Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/Nb5Mx7kFPMlSW87mOqvtXzjZFIU.roa
File:                     Nb5Mx7kFPMlSW87mOqvtXzjZFIU.roa (raw, json)
Hash identifier:          haXFyskkwSYM4YNCtjxbr82pYKT3rLqaYz08fbAMNyA=
Subject key identifier:   35:BE:4C:C7:B9:05:3C:C9:52:5B:CE:E6:3A:AB:ED:5F:38:D9:14:85
Certificate issuer:       /CN=d475fb0934cf6a58dccef110875dbe5e3e8b6b75
Certificate serial:       01941F8CBAEF02CDDC50FF575AEC518AD937
Authority key identifier: D4:75:FB:09:34:CF:6A:58:DC:CE:F1:10:87:5D:BE:5E:3E:8B:6B:75
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1HX7CTTPaljczvEQh12-Xj6La3U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/Nb5Mx7kFPMlSW87mOqvtXzjZFIU.roa
Signing time:             Wed 01 Jan 2025 01:48:24 +0000
ROA not before:           Wed 01 Jan 2025 01:48:24 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     202676
IP address blocks:        185.156.248.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/1HX7CTTPaljczvEQh12-Xj6La3U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/1HX7CTTPaljczvEQh12-Xj6La3U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1HX7CTTPaljczvEQh12-Xj6La3U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 16 Apr 2025 07:00:47 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:8c:ba:ef:02:cd:dc:50:ff:57:5a:ec:51:8a:d9:37
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d475fb0934cf6a58dccef110875dbe5e3e8b6b75
        Validity
            Not Before: Jan  1 01:48:24 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=35be4cc7b9053cc9525bcee63aabed5f38d91485
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:ce:26:de:74:6f:42:c2:52:b0:6f:b4:ab:41:
                    3e:01:a5:35:0e:d7:b0:90:69:aa:39:b3:89:b3:e3:
                    0c:ed:3e:e6:6d:b6:e7:40:6f:fa:4c:7a:13:ee:2b:
                    f1:29:ab:e1:ce:09:fd:50:9d:5b:24:8e:90:6a:da:
                    03:d6:f5:d5:cb:66:1f:44:bd:59:41:dd:27:6e:11:
                    dc:d0:f9:63:dd:81:e3:54:b9:1e:1b:61:a9:37:28:
                    cb:b0:51:bf:bc:f7:02:84:c1:60:25:6d:d4:96:1b:
                    02:4e:60:3a:6e:0c:c8:79:c5:59:f2:33:fa:3f:af:
                    14:f2:d2:5f:9e:87:d8:55:dd:a0:57:33:c1:32:05:
                    fc:6c:17:a8:cd:62:1d:27:e2:67:86:0a:d1:58:ca:
                    2d:14:0b:df:91:eb:e8:2c:82:a9:79:80:36:2b:2b:
                    73:65:69:30:62:3c:cf:e2:ff:6c:d6:64:b4:71:b2:
                    7e:0c:cb:65:c2:1c:cd:c6:36:75:c7:83:7f:c9:b4:
                    ad:f4:48:3a:12:43:7f:bf:f5:88:d1:f5:e3:0d:62:
                    b6:a0:c0:3d:c4:bf:55:06:72:9a:38:bc:cc:62:79:
                    bf:3f:e6:66:12:63:91:93:ed:e5:0f:2f:04:e7:e9:
                    54:51:38:71:d1:f0:b6:3f:22:e1:b1:b7:e6:7a:1d:
                    03:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                35:BE:4C:C7:B9:05:3C:C9:52:5B:CE:E6:3A:AB:ED:5F:38:D9:14:85
            X509v3 Authority Key Identifier:
                keyid:D4:75:FB:09:34:CF:6A:58:DC:CE:F1:10:87:5D:BE:5E:3E:8B:6B:75

