Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/aQXWpkeo8CYBrBnYK0PT1cWdHCk.roa
File:                     aQXWpkeo8CYBrBnYK0PT1cWdHCk.roa (raw, json)
Hash identifier:          JF3VKXhZgLXaADeU/i5/1vCJwGFlrS9omLotINcIakY=
Subject key identifier:   69:05:D6:A6:47:A8:F0:26:01:AC:19:D8:2B:43:D3:D5:C5:9D:1C:29
Certificate issuer:       /CN=d475fb0934cf6a58dccef110875dbe5e3e8b6b75
Certificate serial:       01941F8CBFC784374057CB5DFF3A8E467681
Authority key identifier: D4:75:FB:09:34:CF:6A:58:DC:CE:F1:10:87:5D:BE:5E:3E:8B:6B:75
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1HX7CTTPaljczvEQh12-Xj6La3U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/aQXWpkeo8CYBrBnYK0PT1cWdHCk.roa
Signing time:             Wed 01 Jan 2025 01:48:25 +0000
ROA not before:           Wed 01 Jan 2025 01:48:25 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     205888
IP address blocks:        79.142.184.0/22 maxlen: 24
                          185.202.188.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/1HX7CTTPaljczvEQh12-Xj6La3U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/1HX7CTTPaljczvEQh12-Xj6La3U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1HX7CTTPaljczvEQh12-Xj6La3U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 17 Apr 2025 00:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:8c:bf:c7:84:37:40:57:cb:5d:ff:3a:8e:46:76:81
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d475fb0934cf6a58dccef110875dbe5e3e8b6b75
        Validity
            Not Before: Jan  1 01:48:25 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6905d6a647a8f02601ac19d82b43d3d5c59d1c29
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:90:8d:b1:42:30:9b:84:b2:06:03:2c:a4:b9:
                    09:5d:17:25:a1:87:43:0b:2b:a5:e1:d0:1c:ff:d3:
                    58:b5:f2:d1:fb:e0:97:df:41:ba:6e:95:df:99:08:
                    e9:ca:8a:65:16:be:f1:fb:c4:f7:94:52:74:ad:ce:
                    57:95:fb:8b:f1:89:c0:5d:15:39:2d:1a:15:88:1a:
                    7d:56:64:4d:aa:55:e3:08:d8:6e:5f:ea:66:4c:de:
                    78:28:84:cf:eb:b9:8b:dc:da:b3:d1:71:1b:0c:1a:
                    db:e0:1a:dd:57:85:f3:85:e1:cf:c0:28:27:92:4a:
                    39:1f:0c:06:af:12:e5:80:b8:ee:31:1c:ca:84:e1:
                    b1:ea:b3:93:ea:9d:f7:03:60:a5:b0:05:64:43:71:
                    ae:37:97:a5:33:e6:38:e6:7e:ec:7f:cd:bc:a0:5f:
                    59:3d:2c:c0:ec:cb:9f:e0:d1:29:61:b7:d9:fb:91:
                    4b:58:04:3d:32:80:09:19:27:67:47:2e:43:ad:ce:
                    2c:34:e2:c9:d2:f5:c1:2a:19:b2:f4:93:f8:9e:f8:
                    f2:21:31:1e:30:86:0f:e6:37:36:a5:a9:9b:4f:96:
                    73:a4:46:57:42:9b:a5:f5:84:37:69:a6:68:bc:16:
                    6f:d7:2a:d7:c0:05:e1:91:9f:1c:b8:70:4f:79:95:
                    7b:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                69:05:D6:A6:47:A8:F0:26:01:AC:19:D8:2B:43:D3:D5:C5:9D:1C:29
            X509v3 Authority Key Identifier:
                keyid:D4:75:FB:09:34:CF:6A:58:DC:CE:F1:10:87:5D:BE:5E:3E:8B:6B:75

