Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bf/4c3160-de12-4929-a483-7c65a852f092/1/XrqeZlVPArjVN5_uF6vXdWiqnXY.roa
File:                     XrqeZlVPArjVN5_uF6vXdWiqnXY.roa (raw, json)
Hash identifier:          HzAhZpTtsFcjrQoG9BcE+tsdXOYDnX7JekwCMYp1Fu0=
Subject key identifier:   5E:BA:9E:66:55:4F:02:B8:D5:37:9F:EE:17:AB:D7:75:68:AA:9D:76
Certificate issuer:       /CN=d38cd9440552e7dab9cd5631d4ab872451535b7a
Certificate serial:       019426D9ECC7650D7BE0B578B93BFC9F56E4
Authority key identifier: D3:8C:D9:44:05:52:E7:DA:B9:CD:56:31:D4:AB:87:24:51:53:5B:7A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/04zZRAVS59q5zVYx1KuHJFFTW3o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bf/4c3160-de12-4929-a483-7c65a852f092/1/XrqeZlVPArjVN5_uF6vXdWiqnXY.roa
Signing time:             Thu 02 Jan 2025 11:50:03 +0000
ROA not before:           Thu 02 Jan 2025 11:50:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     211440
IP address blocks:        185.180.144.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bf/4c3160-de12-4929-a483-7c65a852f092/1/04zZRAVS59q5zVYx1KuHJFFTW3o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bf/4c3160-de12-4929-a483-7c65a852f092/1/04zZRAVS59q5zVYx1KuHJFFTW3o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/04zZRAVS59q5zVYx1KuHJFFTW3o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 12 Apr 2025 09:01:07 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:d9:ec:c7:65:0d:7b:e0:b5:78:b9:3b:fc:9f:56:e4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d38cd9440552e7dab9cd5631d4ab872451535b7a
        Validity
            Not Before: Jan  2 11:50:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5eba9e66554f02b8d5379fee17abd77568aa9d76
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:0c:c8:27:f1:67:fc:f6:8b:ea:d1:dd:e2:75:
                    66:e7:61:e0:9c:a0:00:57:7e:90:a5:e5:60:1f:62:
                    a9:55:89:b0:31:54:39:1a:ce:bd:40:e7:12:f1:de:
                    7f:4b:57:84:bb:61:9d:86:42:11:63:82:5a:ec:f1:
                    58:a6:10:68:65:01:85:84:a2:d3:25:6f:9d:ed:b5:
                    55:97:5e:64:ff:2e:50:d1:7e:b1:19:41:b4:e8:ed:
                    9a:3f:4f:65:3e:2e:51:8f:d6:3b:bd:3a:c3:1b:4d:
                    46:81:a3:da:1d:2f:5e:ff:ff:50:1d:b3:0c:84:1a:
                    ab:2e:ca:19:2b:6d:a9:b4:eb:ac:a6:62:08:cb:4b:
                    8a:30:23:de:b7:82:ad:bb:0d:80:7e:11:10:d5:59:
                    ae:99:20:1c:1c:50:3c:0d:72:c1:2e:fe:80:70:c8:
                    25:d7:7c:42:c0:a6:0e:aa:a0:a4:a9:1f:5b:2c:32:
                    44:87:d5:d8:c5:f2:89:14:a8:94:ba:13:8f:2c:59:
                    33:eb:1d:fc:09:71:5d:6e:35:ed:bb:6a:fb:1a:c3:
                    f8:90:14:a4:c1:e8:49:fc:83:9d:94:99:0f:b9:9c:
                    85:66:30:83:98:aa:90:7f:85:53:45:b1:b7:07:05:
                    38:e0:71:d1:83:76:90:ba:59:5c:fc:5b:e8:62:e4:
                    b6:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5E:BA:9E:66:55:4F:02:B8:D5:37:9F:EE:17:AB:D7:75:68:AA:9D:76
            X509v3 Authority Key Identifier:
                keyid:D3:8C:D9:44:05:52:E7:DA:B9:CD:56:31:D4:AB:87:24:51:53:5B:7A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/04zZRAVS59q5zVYx1KuHJFFTW3o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/4c3160-de12-4929-a483-7c65a852f092/1/XrqeZlVPArjVN5_uF6vXdWiqnXY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/4c3160-de12-4929-a483-7c65a852f092/1/04zZRAVS59q5zVYx1KuHJFFTW3o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.180.144.0/24

    Signature Algorithm: sha256WithRSAEncryption
         af:7d:50:30:8b:13:d6:f9:a2:3e:76:ed:5d:9c:0f:7b:84:ff:
         fc:c9:dc:62:fd:f4:a7:d7:11:1c:22:4a:47:7c:5b:58:69:d1:
         86:2d:26:74:60:e5:15:ca:ae:94:09:f4:c5:42:59:49:0c:74:
         99:ff:a8:93:05:fd:03:d1:24:60:d1:aa:23:bb:eb:68:3e:6b:
         af:f1:37:42:e4:f3:bb:ed:23:b7:4c:32:06:e7:33:1e:fc:d0:
         4f:37:11:6c:0c:b0:41:98:aa:a6:a1:af:3b:1a:cd:e6:a8:88:
         9a:12:e4:82:b7:a4:2c:26:ca:9c:74:3f:1d:7b:b2:62:8e:c2:
         0e:0e:b8:86:a0:bd:17:36:a3:a6:55:45:c6:5e:57:fc:a3:0e:
         fb:79:f7:69:34:d5:33:8e:3b:da:30:26:f0:48:51:23:ff:54:
         3b:75:64:43:65:fd:bf:c5:7a:97:f7:9a:31:94:94:12:58:62:
         51:8d:b9:12:5e:2c:2f:f2:6c:c5:4a:c5:4f:ea:46:79:90:cc:
         d9:14:09:64:bf:40:a8:4f:2b:4a:a5:c4:fc:75:3c:d1:26:ca:
         5c:f8:b6:68:4f:21:31:a2:60:a0:ae:27:ba:b6:4c:60:6d:36:
         60:e4:bc:ed:31:7d:27:69:05:b1:c6:92:91:e3:d2:78:9e:41:
         dd:4c:05:ce
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQm2ezHZQ174LV4uTv8n1bkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQzOGNkOTQ0MDU1MmU3ZGFiOWNkNTYzMWQ0YWI4NzI0NTE1
MzViN2EwHhcNMjUwMTAyMTE1MDAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZWJhOWU2NjU1NGYwMmI4ZDUzNzlmZWUxN2FiZDc3NTY4YWE5ZDc2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1QzIJ/Fn/PaL6tHd4nVm52HgnKAA
V36QpeVgH2KpVYmwMVQ5Gs69QOcS8d5/S1eEu2GdhkIRY4Ja7PFYphBoZQGFhKLT
JW+d7bVVl15k/y5Q0X6xGUG06O2aP09lPi5Rj9Y7vTrDG01GgaPaHS9e//9QHbMM
hBqrLsoZK22ptOuspmIIy0uKMCPet4Ktuw2AfhEQ1VmumSAcHFA8DXLBLv6AcMgl
13xCwKYOqqCkqR9bLDJEh9XYxfKJFKiUuhOPLFkz6x38CXFdbjXtu2r7GsP4kBSk
wehJ/IOdlJkPuZyFZjCDmKqQf4VTRbG3BwU44HHRg3aQullc/FvoYuS24wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFF66nmZVTwK41Tef7her13Voqp12MB8GA1UdIwQY
MBaAFNOM2UQFUufauc1WMdSrhyRRU1t6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMDR6WlJBVlM1OXE1elZZeDFLdUhKRkZUVzNvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZi80YzMxNjAtZGUxMi00OTI5LWE0ODMt
N2M2NWE4NTJmMDkyLzEvWHJxZVpsVlBBcmpWTjVfdUY2dlhkV2lxblhZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZi80YzMxNjAtZGUxMi00OTI5LWE0ODMtN2M2NWE4NTJmMDky
LzEvMDR6WlJBVlM1OXE1elZZeDFLdUhKRkZUVzNvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAubSQMA0G
CSqGSIb3DQEBCwUAA4IBAQCvfVAwixPW+aI+du1dnA97hP/8ydxi/fSn1xEcIkpH
fFtYadGGLSZ0YOUVyq6UCfTFQllJDHSZ/6iTBf0D0SRg0aoju+toPmuv8TdC5PO7
7SO3TDIG5zMe/NBPNxFsDLBBmKqmoa87Gs3mqIiaEuSCt6QsJsqcdD8de7JijsIO
DriGoL0XNqOmVUXGXlf8ow77efdpNNUzjjvaMCbwSFEj/1Q7dWRDZf2/xXqX95ox
lJQSWGJRjbkSXiwv8mzFSsVP6kZ5kMzZFAlkv0CoTytKpcT8dTzRJspc+LZoTyEx
omCgrie6tkxgbTZg5LztMX0naQWxxpKR49J4nkHdTAXO
-----END CERTIFICATE-----