MDQzNDBlMmU2OTJiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAva9XrigIBljYC5ZteIDVPKe6Ruy7
G/gu5LT7ujXmuJCDqSO7psUY9EghYwRuuAzrYJ4C9hxXlj47P22VBHRIxVz9AJnZ
in9phb7MAfW1fbO8/et1Ikzzdbg73c1GrsA9gH4s3x4Vy+MlMz5E34Y/09PxO+1/
Cm3s9DDou8OThVKltbcM0dxwHRnKxp79NhVn+UajmBkOB1o7JhPVHxYKjIMjEm9A
wk8z7HapQJe30JLmxQq8jGf5ZaAeGf3ZWbHgLDIbR1TUyS5NhlvjJZsiPXoKjQSk
DNON8+aReXUrF7KwY7bW3yYGcW9jWCwPPWBaiPSg64djGaBXJSY8MqDqlQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFD4tdyZ/3/EDcJWMHgOnBDQOLmkrMB8GA1UdIwQY
MBaAFISNmADWneuuEbf4Fhw86IGB/ee0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaEkyWUFOYWQ2NjRSdF9nV0hEem9nWUg5NTdRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYi8zODcxMzYtM2M3MC00NjE5LTgzMjEt
M2Q5M2ZlNmQyMGFhLzEvUGkxM0puX2Y4UU53bFl3ZUE2Y0VOQTR1YVNzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYi8zODcxMzYtM2M3MC00NjE5LTgzMjEtM2Q5M2ZlNmQyMGFh
LzEvaEkyWUFOYWQ2NjRSdF9nV0hEem9nWUg5NTdRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAue2oMA0G
CSqGSIb3DQEBCwUAA4IBAQAmn5Dzm5eydzOLdWQz/zikxP03TC6IHmXkubrhEDGE
19z82YrIth/3UEKZg42cQhZ07MKfmxcZjWJBdDr0Dnp5YGKeIW82rL3A+UAtowXH
eDUtamOZNs9K6fVyS6QI/twM5gZVAshtVdv2ObLBNwTpQTh11o8BFWTOul93jg2H
4k572ab7+uNuf/TUC6jfdfH3FXx5tugK5zLIdfx+aLbWDojqHPsIJIDCLKJLHzAT
rL2CF//HjeOY7dvzRFu7iFEqbDMFtvh85imHEMP3r2LTwS1LCMl2RD8fk7hEokkF
Ix+eBIZGMGRC5p0xE6lcLqz4N/3VOCs++9pn1cHY60mF
-----END CERTIFICATE-----