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1HX7CTTPaljczvEQh12-Xj6La3U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/aQXWpkeo8CYBrBnYK0PT1cWdHCk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/1HX7CTTPaljczvEQh12-Xj6La3U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  79.142.184.0/22
                  185.202.188.0/22

    Signature Algorithm: sha256WithRSAEncryption
         9f:a3:5c:14:cf:73:cc:f1:2e:b2:21:49:32:94:dc:ca:ee:05:
         e8:41:58:01:25:44:4e:0d:0b:6f:c1:0e:11:52:86:87:2c:30:
         1f:74:25:4f:ff:0c:df:10:dd:ab:6a:c8:74:8a:9b:cf:46:e4:
         6e:aa:24:5a:ee:1f:0e:10:40:69:c7:f5:5a:25:cd:dc:c4:58:
         29:48:9e:12:a2:3b:63:8d:54:c3:de:1c:2c:70:b5:e4:1f:14:
         dc:05:83:49:e8:52:0b:80:55:20:b4:e9:67:3e:5d:47:97:57:
         74:96:d4:fd:0a:32:3c:51:fb:be:e5:aa:2f:5c:01:a9:be:e7:
         1a:31:91:e8:a0:36:92:f7:c8:67:f9:96:ca:b0:5e:59:a7:dd:
         01:4f:a6:2f:2a:8e:ca:f7:c9:b9:01:7c:7a:a7:51:e0:78:f4:
         f2:11:10:d1:fc:5d:da:b9:d8:b5:53:d5:46:3b:66:98:69:50:
         67:72:5d:21:a6:bf:82:c0:8b:76:6e:e8:33:f1:43:99:6e:f1:
         75:74:d2:ac:8e:64:07:8a:d5:8b:43:c6:f0:fe:6e:58:28:13:
         53:32:e8:a8:01:b6:53:01:fe:9d:be:f4:92:01:01:83:d8:c6:
         a9:75:6c:27:01:a6:e8:0e:98:e4:19:07:05:c7:46:e9:23:ca:
         63:5a:4e:ef
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQfjL/HhDdAV8td/zqORnaBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ0NzVmYjA5MzRjZjZhNThkY2NlZjExMDg3NWRiZTVlM2U4
YjZiNzUwHhcNMjUwMTAxMDE0ODI1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2OTA1ZDZhNjQ3YThmMDI2MDFhYzE5ZDgyYjQzZDNkNWM1OWQxYzI5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxZCNsUIwm4SyBgMspLkJXRcloYdD
Cyul4dAc/9NYtfLR++CX30G6bpXfmQjpyoplFr7x+8T3lFJ0rc5XlfuL8YnAXRU5
LRoViBp9VmRNqlXjCNhuX+pmTN54KITP67mL3Nqz0XEbDBrb4BrdV4XzheHPwCgn
kko5HwwGrxLlgLjuMRzKhOGx6rOT6p33A2ClsAVkQ3GuN5elM+Y45n7sf828oF9Z
PSzA7Muf4NEpYbfZ+5FLWAQ9MoAJGSdnRy5Drc4sNOLJ0vXBKhmy9JP4nvjyITEe
MIYP5jc2pambT5ZzpEZXQpul9YQ3aaZovBZv1yrXwAXhkZ8cuHBPeZV7WwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFGkF1qZHqPAmAawZ2CtD09XFnRwpMB8GA1UdIwQY
MBaAFNR1+wk0z2pY3M7xEIddvl4+i2t1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMUhYN0NUVFBhbGpjenZFUWgxMi1YajZMYTNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOC9iZmY0YWEtNGYwNy00MTI5LThhZDYt
Yzc5MTRhYjY0MjczLzEvYVFYV3BrZW84Q1lCckJuWUswUFQxY1dkSENrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOC9iZmY0YWEtNGYwNy00MTI5LThhZDYtYzc5MTRhYjY0Mjcz
LzEvMUhYN0NUVFBhbGpjenZFUWgxMi1YajZMYTNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCT464AwQC
ucq8MA0GCSqGSIb3DQEBCwUAA4IBAQCfo1wUz3PM8S6yIUkylNzK7gXoQVgBJURO
DQtvwQ4RUoaHLDAfdCVP/wzfEN2rash0ipvPRuRuqiRa7h8OEEBpx/VaJc3cxFgp
SJ4SojtjjVTD3hwscLXkHxTcBYNJ6FILgFUgtOlnPl1Hl1d0ltT9CjI8Ufu+5aov
XAGpvucaMZHooDaS98hn+ZbKsF5Zp90BT6YvKo7K98m5AXx6p1HgePTyERDR/F3a
udi1U9VGO2aYaVBncl0hpr+CwIt2bugz8UOZbvF1dNKsjmQHitWLQ8bw/m5YKBNT
MuioAbZTAf6dvvSSAQGD2MapdWwnAaboDpjkGQcFx0bpI8pjWk7v
-----END CERTIFICATE-----