Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/t7cDZyN_6ualnQ5KDF6RcJ3qstA.roa
File:                     t7cDZyN_6ualnQ5KDF6RcJ3qstA.roa (raw, json)
Hash identifier:          dCnPvC0ew6hv4cBwo8+Y+AQ8GFUdFBuRnAqpn1YOGWM=
Subject key identifier:   B7:B7:03:67:23:7F:EA:E6:A5:9D:0E:4A:0C:5E:91:70:9D:EA:B2:D0
Certificate issuer:       /CN=b4f96345d3f22edb395d247f7b86d2d73e4a0091
Certificate serial:       019423D72CDE6F05ED106526366656B4B1E6
Authority key identifier: B4:F9:63:45:D3:F2:2E:DB:39:5D:24:7F:7B:86:D2:D7:3E:4A:00:91
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/t7cDZyN_6ualnQ5KDF6RcJ3qstA.roa
Signing time:             Wed 01 Jan 2025 21:48:11 +0000
ROA not before:           Wed 01 Jan 2025 21:48:11 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213369
IP address blocks:        185.180.228.0/23 maxlen: 23
                          185.180.228.0/24 maxlen: 24
                          185.180.229.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/tPljRdPyLts5XSR_e4bS1z5KAJE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/tPljRdPyLts5XSR_e4bS1z5KAJE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 10:07:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:d7:2c:de:6f:05:ed:10:65:26:36:66:56:b4:b1:e6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b4f96345d3f22edb395d247f7b86d2d73e4a0091
        Validity
            Not Before: Jan  1 21:48:11 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b7b70367237feae6a59d0e4a0c5e91709deab2d0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:ca:0a:73:83:5d:44:03:46:21:cd:40:78:fe:
                    01:e0:31:3c:6e:d1:8a:50:a0:92:9d:db:7a:45:12:
                    a7:16:79:94:1f:c7:ae:a9:a4:a4:66:67:cf:7a:d9:
                    2e:f9:2d:02:75:17:db:8e:8c:88:16:a7:2d:a9:74:
                    c8:51:37:47:e6:20:ce:11:01:59:62:33:cc:fc:36:
                    9e:40:5e:ba:88:14:57:d5:6d:e2:05:28:7d:dd:e1:
                    61:d3:4d:d6:64:87:9c:da:89:35:99:15:b6:41:6e:
                    32:af:37:9c:41:b4:65:1c:c2:af:96:45:aa:73:62:
                    7a:fd:47:0a:8c:64:b6:f9:cb:f7:00:75:db:9d:62:
                    5b:a5:0b:28:27:2a:af:b4:f4:de:8a:9d:95:2e:19:
                    0a:44:95:2f:1d:ef:cb:ce:0e:70:cd:d0:2b:f0:d2:
                    ba:96:b4:70:04:b8:98:0c:77:dd:88:87:c4:87:79:
                    9c:ab:c7:9d:41:f8:85:97:f8:0b:da:3a:dd:15:ce:
                    e7:96:12:39:c2:4c:a7:c2:b6:1e:00:3a:a2:f4:4a:
                    a7:4e:9f:7f:10:ef:fb:75:fb:e0:5b:66:bf:95:fb:
                    ae:f0:6f:ac:1e:93:b2:d0:1e:2f:05:06:05:72:05:
                    1b:1c:dd:7e:1d:7c:1e:56:e9:75:8f:28:01:ce:98:
                    fb:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B7:B7:03:67:23:7F:EA:E6:A5:9D:0E:4A:0C:5E:91:70:9D:EA:B2:D0
            X509v3 Authority Key Identifier:
                keyid:B4:F9:63:45:D3:F2:2E:DB:39:5D:24:7F:7B:86:D2:D7:3E:4A:00:91

