Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cb/a4bdf7-2579-4bd0-8a93-224fd78ef827/1/hKI1gIRkFSpeDRxr6Gy5U-0E8bg.roa
File:                     hKI1gIRkFSpeDRxr6Gy5U-0E8bg.roa (raw, json)
Hash identifier:          wtwNxYOC1NaLQTBIVmgD52Go7NqEorx1g4IWXnECaeA=
Subject key identifier:   84:A2:35:80:84:64:15:2A:5E:0D:1C:6B:E8:6C:B9:53:ED:04:F1:B8
Certificate issuer:       /CN=c115b327e84761685022f47328d6f4cbd6d3041e
Certificate serial:       019424456021DF832829A9C116769EA1885C
Authority key identifier: C1:15:B3:27:E8:47:61:68:50:22:F4:73:28:D6:F4:CB:D6:D3:04:1E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wRWzJ-hHYWhQIvRzKNb0y9bTBB4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cb/a4bdf7-2579-4bd0-8a93-224fd78ef827/1/hKI1gIRkFSpeDRxr6Gy5U-0E8bg.roa
Signing time:             Wed 01 Jan 2025 23:48:33 +0000
ROA not before:           Wed 01 Jan 2025 23:48:33 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212714
IP address blocks:        185.152.172.0/22 maxlen: 24
                          2a11:180::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cb/a4bdf7-2579-4bd0-8a93-224fd78ef827/1/wRWzJ-hHYWhQIvRzKNb0y9bTBB4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cb/a4bdf7-2579-4bd0-8a93-224fd78ef827/1/wRWzJ-hHYWhQIvRzKNb0y9bTBB4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wRWzJ-hHYWhQIvRzKNb0y9bTBB4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:45:60:21:df:83:28:29:a9:c1:16:76:9e:a1:88:5c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c115b327e84761685022f47328d6f4cbd6d3041e
        Validity
            Not Before: Jan  1 23:48:33 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=84a235808464152a5e0d1c6be86cb953ed04f1b8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:02:e4:54:d6:f3:6d:cb:3e:17:68:ed:b7:96:
                    6d:cc:76:14:c6:8e:00:16:fa:62:16:c6:d1:9d:17:
                    90:17:af:03:0c:96:da:a1:45:f5:93:e5:d7:ad:f4:
                    bc:1f:5b:be:16:88:98:20:d1:8f:bf:81:b8:87:3f:
                    d0:79:9a:ae:45:14:43:63:0e:15:f5:91:05:7e:db:
                    b7:54:eb:e2:3e:fd:28:33:cd:5a:7d:9b:90:cc:d3:
                    aa:37:f5:25:81:18:7c:a6:17:4e:43:4d:ff:13:01:
                    f6:9c:9a:e5:db:69:25:ef:a7:58:83:0d:3b:c0:b2:
                    05:c2:75:9c:9b:45:2a:79:da:37:da:07:ad:ec:e6:
                    d3:2b:a9:be:4c:b1:8f:ca:fc:92:7f:ba:e9:43:dd:
                    ba:54:50:1a:ba:7d:a2:3b:7f:ad:05:66:63:70:4f:
                    f9:cc:a5:5b:25:cc:10:9c:1b:9a:d4:a4:9e:f7:e7:
                    4f:94:1c:0d:74:d3:31:e3:c3:7e:7f:2d:a6:ed:fb:
                    f7:c6:14:b2:51:0e:fb:d9:76:1c:bf:4d:ba:09:3d:
                    3a:c5:ff:a8:11:a2:cb:e7:be:fb:38:a1:23:3a:ad:
                    44:b0:a5:33:b6:06:a9:c2:ec:14:8f:61:55:85:4f:
                    49:9c:e7:a1:95:81:4e:2f:c7:81:1c:e7:1d:ca:2e:
                    7a:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                84:A2:35:80:84:64:15:2A:5E:0D:1C:6B:E8:6C:B9:53:ED:04:F1:B8
            X509v3 Authority Key Identifier:
                keyid:C1:15:B3:27:E8:47:61:68:50:22:F4:73:28:D6:F4:CB:D6:D3:04:1E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wRWzJ-hHYWhQIvRzKNb0y9bTBB4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cb/a4bdf7-2579-4bd0-8a93-224fd78ef827/1/hKI1gIRkFSpeDRxr6Gy5U-0E8bg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cb/a4bdf7-2579-4bd0-8a93-224fd78ef827/1/wRWzJ-hHYWhQIvRzKNb0y9bTBB4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.152.172.0/22
                IPv6:
                  2a11:180::/29

    Signature Algorithm: sha256WithRSAEncryption
         11:61:c0:21:14:b8:63:29:89:cc:04:bb:c5:02:82:64:fe:06:
         90:b7:a4:dc:1e:b3:7f:3b:6c:15:a8:ae:2f:33:9b:a1:93:cf:
         e7:57:1f:2a:4b:7d:3e:e1:49:dc:66:2a:e0:86:aa:f8:7e:3a:
         96:c5:96:64:72:fd:a6:ff:57:3c:e4:d8:f4:7d:be:10:b0:0c:
         30:47:5c:36:eb:90:ac:90:be:46:73:60:b4:00:00:c1:48:4d:
         ca:32:69:6f:53:b9:30:f6:a9:8a:c5:fa:f3:38:db:23:91:aa:
         20:3e:0f:02:24:14:15:00:0b:be:d6:7f:76:70:47:ca:41:d0:
         50:84:37:d5:4a:fb:f3:d0:be:58:f5:0d:be:9f:c5:a4:bd:c1:
         86:81:05:b7:fb:cb:e7:42:2d:e0:34:b5:89:6b:99:14:ac:74:
         f4:11:3d:82:0d:05:c7:df:2f:ae:df:5a:28:aa:82:56:0f:54:
         34:25:d1:fe:40:0a:8c:54:20:f6:14:22:20:ea:95:99:a1:96:
         79:7e:0c:11:59:fc:de:af:f7:82:f3:b8:fb:e5:dd:9e:3f:4d:
         dd:83:29:e3:7d:66:97:5f:17:02:ec:bd:47:1b:b5:87:56:e6:
         a2:07:46:45:6e:99:2e:5d:60:ff:f2:20:1c:88:03:6d:8f:69:
         53:f9:9c:95
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQkRWAh34MoKanBFnaeoYhcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMxMTViMzI3ZTg0NzYxNjg1MDIyZjQ3MzI4ZDZmNGNiZDZk
MzA0MWUwHhcNMjUwMTAxMjM0ODMzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NGEyMzU4MDg0NjQxNTJhNWUwZDFjNmJlODZjYjk1M2VkMDRmMWI4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0ALkVNbzbcs+F2jtt5ZtzHYUxo4A
FvpiFsbRnReQF68DDJbaoUX1k+XXrfS8H1u+FoiYINGPv4G4hz/QeZquRRRDYw4V
9ZEFftu3VOviPv0oM81afZuQzNOqN/UlgRh8phdOQ03/EwH2nJrl22kl76dYgw07
wLIFwnWcm0Uqedo32get7ObTK6m+TLGPyvySf7rpQ926VFAaun2iO3+tBWZjcE/5
zKVbJcwQnBua1KSe9+dPlBwNdNMx48N+fy2m7fv3xhSyUQ772XYcv026CT06xf+o
EaLL5777OKEjOq1EsKUztgapwuwUj2FVhU9JnOehlYFOL8eBHOcdyi56zQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFISiNYCEZBUqXg0ca+hsuVPtBPG4MB8GA1UdIwQY
MBaAFMEVsyfoR2FoUCL0cyjW9MvW0wQeMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd1JXekotaEhZV2hRSXZSektOYjB5OWJUQkI0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYi9hNGJkZjctMjU3OS00YmQwLThhOTMt
MjI0ZmQ3OGVmODI3LzEvaEtJMWdJUmtGU3BlRFJ4cjZHeTVVLTBFOGJnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYi9hNGJkZjctMjU3OS00YmQwLThhOTMtMjI0ZmQ3OGVmODI3
LzEvd1JXekotaEhZV2hRSXZSektOYjB5OWJUQkI0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuZisMA0E
AgACMAcDBQMqEQGAMA0GCSqGSIb3DQEBCwUAA4IBAQARYcAhFLhjKYnMBLvFAoJk
/gaQt6TcHrN/O2wVqK4vM5uhk8/nVx8qS30+4UncZirghqr4fjqWxZZkcv2m/1c8
5Nj0fb4QsAwwR1w265CskL5Gc2C0AADBSE3KMmlvU7kw9qmKxfrzONsjkaogPg8C
JBQVAAu+1n92cEfKQdBQhDfVSvvz0L5Y9Q2+n8WkvcGGgQW3+8vnQi3gNLWJa5kU
rHT0ET2CDQXH3y+u31ooqoJWD1Q0JdH+QAqMVCD2FCIg6pWZoZZ5fgwRWfzer/eC
87j75d2eP03dgynjfWaXXxcC7L1HG7WHVuaiB0ZFbpkuXWD/8iAciANtj2lT+ZyV
-----END CERTIFICATE-----