Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/n0D7QgHWZsopO1EgFVVvK-P6Dwo.roa
File:                     n0D7QgHWZsopO1EgFVVvK-P6Dwo.roa (raw, json)
Hash identifier:          1Tdg8cemFUBIoV4egYbYb5wLjUFGRRBY2gDNWEAljR4=
Subject key identifier:   9F:40:FB:42:01:D6:66:CA:29:3B:51:20:15:55:6F:2B:E3:FA:0F:0A
Certificate issuer:       /CN=d475fb0934cf6a58dccef110875dbe5e3e8b6b75
Certificate serial:       01941F8CBD015FBD46E3EBEB77EC94816D51
Authority key identifier: D4:75:FB:09:34:CF:6A:58:DC:CE:F1:10:87:5D:BE:5E:3E:8B:6B:75
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1HX7CTTPaljczvEQh12-Xj6La3U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/n0D7QgHWZsopO1EgFVVvK-P6Dwo.roa
Signing time:             Wed 01 Jan 2025 01:48:24 +0000
ROA not before:           Wed 01 Jan 2025 01:48:24 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     204464
IP address blocks:        185.248.96.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/1HX7CTTPaljczvEQh12-Xj6La3U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/1HX7CTTPaljczvEQh12-Xj6La3U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1HX7CTTPaljczvEQh12-Xj6La3U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 17 Apr 2025 00:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:8c:bd:01:5f:bd:46:e3:eb:eb:77:ec:94:81:6d:51
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d475fb0934cf6a58dccef110875dbe5e3e8b6b75
        Validity
            Not Before: Jan  1 01:48:24 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9f40fb4201d666ca293b512015556f2be3fa0f0a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e0:4c:3e:46:ab:6c:ba:8a:86:f2:f3:6b:90:cb:
                    84:17:76:2b:16:9e:55:d3:b9:d9:89:0c:b7:db:24:
                    08:b2:4f:f7:81:b1:08:9b:62:bc:64:dd:3b:e1:7b:
                    59:eb:67:d0:dc:d0:53:f0:2b:b3:41:4b:3b:d4:76:
                    aa:26:2f:23:7f:f6:ef:22:37:ce:11:a3:fc:c2:ef:
                    99:99:2b:a7:71:45:58:38:9a:7f:4e:b2:f8:ac:64:
                    d0:97:2d:de:3e:31:53:01:7d:0b:c7:10:aa:d7:ba:
                    80:aa:ea:35:76:3c:7d:fc:a2:dc:0e:ae:15:c0:3b:
                    fd:44:09:be:ed:51:04:21:2c:18:6d:57:4e:28:08:
                    08:82:da:69:4a:af:82:65:cf:e6:7f:a4:12:35:32:
                    84:b5:ff:56:8c:7e:fb:82:d3:17:fd:fc:e0:12:80:
                    48:30:71:e8:1f:e3:45:12:f4:4f:01:5b:7d:db:26:
                    ce:fa:e2:fb:0e:bc:43:cd:fa:b3:9a:69:1d:b1:3e:
                    31:30:9d:05:4b:fe:24:e4:49:01:6b:44:51:1b:16:
                    78:84:6b:9b:c6:58:39:9b:58:39:60:73:3a:05:89:
                    94:8c:01:6c:4a:7d:3c:19:4d:fc:55:ac:ae:06:35:
                    df:2c:a6:b6:bc:14:66:fc:0f:dd:b9:5d:c2:25:f6:
                    e1:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9F:40:FB:42:01:D6:66:CA:29:3B:51:20:15:55:6F:2B:E3:FA:0F:0A
            X509v3 Authority Key Identifier:
                keyid:D4:75:FB:09:34:CF:6A:58:DC:CE:F1:10:87:5D:BE:5E:3E:8B:6B:75

