Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c8/355be3-c11c-41c8-a89a-d1429837dabf/1/Pi86dWn6x9Vtc8GH3REzDrMrSX0.roa
File:                     Pi86dWn6x9Vtc8GH3REzDrMrSX0.roa (raw, json)
Hash identifier:          geFyDSt8c1EYU/IR6IGQVBM3q8GhN/Mt5BfwBL1upLs=
Subject key identifier:   3E:2F:3A:75:69:FA:C7:D5:6D:73:C1:87:DD:11:33:0E:B3:2B:49:7D
Certificate issuer:       /CN=4200eb2f8fd0138c4377f540006cfc8b765c4a76
Certificate serial:       0194236A1E5BA7F2C74CEF9B3212A89A872A
Authority key identifier: 42:00:EB:2F:8F:D0:13:8C:43:77:F5:40:00:6C:FC:8B:76:5C:4A:76
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/QgDrL4_QE4xDd_VAAGz8i3ZcSnY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c8/355be3-c11c-41c8-a89a-d1429837dabf/1/Pi86dWn6x9Vtc8GH3REzDrMrSX0.roa
Signing time:             Wed 01 Jan 2025 19:49:04 +0000
ROA not before:           Wed 01 Jan 2025 19:49:04 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     60257
IP address blocks:        185.43.32.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c8/355be3-c11c-41c8-a89a-d1429837dabf/1/QgDrL4_QE4xDd_VAAGz8i3ZcSnY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c8/355be3-c11c-41c8-a89a-d1429837dabf/1/QgDrL4_QE4xDd_VAAGz8i3ZcSnY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/QgDrL4_QE4xDd_VAAGz8i3ZcSnY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 18 Apr 2025 22:01:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:6a:1e:5b:a7:f2:c7:4c:ef:9b:32:12:a8:9a:87:2a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4200eb2f8fd0138c4377f540006cfc8b765c4a76
        Validity
            Not Before: Jan  1 19:49:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3e2f3a7569fac7d56d73c187dd11330eb32b497d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:ad:6e:6e:87:ef:1f:b2:64:8f:d5:8f:23:65:
                    2b:d0:b2:40:44:25:44:29:0e:43:aa:e4:e8:25:d5:
                    ed:35:16:1a:d2:61:98:c4:99:dc:a9:e6:02:e9:b7:
                    6f:82:06:3c:97:b3:e3:51:8c:95:1a:72:ba:13:82:
                    e3:d2:b9:59:18:80:67:44:aa:b4:14:ef:8f:84:b7:
                    35:6a:4d:f8:30:59:53:f5:29:b5:f9:0a:a6:2a:c5:
                    74:69:f2:c5:11:70:a2:82:22:93:0a:68:a9:bf:9c:
                    1d:c9:ff:95:4f:ce:f2:65:86:6d:c3:66:ff:2f:e4:
                    6e:e2:5d:c0:3d:79:70:ea:0c:f9:95:60:78:ec:a7:
                    67:c7:6a:c3:e7:1c:ad:40:b6:ea:2a:40:ce:c6:8b:
                    63:d7:0e:53:10:10:e7:8c:6e:74:84:02:76:5c:a0:
                    82:c9:ee:c1:9a:78:01:8a:43:76:14:3b:11:7c:8e:
                    ba:60:ad:11:d1:60:65:3a:b4:a7:e3:12:f8:f1:82:
                    b1:6d:5c:4a:38:7b:55:ae:b9:91:c9:f9:0e:45:5a:
                    2c:32:e1:8c:ab:97:6b:d3:45:e0:7b:a9:cf:64:dd:
                    6f:7d:b8:ae:c4:6e:3b:a0:4f:ec:27:64:1c:37:09:
                    12:cf:11:99:38:2d:92:36:99:e3:d6:47:79:40:b8:
                    10:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3E:2F:3A:75:69:FA:C7:D5:6D:73:C1:87:DD:11:33:0E:B3:2B:49:7D
            X509v3 Authority Key Identifier:
                keyid:42:00:EB:2F:8F:D0:13:8C:43:77:F5:40:00:6C:FC:8B:76:5C:4A:76

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QgDrL4_QE4xDd_VAAGz8i3ZcSnY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/355be3-c11c-41c8-a89a-d1429837dabf/1/Pi86dWn6x9Vtc8GH3REzDrMrSX0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/355be3-c11c-41c8-a89a-d1429837dabf/1/QgDrL4_QE4xDd_VAAGz8i3ZcSnY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.43.32.0/22

    Signature Algorithm: sha256WithRSAEncryption
         1e:ad:af:f9:9b:d3:57:c7:13:91:7a:82:36:a2:74:b4:5f:ae:
         a3:01:8e:b0:1d:1f:aa:67:2a:72:12:12:f6:d9:29:8c:ca:e7:
         e5:f8:de:1b:88:8f:dc:fa:e5:16:7d:0c:bc:db:aa:03:1d:69:
         6b:87:ad:53:f6:68:69:61:8a:47:b9:c9:70:6b:8e:e7:5d:79:
         cf:50:d6:a3:da:e1:22:78:31:d5:bf:75:75:75:38:b9:bb:94:
         4c:4d:8a:f1:45:26:19:f7:66:a2:4f:da:e5:c8:09:d7:8d:c6:
         53:6b:b1:f8:d4:c2:61:a6:8e:03:b9:45:d1:bf:5b:3a:43:14:
         b6:00:d7:11:7a:01:03:ba:33:92:c2:bd:38:29:90:76:46:07:
         4e:94:a5:44:ef:86:c9:04:b4:7f:3d:c2:ea:00:a7:20:fd:89:
         7a:a0:18:35:96:69:d7:b5:9f:83:fb:59:07:56:cc:ea:07:ec:
         c2:99:b0:9f:27:4c:c5:9a:2b:29:6e:bc:a7:16:16:42:b1:13:
         a7:b5:b4:58:5b:66:93:f2:0e:e9:7e:c8:84:ca:95:41:b9:b0:
         6b:6a:5b:17:73:cb:67:5d:c6:3e:d5:9b:63:99:92:7f:67:14:
         4b:61:ed:18:b6:fc:07:92:6c:a3:a4:95:84:29:88:ab:69:70:
         15:a5:a5:7e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQjah5bp/LHTO+bMhKomocqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQyMDBlYjJmOGZkMDEzOGM0Mzc3ZjU0MDAwNmNmYzhiNzY1
YzRhNzYwHhcNMjUwMTAxMTk0OTA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZTJmM2E3NTY5ZmFjN2Q1NmQ3M2MxODdkZDExMzMwZWIzMmI0OTdkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApa1ubofvH7Jkj9WPI2Ur0LJARCVE
KQ5DquToJdXtNRYa0mGYxJncqeYC6bdvggY8l7PjUYyVGnK6E4Lj0rlZGIBnRKq0
FO+PhLc1ak34MFlT9Sm1+QqmKsV0afLFEXCigiKTCmipv5wdyf+VT87yZYZtw2b/
L+Ru4l3APXlw6gz5lWB47Kdnx2rD5xytQLbqKkDOxotj1w5TEBDnjG50hAJ2XKCC
ye7BmngBikN2FDsRfI66YK0R0WBlOrSn4xL48YKxbVxKOHtVrrmRyfkORVosMuGM
q5dr00Xge6nPZN1vfbiuxG47oE/sJ2QcNwkSzxGZOC2SNpnj1kd5QLgQ7wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFD4vOnVp+sfVbXPBh90RMw6zK0l9MB8GA1UdIwQY
MBaAFEIA6y+P0BOMQ3f1QABs/It2XEp2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUWdEckw0X1FFNHhEZF9WQUFHejhpM1pjU25ZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOC8zNTViZTMtYzExYy00MWM4LWE4OWEt
ZDE0Mjk4MzdkYWJmLzEvUGk4NmRXbjZ4OVZ0YzhHSDNSRXpEck1yU1gwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOC8zNTViZTMtYzExYy00MWM4LWE4OWEtZDE0Mjk4MzdkYWJm
LzEvUWdEckw0X1FFNHhEZF9WQUFHejhpM1pjU25ZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuSsgMA0G
CSqGSIb3DQEBCwUAA4IBAQAera/5m9NXxxOReoI2onS0X66jAY6wHR+qZypyEhL2
2SmMyufl+N4biI/c+uUWfQy826oDHWlrh61T9mhpYYpHuclwa47nXXnPUNaj2uEi
eDHVv3V1dTi5u5RMTYrxRSYZ92aiT9rlyAnXjcZTa7H41MJhpo4DuUXRv1s6QxS2
ANcRegEDujOSwr04KZB2RgdOlKVE74bJBLR/PcLqAKcg/Yl6oBg1lmnXtZ+D+1kH
VszqB+zCmbCfJ0zFmispbrynFhZCsROntbRYW2aT8g7pfsiEypVBubBralsXc8tn
XcY+1ZtjmZJ/ZxRLYe0YtvwHkmyjpJWEKYiraXAVpaV+
-----END CERTIFICATE-----