Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/3b023e-a397-46bb-9465-bf3f62b95f10/1/_U1q7kl-Gvc0JP4VZVgWjqcMCOs.roa
File:                     _U1q7kl-Gvc0JP4VZVgWjqcMCOs.roa (raw, json)
Hash identifier:          3X8IGbj3QMA8V3ptFiyp/tKTSPuKRQ3qYJfTsAQKmxs=
Subject key identifier:   FD:4D:6A:EE:49:7E:1A:F7:34:24:FE:15:65:58:16:8E:A7:0C:08:EB
Certificate issuer:       /CN=504523f8811ebe5aa3598511a48f3baf0001a8e8
Certificate serial:       01942369AEC5AC50D36398EAC26337D903CB
Authority key identifier: 50:45:23:F8:81:1E:BE:5A:A3:59:85:11:A4:8F:3B:AF:00:01:A8:E8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/UEUj-IEevlqjWYURpI87rwABqOg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/3b023e-a397-46bb-9465-bf3f62b95f10/1/_U1q7kl-Gvc0JP4VZVgWjqcMCOs.roa
Signing time:             Wed 01 Jan 2025 19:48:36 +0000
ROA not before:           Wed 01 Jan 2025 19:48:36 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     204806
IP address blocks:        185.239.92.0/22 maxlen: 24
                          185.239.92.0/24 maxlen: 24
                          185.239.93.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/3b023e-a397-46bb-9465-bf3f62b95f10/1/UEUj-IEevlqjWYURpI87rwABqOg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/3b023e-a397-46bb-9465-bf3f62b95f10/1/UEUj-IEevlqjWYURpI87rwABqOg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/UEUj-IEevlqjWYURpI87rwABqOg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 14 Apr 2025 08:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:69:ae:c5:ac:50:d3:63:98:ea:c2:63:37:d9:03:cb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=504523f8811ebe5aa3598511a48f3baf0001a8e8
        Validity
            Not Before: Jan  1 19:48:36 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=fd4d6aee497e1af73424fe156558168ea70c08eb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:23:d5:66:cc:8a:b2:32:ff:18:ac:b9:5d:db:
                    ed:67:86:a3:74:10:2a:2d:c4:43:46:6b:cf:54:3d:
                    d9:73:ab:38:ec:7d:a6:80:fb:8c:af:a8:53:0f:0a:
                    cb:8e:ff:69:82:23:b9:e8:eb:a9:f4:e5:46:cd:89:
                    15:81:de:dd:af:1f:a3:d1:87:4a:1a:b7:52:16:64:
                    92:3b:51:f7:9c:48:61:f7:fd:5f:9f:4f:39:51:a8:
                    24:4d:71:bb:1b:33:26:bb:b5:7e:1b:10:06:a6:1d:
                    85:eb:93:a9:4e:3b:a6:fd:44:4b:81:42:eb:38:6c:
                    ab:73:c2:1f:b5:e1:9b:02:4f:59:24:1f:73:92:8c:
                    55:b8:a5:f8:59:d3:2e:cd:d9:88:43:93:86:f7:be:
                    c0:ea:76:96:5c:b8:1f:da:3f:f2:6e:4b:a1:49:6f:
                    4a:90:8b:cf:aa:f2:81:de:6b:a8:db:ae:1f:21:17:
                    90:41:ce:1b:97:be:85:8f:cf:29:19:8d:18:c5:b9:
                    e9:76:95:0a:55:4f:cf:07:1d:fc:6c:5f:03:58:1b:
                    61:f2:a1:d9:e5:09:d8:fa:33:40:e5:7f:b8:0b:28:
                    a3:4f:df:0f:b5:46:07:03:12:e0:0e:c8:29:a7:88:
                    7c:d3:36:d4:09:6c:97:c8:93:af:74:e2:f4:ad:b3:
                    e8:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FD:4D:6A:EE:49:7E:1A:F7:34:24:FE:15:65:58:16:8E:A7:0C:08:EB