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/t7cDZyN_6ualnQ5KDF6RcJ3qstA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/tPljRdPyLts5XSR_e4bS1z5KAJE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.180.228.0/23

    Signature Algorithm: sha256WithRSAEncryption
         a7:34:ab:44:31:83:cc:21:68:30:dd:83:e4:f5:3b:d8:be:a2:
         c6:49:96:7c:2d:0c:6b:26:37:07:0e:66:11:c0:13:01:aa:15:
         eb:56:2f:bf:c5:49:8e:33:df:68:53:d7:02:ec:58:0d:4b:d0:
         8e:a5:27:d2:ed:10:bd:1b:99:94:76:d6:0d:47:f0:0f:a2:48:
         2c:4b:fe:e7:43:fd:bd:e8:86:6f:61:ab:e7:5e:03:35:54:9d:
         32:94:9f:d7:8e:39:49:87:25:d0:b4:99:00:84:59:4b:e2:cd:
         69:a8:0f:53:f0:ef:61:ee:e1:84:9d:d0:b2:17:b1:45:6a:30:
         e5:55:cb:ab:08:2e:12:01:00:27:6f:0c:02:81:93:cd:64:d3:
         54:b0:c5:54:04:ba:21:9f:30:f5:c9:a7:5d:9c:77:c6:55:eb:
         44:16:ea:f4:56:45:d4:85:5d:0f:3b:21:1d:b1:a6:50:ba:0e:
         98:d5:be:17:ac:2e:3e:6d:42:0a:7f:a2:30:8f:d2:45:f7:5c:
         11:ba:0e:81:20:f3:40:db:45:7b:dc:1d:e9:91:f2:a7:83:89:
         b0:3d:6d:51:1f:4e:7d:d7:f4:b9:6a:cb:c8:aa:49:b9:26:4c:
         b1:5a:5f:6b:60:c3:9a:b3:41:91:63:08:fb:32:95:cf:a6:73:
         51:c4:9c:42
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQj1yzebwXtEGUmNmZWtLHmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0Zjk2MzQ1ZDNmMjJlZGIzOTVkMjQ3ZjdiODZkMmQ3M2U0
YTAwOTEwHhcNMjUwMTAxMjE0ODExWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiN2I3MDM2NzIzN2ZlYWU2YTU5ZDBlNGEwYzVlOTE3MDlkZWFiMmQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAksoKc4NdRANGIc1AeP4B4DE8btGK
UKCSndt6RRKnFnmUH8euqaSkZmfPetku+S0CdRfbjoyIFqctqXTIUTdH5iDOEQFZ
YjPM/DaeQF66iBRX1W3iBSh93eFh003WZIec2ok1mRW2QW4yrzecQbRlHMKvlkWq
c2J6/UcKjGS2+cv3AHXbnWJbpQsoJyqvtPTeip2VLhkKRJUvHe/Lzg5wzdAr8NK6
lrRwBLiYDHfdiIfEh3mcq8edQfiFl/gL2jrdFc7nlhI5wkynwrYeADqi9EqnTp9/
EO/7dfvgW2a/lfuu8G+sHpOy0B4vBQYFcgUbHN1+HXweVul1jygBzpj7TQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLe3A2cjf+rmpZ0OSgxekXCd6rLQMB8GA1UdIwQY
MBaAFLT5Y0XT8i7bOV0kf3uG0tc+SgCRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdFBsalJkUHlMdHM1WFNSX2U0YlMxejVLQUpFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNS84ZTEyMWQtNzNiMy00MzhhLTgzYzQt
NmZjMzQzZDc3Y2QyLzEvdDdjRFp5Tl82dWFsblE1S0RGNlJjSjNxc3RBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNS84ZTEyMWQtNzNiMy00MzhhLTgzYzQtNmZjMzQzZDc3Y2Qy
LzEvdFBsalJkUHlMdHM1WFNSX2U0YlMxejVLQUpFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBubTkMA0G
CSqGSIb3DQEBCwUAA4IBAQCnNKtEMYPMIWgw3YPk9TvYvqLGSZZ8LQxrJjcHDmYR
wBMBqhXrVi+/xUmOM99oU9cC7FgNS9COpSfS7RC9G5mUdtYNR/APokgsS/7nQ/29
6IZvYavnXgM1VJ0ylJ/XjjlJhyXQtJkAhFlL4s1pqA9T8O9h7uGEndCyF7FFajDl
VcurCC4SAQAnbwwCgZPNZNNUsMVUBLohnzD1yaddnHfGVetEFur0VkXUhV0POyEd
saZQug6Y1b4XrC4+bUIKf6Iwj9JF91wRug6BIPNA20V73B3pkfKng4mwPW1RH059
1/S5asvIqkm5JkyxWl9rYMOas0GRYwj7MpXPpnNRxJxC
-----END CERTIFICATE-----