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1HX7CTTPaljczvEQh12-Xj6La3U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/Nb5Mx7kFPMlSW87mOqvtXzjZFIU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/1HX7CTTPaljczvEQh12-Xj6La3U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.156.248.0/22

    Signature Algorithm: sha256WithRSAEncryption
         13:cb:49:3f:e3:23:bb:f3:44:68:08:a3:22:fe:21:80:40:bd:
         f1:09:36:ba:70:06:47:39:19:68:bd:35:22:7b:a2:53:f8:0f:
         4e:1a:34:ba:a3:58:25:af:d0:c0:d8:df:23:e0:ef:46:7b:bd:
         da:7f:0d:f5:24:19:df:03:a8:ee:a3:7c:b4:76:0c:a0:ec:6b:
         af:f6:dd:f0:1b:2b:ae:3a:53:b9:8c:23:b0:ce:9d:11:15:4b:
         71:f2:5c:3b:4b:28:99:23:42:a6:6d:4f:9b:ee:dc:d5:95:f9:
         ff:8e:d0:f0:bc:4b:a8:e8:8d:9f:e3:7e:08:14:f9:dc:97:82:
         8a:d6:73:46:b6:b4:50:06:a4:0b:74:6c:7e:38:4f:75:d2:88:
         02:ed:54:c6:2d:b7:73:87:11:c0:5b:04:f4:51:b9:c7:74:89:
         06:68:a7:7e:dc:14:c9:94:22:4c:ec:8e:e1:e6:2a:3a:6b:06:
         c5:ce:0f:a8:ac:03:1e:ae:d4:2c:3d:f2:77:55:49:f1:9a:e4:
         d1:12:34:cd:87:08:55:3f:77:88:17:36:f2:1c:ae:4e:ee:96:
         c3:b8:25:60:e6:9f:0d:8c:7c:cd:37:ab:f6:08:7e:cc:43:c7:
         84:29:d4:4d:21:ea:71:0c:3b:d3:67:14:77:ba:33:70:b0:a5:
         60:d0:2b:48
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQfjLrvAs3cUP9XWuxRitk3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ0NzVmYjA5MzRjZjZhNThkY2NlZjExMDg3NWRiZTVlM2U4
YjZiNzUwHhcNMjUwMTAxMDE0ODI0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNWJlNGNjN2I5MDUzY2M5NTI1YmNlZTYzYWFiZWQ1ZjM4ZDkxNDg1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAss4m3nRvQsJSsG+0q0E+AaU1Dtew
kGmqObOJs+MM7T7mbbbnQG/6THoT7ivxKavhzgn9UJ1bJI6QatoD1vXVy2YfRL1Z
Qd0nbhHc0Plj3YHjVLkeG2GpNyjLsFG/vPcChMFgJW3UlhsCTmA6bgzIecVZ8jP6
P68U8tJfnofYVd2gVzPBMgX8bBeozWIdJ+JnhgrRWMotFAvfkevoLIKpeYA2Kytz
ZWkwYjzP4v9s1mS0cbJ+DMtlwhzNxjZ1x4N/ybSt9Eg6EkN/v/WI0fXjDWK2oMA9
xL9VBnKaOLzMYnm/P+ZmEmORk+3lDy8E5+lUUThx0fC2PyLhsbfmeh0D4wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDW+TMe5BTzJUlvO5jqr7V842RSFMB8GA1UdIwQY
MBaAFNR1+wk0z2pY3M7xEIddvl4+i2t1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMUhYN0NUVFBhbGpjenZFUWgxMi1YajZMYTNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOC9iZmY0YWEtNGYwNy00MTI5LThhZDYt
Yzc5MTRhYjY0MjczLzEvTmI1TXg3a0ZQTWxTVzg3bU9xdnRYempaRklVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOC9iZmY0YWEtNGYwNy00MTI5LThhZDYtYzc5MTRhYjY0Mjcz
LzEvMUhYN0NUVFBhbGpjenZFUWgxMi1YajZMYTNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuZz4MA0G
CSqGSIb3DQEBCwUAA4IBAQATy0k/4yO780RoCKMi/iGAQL3xCTa6cAZHORlovTUi
e6JT+A9OGjS6o1glr9DA2N8j4O9Ge73afw31JBnfA6juo3y0dgyg7Guv9t3wGyuu
OlO5jCOwzp0RFUtx8lw7SyiZI0KmbU+b7tzVlfn/jtDwvEuo6I2f434IFPncl4KK
1nNGtrRQBqQLdGx+OE910ogC7VTGLbdzhxHAWwT0UbnHdIkGaKd+3BTJlCJM7I7h
5io6awbFzg+orAMertQsPfJ3VUnxmuTREjTNhwhVP3eIFzbyHK5O7pbDuCVg5p8N
jHzNN6v2CH7MQ8eEKdRNIepxDDvTZxR3ujNwsKVg0CtI
-----END CERTIFICATE-----