Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/db/46922f-5cb6-4d98-b4fc-93bd5e408f91/1/JsF7FSwQaPNv5Ht3PNC4VICZzd4.roa
File:                     JsF7FSwQaPNv5Ht3PNC4VICZzd4.roa (raw, json)
Hash identifier:          fSvD3kvN3V7LC//WVhYwoHgh3jtQgyM95Ezj/Ar5cRU=
Subject key identifier:   26:C1:7B:15:2C:10:68:F3:6F:E4:7B:77:3C:D0:B8:54:80:99:CD:DE
Certificate issuer:       /CN=bbc55fb24ad556e04202651f6d5a8b27d5bedf97
Certificate serial:       019426D9D906DE900C69AF451EB9B7724C80
Authority key identifier: BB:C5:5F:B2:4A:D5:56:E0:42:02:65:1F:6D:5A:8B:27:D5:BE:DF:97
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/u8VfskrVVuBCAmUfbVqLJ9W-35c.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/db/46922f-5cb6-4d98-b4fc-93bd5e408f91/1/JsF7FSwQaPNv5Ht3PNC4VICZzd4.roa
Signing time:             Thu 02 Jan 2025 11:49:58 +0000
ROA not before:           Thu 02 Jan 2025 11:49:58 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     29014
IP address blocks:        185.168.228.0/22 maxlen: 24
                          2a0b:f080::/32 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/db/46922f-5cb6-4d98-b4fc-93bd5e408f91/1/u8VfskrVVuBCAmUfbVqLJ9W-35c.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/db/46922f-5cb6-4d98-b4fc-93bd5e408f91/1/u8VfskrVVuBCAmUfbVqLJ9W-35c.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/u8VfskrVVuBCAmUfbVqLJ9W-35c.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 02:01:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:d9:d9:06:de:90:0c:69:af:45:1e:b9:b7:72:4c:80
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bbc55fb24ad556e04202651f6d5a8b27d5bedf97
        Validity
            Not Before: Jan  2 11:49:58 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=26c17b152c1068f36fe47b773cd0b8548099cdde
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:a7:6c:62:e4:96:d4:e2:a5:37:9b:1f:48:df:
                    e1:8f:1f:11:40:c2:f8:1d:f8:f6:ab:82:97:98:f5:
                    ce:a2:e2:06:4e:24:3b:f8:e5:b8:97:aa:7d:68:17:
                    f3:83:89:a2:fc:81:fe:3f:34:a1:fa:dc:1d:e7:7c:
                    7a:b5:33:c0:3f:9b:d1:28:88:6b:59:b6:21:ec:64:
                    93:95:1d:e5:5a:40:7b:c2:80:78:b0:13:bb:72:b4:
                    0e:8f:d0:e5:a2:16:83:74:18:a3:ec:f5:2c:21:24:
                    c5:cf:7c:4a:a5:2d:d3:30:b4:ba:33:96:45:a2:fd:
                    bc:b0:28:6a:a9:fb:65:73:b3:a8:cb:d7:b0:af:2f:
                    70:5a:eb:93:02:fd:d9:97:f9:ae:b7:7a:32:18:3a:
                    63:ab:b8:78:d4:5f:30:59:60:4f:a5:81:5c:b8:2d:
                    45:5d:75:3a:d6:fa:9e:b9:ad:75:ff:8e:bf:7c:f6:
                    29:3d:f2:46:96:62:3e:33:3b:2f:15:dd:7b:8d:5b:
                    fb:04:5a:4b:23:19:33:ca:8d:70:95:3f:38:3c:d7:
                    d6:15:c5:11:ee:5a:34:d5:5b:57:57:7b:60:d4:67:
                    e4:3b:73:0d:3a:05:b3:00:d6:4e:b1:af:41:55:17:
                    3c:51:e2:28:19:84:70:c4:fe:aa:29:ca:74:09:d6:
                    af:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                26:C1:7B:15:2C:10:68:F3:6F:E4:7B:77:3C:D0:B8:54:80:99:CD:DE
            X509v3 Authority Key Identifier:
                keyid:BB:C5:5F:B2:4A:D5:56:E0:42:02:65:1F:6D:5A:8B:27:D5:BE:DF:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/u8VfskrVVuBCAmUfbVqLJ9W-35c.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/db/46922f-5cb6-4d98-b4fc-93bd5e408f91/1/JsF7FSwQaPNv5Ht3PNC4VICZzd4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/db/46922f-5cb6-4d98-b4fc-93bd5e408f91/1/u8VfskrVVuBCAmUfbVqLJ9W-35c.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.168.228.0/22
                IPv6:
                  2a0b:f080::/32

    Signature Algorithm: sha256WithRSAEncryption
         3d:91:96:25:c0:18:98:a4:2d:d3:2a:61:d8:38:bb:59:73:7a:
         01:be:87:0b:6e:dc:99:ce:d0:7b:bc:b9:43:de:9c:ae:6e:64:
         9f:68:b2:1a:66:0c:4b:6d:47:34:82:b7:7f:a2:34:4b:92:0b:
         5e:ef:f3:aa:03:a9:2f:d2:58:6c:67:23:8f:31:0c:15:a9:38:
         88:37:7c:64:c2:89:8c:0c:f1:0a:01:91:87:8d:76:be:ee:5c:
         fb:97:1e:0f:b1:b3:cc:d4:ed:c2:63:2d:86:d4:af:2b:c7:dc:
         af:f0:aa:2a:ed:a6:33:10:32:ce:8c:3f:0f:bf:d9:b2:de:00:
         b4:ad:6f:0e:a0:30:96:d5:97:f5:cf:16:84:30:f6:b3:b0:52:
         c4:3a:0f:f0:91:12:8b:63:05:a6:aa:3f:0c:57:ad:a5:46:57:
         85:4e:af:15:bf:85:c7:a6:e0:51:0b:ed:af:84:7c:5d:81:8e:
         02:6d:d9:0e:79:8a:92:97:52:e0:3a:16:bd:2b:5f:a7:c1:02:
         0e:4b:f0:28:57:a7:ee:e7:a4:1c:a0:c7:57:b4:0b:13:76:8f:
         a1:44:4f:49:1e:97:2c:0a:68:88:bb:8b:79:cf:b4:71:7c:48:
         2d:04:4a:fa:c4:8a:23:16:00:45:a7:33:56:ee:a1:69:41:11:
         95:71:fc:0b
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQm2dkG3pAMaa9FHrm3ckyAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJiYzU1ZmIyNGFkNTU2ZTA0MjAyNjUxZjZkNWE4YjI3ZDVi
ZWRmOTcwHhcNMjUwMTAyMTE0OTU4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNmMxN2IxNTJjMTA2OGYzNmZlNDdiNzczY2QwYjg1NDgwOTljZGRlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1adsYuSW1OKlN5sfSN/hjx8RQML4
Hfj2q4KXmPXOouIGTiQ7+OW4l6p9aBfzg4mi/IH+PzSh+twd53x6tTPAP5vRKIhr
WbYh7GSTlR3lWkB7woB4sBO7crQOj9DlohaDdBij7PUsISTFz3xKpS3TMLS6M5ZF
ov28sChqqftlc7Ooy9ewry9wWuuTAv3Zl/mut3oyGDpjq7h41F8wWWBPpYFcuC1F
XXU61vqeua11/46/fPYpPfJGlmI+MzsvFd17jVv7BFpLIxkzyo1wlT84PNfWFcUR
7lo01VtXV3tg1GfkO3MNOgWzANZOsa9BVRc8UeIoGYRwxP6qKcp0CdavgwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFCbBexUsEGjzb+R7dzzQuFSAmc3eMB8GA1UdIwQY
MBaAFLvFX7JK1VbgQgJlH21aiyfVvt+XMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdThWZnNrclZWdUJDQW1VZmJWcUxKOVctMzVjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYi80NjkyMmYtNWNiNi00ZDk4LWI0ZmMt
OTNiZDVlNDA4ZjkxLzEvSnNGN0ZTd1FhUE52NUh0M1BOQzRWSUNaemQ0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYi80NjkyMmYtNWNiNi00ZDk4LWI0ZmMtOTNiZDVlNDA4Zjkx
LzEvdThWZnNrclZWdUJDQW1VZmJWcUxKOVctMzVjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuajkMA0E
AgACMAcDBQAqC/CAMA0GCSqGSIb3DQEBCwUAA4IBAQA9kZYlwBiYpC3TKmHYOLtZ
c3oBvocLbtyZztB7vLlD3pyubmSfaLIaZgxLbUc0grd/ojRLkgte7/OqA6kv0lhs
ZyOPMQwVqTiIN3xkwomMDPEKAZGHjXa+7lz7lx4PsbPM1O3CYy2G1K8rx9yv8Koq
7aYzEDLOjD8Pv9my3gC0rW8OoDCW1Zf1zxaEMPazsFLEOg/wkRKLYwWmqj8MV62l
RleFTq8Vv4XHpuBRC+2vhHxdgY4CbdkOeYqSl1LgOha9K1+nwQIOS/AoV6fu56Qc
oMdXtAsTdo+hRE9JHpcsCmiIu4t5z7RxfEgtBEr6xIojFgBFpzNW7qFpQRGVcfwL
-----END CERTIFICATE-----