Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cf/da358c-2e47-44ec-b0c5-2ad968b362de/1/Q8bZioVPDoZ4xd-x42q6Z5HkkPQ.roa
File:                     Q8bZioVPDoZ4xd-x42q6Z5HkkPQ.roa (raw, json)
Hash identifier:          uBME2SsaTDhptgYkDGLlHO5wga4qvwY0K6f/+pZrE38=
Subject key identifier:   43:C6:D9:8A:85:4F:0E:86:78:C5:DF:B1:E3:6A:BA:67:91:E4:90:F4
Certificate issuer:       /CN=9f04b3cf24cf4b81b2221146a00f2277bc348780
Certificate serial:       0197410024A769D9F1E5DF7727E572E00B50
Authority key identifier: 9F:04:B3:CF:24:CF:4B:81:B2:22:11:46:A0:0F:22:77:BC:34:87:80
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nwSzzyTPS4GyIhFGoA8id7w0h4A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cf/da358c-2e47-44ec-b0c5-2ad968b362de/1/Q8bZioVPDoZ4xd-x42q6Z5HkkPQ.roa
Signing time:             Thu 05 Jun 2025 16:50:17 +0000
ROA not before:           Thu 05 Jun 2025 16:50:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     44489
IP address blocks:        185.175.220.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cf/da358c-2e47-44ec-b0c5-2ad968b362de/1/nwSzzyTPS4GyIhFGoA8id7w0h4A.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cf/da358c-2e47-44ec-b0c5-2ad968b362de/1/nwSzzyTPS4GyIhFGoA8id7w0h4A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nwSzzyTPS4GyIhFGoA8id7w0h4A.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 09 Jun 2025 21:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:41:00:24:a7:69:d9:f1:e5:df:77:27:e5:72:e0:0b:50
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9f04b3cf24cf4b81b2221146a00f2277bc348780
        Validity
            Not Before: Jun  5 16:50:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=43c6d98a854f0e8678c5dfb1e36aba6791e490f4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:42:2c:18:2e:6b:ca:11:51:39:21:dd:8a:b6:
                    29:01:d9:11:3a:d7:de:cf:3b:49:a3:84:56:1e:e5:
                    68:ba:9d:49:e4:e5:ef:cc:d9:97:84:4b:8e:f8:09:
                    cb:47:28:bc:3b:60:18:1f:78:d6:1a:bf:ae:1e:57:
                    0d:61:f9:13:89:b5:8f:c9:c2:04:1c:51:45:24:a5:
                    8d:78:19:54:e1:55:01:83:8d:e0:e8:68:98:60:ff:
                    14:65:6d:e1:51:99:77:b7:03:08:ec:28:24:c3:b6:
                    8d:3d:d2:d9:3c:68:59:86:4f:43:88:e9:ae:dd:61:
                    30:b8:e6:56:a7:f3:c1:f7:fe:ef:a4:b7:97:5e:c3:
                    97:3d:79:c7:9b:d1:4c:71:81:73:90:ea:7b:f1:d1:
                    fd:e5:41:ed:c3:8e:6a:df:08:72:26:04:a8:10:5d:
                    c9:99:c7:6c:7b:06:93:80:89:59:8a:7a:64:e9:ff:
                    dd:87:64:d7:a1:a6:81:bc:70:97:87:f0:62:44:ab:
                    87:db:76:57:d1:02:24:3f:6c:b6:8e:27:41:c1:88:
                    99:9a:0d:37:db:71:66:62:2f:5c:35:1b:76:18:1b:
                    0c:db:ba:c8:98:b2:ee:e4:ff:1f:0b:9f:f7:81:ae:
                    e1:7a:d3:96:e8:16:6e:cc:21:af:1f:b5:9d:1e:44:
                    93:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                43:C6:D9:8A:85:4F:0E:86:78:C5:DF:B1:E3:6A:BA:67:91:E4:90:F4
            X509v3 Authority Key Identifier:
                keyid:9F:04:B3:CF:24:CF:4B:81:B2:22:11:46:A0:0F:22:77:BC:34:87:80

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nwSzzyTPS4GyIhFGoA8id7w0h4A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cf/da358c-2e47-44ec-b0c5-2ad968b362de/1/Q8bZioVPDoZ4xd-x42q6Z5HkkPQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cf/da358c-2e47-44ec-b0c5-2ad968b362de/1/nwSzzyTPS4GyIhFGoA8id7w0h4A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.175.220.0/22

    Signature Algorithm: sha256WithRSAEncryption
         1c:3c:09:10:00:94:33:a7:41:fe:99:a2:96:be:99:7e:5a:89:
         43:37:d4:ff:2e:10:8a:ee:49:e9:29:7e:12:5d:e7:58:8c:32:
         61:3d:72:59:40:ca:af:69:88:ad:a3:d3:be:78:71:3c:ad:4b:
         68:22:b4:dd:e3:74:b1:d4:c7:7c:b8:48:4a:7b:e9:c6:27:8a:
         9a:e6:2f:21:eb:c2:fa:9b:91:81:fd:05:3a:a4:30:b3:7e:3c:
         15:8c:d3:98:2d:d5:53:de:6d:1c:ce:93:2d:a7:b5:00:95:7c:
         37:9d:1f:04:90:24:f7:6b:28:42:a7:49:ce:b7:7f:a3:a0:80:
         fd:10:82:11:89:a3:79:20:42:62:0d:a1:db:8c:61:83:61:69:
         9d:27:8a:5a:80:be:97:0a:6b:b0:18:8c:61:1f:45:f0:14:7d:
         f3:c4:ff:1d:7c:5d:93:ce:60:6d:5a:ec:af:5e:c9:6f:62:e8:
         68:3b:5c:c8:21:2d:39:b5:99:7c:ee:a8:ac:49:ac:4c:af:6c:
         ee:01:51:49:b6:da:c1:0f:f7:0c:23:19:c0:9d:08:97:3b:c8:
         61:fa:54:01:73:01:85:89:71:3d:41:cf:12:ab:30:d4:fa:31:
         d2:d9:0b:59:b3:ea:a5:a3:e7:8e:f4:16:45:89:9a:bf:18:93:
         87:4b:6c:22
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZdBACSnadnx5d93J+Vy4AtQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlmMDRiM2NmMjRjZjRiODFiMjIyMTE0NmEwMGYyMjc3YmMz
NDg3ODAwHhcNMjUwNjA1MTY1MDE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0M2M2ZDk4YTg1NGYwZTg2NzhjNWRmYjFlMzZhYmE2NzkxZTQ5MGY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs0IsGC5ryhFROSHdirYpAdkROtfe
zztJo4RWHuVoup1J5OXvzNmXhEuO+AnLRyi8O2AYH3jWGr+uHlcNYfkTibWPycIE
HFFFJKWNeBlU4VUBg43g6GiYYP8UZW3hUZl3twMI7Cgkw7aNPdLZPGhZhk9DiOmu
3WEwuOZWp/PB9/7vpLeXXsOXPXnHm9FMcYFzkOp78dH95UHtw45q3whyJgSoEF3J
mcdsewaTgIlZinpk6f/dh2TXoaaBvHCXh/BiRKuH23ZX0QIkP2y2jidBwYiZmg03
23FmYi9cNRt2GBsM27rImLLu5P8fC5/3ga7hetOW6BZuzCGvH7WdHkST5wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEPG2YqFTw6GeMXfseNqumeR5JD0MB8GA1UdIwQY
MBaAFJ8Es88kz0uBsiIRRqAPIne8NIeAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbndTenp5VFBTNEd5SWhGR29BOGlkN3cwaDRBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZi9kYTM1OGMtMmU0Ny00NGVjLWIwYzUt
MmFkOTY4YjM2MmRlLzEvUThiWmlvVlBEb1o0eGQteDQycTZaNUhra1BRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZi9kYTM1OGMtMmU0Ny00NGVjLWIwYzUtMmFkOTY4YjM2MmRl
LzEvbndTenp5VFBTNEd5SWhGR29BOGlkN3cwaDRBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCua/cMA0G
CSqGSIb3DQEBCwUAA4IBAQAcPAkQAJQzp0H+maKWvpl+WolDN9T/LhCK7knpKX4S
XedYjDJhPXJZQMqvaYito9O+eHE8rUtoIrTd43Sx1Md8uEhKe+nGJ4qa5i8h68L6
m5GB/QU6pDCzfjwVjNOYLdVT3m0czpMtp7UAlXw3nR8EkCT3ayhCp0nOt3+joID9
EIIRiaN5IEJiDaHbjGGDYWmdJ4pagL6XCmuwGIxhH0XwFH3zxP8dfF2TzmBtWuyv
XslvYuhoO1zIIS05tZl87qisSaxMr2zuAVFJttrBD/cMIxnAnQiXO8hh+lQBcwGF
iXE9Qc8SqzDU+jHS2QtZs+qlo+eO9BZFiZq/GJOHS2wi
-----END CERTIFICATE-----