Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/s_sfe0PwpYYFQ6HtLR5YzbGsYe8.roa
File:                     s_sfe0PwpYYFQ6HtLR5YzbGsYe8.roa (raw, json)
Hash identifier:          Q4EHED4zem9TjQrfPSu31rh8tUnEGOxod/kov3RZEgM=
Subject key identifier:   B3:FB:1F:7B:43:F0:A5:86:05:43:A1:ED:2D:1E:58:CD:B1:AC:61:EF
Certificate issuer:       /CN=d475fb0934cf6a58dccef110875dbe5e3e8b6b75
Certificate serial:       01941F8CB65722BB7A26A995AD4EB9C48494
Authority key identifier: D4:75:FB:09:34:CF:6A:58:DC:CE:F1:10:87:5D:BE:5E:3E:8B:6B:75
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1HX7CTTPaljczvEQh12-Xj6La3U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/s_sfe0PwpYYFQ6HtLR5YzbGsYe8.roa
Signing time:             Wed 01 Jan 2025 01:48:22 +0000
ROA not before:           Wed 01 Jan 2025 01:48:22 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     200290
IP address blocks:        185.171.104.0/22 maxlen: 24
                          185.251.212.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/1HX7CTTPaljczvEQh12-Xj6La3U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/1HX7CTTPaljczvEQh12-Xj6La3U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1HX7CTTPaljczvEQh12-Xj6La3U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 17 Apr 2025 00:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:8c:b6:57:22:bb:7a:26:a9:95:ad:4e:b9:c4:84:94
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d475fb0934cf6a58dccef110875dbe5e3e8b6b75
        Validity
            Not Before: Jan  1 01:48:22 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b3fb1f7b43f0a5860543a1ed2d1e58cdb1ac61ef
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:a4:05:1b:27:c4:fc:15:57:02:81:c8:1d:57:
                    5a:b1:4c:c0:9a:1d:73:ec:5b:7c:18:8e:d4:0d:26:
                    a4:7d:7a:bf:0a:fd:c9:94:30:de:5e:9a:17:57:b6:
                    d6:29:11:b8:04:f3:32:44:3d:c8:08:bf:e9:9a:d3:
                    ef:4d:46:9c:5b:37:01:c9:98:b2:f3:b5:7e:f3:8b:
                    dd:81:89:68:f5:77:47:61:99:8b:ba:28:d4:de:14:
                    83:fc:c7:ea:b0:4e:9d:d5:3d:85:68:52:6e:4f:f8:
                    b7:2d:57:e2:07:a4:70:ca:16:e3:4d:d1:03:97:14:
                    71:65:48:c6:04:91:40:31:b5:08:14:4f:f0:b8:a2:
                    3e:57:1b:01:45:bf:74:8a:19:88:89:87:95:30:91:
                    5f:2f:6e:5c:8f:d9:2c:68:8f:c3:72:66:fb:90:bb:
                    21:f5:9d:58:ca:39:af:c9:1a:aa:ec:dc:c2:a0:e5:
                    94:fb:29:e2:dd:90:06:4e:f1:10:66:d8:10:fd:e7:
                    f4:84:24:f9:1d:83:4e:cc:e4:d8:2b:10:c3:c3:bf:
                    fb:c2:31:0a:d1:b6:bb:22:c3:fd:e6:d0:96:33:0b:
                    98:ec:ea:36:15:95:9b:16:60:3b:7a:e1:b4:a9:a7:
                    4a:03:4f:ca:a1:5a:3b:88:17:1c:d3:38:35:ef:1b:
                    5a:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B3:FB:1F:7B:43:F0:A5:86:05:43:A1:ED:2D:1E:58:CD:B1:AC:61:EF
            X509v3 Authority Key Identifier:
                keyid:D4:75:FB:09:34:CF:6A:58:DC:CE:F1:10:87:5D:BE:5E:3E:8B:6B:75

