Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c8/d2b0aa-2636-4eec-a1e3-714d1958b77b/1/K1RXDd41ejHM6gE_h4XPr9eqXqg.roa
File:                     K1RXDd41ejHM6gE_h4XPr9eqXqg.roa (raw, json)
Hash identifier:          HFPOwF7yl1DzvJdGJnqBFfDZ3/PqP2JlTX3PgCcBwh0=
Subject key identifier:   2B:54:57:0D:DE:35:7A:31:CC:EA:01:3F:87:85:CF:AF:D7:AA:5E:A8
Certificate issuer:       /CN=57711f20883a62bc06391ba7b2582ce72b3fe91c
Certificate serial:       019422203D8E3ECD77D2071C72756BAC799A
Authority key identifier: 57:71:1F:20:88:3A:62:BC:06:39:1B:A7:B2:58:2C:E7:2B:3F:E9:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/V3EfIIg6YrwGORunslgs5ys_6Rw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c8/d2b0aa-2636-4eec-a1e3-714d1958b77b/1/K1RXDd41ejHM6gE_h4XPr9eqXqg.roa
Signing time:             Wed 01 Jan 2025 13:48:45 +0000
ROA not before:           Wed 01 Jan 2025 13:48:45 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     205718
IP address blocks:        185.210.20.0/22 maxlen: 22
                          2a09:dd40::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c8/d2b0aa-2636-4eec-a1e3-714d1958b77b/1/V3EfIIg6YrwGORunslgs5ys_6Rw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c8/d2b0aa-2636-4eec-a1e3-714d1958b77b/1/V3EfIIg6YrwGORunslgs5ys_6Rw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/V3EfIIg6YrwGORunslgs5ys_6Rw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 16 Apr 2025 08:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:20:3d:8e:3e:cd:77:d2:07:1c:72:75:6b:ac:79:9a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=57711f20883a62bc06391ba7b2582ce72b3fe91c
        Validity
            Not Before: Jan  1 13:48:45 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=2b54570dde357a31ccea013f8785cfafd7aa5ea8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:de:6c:31:68:ea:3e:73:19:2b:a7:7f:af:4d:36:
                    6e:b3:55:5f:e9:49:5a:86:dd:e1:0b:aa:89:ed:f7:
                    28:83:4c:9f:ae:bf:e2:3c:0b:aa:0c:8a:2f:9d:62:
                    79:c3:82:d4:7d:eb:14:8e:00:14:10:72:65:08:43:
                    44:7a:dc:49:65:e4:4a:46:a6:d9:f8:c0:3f:49:90:
                    2c:31:dd:90:a4:46:2d:49:c4:f5:ce:72:d8:83:63:
                    48:a4:38:10:fd:34:3e:01:cf:f1:fb:b0:c2:1c:60:
                    e4:f8:6f:96:a8:54:09:a4:f1:e9:79:0d:b2:34:46:
                    ef:76:d2:6e:f3:b8:57:4f:11:5a:54:c4:bf:c2:88:
                    04:21:c0:c4:d8:49:93:32:3a:9a:dd:b3:17:18:03:
                    6c:05:eb:db:62:db:f5:42:22:c8:1a:70:ae:9d:0b:
                    e1:3d:fa:1f:91:c5:e1:9a:8c:b9:45:f5:7d:20:77:
                    fb:f6:e7:21:b5:27:d5:42:af:bc:69:c2:ee:b1:d3:
                    c2:0a:0f:05:c8:f3:8b:1e:77:d2:c2:7f:74:af:0f:
                    78:60:81:54:ae:06:25:a5:47:5f:ca:34:4b:8c:b6:
                    59:de:35:fb:91:1f:03:b1:ef:52:81:47:c6:5d:b8:
                    32:12:11:e2:2b:4c:a2:0a:4f:54:d9:95:45:a9:7f:
                    5e:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2B:54:57:0D:DE:35:7A:31:CC:EA:01:3F:87:85:CF:AF:D7:AA:5E:A8
            X509v3 Authority Key Identifier:
                keyid:57:71:1F:20:88:3A:62:BC:06:39:1B:A7:B2:58:2C:E7:2B:3F:E9:1C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/V3EfIIg6YrwGORunslgs5ys_6Rw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/d2b0aa-2636-4eec-a1e3-714d1958b77b/1/K1RXDd41ejHM6gE_h4XPr9eqXqg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/d2b0aa-2636-4eec-a1e3-714d1958b77b/1/V3EfIIg6YrwGORunslgs5ys_6Rw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.210.20.0/22
                IPv6:
                  2a09:dd40::/32

    Signature Algorithm: sha256WithRSAEncryption
         95:45:7e:75:90:9b:61:07:9f:31:3b:99:2c:b5:96:db:a4:e0:
         77:fa:5a:f0:46:a0:60:89:81:5c:12:3c:3d:87:4a:da:70:5a:
         32:18:33:05:9e:85:d6:4f:5a:71:fc:17:c9:94:b0:1d:7b:1a:
         a0:1a:47:d5:66:9b:a1:5c:00:1f:8c:4c:c6:d4:1f:09:ae:f9:
         f4:79:43:31:2c:9c:c3:01:f8:87:35:68:81:0f:59:bb:c2:0c:
         a6:c1:e7:5f:9a:0b:0e:3b:5e:74:74:2b:25:ae:40:32:ce:e6:
         2a:a2:1f:3f:b2:b6:e6:de:d9:63:69:93:d2:68:68:c6:e3:7e:
         66:57:62:e4:46:80:c7:18:43:95:7c:4b:a5:1b:4a:f2:0a:41:
         b1:91:5d:21:62:07:d1:19:32:4d:1b:c5:f3:98:42:fc:f9:d7:
         4a:31:85:d3:fa:e1:ec:a2:3a:4a:13:61:b7:51:e5:4f:ad:5a:
         c5:fd:cb:33:fa:17:05:62:28:45:e2:a6:d2:45:f2:72:d6:6a:
         fb:99:d0:f4:91:bc:19:b2:25:fe:a0:de:2e:33:61:07:a0:bc:
         c3:df:d3:ff:32:f0:56:38:a1:f3:c1:a0:ec:a4:6e:97:e0:9c:
         b5:77:66:82:bf:cf:69:1c:6b:44:07:35:5e:fb:1c:e2:1c:47:
         6f:9a:4a:22
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQiID2OPs130gcccnVrrHmaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU3NzExZjIwODgzYTYyYmMwNjM5MWJhN2IyNTgyY2U3MmIz
ZmU5MWMwHhcNMjUwMTAxMTM0ODQ1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYjU0NTcwZGRlMzU3YTMxY2NlYTAxM2Y4Nzg1Y2ZhZmQ3YWE1ZWE4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3mwxaOo+cxkrp3+vTTZus1Vf6Ula
ht3hC6qJ7fcog0yfrr/iPAuqDIovnWJ5w4LUfesUjgAUEHJlCENEetxJZeRKRqbZ
+MA/SZAsMd2QpEYtScT1znLYg2NIpDgQ/TQ+Ac/x+7DCHGDk+G+WqFQJpPHpeQ2y
NEbvdtJu87hXTxFaVMS/wogEIcDE2EmTMjqa3bMXGANsBevbYtv1QiLIGnCunQvh
PfofkcXhmoy5RfV9IHf79uchtSfVQq+8acLusdPCCg8FyPOLHnfSwn90rw94YIFU
rgYlpUdfyjRLjLZZ3jX7kR8Dse9SgUfGXbgyEhHiK0yiCk9U2ZVFqX9elQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFCtUVw3eNXoxzOoBP4eFz6/Xql6oMB8GA1UdIwQY
MBaAFFdxHyCIOmK8Bjkbp7JYLOcrP+kcMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVjNFZklJZzZZcndHT1J1bnNsZ3M1eXNfNlJ3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOC9kMmIwYWEtMjYzNi00ZWVjLWExZTMt
NzE0ZDE5NThiNzdiLzEvSzFSWERkNDFlakhNNmdFX2g0WFByOWVxWHFnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOC9kMmIwYWEtMjYzNi00ZWVjLWExZTMtNzE0ZDE5NThiNzdi
LzEvVjNFZklJZzZZcndHT1J1bnNsZ3M1eXNfNlJ3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCudIUMA0E
AgACMAcDBQAqCd1AMA0GCSqGSIb3DQEBCwUAA4IBAQCVRX51kJthB58xO5kstZbb
pOB3+lrwRqBgiYFcEjw9h0racFoyGDMFnoXWT1px/BfJlLAdexqgGkfVZpuhXAAf
jEzG1B8Jrvn0eUMxLJzDAfiHNWiBD1m7wgymwedfmgsOO150dCslrkAyzuYqoh8/
srbm3tljaZPSaGjG435mV2LkRoDHGEOVfEulG0ryCkGxkV0hYgfRGTJNG8XzmEL8
+ddKMYXT+uHsojpKE2G3UeVPrVrF/csz+hcFYihF4qbSRfJy1mr7mdD0kbwZsiX+
oN4uM2EHoLzD39P/MvBWOKHzwaDspG6X4Jy1d2aCv89pHGtEBzVe+xziHEdvmkoi
-----END CERTIFICATE-----