Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cf/ee29a6-691d-4b0c-ad63-94c8254bd3b7/1/H36xXwuB9FJ3ESjpo_XmH_KZ2R4.roa
File:                     H36xXwuB9FJ3ESjpo_XmH_KZ2R4.roa (raw, json)
Hash identifier:          CUtTMRPtfP9rNsMoQeZ2J44Z+jwTnsWRsKW5k/0LKug=
Subject key identifier:   1F:7E:B1:5F:0B:81:F4:52:77:11:28:E9:A3:F5:E6:1F:F2:99:D9:1E
Certificate issuer:       /CN=4c1b0c40969080957fccee1fb8a3fb4bb38bf5dc
Certificate serial:       01941F8C7F631A4D6962B98EDF12524A0ACA
Authority key identifier: 4C:1B:0C:40:96:90:80:95:7F:CC:EE:1F:B8:A3:FB:4B:B3:8B:F5:DC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TBsMQJaQgJV_zO4fuKP7S7OL9dw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cf/ee29a6-691d-4b0c-ad63-94c8254bd3b7/1/H36xXwuB9FJ3ESjpo_XmH_KZ2R4.roa
Signing time:             Wed 01 Jan 2025 01:48:08 +0000
ROA not before:           Wed 01 Jan 2025 01:48:08 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     19905
IP address blocks:        185.27.116.0/22 maxlen: 22
                          185.27.117.0/24 maxlen: 24
                          2a04:2ec0::/29 maxlen: 29
                          2a04:2ec0::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cf/ee29a6-691d-4b0c-ad63-94c8254bd3b7/1/TBsMQJaQgJV_zO4fuKP7S7OL9dw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cf/ee29a6-691d-4b0c-ad63-94c8254bd3b7/1/TBsMQJaQgJV_zO4fuKP7S7OL9dw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TBsMQJaQgJV_zO4fuKP7S7OL9dw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 13 Apr 2025 07:02:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:8c:7f:63:1a:4d:69:62:b9:8e:df:12:52:4a:0a:ca
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4c1b0c40969080957fccee1fb8a3fb4bb38bf5dc
        Validity
            Not Before: Jan  1 01:48:08 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1f7eb15f0b81f452771128e9a3f5e61ff299d91e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:da:5c:e5:20:d6:2f:d7:8a:c7:88:f5:b8:a2:
                    9b:ca:28:51:8f:72:9c:cf:c0:4f:b0:d4:55:ae:f6:
                    d3:81:52:92:4d:d0:03:aa:25:95:2e:67:96:c3:f4:
                    94:3f:c9:99:55:1e:24:4a:d1:29:83:f7:d1:62:17:
                    13:99:9c:2b:2f:7a:a3:63:e5:58:75:73:e9:2e:2b:
                    d4:e7:de:6b:b1:2e:df:f8:80:e3:a1:0b:c2:ae:92:
                    9c:39:f6:f0:3f:09:d5:41:b8:5d:4f:06:a5:55:13:
                    ef:fc:ea:3e:14:6e:93:bb:29:bb:af:36:fc:1f:d7:
                    7a:3d:fc:d6:21:39:39:da:cf:d3:75:c8:aa:0c:e3:
                    5b:d6:33:07:55:cd:27:3e:ae:fc:a7:ae:d6:4c:b9:
                    81:86:d8:93:05:38:71:a6:77:ab:1a:06:86:d9:d0:
                    81:99:8d:97:17:ba:1e:02:10:e4:46:52:fe:09:46:
                    57:1f:fe:41:b4:b9:1d:2c:0a:a2:0e:66:ea:17:18:
                    f4:5b:ea:55:c2:64:91:98:2b:c0:b2:df:53:4e:7d:
                    5c:33:9d:18:a0:75:ee:3d:8a:fc:a9:5d:13:49:4b:
                    ea:97:d1:44:f5:69:6e:d5:d5:85:94:f6:36:7e:0c:
                    16:81:72:a9:f9:e4:c3:9e:2c:35:0b:aa:06:e5:eb:
                    20:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1F:7E:B1:5F:0B:81:F4:52:77:11:28:E9:A3:F5:E6:1F:F2:99:D9:1E
            X509v3 Authority Key Identifier:
                keyid:4C:1B:0C:40:96:90:80:95:7F:CC:EE:1F:B8:A3:FB:4B:B3:8B:F5:DC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TBsMQJaQgJV_zO4fuKP7S7OL9dw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cf/ee29a6-691d-4b0c-ad63-94c8254bd3b7/1/H36xXwuB9FJ3ESjpo_XmH_KZ2R4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cf/ee29a6-691d-4b0c-ad63-94c8254bd3b7/1/TBsMQJaQgJV_zO4fuKP7S7OL9dw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.27.116.0/22
                IPv6:
                  2a04:2ec0::/29

    Signature Algorithm: sha256WithRSAEncryption
         3c:45:c6:be:51:41:cc:97:4b:7d:72:ad:46:fc:cc:5f:06:6c:
         f6:65:7a:69:a0:8f:18:a8:e0:92:bb:f9:2b:47:83:83:ff:b2:
         b5:fe:b7:7f:64:a4:d0:a4:fb:ef:af:d6:cf:96:46:22:f5:0e:
         32:6c:ce:96:05:11:f3:25:06:ce:01:7c:c5:0a:f7:a7:da:d0:
         cf:e3:d6:92:13:2d:46:76:45:26:d3:df:b4:19:6b:53:80:66:
         5b:7e:a2:34:5b:c3:1c:ae:27:49:f0:c5:ca:1b:25:db:b4:8d:
         4e:04:db:82:0f:24:91:ee:ed:6b:68:a9:55:f6:1b:f6:63:e7:
         f1:43:36:c7:09:bc:a8:90:3f:24:02:0a:7b:63:b4:a4:67:6f:
         ff:91:bc:e0:00:61:1f:34:4d:6a:99:68:43:8d:28:14:95:e4:
         e1:87:09:cf:c5:37:be:7a:d2:2f:2f:06:75:20:60:6c:9e:68:
         95:a0:0c:ac:5e:14:00:60:a4:8c:ef:5a:17:8c:97:88:64:f3:
         31:7f:45:76:22:46:69:21:6a:5e:39:de:2b:41:46:07:fc:22:
         a9:a0:cc:ca:8a:bf:92:1e:6a:df:a1:1d:3d:27:c5:b2:dc:bb:
         0e:69:76:6e:0f:b9:88:c2:ee:44:94:38:7f:55:f0:a7:d7:a4:
         be:ca:04:29
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQfjH9jGk1pYrmO3xJSSgrKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRjMWIwYzQwOTY5MDgwOTU3ZmNjZWUxZmI4YTNmYjRiYjM4
YmY1ZGMwHhcNMjUwMTAxMDE0ODA4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZjdlYjE1ZjBiODFmNDUyNzcxMTI4ZTlhM2Y1ZTYxZmYyOTlkOTFlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA09pc5SDWL9eKx4j1uKKbyihRj3Kc
z8BPsNRVrvbTgVKSTdADqiWVLmeWw/SUP8mZVR4kStEpg/fRYhcTmZwrL3qjY+VY
dXPpLivU595rsS7f+IDjoQvCrpKcOfbwPwnVQbhdTwalVRPv/Oo+FG6Tuym7rzb8
H9d6PfzWITk52s/TdciqDONb1jMHVc0nPq78p67WTLmBhtiTBThxpnerGgaG2dCB
mY2XF7oeAhDkRlL+CUZXH/5BtLkdLAqiDmbqFxj0W+pVwmSRmCvAst9TTn1cM50Y
oHXuPYr8qV0TSUvql9FE9Wlu1dWFlPY2fgwWgXKp+eTDniw1C6oG5esg5QIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFB9+sV8LgfRSdxEo6aP15h/ymdkeMB8GA1UdIwQY
MBaAFEwbDECWkICVf8zuH7ij+0uzi/XcMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVEJzTVFKYVFnSlZfek80ZnVLUDdTN09MOWR3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZi9lZTI5YTYtNjkxZC00YjBjLWFkNjMt
OTRjODI1NGJkM2I3LzEvSDM2eFh3dUI5RkozRVNqcG9fWG1IX0taMlI0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZi9lZTI5YTYtNjkxZC00YjBjLWFkNjMtOTRjODI1NGJkM2I3
LzEvVEJzTVFKYVFnSlZfek80ZnVLUDdTN09MOWR3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuRt0MA0E
AgACMAcDBQMqBC7AMA0GCSqGSIb3DQEBCwUAA4IBAQA8Rca+UUHMl0t9cq1G/Mxf
Bmz2ZXppoI8YqOCSu/krR4OD/7K1/rd/ZKTQpPvvr9bPlkYi9Q4ybM6WBRHzJQbO
AXzFCven2tDP49aSEy1GdkUm09+0GWtTgGZbfqI0W8McridJ8MXKGyXbtI1OBNuC
DySR7u1raKlV9hv2Y+fxQzbHCbyokD8kAgp7Y7SkZ2//kbzgAGEfNE1qmWhDjSgU
leThhwnPxTe+etIvLwZ1IGBsnmiVoAysXhQAYKSM71oXjJeIZPMxf0V2IkZpIWpe
Od4rQUYH/CKpoMzKir+SHmrfoR09J8Wy3LsOaXZuD7mIwu5ElDh/VfCn16S+ygQp
-----END CERTIFICATE-----