Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/da/20da60-c719-4be1-8e4f-e18052f381bb/1/DfIfeCsjxuTLGxOswS1IRTtCtFo.roa
File:                     DfIfeCsjxuTLGxOswS1IRTtCtFo.roa (raw, json)
Hash identifier:          BfLaITLvBopGuXyhXf+VexAjyd8LBGCkT8+9wJK+KLI=
Subject key identifier:   0D:F2:1F:78:2B:23:C6:E4:CB:1B:13:AC:C1:2D:48:45:3B:42:B4:5A
Certificate issuer:       /CN=a369fb191bee51cdc7414a6963197f86bbf313ab
Certificate serial:       0194266C454A217C8978E3C0C35B1404943A
Authority key identifier: A3:69:FB:19:1B:EE:51:CD:C7:41:4A:69:63:19:7F:86:BB:F3:13:AB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/o2n7GRvuUc3HQUppYxl_hrvzE6s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/da/20da60-c719-4be1-8e4f-e18052f381bb/1/DfIfeCsjxuTLGxOswS1IRTtCtFo.roa
Signing time:             Thu 02 Jan 2025 09:50:17 +0000
ROA not before:           Thu 02 Jan 2025 09:50:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     203836
IP address blocks:        185.164.228.0/24 maxlen: 24
                          185.164.229.0/24 maxlen: 24
                          185.164.230.0/24 maxlen: 24
                          185.164.231.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/da/20da60-c719-4be1-8e4f-e18052f381bb/1/o2n7GRvuUc3HQUppYxl_hrvzE6s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/da/20da60-c719-4be1-8e4f-e18052f381bb/1/o2n7GRvuUc3HQUppYxl_hrvzE6s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/o2n7GRvuUc3HQUppYxl_hrvzE6s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 19 Apr 2025 01:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:6c:45:4a:21:7c:89:78:e3:c0:c3:5b:14:04:94:3a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a369fb191bee51cdc7414a6963197f86bbf313ab
        Validity
            Not Before: Jan  2 09:50:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0df21f782b23c6e4cb1b13acc12d48453b42b45a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:9a:b0:04:1a:88:f5:a7:6a:5a:55:05:80:a1:
                    12:7e:6b:f6:3f:83:08:5c:b2:0d:04:dd:92:0a:5a:
                    14:e4:dd:94:35:db:57:f7:0d:90:cc:10:bd:78:8c:
                    0c:24:7f:89:b3:ad:d9:3b:93:2e:6b:5e:02:4a:4c:
                    16:f8:f2:43:d6:ee:f0:6c:e2:ba:9a:cc:1d:6e:97:
                    9f:35:fd:a2:eb:ec:69:c5:1c:9d:6a:01:e3:44:bf:
                    34:e4:c2:f3:c6:3a:4d:8f:16:28:8d:61:15:89:3c:
                    47:fb:63:85:36:99:ef:84:03:c2:db:c2:6f:8c:a4:
                    c3:89:82:43:12:8d:b4:9f:f5:fb:48:e5:71:96:27:
                    01:d6:c8:61:a7:90:a0:8a:a0:9b:81:dc:60:df:36:
                    4d:af:5a:fc:6c:e3:2f:df:ab:32:8c:14:47:d6:e2:
                    64:15:7e:ed:39:d7:b9:18:48:ac:8e:1a:28:57:91:
                    80:9f:59:89:0a:18:5b:78:33:a4:66:c4:8b:ba:bc:
                    66:c5:4e:c5:99:c2:65:94:b0:87:a8:1e:aa:99:4b:
                    b4:a8:19:2d:94:64:9a:82:23:f1:c2:d5:72:0a:9d:
                    9f:bd:34:5e:97:e3:ca:fc:7b:36:84:9a:17:16:aa:
                    5d:da:4c:b1:df:36:e6:a3:f2:2b:1f:96:47:fb:f5:
                    e5:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0D:F2:1F:78:2B:23:C6:E4:CB:1B:13:AC:C1:2D:48:45:3B:42:B4:5A
