Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cc/4656f7-0054-48d4-961a-6dbdec51168d/1/FGv164p9oNmasj4tz9FMT-yTJe8.roa
File:                     FGv164p9oNmasj4tz9FMT-yTJe8.roa (raw, json)
Hash identifier:          2RdxitfGw59b2KF3BO+RbESKDdD8hgmB641at2eVQlk=
Subject key identifier:   14:6B:F5:EB:8A:7D:A0:D9:9A:B2:3E:2D:CF:D1:4C:4F:EC:93:25:EF
Certificate issuer:       /CN=a1d9b35bc3e9f2493c64d06f5b2d4a99c5f251e9
Certificate serial:       019420D601BE11BA8DE8A17C518DC8BA695B
Authority key identifier: A1:D9:B3:5B:C3:E9:F2:49:3C:64:D0:6F:5B:2D:4A:99:C5:F2:51:E9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/odmzW8Pp8kk8ZNBvWy1KmcXyUek.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cc/4656f7-0054-48d4-961a-6dbdec51168d/1/FGv164p9oNmasj4tz9FMT-yTJe8.roa
Signing time:             Wed 01 Jan 2025 07:48:03 +0000
ROA not before:           Wed 01 Jan 2025 07:48:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     39934
IP address blocks:        185.224.4.0/24 maxlen: 24
                          185.224.5.0/24 maxlen: 24
                          185.224.6.0/24 maxlen: 24
                          185.224.7.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cc/4656f7-0054-48d4-961a-6dbdec51168d/1/odmzW8Pp8kk8ZNBvWy1KmcXyUek.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cc/4656f7-0054-48d4-961a-6dbdec51168d/1/odmzW8Pp8kk8ZNBvWy1KmcXyUek.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/odmzW8Pp8kk8ZNBvWy1KmcXyUek.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:d6:01:be:11:ba:8d:e8:a1:7c:51:8d:c8:ba:69:5b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a1d9b35bc3e9f2493c64d06f5b2d4a99c5f251e9
        Validity
            Not Before: Jan  1 07:48:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=146bf5eb8a7da0d99ab23e2dcfd14c4fec9325ef
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:73:21:68:1c:27:f0:9e:dd:6e:e3:0b:1b:9b:
                    37:b4:74:d7:8b:0d:89:3e:89:cf:f2:9b:6e:0c:da:
                    21:82:a6:7b:8e:62:e6:21:42:88:a0:a4:c6:93:32:
                    95:10:b0:22:cc:65:09:90:67:59:a1:14:7e:cd:df:
                    49:07:b2:96:75:4b:80:7c:91:75:64:47:d2:9e:ec:
                    38:4f:f7:12:d1:23:b7:c9:c3:df:62:09:43:bd:ac:
                    85:e6:59:01:9c:1b:92:03:a1:e2:be:21:35:ad:12:
                    a5:23:f0:ab:1a:d0:90:75:ce:05:55:78:14:52:68:
                    17:88:7f:62:5e:9a:91:23:ab:6b:dc:bb:a5:cf:3b:
                    fb:0c:c4:96:2b:b3:8a:70:1f:3a:4f:0e:41:74:12:
                    b1:35:40:1c:3f:43:91:96:00:f7:52:fc:f3:91:16:
                    c5:07:f7:93:91:c4:bc:51:26:a7:8e:bd:77:bf:aa:
                    b5:b7:99:99:9c:e0:47:42:ba:9e:5a:26:2b:6c:e6:
                    56:96:48:9e:9e:8a:9b:03:01:05:4b:47:09:3d:e7:
                    85:8e:f6:01:dc:05:14:93:b1:4a:6d:c8:b9:8f:8d:
                    4d:fa:18:6b:27:17:c3:0e:29:65:05:67:35:72:e7:
                    15:52:aa:0c:3a:9b:fd:d7:ab:46:c5:4f:78:da:04:
                    f7:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                14:6B:F5:EB:8A:7D:A0:D9:9A:B2:3E:2D:CF:D1:4C:4F:EC:93:25:EF
