Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cf/5bc1cc-d02c-48ee-9935-023b6c0793f1/1/_A233dG0OsivwYkQExiSR967RqA.roa
File:                     _A233dG0OsivwYkQExiSR967RqA.roa (raw, json)
Hash identifier:          W1a0C5qkdasTQfph8n3hvMTYG6/PIGL4cSCJYs2ipZU=
Subject key identifier:   FC:0D:B7:DD:D1:B4:3A:C8:AF:C1:89:10:13:18:92:47:DE:BB:46:A0
Certificate issuer:       /CN=1fa8ac37f9695169627f75e098963396de9638cc
Certificate serial:       01961722174889C8DBE6DB4DC306AD04F859
Authority key identifier: 1F:A8:AC:37:F9:69:51:69:62:7F:75:E0:98:96:33:96:DE:96:38:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/H6isN_lpUWlif3XgmJYzlt6WOMw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cf/5bc1cc-d02c-48ee-9935-023b6c0793f1/1/_A233dG0OsivwYkQExiSR967RqA.roa
Signing time:             Tue 08 Apr 2025 20:40:32 +0000
ROA not before:           Tue 08 Apr 2025 20:40:32 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     43016
IP address blocks:        146.66.28.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cf/5bc1cc-d02c-48ee-9935-023b6c0793f1/1/H6isN_lpUWlif3XgmJYzlt6WOMw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cf/5bc1cc-d02c-48ee-9935-023b6c0793f1/1/H6isN_lpUWlif3XgmJYzlt6WOMw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/H6isN_lpUWlif3XgmJYzlt6WOMw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 18 Apr 2025 07:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:17:22:17:48:89:c8:db:e6:db:4d:c3:06:ad:04:f8:59
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1fa8ac37f9695169627f75e098963396de9638cc
        Validity
            Not Before: Apr  8 20:40:32 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=fc0db7ddd1b43ac8afc1891013189247debb46a0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:b6:cd:21:2d:fa:fd:f0:26:6e:a2:2f:6b:1a:
                    b6:d0:3b:3e:e8:54:f3:38:1e:22:3d:48:6a:b8:bf:
                    8d:78:2e:d5:4e:c0:d5:de:cb:7e:59:1c:c8:7d:e6:
                    53:8b:1a:e4:a3:43:96:4e:8b:c3:68:2f:08:cf:25:
                    13:d3:6b:b9:d0:8c:ac:84:10:88:c1:90:a8:3d:05:
                    52:87:01:0b:f0:07:ba:17:9f:b1:f7:09:30:83:10:
                    1b:74:69:94:52:0d:68:68:6e:4b:ce:71:7e:f9:23:
                    25:d8:0d:cc:10:a3:cd:23:74:bd:1b:d5:8f:17:75:
                    56:8a:7a:4b:d5:47:63:57:c6:cf:1a:05:d8:89:9f:
                    5b:2f:c2:ff:78:3f:c9:f1:30:59:ef:61:f8:ed:80:
                    03:66:05:f9:d0:7e:51:dd:57:f1:7b:04:1a:7c:e9:
                    bb:bb:2b:f2:46:42:0f:fe:3b:b7:16:15:91:93:ae:
                    63:39:d1:c9:f8:c7:19:86:54:48:bb:54:65:8d:10:
                    db:3e:02:48:5f:22:36:0c:86:8a:50:1c:de:f7:61:
                    fa:c2:92:91:a9:f2:ed:fa:73:57:32:f6:b2:03:cf:
                    bf:b1:18:7d:e4:15:5b:00:5c:b3:c7:4b:e6:a4:fa:
                    da:98:be:d9:e4:aa:59:76:5b:df:4b:d2:e7:60:37:
                    99:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FC:0D:B7:DD:D1:B4:3A:C8:AF:C1:89:10:13:18:92:47:DE:BB:46:A0
            X509v3 Authority Key Identifier:
                keyid:1F:A8:AC:37:F9:69:51:69:62:7F:75:E0:98:96:33:96:DE:96:38:CC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/H6isN_lpUWlif3XgmJYzlt6WOMw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cf/5bc1cc-d02c-48ee-9935-023b6c0793f1/1/_A233dG0OsivwYkQExiSR967RqA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cf/5bc1cc-d02c-48ee-9935-023b6c0793f1/1/H6isN_lpUWlif3XgmJYzlt6WOMw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  146.66.28.0/22

    Signature Algorithm: sha256WithRSAEncryption
         d1:ae:aa:dd:e5:7a:95:3d:92:c3:22:bd:cf:dc:33:d0:8c:a3:
         67:b2:3e:36:56:5d:44:dd:1f:f3:bd:37:fa:e7:0b:54:63:7d:
         85:4b:8a:c2:06:da:50:3a:c8:86:cc:b4:3a:21:aa:0c:72:c0:
         bb:f2:f6:62:fa:51:7b:31:ae:df:ae:9b:88:d7:30:a7:f2:42:
         5a:11:a0:ab:91:01:97:1e:8f:70:18:99:17:f2:aa:18:56:54:
         10:b1:4a:0b:e7:6f:76:8d:e1:19:a6:28:2d:22:f8:2e:0c:2c:
         45:73:23:3a:53:5c:1c:19:61:3f:22:71:9d:6f:d0:f6:a3:1c:
         08:7e:81:98:7a:0a:2e:80:4b:f2:22:2d:e0:d7:be:7b:7b:a7:
         c6:ab:aa:23:a0:bf:87:73:d1:39:6c:9a:d4:2c:6d:ff:59:fe:
         55:67:9e:ac:c2:b6:df:92:f7:0f:7f:e9:90:11:b4:7b:60:7f:
         ed:9b:4c:fc:e9:5b:3c:f4:59:cf:35:8e:02:e8:39:97:2f:2c:
         10:55:d5:3d:c1:4d:68:71:26:b6:6a:a4:f8:46:10:be:9e:cd:
         53:05:ee:a3:7d:36:47:83:a8:3d:39:e2:08:64:a0:9e:08:89:
         54:ae:ad:f1:d5:42:31:de:c7:bf:e4:db:95:dd:51:50:b0:2f:
         57:f2:35:f3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZYXIhdIicjb5ttNwwatBPhZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFmYThhYzM3Zjk2OTUxNjk2MjdmNzVlMDk4OTYzMzk2ZGU5
NjM4Y2MwHhcNMjUwNDA4MjA0MDMyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYzBkYjdkZGQxYjQzYWM4YWZjMTg5MTAxMzE4OTI0N2RlYmI0NmEwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtLbNIS36/fAmbqIvaxq20Ds+6FTz
OB4iPUhquL+NeC7VTsDV3st+WRzIfeZTixrko0OWTovDaC8IzyUT02u50IyshBCI
wZCoPQVShwEL8Ae6F5+x9wkwgxAbdGmUUg1oaG5LznF++SMl2A3MEKPNI3S9G9WP
F3VWinpL1UdjV8bPGgXYiZ9bL8L/eD/J8TBZ72H47YADZgX50H5R3VfxewQafOm7
uyvyRkIP/ju3FhWRk65jOdHJ+McZhlRIu1RljRDbPgJIXyI2DIaKUBze92H6wpKR
qfLt+nNXMvayA8+/sRh95BVbAFyzx0vmpPramL7Z5KpZdlvfS9LnYDeZYwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPwNt93RtDrIr8GJEBMYkkfeu0agMB8GA1UdIwQY
MBaAFB+orDf5aVFpYn914JiWM5beljjMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSDZpc05fbHBVV2xpZjNYZ21KWXpsdDZXT013LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZi81YmMxY2MtZDAyYy00OGVlLTk5MzUt
MDIzYjZjMDc5M2YxLzEvX0EyMzNkRzBPc2l2d1lrUUV4aVNSOTY3UnFBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZi81YmMxY2MtZDAyYy00OGVlLTk5MzUtMDIzYjZjMDc5M2Yx
LzEvSDZpc05fbHBVV2xpZjNYZ21KWXpsdDZXT013LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCkkIcMA0G
CSqGSIb3DQEBCwUAA4IBAQDRrqrd5XqVPZLDIr3P3DPQjKNnsj42Vl1E3R/zvTf6
5wtUY32FS4rCBtpQOsiGzLQ6IaoMcsC78vZi+lF7Ma7frpuI1zCn8kJaEaCrkQGX
Ho9wGJkX8qoYVlQQsUoL5292jeEZpigtIvguDCxFcyM6U1wcGWE/InGdb9D2oxwI
foGYegougEvyIi3g1757e6fGq6ojoL+Hc9E5bJrULG3/Wf5VZ56swrbfkvcPf+mQ
EbR7YH/tm0z86Vs89FnPNY4C6DmXLywQVdU9wU1ocSa2aqT4RhC+ns1TBe6jfTZH
g6g9OeIIZKCeCIlUrq3x1UIx3se/5NuV3VFQsC9X8jXz
-----END CERTIFICATE-----