            X509v3 Authority Key Identifier:
                keyid:A3:69:FB:19:1B:EE:51:CD:C7:41:4A:69:63:19:7F:86:BB:F3:13:AB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/o2n7GRvuUc3HQUppYxl_hrvzE6s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/da/20da60-c719-4be1-8e4f-e18052f381bb/1/DfIfeCsjxuTLGxOswS1IRTtCtFo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/da/20da60-c719-4be1-8e4f-e18052f381bb/1/o2n7GRvuUc3HQUppYxl_hrvzE6s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.164.228.0/22

    Signature Algorithm: sha256WithRSAEncryption
         28:39:04:7a:a4:8d:f9:22:43:d9:1f:2f:fb:c7:9f:ef:60:70:
         55:d1:b5:4c:f3:81:14:3e:9a:86:04:ca:dd:07:bc:54:dd:38:
         7c:b7:60:4c:f6:89:5b:f8:34:d1:a3:db:29:e2:24:7d:80:61:
         0c:17:fc:90:96:50:92:f7:77:9a:46:24:cf:c0:43:b3:b8:f5:
         26:3f:25:20:27:b1:c9:d7:1a:36:58:be:9f:1e:18:db:31:9c:
         a4:f7:6b:c5:ab:e3:90:5f:c9:4c:39:fe:9b:11:ad:83:64:43:
         ce:f1:ad:e4:df:ff:28:e4:ef:02:7c:f6:93:ba:41:30:5b:02:
         9d:16:10:dd:9a:e1:d0:34:15:16:18:61:fa:71:26:d8:f3:9f:
         66:ad:b9:d6:34:10:7a:1c:51:90:25:39:58:b4:0a:6a:b1:8a:
         cc:a2:56:c9:d0:a5:45:84:28:eb:0b:49:9a:69:de:fd:91:66:
         b6:61:5b:4b:0c:bd:0a:1e:0b:06:87:a6:58:e2:c7:49:ff:21:
         1c:77:bc:57:e8:29:af:46:6b:33:b3:53:01:2d:44:16:a0:dc:
         80:e5:35:0b:14:7a:07:8c:08:4a:bc:e0:35:9f:07:f4:1f:57:
         cc:4a:c6:05:1f:ab:90:1e:7d:b6:54:18:45:99:8e:25:3c:63:
         df:d3:b5:29
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQmbEVKIXyJeOPAw1sUBJQ6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEzNjlmYjE5MWJlZTUxY2RjNzQxNGE2OTYzMTk3Zjg2YmJm
MzEzYWIwHhcNMjUwMTAyMDk1MDE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZGYyMWY3ODJiMjNjNmU0Y2IxYjEzYWNjMTJkNDg0NTNiNDJiNDVhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlZqwBBqI9adqWlUFgKESfmv2P4MI
XLINBN2SCloU5N2UNdtX9w2QzBC9eIwMJH+Js63ZO5Mua14CSkwW+PJD1u7wbOK6
mswdbpefNf2i6+xpxRydagHjRL805MLzxjpNjxYojWEViTxH+2OFNpnvhAPC28Jv
jKTDiYJDEo20n/X7SOVxlicB1shhp5CgiqCbgdxg3zZNr1r8bOMv36syjBRH1uJk
FX7tOde5GEisjhooV5GAn1mJChhbeDOkZsSLurxmxU7FmcJllLCHqB6qmUu0qBkt
lGSagiPxwtVyCp2fvTRel+PK/Hs2hJoXFqpd2kyx3zbmo/IrH5ZH+/XlLQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFA3yH3grI8bkyxsTrMEtSEU7QrRaMB8GA1UdIwQY
MBaAFKNp+xkb7lHNx0FKaWMZf4a78xOrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbzJuN0dSdnVVYzNIUVVwcFl4bF9ocnZ6RTZzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYS8yMGRhNjAtYzcxOS00YmUxLThlNGYt
ZTE4MDUyZjM4MWJiLzEvRGZJZmVDc2p4dVRMR3hPc3dTMUlSVHRDdEZvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYS8yMGRhNjAtYzcxOS00YmUxLThlNGYtZTE4MDUyZjM4MWJi
LzEvbzJuN0dSdnVVYzNIUVVwcFl4bF9ocnZ6RTZzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuaTkMA0G
CSqGSIb3DQEBCwUAA4IBAQAoOQR6pI35IkPZHy/7x5/vYHBV0bVM84EUPpqGBMrd
B7xU3Th8t2BM9olb+DTRo9sp4iR9gGEMF/yQllCS93eaRiTPwEOzuPUmPyUgJ7HJ
1xo2WL6fHhjbMZyk92vFq+OQX8lMOf6bEa2DZEPO8a3k3/8o5O8CfPaTukEwWwKd
FhDdmuHQNBUWGGH6cSbY859mrbnWNBB6HFGQJTlYtApqsYrMolbJ0KVFhCjrC0ma
ad79kWa2YVtLDL0KHgsGh6ZY4sdJ/yEcd7xX6CmvRmszs1MBLUQWoNyA5TULFHoH
jAhKvOA1nwf0H1fMSsYFH6uQHn22VBhFmY4lPGPf07Up
-----END CERTIFICATE-----