Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/SFdGkwKrKGXANNY1LmHnjuTeZnU.roa
File:                     SFdGkwKrKGXANNY1LmHnjuTeZnU.roa (raw, json)
Hash identifier:          T7qwEQyE2vX1hxGNUhfmzuY0v7Tyl3zf+UeGQ+SeO5U=
Subject key identifier:   48:57:46:93:02:AB:28:65:C0:34:D6:35:2E:61:E7:8E:E4:DE:66:75
Certificate issuer:       /CN=d475fb0934cf6a58dccef110875dbe5e3e8b6b75
Certificate serial:       0191C6CAC361FD31EEC071E857AA24EA832D
Authority key identifier: D4:75:FB:09:34:CF:6A:58:DC:CE:F1:10:87:5D:BE:5E:3E:8B:6B:75
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1HX7CTTPaljczvEQh12-Xj6La3U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/SFdGkwKrKGXANNY1LmHnjuTeZnU.roa
Signing time:             Fri 06 Sep 2024 10:04:22 +0000
ROA not before:           Fri 06 Sep 2024 10:04:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     197722
IP address blocks:        185.30.244.0/22 maxlen: 24
                          185.31.104.0/22 maxlen: 24
                          185.94.248.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/1HX7CTTPaljczvEQh12-Xj6La3U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/1HX7CTTPaljczvEQh12-Xj6La3U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1HX7CTTPaljczvEQh12-Xj6La3U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:c6:ca:c3:61:fd:31:ee:c0:71:e8:57:aa:24:ea:83:2d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d475fb0934cf6a58dccef110875dbe5e3e8b6b75
        Validity
            Not Before: Sep  6 10:04:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4857469302ab2865c034d6352e61e78ee4de6675
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:7c:32:87:d8:bc:c6:0d:63:1e:b3:88:00:a1:
                    bd:d1:45:97:46:9f:60:6e:8d:03:40:4d:46:df:bf:
                    b7:14:32:a1:db:3d:3c:34:1d:4f:0b:8e:06:16:0c:
                    0b:9b:60:5e:7a:33:a2:67:14:9d:cc:ba:2c:26:51:
                    60:08:ca:ac:9e:ae:75:be:cf:7b:04:03:8f:0f:01:
                    fa:89:3d:32:96:2b:47:23:9d:aa:49:e2:12:62:0c:
                    22:53:06:1a:f1:99:12:5b:70:64:48:ba:50:60:b8:
                    09:f5:85:c5:d6:97:95:ee:7f:07:87:de:e6:b4:c0:
                    50:ef:28:cb:44:00:e7:2c:fa:79:94:d0:ed:ea:de:
                    22:6c:13:1f:b6:bb:a4:e7:b6:ec:3e:0b:c5:69:08:
                    58:0e:ea:fe:34:ac:db:81:bd:94:e5:33:9b:05:f5:
                    72:83:c4:ca:ba:a4:02:a2:81:09:3f:b4:cc:4b:85:
                    4e:37:65:62:02:35:d3:44:b5:f4:c1:ba:f1:78:9a:
                    b5:70:1d:4a:70:f4:38:ba:8b:5a:c3:df:f0:65:b7:
                    a4:de:d8:00:49:52:76:42:e3:80:70:c6:f2:bb:54:
                    6d:13:20:b7:6d:b7:95:21:7d:d4:90:79:c1:eb:9c:
                    14:b6:e5:9e:b2:dd:29:fb:08:c4:bb:7a:b5:f3:f7:
                    24:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                48:57:46:93:02:AB:28:65:C0:34:D6:35:2E:61:E7:8E:E4:DE:66:75
            X509v3 Authority Key Identifier:
                keyid:D4:75:FB:09:34:CF:6A:58:DC:CE:F1:10:87:5D:BE:5E:3E:8B:6B:75