            X509v3 Authority Key Identifier:
                keyid:A1:D9:B3:5B:C3:E9:F2:49:3C:64:D0:6F:5B:2D:4A:99:C5:F2:51:E9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/odmzW8Pp8kk8ZNBvWy1KmcXyUek.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cc/4656f7-0054-48d4-961a-6dbdec51168d/1/FGv164p9oNmasj4tz9FMT-yTJe8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cc/4656f7-0054-48d4-961a-6dbdec51168d/1/odmzW8Pp8kk8ZNBvWy1KmcXyUek.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.224.4.0/22

    Signature Algorithm: sha256WithRSAEncryption
         1f:a9:2f:02:1a:b6:29:35:b9:3c:bb:a3:51:e1:02:db:1f:bd:
         38:30:52:65:d8:61:7d:2d:9b:f5:43:82:12:23:2b:6d:65:53:
         93:c1:10:39:0e:29:ec:9b:da:74:20:fb:51:a9:6d:e2:99:61:
         6e:79:a1:b9:59:72:e1:e3:a0:ff:f2:09:b7:31:57:80:17:f9:
         95:81:ae:91:db:27:52:24:01:c9:70:a1:9b:eb:b8:60:44:f7:
         78:54:ff:78:34:bc:4b:0a:9f:79:be:80:85:94:80:de:6d:df:
         26:e4:82:69:27:f9:ca:6c:15:c7:32:81:e7:3d:36:31:45:91:
         b1:ba:fa:e2:42:68:bc:1f:e4:af:e7:b6:74:1c:65:8b:23:59:
         b6:83:cb:36:5d:dd:ff:42:45:ad:5c:d3:a0:e8:6d:d9:4c:64:
         37:55:70:70:01:9b:29:a8:55:5f:24:94:ef:dd:83:f4:6d:49:
         a3:a8:43:8a:7b:9b:8d:8e:40:82:3d:d1:fd:79:02:f8:f9:5b:
         1b:2a:e0:9f:80:3c:bb:be:91:47:85:80:82:b8:44:77:a3:78:
         7b:29:a1:68:f7:89:61:77:62:eb:e9:49:23:15:a9:59:1a:ec:
         27:58:1a:41:d5:51:aa:6e:da:fa:1e:8d:5a:52:f2:97:79:77:
         e9:6a:f7:2e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQg1gG+EbqN6KF8UY3IumlbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGExZDliMzViYzNlOWYyNDkzYzY0ZDA2ZjViMmQ0YTk5YzVm
MjUxZTkwHhcNMjUwMTAxMDc0ODAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNDZiZjVlYjhhN2RhMGQ5OWFiMjNlMmRjZmQxNGM0ZmVjOTMyNWVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAinMhaBwn8J7dbuMLG5s3tHTXiw2J
PonP8ptuDNohgqZ7jmLmIUKIoKTGkzKVELAizGUJkGdZoRR+zd9JB7KWdUuAfJF1
ZEfSnuw4T/cS0SO3ycPfYglDvayF5lkBnBuSA6HiviE1rRKlI/CrGtCQdc4FVXgU
UmgXiH9iXpqRI6tr3Lulzzv7DMSWK7OKcB86Tw5BdBKxNUAcP0ORlgD3UvzzkRbF
B/eTkcS8USanjr13v6q1t5mZnOBHQrqeWiYrbOZWlkienoqbAwEFS0cJPeeFjvYB
3AUUk7FKbci5j41N+hhrJxfDDillBWc1cucVUqoMOpv916tGxU942gT32wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBRr9euKfaDZmrI+Lc/RTE/skyXvMB8GA1UdIwQY
MBaAFKHZs1vD6fJJPGTQb1stSpnF8lHpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb2Rtelc4UHA4a2s4Wk5Cdld5MUttY1h5VWVrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYy80NjU2ZjctMDA1NC00OGQ0LTk2MWEt
NmRiZGVjNTExNjhkLzEvRkd2MTY0cDlvTm1hc2o0dHo5Rk1ULXlUSmU4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYy80NjU2ZjctMDA1NC00OGQ0LTk2MWEtNmRiZGVjNTExNjhk
LzEvb2Rtelc4UHA4a2s4Wk5Cdld5MUttY1h5VWVrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCueAEMA0G
CSqGSIb3DQEBCwUAA4IBAQAfqS8CGrYpNbk8u6NR4QLbH704MFJl2GF9LZv1Q4IS
IyttZVOTwRA5Dinsm9p0IPtRqW3imWFueaG5WXLh46D/8gm3MVeAF/mVga6R2ydS
JAHJcKGb67hgRPd4VP94NLxLCp95voCFlIDebd8m5IJpJ/nKbBXHMoHnPTYxRZGx
uvriQmi8H+Sv57Z0HGWLI1m2g8s2Xd3/QkWtXNOg6G3ZTGQ3VXBwAZspqFVfJJTv
3YP0bUmjqEOKe5uNjkCCPdH9eQL4+VsbKuCfgDy7vpFHhYCCuER3o3h7KaFo94lh
d2Lr6UkjFalZGuwnWBpB1VGqbtr6Ho1aUvKXeXfpavcu
-----END CERTIFICATE-----