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1HX7CTTPaljczvEQh12-Xj6La3U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/n0D7QgHWZsopO1EgFVVvK-P6Dwo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/1HX7CTTPaljczvEQh12-Xj6La3U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.248.96.0/22

    Signature Algorithm: sha256WithRSAEncryption
         9e:9e:e4:f1:af:55:87:c2:ef:1e:c9:37:e2:27:3f:e7:10:bb:
         90:7b:1d:1b:92:79:89:f6:db:4b:c1:12:39:0f:97:60:29:d8:
         c6:ce:e7:34:59:a5:f9:96:33:bb:c9:18:a6:39:d0:66:20:02:
         10:da:ed:89:f5:a4:75:95:22:15:05:ed:0d:8a:8e:e4:f6:c7:
         36:f8:cb:aa:c4:59:ca:54:8e:6a:3b:71:72:25:fa:a5:70:9a:
         0f:13:cd:6a:09:b8:0d:6b:e9:fd:cd:a6:b6:19:02:25:22:4d:
         59:c8:5a:be:34:82:80:0e:9a:ec:1a:c6:a2:7d:5a:c0:8b:14:
         63:b6:6e:e9:9e:b6:f5:d1:22:1b:38:da:44:81:ce:e2:f4:75:
         bc:d1:3b:f0:c1:ac:81:91:4b:44:c3:4e:ad:84:ed:a2:11:30:
         66:ac:16:be:78:b3:c2:06:b7:64:9d:e2:9f:06:89:6a:4e:ad:
         47:e3:b6:da:69:6c:72:5b:f9:f6:f2:5a:fb:12:8b:96:b4:91:
         e7:19:57:90:a8:dc:a9:1f:ef:29:97:83:e5:c6:eb:47:47:8c:
         53:0b:a4:dd:da:30:fe:13:cc:a5:82:db:1c:b9:75:17:94:75:
         5f:24:9d:c2:7a:5b:ee:62:3f:e6:8b:23:3e:98:81:56:0a:95:
         1d:8a:0d:d4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQfjL0BX71G4+vrd+yUgW1RMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ0NzVmYjA5MzRjZjZhNThkY2NlZjExMDg3NWRiZTVlM2U4
YjZiNzUwHhcNMjUwMTAxMDE0ODI0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZjQwZmI0MjAxZDY2NmNhMjkzYjUxMjAxNTU1NmYyYmUzZmEwZjBhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4Ew+RqtsuoqG8vNrkMuEF3YrFp5V
07nZiQy32yQIsk/3gbEIm2K8ZN074XtZ62fQ3NBT8CuzQUs71HaqJi8jf/bvIjfO
EaP8wu+ZmSuncUVYOJp/TrL4rGTQly3ePjFTAX0LxxCq17qAquo1djx9/KLcDq4V
wDv9RAm+7VEEISwYbVdOKAgIgtppSq+CZc/mf6QSNTKEtf9WjH77gtMX/fzgEoBI
MHHoH+NFEvRPAVt92ybO+uL7DrxDzfqzmmkdsT4xMJ0FS/4k5EkBa0RRGxZ4hGub
xlg5m1g5YHM6BYmUjAFsSn08GU38VayuBjXfLKa2vBRm/A/duV3CJfbhRQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJ9A+0IB1mbKKTtRIBVVbyvj+g8KMB8GA1UdIwQY
MBaAFNR1+wk0z2pY3M7xEIddvl4+i2t1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMUhYN0NUVFBhbGpjenZFUWgxMi1YajZMYTNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOC9iZmY0YWEtNGYwNy00MTI5LThhZDYt
Yzc5MTRhYjY0MjczLzEvbjBEN1FnSFdac29wTzFFZ0ZWVnZLLVA2RHdvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOC9iZmY0YWEtNGYwNy00MTI5LThhZDYtYzc5MTRhYjY0Mjcz
LzEvMUhYN0NUVFBhbGpjenZFUWgxMi1YajZMYTNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCufhgMA0G
CSqGSIb3DQEBCwUAA4IBAQCenuTxr1WHwu8eyTfiJz/nELuQex0bknmJ9ttLwRI5
D5dgKdjGzuc0WaX5ljO7yRimOdBmIAIQ2u2J9aR1lSIVBe0Nio7k9sc2+MuqxFnK
VI5qO3FyJfqlcJoPE81qCbgNa+n9zaa2GQIlIk1ZyFq+NIKADprsGsaifVrAixRj
tm7pnrb10SIbONpEgc7i9HW80TvwwayBkUtEw06thO2iETBmrBa+eLPCBrdkneKf
BolqTq1H47baaWxyW/n28lr7EouWtJHnGVeQqNypH+8pl4PlxutHR4xTC6Td2jD+
E8ylgtscuXUXlHVfJJ3CelvuYj/miyM+mIFWCpUdig3U
-----END CERTIFICATE-----