Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cd/6c5331-dc1b-4f8c-9d3d-28bf1d33aa90/1/S8w484i2So0upLimT4DivXMFWTc.roa
File:                     S8w484i2So0upLimT4DivXMFWTc.roa (raw, json)
Hash identifier:          Xwh1nJvihxD2+JIu0EcE5o1EcOXEFkB9P4xQdM683xQ=
Subject key identifier:   4B:CC:38:F3:88:B6:4A:8D:2E:A4:B8:A6:4F:80:E2:BD:73:05:59:37
Certificate issuer:       /CN=4645c9c58d5a4999b5dce9e070d32f488e331f52
Certificate serial:       0194228E13A191DF8F20076D00A00F652A1A
Authority key identifier: 46:45:C9:C5:8D:5A:49:99:B5:DC:E9:E0:70:D3:2F:48:8E:33:1F:52
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RkXJxY1aSZm13OngcNMvSI4zH1I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cd/6c5331-dc1b-4f8c-9d3d-28bf1d33aa90/1/S8w484i2So0upLimT4DivXMFWTc.roa
Signing time:             Wed 01 Jan 2025 15:48:43 +0000
ROA not before:           Wed 01 Jan 2025 15:48:43 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215160
IP address blocks:        185.18.224.0/23 maxlen: 24
                          185.18.224.0/24 maxlen: 24
                          185.18.225.0/24 maxlen: 24
                          2a14:3540::/32 maxlen: 64
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cd/6c5331-dc1b-4f8c-9d3d-28bf1d33aa90/1/RkXJxY1aSZm13OngcNMvSI4zH1I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cd/6c5331-dc1b-4f8c-9d3d-28bf1d33aa90/1/RkXJxY1aSZm13OngcNMvSI4zH1I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RkXJxY1aSZm13OngcNMvSI4zH1I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 18 Apr 2025 16:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:8e:13:a1:91:df:8f:20:07:6d:00:a0:0f:65:2a:1a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4645c9c58d5a4999b5dce9e070d32f488e331f52
        Validity
            Not Before: Jan  1 15:48:43 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4bcc38f388b64a8d2ea4b8a64f80e2bd73055937
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:07:61:d5:58:11:4e:41:ac:3c:ff:00:b7:31:
                    cd:b8:da:6c:18:f4:17:af:1b:4c:65:a8:80:58:96:
                    d1:6d:9c:66:31:37:21:c4:6f:6a:43:5b:35:ee:49:
                    0d:ac:3b:25:d3:71:bb:bb:94:7c:56:da:da:15:09:
                    61:2b:f1:6e:98:3d:86:f6:a2:b7:83:5b:f4:38:90:
                    f3:35:42:53:2d:74:18:fd:cf:80:85:72:3d:eb:38:
                    5c:ba:0e:36:72:2c:95:36:66:96:92:32:6c:e6:47:
                    22:4c:1e:60:a1:bf:90:20:bd:50:de:5e:82:2a:a5:
                    ae:1a:14:09:43:89:6e:a1:3a:cb:61:54:17:59:54:
                    19:d8:0d:b1:e0:b2:e5:4f:b0:b7:7a:89:2a:55:97:
                    4c:00:f9:30:df:1d:a1:34:c9:29:cb:4b:c6:ca:ea:
                    5c:f5:a0:5c:80:68:34:67:4a:57:0a:fa:2a:ff:f3:
                    f9:34:5d:a3:e8:51:27:1a:12:19:22:e0:9f:20:60:
                    73:6c:dd:71:eb:be:b1:e5:6d:e6:d1:7e:ea:db:6f:
                    7a:56:bd:d0:62:74:41:86:38:82:55:d9:3c:52:72:
                    e3:e6:de:b6:ab:38:36:a5:c3:38:1f:73:3f:0b:0f:
                    2d:e6:ba:99:71:b8:30:1f:55:c6:59:60:23:55:0b:
                    5a:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4B:CC:38:F3:88:B6:4A:8D:2E:A4:B8:A6:4F:80:E2:BD:73:05:59:37
            X509v3 Authority Key Identifier:
                keyid:46:45:C9:C5:8D:5A:49:99:B5:DC:E9:E0:70:D3:2F:48:8E:33:1F:52

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RkXJxY1aSZm13OngcNMvSI4zH1I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cd/6c5331-dc1b-4f8c-9d3d-28bf1d33aa90/1/S8w484i2So0upLimT4DivXMFWTc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cd/6c5331-dc1b-4f8c-9d3d-28bf1d33aa90/1/RkXJxY1aSZm13OngcNMvSI4zH1I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.18.224.0/23
                IPv6:
                  2a14:3540::/32

    Signature Algorithm: sha256WithRSAEncryption
         93:b5:ef:08:66:0a:0e:69:6c:f9:80:10:3e:ef:50:56:45:ae:
         3c:d8:98:7d:3e:a1:87:2e:cd:3d:b7:f5:68:5a:b9:2b:7a:0e:
         1f:ae:49:7c:43:ce:f8:b4:7d:6c:78:68:0c:ca:0b:30:67:8b:
         68:45:01:a9:7e:ce:84:e8:36:87:c5:a4:4a:b4:9e:97:ee:c9:
         75:0a:ba:62:56:6a:b5:9b:d8:af:7e:49:9b:c6:a7:c1:6b:e9:
         ed:ff:13:15:9e:cc:80:d2:42:6f:b1:ef:3d:0b:5f:e2:84:b5:
         d4:37:c8:83:11:38:d2:41:ed:cf:21:82:94:d6:ca:9b:11:55:
         77:6c:2b:e5:ef:39:8e:71:f9:1c:bf:88:db:15:1d:9e:15:01:
         38:77:68:c6:39:cc:30:8b:be:b3:c4:a1:ef:3a:93:97:cf:d5:
         a0:d8:8f:60:6d:8a:ac:51:ef:d7:5e:57:20:c3:1c:f1:69:bd:
         b0:53:86:bb:49:3d:f3:63:23:d4:b4:13:5f:c3:9c:d7:cd:16:
         9e:ee:9b:1b:58:b1:f9:3c:86:3a:0b:75:11:31:6f:8c:61:1c:
         f4:6d:b4:68:f7:fc:99:aa:4e:39:3a:82:d1:17:e3:1d:a3:d2:
         ee:b4:9c:7d:ac:60:85:cd:10:5a:bb:cd:2b:e9:89:3c:77:3b:
         4a:2f:b1:3b
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQijhOhkd+PIAdtAKAPZSoaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ2NDVjOWM1OGQ1YTQ5OTliNWRjZTllMDcwZDMyZjQ4OGUz
MzFmNTIwHhcNMjUwMTAxMTU0ODQzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YmNjMzhmMzg4YjY0YThkMmVhNGI4YTY0ZjgwZTJiZDczMDU1OTM3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoQdh1VgRTkGsPP8AtzHNuNpsGPQX
rxtMZaiAWJbRbZxmMTchxG9qQ1s17kkNrDsl03G7u5R8VtraFQlhK/FumD2G9qK3
g1v0OJDzNUJTLXQY/c+AhXI96zhcug42ciyVNmaWkjJs5kciTB5gob+QIL1Q3l6C
KqWuGhQJQ4luoTrLYVQXWVQZ2A2x4LLlT7C3eokqVZdMAPkw3x2hNMkpy0vGyupc
9aBcgGg0Z0pXCvoq//P5NF2j6FEnGhIZIuCfIGBzbN1x676x5W3m0X7q2296Vr3Q
YnRBhjiCVdk8UnLj5t62qzg2pcM4H3M/Cw8t5rqZcbgwH1XGWWAjVQtavwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFEvMOPOItkqNLqS4pk+A4r1zBVk3MB8GA1UdIwQY
MBaAFEZFycWNWkmZtdzp4HDTL0iOMx9SMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUmtYSnhZMWFTWm0xM09uZ2NOTXZTSTR6SDFJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZC82YzUzMzEtZGMxYi00ZjhjLTlkM2Qt
MjhiZjFkMzNhYTkwLzEvUzh3NDg0aTJTbzB1cExpbVQ0RGl2WE1GV1RjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZC82YzUzMzEtZGMxYi00ZjhjLTlkM2QtMjhiZjFkMzNhYTkw
LzEvUmtYSnhZMWFTWm0xM09uZ2NOTXZTSTR6SDFJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQBuRLgMA0E
AgACMAcDBQAqFDVAMA0GCSqGSIb3DQEBCwUAA4IBAQCTte8IZgoOaWz5gBA+71BW
Ra482Jh9PqGHLs09t/VoWrkreg4frkl8Q874tH1seGgMygswZ4toRQGpfs6E6DaH
xaRKtJ6X7sl1CrpiVmq1m9ivfkmbxqfBa+nt/xMVnsyA0kJvse89C1/ihLXUN8iD
ETjSQe3PIYKU1sqbEVV3bCvl7zmOcfkcv4jbFR2eFQE4d2jGOcwwi76zxKHvOpOX
z9Wg2I9gbYqsUe/XXlcgwxzxab2wU4a7ST3zYyPUtBNfw5zXzRae7psbWLH5PIY6
C3URMW+MYRz0bbRo9/yZqk45OoLRF+Mdo9LutJx9rGCFzRBau80r6Yk8dztKL7E7
-----END CERTIFICATE-----