            X509v3 Authority Key Identifier:
                keyid:50:45:23:F8:81:1E:BE:5A:A3:59:85:11:A4:8F:3B:AF:00:01:A8:E8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UEUj-IEevlqjWYURpI87rwABqOg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/3b023e-a397-46bb-9465-bf3f62b95f10/1/_U1q7kl-Gvc0JP4VZVgWjqcMCOs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/3b023e-a397-46bb-9465-bf3f62b95f10/1/UEUj-IEevlqjWYURpI87rwABqOg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.239.92.0/22

    Signature Algorithm: sha256WithRSAEncryption
         a8:9b:dd:20:8b:42:be:f0:57:f7:d3:fa:19:d9:d1:13:48:91:
         59:6f:b3:28:af:7d:98:d9:3d:ef:e9:4f:07:b2:b9:26:d4:ad:
         5e:4f:41:ee:15:b4:97:57:f6:bf:44:b6:7e:bd:97:1d:f0:40:
         da:0d:09:fc:57:c3:8a:29:74:28:fa:14:94:76:a4:07:9f:a0:
         18:f8:42:24:0e:05:27:4a:d4:74:05:99:81:f0:c3:ca:49:cf:
         e2:54:30:d1:56:58:de:7b:0b:78:a8:81:df:03:4f:f3:bf:9e:
         ec:1b:e9:52:9e:39:2c:fd:46:2b:fe:4e:8c:43:7c:82:90:97:
         01:69:ff:30:74:32:ed:ab:e4:5e:5a:e8:c0:7a:04:99:e3:85:
         34:c2:9c:c2:dd:a7:4e:2d:d7:e7:c1:60:12:ab:5b:56:b7:cb:
         a9:4b:fe:8d:77:17:2b:69:93:d4:b8:dc:95:10:af:d0:4b:aa:
         df:ad:b0:f6:9b:81:cc:ad:f8:5d:c9:7c:9d:61:6e:ca:02:50:
         4b:6a:cf:9e:e2:7b:a1:df:4f:ae:f1:b7:7d:ab:c7:75:37:1b:
         96:5f:74:3b:e9:4b:03:5d:55:87:dc:99:7a:18:06:0d:f3:bc:
         53:50:24:2c:a2:7d:bc:08:c3:83:68:a8:44:df:e7:54:cd:30:
         0a:8d:71:74
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQjaa7FrFDTY5jqwmM32QPLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUwNDUyM2Y4ODExZWJlNWFhMzU5ODUxMWE0OGYzYmFmMDAw
MWE4ZTgwHhcNMjUwMTAxMTk0ODM2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZDRkNmFlZTQ5N2UxYWY3MzQyNGZlMTU2NTU4MTY4ZWE3MGMwOGViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtCPVZsyKsjL/GKy5XdvtZ4ajdBAq
LcRDRmvPVD3Zc6s47H2mgPuMr6hTDwrLjv9pgiO56Oup9OVGzYkVgd7drx+j0YdK
GrdSFmSSO1H3nEhh9/1fn085UagkTXG7GzMmu7V+GxAGph2F65OpTjum/URLgULr
OGyrc8IfteGbAk9ZJB9zkoxVuKX4WdMuzdmIQ5OG977A6naWXLgf2j/ybkuhSW9K
kIvPqvKB3muo264fIReQQc4bl76Fj88pGY0YxbnpdpUKVU/PBx38bF8DWBth8qHZ
5QnY+jNA5X+4CyijT98PtUYHAxLgDsgpp4h80zbUCWyXyJOvdOL0rbPoWwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFP1Nau5Jfhr3NCT+FWVYFo6nDAjrMB8GA1UdIwQY
MBaAFFBFI/iBHr5ao1mFEaSPO68AAajoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVUVVai1JRWV2bHFqV1lVUnBJODdyd0FCcU9nLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC8zYjAyM2UtYTM5Ny00NmJiLTk0NjUt
YmYzZjYyYjk1ZjEwLzEvX1UxcTdrbC1HdmMwSlA0VlpWZ1dqcWNNQ09zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC8zYjAyM2UtYTM5Ny00NmJiLTk0NjUtYmYzZjYyYjk1ZjEw
LzEvVUVVai1JRWV2bHFqV1lVUnBJODdyd0FCcU9nLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCue9cMA0G
CSqGSIb3DQEBCwUAA4IBAQCom90gi0K+8Ff30/oZ2dETSJFZb7Mor32Y2T3v6U8H
srkm1K1eT0HuFbSXV/a/RLZ+vZcd8EDaDQn8V8OKKXQo+hSUdqQHn6AY+EIkDgUn
StR0BZmB8MPKSc/iVDDRVljeewt4qIHfA0/zv57sG+lSnjks/UYr/k6MQ3yCkJcB
af8wdDLtq+ReWujAegSZ44U0wpzC3adOLdfnwWASq1tWt8upS/6NdxcraZPUuNyV
EK/QS6rfrbD2m4HMrfhdyXydYW7KAlBLas+e4nuh30+u8bd9q8d1NxuWX3Q76UsD
XVWH3Jl6GAYN87xTUCQson28CMODaKhE3+dUzTAKjXF0
-----END CERTIFICATE-----