Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c8/97bace-b2d5-4052-8f61-5f2dfed5d1a4/1/4mphuMGYKre7KcVIZklqvnEwe9w.roa
File:                     4mphuMGYKre7KcVIZklqvnEwe9w.roa (raw, json)
Hash identifier:          BDdrPj5npMilCe1H11h3z51bgzRRHnfwNgW8/PXQiwk=
Subject key identifier:   E2:6A:61:B8:C1:98:2A:B7:BB:29:C5:48:66:49:6A:BE:71:30:7B:DC
Certificate issuer:       /CN=e3463c278b84e2df00a47bc2d80c8d80ffa9ba89
Certificate serial:       019427B5D4D466DBB15EC965E9689CC45FDB
Authority key identifier: E3:46:3C:27:8B:84:E2:DF:00:A4:7B:C2:D8:0C:8D:80:FF:A9:BA:89
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/40Y8J4uE4t8ApHvC2AyNgP-puok.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c8/97bace-b2d5-4052-8f61-5f2dfed5d1a4/1/4mphuMGYKre7KcVIZklqvnEwe9w.roa
Signing time:             Thu 02 Jan 2025 15:50:15 +0000
ROA not before:           Thu 02 Jan 2025 15:50:15 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     197690
IP address blocks:        185.35.172.0/22 maxlen: 24
                          193.104.37.0/24 maxlen: 24
                          2a00:b060::/32 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c8/97bace-b2d5-4052-8f61-5f2dfed5d1a4/1/40Y8J4uE4t8ApHvC2AyNgP-puok.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c8/97bace-b2d5-4052-8f61-5f2dfed5d1a4/1/40Y8J4uE4t8ApHvC2AyNgP-puok.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/40Y8J4uE4t8ApHvC2AyNgP-puok.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 14 Mar 2025 00:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:b5:d4:d4:66:db:b1:5e:c9:65:e9:68:9c:c4:5f:db
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e3463c278b84e2df00a47bc2d80c8d80ffa9ba89
        Validity
            Not Before: Jan  2 15:50:15 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e26a61b8c1982ab7bb29c54866496abe71307bdc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:41:c9:c3:aa:c8:bb:24:22:4b:88:15:84:0d:
                    0e:26:72:4f:c5:71:00:45:07:c8:cf:bc:88:f4:8c:
                    9d:b1:e0:bf:7e:b5:bf:a9:6b:7a:48:4d:53:98:f4:
                    a7:f9:18:c7:08:d2:8c:02:30:6e:75:bb:49:53:a4:
                    bf:d0:a8:61:1d:12:b0:d9:32:d5:b6:a9:26:0b:70:
                    10:5e:b0:50:d8:80:8f:c0:3d:8f:92:f6:97:ff:81:
                    83:ab:00:ca:ba:5f:95:a2:e2:59:6f:80:b7:66:59:
                    8c:d7:cd:62:d0:a1:9a:73:34:d4:12:20:4e:8f:63:
                    97:86:70:7c:bc:74:88:08:58:29:78:b6:37:e4:d2:
                    4d:a2:24:9c:cb:a6:96:a3:4b:dd:2a:2b:a9:b0:5b:
                    75:43:c6:a3:0a:63:80:f0:49:6d:55:c0:e7:97:0b:
                    54:3f:59:33:2c:1a:19:bb:0a:6a:77:ed:16:de:bc:
                    5f:21:37:22:9f:28:57:42:46:94:a6:cb:85:9b:4d:
                    e6:e7:93:7c:5c:54:3b:60:83:a6:15:ad:eb:2a:34:
                    f5:0b:d4:68:04:b1:bd:db:fb:06:4e:a0:4c:5d:d3:
                    dc:48:46:fb:5e:87:e9:b3:66:14:ef:6d:d1:bb:3f:
                    04:7f:e7:25:9a:90:60:9d:b7:94:b8:bc:f9:05:8c:
                    c9:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E2:6A:61:B8:C1:98:2A:B7:BB:29:C5:48:66:49:6A:BE:71:30:7B:DC
            X509v3 Authority Key Identifier:
                keyid:E3:46:3C:27:8B:84:E2:DF:00:A4:7B:C2:D8:0C:8D:80:FF:A9:BA:89

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/40Y8J4uE4t8ApHvC2AyNgP-puok.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/97bace-b2d5-4052-8f61-5f2dfed5d1a4/1/4mphuMGYKre7KcVIZklqvnEwe9w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/97bace-b2d5-4052-8f61-5f2dfed5d1a4/1/40Y8J4uE4t8ApHvC2AyNgP-puok.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.35.172.0/22
                  193.104.37.0/24
                IPv6:
                  2a00:b060::/32

    Signature Algorithm: sha256WithRSAEncryption
         37:fe:f1:5f:26:cb:68:92:11:13:22:ab:a0:13:95:40:46:46:
         60:21:12:32:e5:50:b4:d3:86:06:81:06:ad:99:ae:d0:5a:1c:
         c9:38:dd:e6:ec:70:51:92:19:84:e3:6a:d8:04:e1:a8:1d:e9:
         18:61:d7:bb:9b:01:8e:04:15:25:a7:32:e9:64:6b:8d:df:31:
         04:16:16:d6:c9:de:9f:fd:fe:73:da:c2:66:83:26:4d:2f:a9:
         7c:89:b9:b5:51:a3:03:72:8d:8f:1c:c2:ae:73:f4:65:a2:27:
         68:a9:3c:d8:d3:e6:7e:cd:e9:19:b8:d0:3a:8b:b7:0b:70:a0:
         c1:c0:b0:e1:df:d0:82:e3:af:0f:b8:e4:6c:8b:c5:b0:76:43:
         40:29:55:5d:20:a8:8a:59:63:70:62:f5:4d:4a:1d:42:f6:3d:
         29:92:fa:2b:dc:7f:4d:8b:e1:c7:f2:cd:45:2d:5d:15:9a:3f:
         23:f7:01:8a:89:bf:28:c3:3b:f1:36:62:86:2e:3a:2b:cf:1f:
         23:b4:68:c0:12:56:b2:21:82:80:d8:8e:29:2a:e3:ef:d6:00:
         81:3f:bb:24:12:13:06:9d:90:e9:06:1a:84:56:72:0d:89:17:
         d7:cd:cc:93:87:3a:42:fa:ce:7b:be:7a:c0:7e:60:b3:53:92:
         1e:93:63:6f
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZQntdTUZtuxXsll6WicxF/bMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUzNDYzYzI3OGI4NGUyZGYwMGE0N2JjMmQ4MGM4ZDgwZmZh
OWJhODkwHhcNMjUwMTAyMTU1MDE1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMjZhNjFiOGMxOTgyYWI3YmIyOWM1NDg2NjQ5NmFiZTcxMzA3YmRjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsUHJw6rIuyQiS4gVhA0OJnJPxXEA
RQfIz7yI9IydseC/frW/qWt6SE1TmPSn+RjHCNKMAjBudbtJU6S/0KhhHRKw2TLV
tqkmC3AQXrBQ2ICPwD2PkvaX/4GDqwDKul+VouJZb4C3ZlmM181i0KGaczTUEiBO
j2OXhnB8vHSICFgpeLY35NJNoiScy6aWo0vdKiupsFt1Q8ajCmOA8EltVcDnlwtU
P1kzLBoZuwpqd+0W3rxfITcinyhXQkaUpsuFm03m55N8XFQ7YIOmFa3rKjT1C9Ro
BLG92/sGTqBMXdPcSEb7Xofps2YU723Ruz8Ef+clmpBgnbeUuLz5BYzJvwIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFOJqYbjBmCq3uynFSGZJar5xMHvcMB8GA1UdIwQY
MBaAFONGPCeLhOLfAKR7wtgMjYD/qbqJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNDBZOEo0dUU0dDhBcEh2QzJBeU5nUC1wdW9rLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOC85N2JhY2UtYjJkNS00MDUyLThmNjEt
NWYyZGZlZDVkMWE0LzEvNG1waHVNR1lLcmU3S2NWSVprbHF2bkV3ZTl3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOC85N2JhY2UtYjJkNS00MDUyLThmNjEtNWYyZGZlZDVkMWE0
LzEvNDBZOEo0dUU0dDhBcEh2QzJBeU5nUC1wdW9rLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQCuSOsAwQA
wWglMA0EAgACMAcDBQAqALBgMA0GCSqGSIb3DQEBCwUAA4IBAQA3/vFfJstokhET
IqugE5VARkZgIRIy5VC004YGgQatma7QWhzJON3m7HBRkhmE42rYBOGoHekYYde7
mwGOBBUlpzLpZGuN3zEEFhbWyd6f/f5z2sJmgyZNL6l8ibm1UaMDco2PHMKuc/Rl
oidoqTzY0+Z+zekZuNA6i7cLcKDBwLDh39CC468PuORsi8WwdkNAKVVdIKiKWWNw
YvVNSh1C9j0pkvor3H9Ni+HH8s1FLV0Vmj8j9wGKib8owzvxNmKGLjorzx8jtGjA
ElayIYKA2I4pKuPv1gCBP7skEhMGnZDpBhqEVnINiRfXzcyThzpC+s57vnrAfmCz
U5Iek2Nv
-----END CERTIFICATE-----