Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/df/26d193-40c2-417b-bd52-5c10bdb866e0/1/vGKjbeI63RzXbx2moMgZ88gkL0o.roa
File:                     vGKjbeI63RzXbx2moMgZ88gkL0o.roa (raw, json)
Hash identifier:          78K41RNch9PgQsEO5vrAtY0Bw9PWHwlD6lBB0OVTon8=
Subject key identifier:   BC:62:A3:6D:E2:3A:DD:1C:D7:6F:1D:A6:A0:C8:19:F3:C8:24:2F:4A
Certificate issuer:       /CN=d3abf8f4cdf8963a182da0cdf908c38447fa7a09
Certificate serial:       019422FB080E729C4107E24186202F070E73
Authority key identifier: D3:AB:F8:F4:CD:F8:96:3A:18:2D:A0:CD:F9:08:C3:84:47:FA:7A:09
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/06v49M34ljoYLaDN-QjDhEf6egk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/df/26d193-40c2-417b-bd52-5c10bdb866e0/1/vGKjbeI63RzXbx2moMgZ88gkL0o.roa
Signing time:             Wed 01 Jan 2025 17:47:44 +0000
ROA not before:           Wed 01 Jan 2025 17:47:44 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     50673
IP address blocks:        185.146.216.0/22 maxlen: 22
                          2a07:52c0::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/df/26d193-40c2-417b-bd52-5c10bdb866e0/1/06v49M34ljoYLaDN-QjDhEf6egk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/df/26d193-40c2-417b-bd52-5c10bdb866e0/1/06v49M34ljoYLaDN-QjDhEf6egk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/06v49M34ljoYLaDN-QjDhEf6egk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 10:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:fb:08:0e:72:9c:41:07:e2:41:86:20:2f:07:0e:73
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d3abf8f4cdf8963a182da0cdf908c38447fa7a09
        Validity
            Not Before: Jan  1 17:47:44 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=bc62a36de23add1cd76f1da6a0c819f3c8242f4a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f5:b9:b0:ec:dd:32:05:9f:cf:fb:6f:d2:f0:c0:
                    fe:cb:b4:13:5d:c5:0c:e5:de:ba:4e:49:c6:19:9b:
                    9a:f7:8d:7e:66:2c:fe:be:35:b8:09:c5:de:38:ea:
                    ad:af:01:11:94:63:0f:67:53:a3:53:6f:ba:1b:dd:
                    99:cb:92:9b:c4:82:15:6c:78:4e:2a:f2:58:07:ff:
                    47:c8:ee:c3:85:96:56:78:7f:9e:61:59:e8:fb:27:
                    c3:53:5a:1b:8b:a8:b8:0b:0d:b9:17:d4:9d:06:98:
                    56:99:bc:b6:8e:22:0b:29:c2:f9:74:95:83:21:1e:
                    4e:f3:ef:93:d0:f9:ec:72:e4:ab:0d:e7:96:64:00:
                    3a:5e:2a:63:7a:ea:3e:1e:0f:09:ba:2d:ef:5a:2f:
                    20:ce:dd:b8:53:6f:0d:ba:fe:54:3b:4e:5a:fc:6c:
                    b4:a6:80:4b:69:f2:9f:26:19:82:59:7a:24:d3:5b:
                    44:e4:0a:0e:3b:7d:41:bc:2d:b4:87:82:75:b4:76:
                    37:36:9e:7b:2d:3e:0b:42:f7:cd:7e:62:22:e3:68:
                    8e:20:70:7d:64:68:b0:27:77:d8:82:8a:9c:5c:30:
                    2b:bc:c7:95:af:2b:b3:97:bc:29:5c:2d:3c:09:79:
                    28:0d:55:fd:3b:69:4f:54:05:41:c8:18:eb:b8:00:
                    70:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BC:62:A3:6D:E2:3A:DD:1C:D7:6F:1D:A6:A0:C8:19:F3:C8:24:2F:4A
            X509v3 Authority Key Identifier:
                keyid:D3:AB:F8:F4:CD:F8:96:3A:18:2D:A0:CD:F9:08:C3:84:47:FA:7A:09

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/06v49M34ljoYLaDN-QjDhEf6egk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/df/26d193-40c2-417b-bd52-5c10bdb866e0/1/vGKjbeI63RzXbx2moMgZ88gkL0o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/df/26d193-40c2-417b-bd52-5c10bdb866e0/1/06v49M34ljoYLaDN-QjDhEf6egk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.146.216.0/22
                IPv6:
                  2a07:52c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         19:57:83:db:23:4b:75:0a:c9:a8:5e:8c:75:b4:68:bd:c8:61:
         67:90:b6:2a:ca:d0:44:26:f6:7e:04:09:03:b9:bd:ce:3c:7f:
         60:46:00:8c:df:2c:d6:6e:87:7d:4e:8e:a7:65:a9:e3:bc:e4:
         19:ad:b4:e5:54:3c:3e:52:6a:40:50:3e:de:39:4e:39:eb:ec:
         1d:be:4e:f5:9a:de:f1:4e:a9:67:a9:bb:a0:45:15:eb:1e:d4:
         71:38:23:f7:39:69:ae:7a:a2:f8:01:80:a9:e2:75:33:ff:00:
         c5:66:0a:f3:fc:bc:b4:da:61:48:a3:3a:b5:2d:75:0e:87:14:
         13:6a:45:16:ab:e2:6c:5b:d0:f8:3c:ac:31:9d:65:a5:47:73:
         52:93:8c:44:19:b0:b8:36:34:f3:e2:75:5f:65:21:de:42:69:
         9e:a5:6e:ff:00:50:d5:6c:ba:cb:43:06:74:67:6d:56:6c:5c:
         d7:1b:33:d4:e8:61:33:c9:f7:b1:70:13:c5:0f:ea:d4:98:11:
         0e:ec:01:85:cf:d1:8a:0e:44:56:93:80:cc:19:83:28:b6:63:
         09:b4:ae:91:1b:7d:ac:d2:e6:f7:f3:35:c1:3a:64:cc:09:43:
         02:7c:89:87:1f:99:76:86:f8:49:ae:d4:eb:4f:ee:13:94:18:
         38:bd:d0:f9
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQi+wgOcpxBB+JBhiAvBw5zMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQzYWJmOGY0Y2RmODk2M2ExODJkYTBjZGY5MDhjMzg0NDdm
YTdhMDkwHhcNMjUwMTAxMTc0NzQ0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYzYyYTM2ZGUyM2FkZDFjZDc2ZjFkYTZhMGM4MTlmM2M4MjQyZjRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA9bmw7N0yBZ/P+2/S8MD+y7QTXcUM
5d66TknGGZua941+Ziz+vjW4CcXeOOqtrwERlGMPZ1OjU2+6G92Zy5KbxIIVbHhO
KvJYB/9HyO7DhZZWeH+eYVno+yfDU1obi6i4Cw25F9SdBphWmby2jiILKcL5dJWD
IR5O8++T0PnscuSrDeeWZAA6Xipjeuo+Hg8Jui3vWi8gzt24U28Nuv5UO05a/Gy0
poBLafKfJhmCWXok01tE5AoOO31BvC20h4J1tHY3Np57LT4LQvfNfmIi42iOIHB9
ZGiwJ3fYgoqcXDArvMeVryuzl7wpXC08CXkoDVX9O2lPVAVByBjruABwTwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFLxio23iOt0c128dpqDIGfPIJC9KMB8GA1UdIwQY
MBaAFNOr+PTN+JY6GC2gzfkIw4RH+noJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMDZ2NDlNMzRsam9ZTGFETi1RakRoRWY2ZWdrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZi8yNmQxOTMtNDBjMi00MTdiLWJkNTIt
NWMxMGJkYjg2NmUwLzEvdkdLamJlSTYzUnpYYngybW9NZ1o4OGdrTDBvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZi8yNmQxOTMtNDBjMi00MTdiLWJkNTItNWMxMGJkYjg2NmUw
LzEvMDZ2NDlNMzRsam9ZTGFETi1RakRoRWY2ZWdrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuZLYMA0E
AgACMAcDBQMqB1LAMA0GCSqGSIb3DQEBCwUAA4IBAQAZV4PbI0t1CsmoXox1tGi9
yGFnkLYqytBEJvZ+BAkDub3OPH9gRgCM3yzWbod9To6nZanjvOQZrbTlVDw+UmpA
UD7eOU456+wdvk71mt7xTqlnqbugRRXrHtRxOCP3OWmueqL4AYCp4nUz/wDFZgrz
/Ly02mFIozq1LXUOhxQTakUWq+JsW9D4PKwxnWWlR3NSk4xEGbC4NjTz4nVfZSHe
QmmepW7/AFDVbLrLQwZ0Z21WbFzXGzPU6GEzyfexcBPFD+rUmBEO7AGFz9GKDkRW
k4DMGYMotmMJtK6RG32s0ub38zXBOmTMCUMCfImHH5l2hvhJrtTrT+4TlBg4vdD5
-----END CERTIFICATE-----