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1HX7CTTPaljczvEQh12-Xj6La3U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/s_sfe0PwpYYFQ6HtLR5YzbGsYe8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/1HX7CTTPaljczvEQh12-Xj6La3U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.171.104.0/22
                  185.251.212.0/22

    Signature Algorithm: sha256WithRSAEncryption
         a2:09:ee:2d:73:0d:3b:d5:ba:0a:5d:64:2d:3b:2d:da:8d:fa:
         7e:e8:f5:9e:e8:96:fb:16:cc:a3:44:91:74:d3:e8:9d:d3:d4:
         a0:94:46:6e:7c:98:90:a5:08:40:df:4c:99:34:10:40:72:e9:
         5d:7a:ed:f1:e8:49:94:d0:a3:89:4f:3d:a8:cd:69:19:50:98:
         3b:6a:b7:86:f8:f2:85:68:4a:f6:2f:c0:15:61:d5:9e:59:f6:
         e0:cf:ca:b3:ec:e1:c6:b9:9c:8d:a3:8e:9b:a9:74:ba:c7:f6:
         cd:4b:aa:ca:a8:66:51:e5:bf:1e:79:a5:e1:ca:5d:12:5d:07:
         fa:a6:84:a7:b2:35:9d:6d:be:fc:69:6a:3b:80:20:d3:e7:88:
         94:67:8d:a6:0c:50:63:c9:e0:fb:67:52:f9:eb:ec:a2:71:d5:
         5a:fd:5e:3c:a8:8c:9f:d4:a4:4d:21:52:49:3e:82:81:bc:a4:
         1f:59:7d:a5:ef:ec:59:e3:42:1c:19:09:75:d6:2c:78:01:b4:
         82:57:0c:d4:8a:6d:0a:d5:c5:b3:dc:6b:45:b1:0f:32:9c:c9:
         85:72:04:3b:7c:e9:28:ff:62:aa:ab:82:ca:47:85:3a:06:20:
         c5:78:19:52:0a:8e:17:84:08:c6:70:40:a9:36:67:35:d2:b4:
         88:c6:12:a7
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQfjLZXIrt6JqmVrU65xISUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ0NzVmYjA5MzRjZjZhNThkY2NlZjExMDg3NWRiZTVlM2U4
YjZiNzUwHhcNMjUwMTAxMDE0ODIyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiM2ZiMWY3YjQzZjBhNTg2MDU0M2ExZWQyZDFlNThjZGIxYWM2MWVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi6QFGyfE/BVXAoHIHVdasUzAmh1z
7Ft8GI7UDSakfXq/Cv3JlDDeXpoXV7bWKRG4BPMyRD3ICL/pmtPvTUacWzcByZiy
87V+84vdgYlo9XdHYZmLuijU3hSD/MfqsE6d1T2FaFJuT/i3LVfiB6RwyhbjTdED
lxRxZUjGBJFAMbUIFE/wuKI+VxsBRb90ihmIiYeVMJFfL25cj9ksaI/Dcmb7kLsh
9Z1YyjmvyRqq7NzCoOWU+yni3ZAGTvEQZtgQ/ef0hCT5HYNOzOTYKxDDw7/7wjEK
0ba7IsP95tCWMwuY7Oo2FZWbFmA7euG0qadKA0/KoVo7iBcc0zg17xtaHQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFLP7H3tD8KWGBUOh7S0eWM2xrGHvMB8GA1UdIwQY
MBaAFNR1+wk0z2pY3M7xEIddvl4+i2t1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMUhYN0NUVFBhbGpjenZFUWgxMi1YajZMYTNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOC9iZmY0YWEtNGYwNy00MTI5LThhZDYt
Yzc5MTRhYjY0MjczLzEvc19zZmUwUHdwWVlGUTZIdExSNVl6YkdzWWU4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOC9iZmY0YWEtNGYwNy00MTI5LThhZDYtYzc5MTRhYjY0Mjcz
LzEvMUhYN0NUVFBhbGpjenZFUWgxMi1YajZMYTNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCuatoAwQC
ufvUMA0GCSqGSIb3DQEBCwUAA4IBAQCiCe4tcw071boKXWQtOy3ajfp+6PWe6Jb7
FsyjRJF00+id09SglEZufJiQpQhA30yZNBBAculdeu3x6EmU0KOJTz2ozWkZUJg7
areG+PKFaEr2L8AVYdWeWfbgz8qz7OHGuZyNo46bqXS6x/bNS6rKqGZR5b8eeaXh
yl0SXQf6poSnsjWdbb78aWo7gCDT54iUZ42mDFBjyeD7Z1L56+yicdVa/V48qIyf
1KRNIVJJPoKBvKQfWX2l7+xZ40IcGQl11ix4AbSCVwzUim0K1cWz3GtFsQ8ynMmF
cgQ7fOko/2Kqq4LKR4U6BiDFeBlSCo4XhAjGcECpNmc10rSIxhKn
-----END CERTIFICATE-----