Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bd/56cc91-ba62-4037-b57f-6bddb317e78b/1/xJFVozfHmoVSSAuYbjszEZbCInk.roa
File:                     xJFVozfHmoVSSAuYbjszEZbCInk.roa (raw, json)
Hash identifier:          Gjo9VUU6W0ie3Sm+l3hGhli3h91M0ZQXuSrdhZEO8P0=
Subject key identifier:   C4:91:55:A3:37:C7:9A:85:52:48:0B:98:6E:3B:33:11:96:C2:22:79
Certificate issuer:       /CN=07a0486dc0b4ba730903788ff3f3f7c8249b921f
Certificate serial:       019427B54DEFE17D3F70DC4D069F5C395C9E
Authority key identifier: 07:A0:48:6D:C0:B4:BA:73:09:03:78:8F:F3:F3:F7:C8:24:9B:92:1F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/B6BIbcC0unMJA3iP8_P3yCSbkh8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bd/56cc91-ba62-4037-b57f-6bddb317e78b/1/xJFVozfHmoVSSAuYbjszEZbCInk.roa
Signing time:             Thu 02 Jan 2025 15:49:40 +0000
ROA not before:           Thu 02 Jan 2025 15:49:40 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     3223
IP address blocks:        185.246.120.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bd/56cc91-ba62-4037-b57f-6bddb317e78b/1/B6BIbcC0unMJA3iP8_P3yCSbkh8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bd/56cc91-ba62-4037-b57f-6bddb317e78b/1/B6BIbcC0unMJA3iP8_P3yCSbkh8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/B6BIbcC0unMJA3iP8_P3yCSbkh8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 11 Apr 2025 17:00:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:b5:4d:ef:e1:7d:3f:70:dc:4d:06:9f:5c:39:5c:9e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=07a0486dc0b4ba730903788ff3f3f7c8249b921f
        Validity
            Not Before: Jan  2 15:49:40 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c49155a337c79a8552480b986e3b331196c22279
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:83:d3:06:f0:94:29:ee:9a:f5:ae:99:b1:5d:
                    38:f3:f3:6f:06:e1:b9:f3:2c:e1:fa:17:39:4c:29:
                    0c:fb:96:59:b4:08:04:0e:3b:36:63:e1:12:96:09:
                    93:ba:93:af:6f:8e:bd:7e:fd:b4:d3:82:fe:83:39:
                    52:b0:16:bf:f0:7b:e6:58:bd:b9:30:64:be:23:92:
                    40:21:d0:9e:3b:82:6f:1a:05:10:72:e2:63:84:c3:
                    66:02:1a:c1:5c:71:0d:8e:94:a3:3a:c1:1b:09:71:
                    a4:f0:c8:d0:97:af:b0:42:ce:d6:dc:9c:7d:db:d0:
                    25:bd:e8:0e:c5:c2:a0:a2:27:5d:ce:36:da:6b:e9:
                    70:53:c4:83:31:2d:d6:89:c0:2b:45:c9:94:ec:35:
                    c7:20:73:9f:c4:ed:66:79:34:c5:7c:a4:3f:2a:ff:
                    f4:f4:b9:55:59:ee:1c:be:67:33:6d:af:dc:78:79:
                    5a:4a:fe:25:17:a1:65:ba:c8:7c:15:27:0f:bf:51:
                    0d:e9:91:74:00:8a:46:4a:cc:7a:fd:de:80:2b:e1:
                    04:3e:ac:b2:37:fe:7a:98:5a:8d:45:f4:f3:ac:3b:
                    74:92:c7:f8:bd:cc:47:4e:69:a7:f8:27:32:c2:c0:
                    d2:4a:2e:32:0b:39:5d:fb:69:be:99:45:c8:0f:ca:
                    0a:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C4:91:55:A3:37:C7:9A:85:52:48:0B:98:6E:3B:33:11:96:C2:22:79
            X509v3 Authority Key Identifier:
                keyid:07:A0:48:6D:C0:B4:BA:73:09:03:78:8F:F3:F3:F7:C8:24:9B:92:1F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/B6BIbcC0unMJA3iP8_P3yCSbkh8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bd/56cc91-ba62-4037-b57f-6bddb317e78b/1/xJFVozfHmoVSSAuYbjszEZbCInk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bd/56cc91-ba62-4037-b57f-6bddb317e78b/1/B6BIbcC0unMJA3iP8_P3yCSbkh8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.246.120.0/22

    Signature Algorithm: sha256WithRSAEncryption
         04:2d:63:8c:f6:ed:79:f8:ac:cb:29:e1:7e:1c:d1:31:bb:2c:
         23:eb:7e:12:a7:02:f3:a2:c4:5f:dd:fa:8a:62:c4:e3:86:ed:
         f3:c3:b2:aa:fb:1f:d9:12:c9:b1:c1:5b:d9:91:2d:2d:e4:82:
         4c:c9:f0:71:f8:cd:19:59:d8:c9:8f:e7:09:5f:05:ed:95:80:
         90:ed:5c:9c:f1:32:5f:04:15:81:36:47:49:2f:36:98:2a:9d:
         c4:06:fc:29:6b:fd:ca:15:33:10:bd:bc:55:40:ef:49:64:b7:
         53:38:e1:cf:f9:54:1a:5a:c2:8a:56:d1:82:88:f8:ba:8d:c4:
         1b:62:79:28:65:c6:ec:e0:70:2b:81:b6:f1:fd:5c:87:2d:1f:
         d7:d7:8f:61:51:f5:bd:d2:59:66:9e:62:b6:7b:36:94:97:30:
         11:46:17:bd:67:c4:a0:d0:14:cc:c9:1e:43:ee:80:eb:44:80:
         4f:03:0e:62:13:b5:3e:cf:6d:0a:72:9d:f5:1b:09:53:29:f9:
         a8:de:a6:57:d0:3a:50:85:b5:c0:1d:92:c5:d1:02:10:9a:31:
         f4:fa:56:64:63:69:98:43:d1:e0:e1:b5:84:be:eb:05:2e:19:
         07:8e:bf:64:91:9d:ac:34:6c:fa:4a:2f:62:9c:0f:9c:d5:86:
         c4:ce:01:f3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQntU3v4X0/cNxNBp9cOVyeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA3YTA0ODZkYzBiNGJhNzMwOTAzNzg4ZmYzZjNmN2M4MjQ5
YjkyMWYwHhcNMjUwMTAyMTU0OTQwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNDkxNTVhMzM3Yzc5YTg1NTI0ODBiOTg2ZTNiMzMxMTk2YzIyMjc5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtIPTBvCUKe6a9a6ZsV048/NvBuG5
8yzh+hc5TCkM+5ZZtAgEDjs2Y+ESlgmTupOvb469fv2004L+gzlSsBa/8HvmWL25
MGS+I5JAIdCeO4JvGgUQcuJjhMNmAhrBXHENjpSjOsEbCXGk8MjQl6+wQs7W3Jx9
29AlvegOxcKgoiddzjbaa+lwU8SDMS3WicArRcmU7DXHIHOfxO1meTTFfKQ/Kv/0
9LlVWe4cvmczba/ceHlaSv4lF6Flush8FScPv1EN6ZF0AIpGSsx6/d6AK+EEPqyy
N/56mFqNRfTzrDt0ksf4vcxHTmmn+CcywsDSSi4yCzld+2m+mUXID8oK2QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMSRVaM3x5qFUkgLmG47MxGWwiJ5MB8GA1UdIwQY
MBaAFAegSG3AtLpzCQN4j/Pz98gkm5IfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQjZCSWJjQzB1bk1KQTNpUDhfUDN5Q1Nia2g4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZC81NmNjOTEtYmE2Mi00MDM3LWI1N2Yt
NmJkZGIzMTdlNzhiLzEveEpGVm96Zkhtb1ZTU0F1WWJqc3pFWmJDSW5rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZC81NmNjOTEtYmE2Mi00MDM3LWI1N2YtNmJkZGIzMTdlNzhi
LzEvQjZCSWJjQzB1bk1KQTNpUDhfUDN5Q1Nia2g4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCufZ4MA0G
CSqGSIb3DQEBCwUAA4IBAQAELWOM9u15+KzLKeF+HNExuywj634SpwLzosRf3fqK
YsTjhu3zw7Kq+x/ZEsmxwVvZkS0t5IJMyfBx+M0ZWdjJj+cJXwXtlYCQ7Vyc8TJf
BBWBNkdJLzaYKp3EBvwpa/3KFTMQvbxVQO9JZLdTOOHP+VQaWsKKVtGCiPi6jcQb
YnkoZcbs4HArgbbx/VyHLR/X149hUfW90llmnmK2ezaUlzARRhe9Z8Sg0BTMyR5D
7oDrRIBPAw5iE7U+z20Kcp31GwlTKfmo3qZX0DpQhbXAHZLF0QIQmjH0+lZkY2mY
Q9Hg4bWEvusFLhkHjr9kkZ2sNGz6Si9inA+c1YbEzgHz
-----END CERTIFICATE-----