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1HX7CTTPaljczvEQh12-Xj6La3U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/SFdGkwKrKGXANNY1LmHnjuTeZnU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/1HX7CTTPaljczvEQh12-Xj6La3U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.30.244.0/22
                  185.31.104.0/22
                  185.94.248.0/22

    Signature Algorithm: sha256WithRSAEncryption
         47:33:c1:20:50:46:da:a1:12:ea:4c:1a:68:0d:bd:f2:07:50:
         4b:cb:95:0d:fb:33:02:22:20:fb:16:b5:21:ef:b0:0d:d8:85:
         1c:f6:81:f4:5d:93:29:d2:64:28:51:37:a6:f1:e7:6b:45:e2:
         13:c5:9e:38:9d:96:45:14:9c:4f:06:a4:a2:ce:48:61:b1:c9:
         14:b7:25:6e:02:eb:e9:6d:6d:de:1a:8f:56:fa:94:12:35:91:
         27:71:b9:92:a0:c6:d2:f1:f8:67:a0:09:f6:6c:5d:6e:ad:18:
         f8:bc:4c:8b:4d:86:f9:06:04:57:f2:1c:89:fa:59:c8:eb:31:
         cd:8c:b1:ba:5c:e3:da:da:a9:0a:5c:4f:af:46:2b:84:11:cc:
         ab:9e:d5:64:a1:23:6d:97:df:95:c1:5c:ec:65:a0:cb:4b:d0:
         9b:00:8b:56:2c:0b:39:ae:80:c5:c1:f9:48:32:3e:41:bc:c0:
         cb:46:2e:b1:f4:4c:60:d9:95:70:3f:15:be:24:5b:ce:5d:45:
         d7:86:8d:50:bc:a6:35:53:0f:d5:95:94:da:66:b9:9c:5a:0a:
         69:96:af:4a:ae:5e:36:00:a8:9d:fb:99:dc:51:84:c5:6a:5e:
         fd:28:d3:14:ad:08:38:0e:0b:f4:b8:53:8d:b8:cf:46:04:24:
         f5:25:df:91
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZHGysNh/THuwHHoV6ok6oMtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ0NzVmYjA5MzRjZjZhNThkY2NlZjExMDg3NWRiZTVlM2U4
YjZiNzUwHhcNMjQwOTA2MTAwNDIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ODU3NDY5MzAyYWIyODY1YzAzNGQ2MzUyZTYxZTc4ZWU0ZGU2Njc1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvXwyh9i8xg1jHrOIAKG90UWXRp9g
bo0DQE1G37+3FDKh2z08NB1PC44GFgwLm2BeejOiZxSdzLosJlFgCMqsnq51vs97
BAOPDwH6iT0ylitHI52qSeISYgwiUwYa8ZkSW3BkSLpQYLgJ9YXF1peV7n8Hh97m
tMBQ7yjLRADnLPp5lNDt6t4ibBMftruk57bsPgvFaQhYDur+NKzbgb2U5TObBfVy
g8TKuqQCooEJP7TMS4VON2ViAjXTRLX0wbrxeJq1cB1KcPQ4uotaw9/wZbek3tgA
SVJ2QuOAcMbyu1RtEyC3bbeVIX3UkHnB65wUtuWest0p+wjEu3q18/ckswIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFEhXRpMCqyhlwDTWNS5h547k3mZ1MB8GA1UdIwQY
MBaAFNR1+wk0z2pY3M7xEIddvl4+i2t1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMUhYN0NUVFBhbGpjenZFUWgxMi1YajZMYTNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOC9iZmY0YWEtNGYwNy00MTI5LThhZDYt
Yzc5MTRhYjY0MjczLzEvU0ZkR2t3S3JLR1hBTk5ZMUxtSG5qdVRlWm5VLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOC9iZmY0YWEtNGYwNy00MTI5LThhZDYtYzc5MTRhYjY0Mjcz
LzEvMUhYN0NUVFBhbGpjenZFUWgxMi1YajZMYTNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQCuR70AwQC
uR9oAwQCuV74MA0GCSqGSIb3DQEBCwUAA4IBAQBHM8EgUEbaoRLqTBpoDb3yB1BL
y5UN+zMCIiD7FrUh77AN2IUc9oH0XZMp0mQoUTem8edrReITxZ44nZZFFJxPBqSi
zkhhsckUtyVuAuvpbW3eGo9W+pQSNZEncbmSoMbS8fhnoAn2bF1urRj4vEyLTYb5
BgRX8hyJ+lnI6zHNjLG6XOPa2qkKXE+vRiuEEcyrntVkoSNtl9+VwVzsZaDLS9Cb
AItWLAs5roDFwflIMj5BvMDLRi6x9Exg2ZVwPxW+JFvOXUXXho1QvKY1Uw/VlZTa
ZrmcWgpplq9Krl42AKid+5ncUYTFal79KNMUrQg4Dgv0uFONuM9GBCT1Jd+R
-----END CERTIFICATE-----