Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/4a_dmmTWy2JZZ2hfN-KQWsMZeKQ.roa
File:                     4a_dmmTWy2JZZ2hfN-KQWsMZeKQ.roa (raw, json)
Hash identifier:          gVYR+rwkr1ce/F9IUfYsX3hcPgDrboGpjqehYV1dHlo=
Subject key identifier:   E1:AF:DD:9A:64:D6:CB:62:59:67:68:5F:37:E2:90:5A:C3:19:78:A4
Certificate issuer:       /CN=d475fb0934cf6a58dccef110875dbe5e3e8b6b75
Certificate serial:       01941F8CC6D0C0AABCBA37B1FCEC462D92F9
Authority key identifier: D4:75:FB:09:34:CF:6A:58:DC:CE:F1:10:87:5D:BE:5E:3E:8B:6B:75
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1HX7CTTPaljczvEQh12-Xj6La3U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/4a_dmmTWy2JZZ2hfN-KQWsMZeKQ.roa
Signing time:             Wed 01 Jan 2025 01:48:27 +0000
ROA not before:           Wed 01 Jan 2025 01:48:27 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212400
IP address blocks:        185.179.247.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/1HX7CTTPaljczvEQh12-Xj6La3U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/1HX7CTTPaljczvEQh12-Xj6La3U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1HX7CTTPaljczvEQh12-Xj6La3U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 16 Apr 2025 15:22:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:8c:c6:d0:c0:aa:bc:ba:37:b1:fc:ec:46:2d:92:f9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d475fb0934cf6a58dccef110875dbe5e3e8b6b75
        Validity
            Not Before: Jan  1 01:48:27 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e1afdd9a64d6cb625967685f37e2905ac31978a4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:ba:e5:3a:c7:6e:eb:e0:44:71:4b:e8:37:ee:
                    e3:e3:9d:24:ab:ca:bc:15:91:33:6e:97:e2:b4:a7:
                    56:5d:98:f9:10:de:5b:13:71:02:bf:51:f5:de:95:
                    be:fb:bb:f2:57:1d:b8:11:ac:13:f9:94:ff:c3:5d:
                    e1:06:e4:2a:de:4a:dd:11:64:63:b1:7c:ba:ce:a1:
                    41:8b:5f:b0:76:00:63:2e:49:93:ce:14:1f:a7:6e:
                    06:15:62:4a:30:f8:ca:10:f9:40:74:1d:69:73:c1:
                    cd:d9:4e:ba:db:a6:b4:64:12:fc:39:f6:c2:7c:bc:
                    69:c9:08:be:17:f6:f7:66:3b:c6:6e:11:f6:44:0f:
                    fa:05:1e:02:be:1f:30:46:b8:a7:0f:3b:a3:4d:ea:
                    9c:30:25:5f:93:06:7d:1c:92:88:f3:dc:71:19:a8:
                    02:86:33:3a:5b:07:6e:e3:ba:29:ce:9f:05:9b:5a:
                    f9:8a:cc:7b:b7:bd:47:1f:e2:34:2a:32:ba:eb:87:
                    93:35:bc:b3:ee:c3:74:bf:c0:b7:5f:b2:4e:36:e4:
                    d5:b0:3f:81:3b:a0:c1:31:d5:7d:ce:fc:14:2a:df:
                    c7:84:0c:6a:12:80:a3:ab:f1:76:86:fb:61:4c:5f:
                    09:71:2e:13:1b:f8:ce:8f:a8:ce:8b:fd:74:52:af:
                    8e:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E1:AF:DD:9A:64:D6:CB:62:59:67:68:5F:37:E2:90:5A:C3:19:78:A4
            X509v3 Authority Key Identifier:
                keyid:D4:75:FB:09:34:CF:6A:58:DC:CE:F1:10:87:5D:BE:5E:3E:8B:6B:75

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1HX7CTTPaljczvEQh12-Xj6La3U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/4a_dmmTWy2JZZ2hfN-KQWsMZeKQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/1HX7CTTPaljczvEQh12-Xj6La3U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.179.247.0/24

    Signature Algorithm: sha256WithRSAEncryption
         12:b1:17:83:3b:62:12:fd:5a:85:f6:a8:63:2b:07:85:b0:a8:
         66:24:a9:53:41:5b:63:00:1e:ab:2d:d1:c1:7a:61:87:c1:ae:
         bb:a5:e9:43:4b:09:be:1b:10:5a:29:27:71:80:81:a7:ac:7a:
         70:6b:21:d6:c5:04:1a:25:36:37:5f:25:a5:4d:b8:12:a6:02:
         13:39:46:9a:3e:5a:f0:5a:d6:48:7a:7a:48:ca:cd:98:ac:06:
         f4:28:8c:19:c8:e7:6b:05:0e:1d:cd:ac:d3:71:7b:0a:ca:7d:
         3c:d7:87:8f:71:df:04:34:52:21:58:4c:a1:fa:8a:77:c9:6a:
         23:45:71:28:40:df:67:f3:33:ce:9e:5f:a8:2a:52:3f:27:f7:
         95:8e:65:88:f6:60:37:d7:16:53:26:91:b9:2e:46:76:61:ae:
         4e:cc:c6:a9:21:2a:33:7f:6a:5c:ee:cd:57:e8:33:cd:46:4a:
         74:8a:f8:10:cd:ca:25:95:08:4f:e6:e2:26:c7:23:25:58:aa:
         81:35:76:8b:5c:8a:d0:c4:d7:c1:1e:de:04:a9:dd:4b:85:18:
         63:5e:fc:46:26:1f:99:dc:60:05:12:57:e4:d2:12:3e:ab:2a:
         7d:89:e7:ef:33:35:97:81:f7:25:33:9e:dd:67:e4:6e:c6:ed:
         ff:8b:62:09
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQfjMbQwKq8ujex/OxGLZL5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ0NzVmYjA5MzRjZjZhNThkY2NlZjExMDg3NWRiZTVlM2U4
YjZiNzUwHhcNMjUwMTAxMDE0ODI3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMWFmZGQ5YTY0ZDZjYjYyNTk2NzY4NWYzN2UyOTA1YWMzMTk3OGE0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvrrlOsdu6+BEcUvoN+7j450kq8q8
FZEzbpfitKdWXZj5EN5bE3ECv1H13pW++7vyVx24EawT+ZT/w13hBuQq3krdEWRj
sXy6zqFBi1+wdgBjLkmTzhQfp24GFWJKMPjKEPlAdB1pc8HN2U6626a0ZBL8OfbC
fLxpyQi+F/b3ZjvGbhH2RA/6BR4Cvh8wRrinDzujTeqcMCVfkwZ9HJKI89xxGagC
hjM6Wwdu47opzp8Fm1r5isx7t71HH+I0KjK664eTNbyz7sN0v8C3X7JONuTVsD+B
O6DBMdV9zvwUKt/HhAxqEoCjq/F2hvthTF8JcS4TG/jOj6jOi/10Uq+OjwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOGv3Zpk1stiWWdoXzfikFrDGXikMB8GA1UdIwQY
MBaAFNR1+wk0z2pY3M7xEIddvl4+i2t1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMUhYN0NUVFBhbGpjenZFUWgxMi1YajZMYTNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOC9iZmY0YWEtNGYwNy00MTI5LThhZDYt
Yzc5MTRhYjY0MjczLzEvNGFfZG1tVFd5MkpaWjJoZk4tS1FXc01aZUtRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOC9iZmY0YWEtNGYwNy00MTI5LThhZDYtYzc5MTRhYjY0Mjcz
LzEvMUhYN0NUVFBhbGpjenZFUWgxMi1YajZMYTNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAubP3MA0G
CSqGSIb3DQEBCwUAA4IBAQASsReDO2IS/VqF9qhjKweFsKhmJKlTQVtjAB6rLdHB
emGHwa67pelDSwm+GxBaKSdxgIGnrHpwayHWxQQaJTY3XyWlTbgSpgITOUaaPlrw
WtZIenpIys2YrAb0KIwZyOdrBQ4dzazTcXsKyn0814ePcd8ENFIhWEyh+op3yWoj
RXEoQN9n8zPOnl+oKlI/J/eVjmWI9mA31xZTJpG5LkZ2Ya5OzMapISozf2pc7s1X
6DPNRkp0ivgQzcollQhP5uImxyMlWKqBNXaLXIrQxNfBHt4Eqd1LhRhjXvxGJh+Z
3GAFElfk0hI+qyp9iefvMzWXgfclM57dZ+Ruxu3/i2IJ
-----END CERTIFICATE-----