Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e1/945dbd-2fb7-4dd1-96a6-0585de4d4ee7/1/aa2j5wVm0c-lQnZ_s16QHGRxbVU.roa
File:                     aa2j5wVm0c-lQnZ_s16QHGRxbVU.roa (raw, json)
Hash identifier:          2qdz/uEuQTzsIMdeNOG9LQdnTQSy4fa2A5Rp2WG5LzI=
Subject key identifier:   69:AD:A3:E7:05:66:D1:CF:A5:42:76:7F:B3:5E:90:1C:64:71:6D:55
Certificate issuer:       /CN=44007172df9fc2d4a2ddbba934cebc9f0286d3ca
Certificate serial:       019420D60C704F6C093AD3CEB7BB193AB625
Authority key identifier: 44:00:71:72:DF:9F:C2:D4:A2:DD:BB:A9:34:CE:BC:9F:02:86:D3:CA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RABxct-fwtSi3bupNM68nwKG08o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e1/945dbd-2fb7-4dd1-96a6-0585de4d4ee7/1/aa2j5wVm0c-lQnZ_s16QHGRxbVU.roa
Signing time:             Wed 01 Jan 2025 07:48:06 +0000
ROA not before:           Wed 01 Jan 2025 07:48:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     210374
IP address blocks:        185.83.215.0/24 maxlen: 24
                          2a05:9f04::/40 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e1/945dbd-2fb7-4dd1-96a6-0585de4d4ee7/1/RABxct-fwtSi3bupNM68nwKG08o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e1/945dbd-2fb7-4dd1-96a6-0585de4d4ee7/1/RABxct-fwtSi3bupNM68nwKG08o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RABxct-fwtSi3bupNM68nwKG08o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 07:00:52 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:d6:0c:70:4f:6c:09:3a:d3:ce:b7:bb:19:3a:b6:25
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=44007172df9fc2d4a2ddbba934cebc9f0286d3ca
        Validity
            Not Before: Jan  1 07:48:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=69ada3e70566d1cfa542767fb35e901c64716d55
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:71:33:85:de:3a:1c:23:31:3b:a6:9c:6c:79:
                    1a:48:5b:bc:95:cf:5e:53:ec:75:9b:d4:9d:40:9d:
                    91:98:36:35:59:37:c3:de:80:81:32:07:79:ff:56:
                    2d:8e:d0:3b:aa:c8:a7:65:3f:c1:a2:4e:71:0f:c0:
                    81:57:f0:60:fb:c9:5b:93:86:13:65:fd:38:f2:bd:
                    60:e6:f0:b8:2c:f0:15:32:5c:c0:43:6d:fd:4d:cc:
                    30:49:56:b2:50:4c:54:20:4f:b6:45:e5:3b:45:f0:
                    2c:ce:5d:55:49:fa:13:35:35:b5:9c:14:c2:fb:96:
                    8c:7c:34:60:fb:09:8b:8a:e4:59:0a:31:d7:58:a9:
                    21:1e:dd:3c:4f:a2:da:80:51:f4:4f:64:81:aa:d2:
                    b4:2e:05:1d:14:02:a2:9a:9d:65:72:bf:97:59:0c:
                    2e:c8:c9:f5:40:33:c0:30:78:aa:74:4c:f3:ae:d5:
                    76:ab:87:02:ba:e3:83:77:f4:e7:40:6a:64:5d:30:
                    58:4d:6c:8f:e7:38:22:53:9c:60:78:2c:a4:b0:55:
                    a9:d3:61:ce:95:76:8f:9c:e1:5e:3a:47:81:d0:17:
                    ef:36:e0:a4:90:4c:17:16:17:38:bf:fd:8f:2b:d7:
                    f3:60:b2:c5:6e:0a:2c:ff:c9:7c:5a:8b:ef:dd:14:
                    5e:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                69:AD:A3:E7:05:66:D1:CF:A5:42:76:7F:B3:5E:90:1C:64:71:6D:55
            X509v3 Authority Key Identifier:
                keyid:44:00:71:72:DF:9F:C2:D4:A2:DD:BB:A9:34:CE:BC:9F:02:86:D3:CA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RABxct-fwtSi3bupNM68nwKG08o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e1/945dbd-2fb7-4dd1-96a6-0585de4d4ee7/1/aa2j5wVm0c-lQnZ_s16QHGRxbVU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e1/945dbd-2fb7-4dd1-96a6-0585de4d4ee7/1/RABxct-fwtSi3bupNM68nwKG08o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.83.215.0/24
                IPv6:
                  2a05:9f04::/40

    Signature Algorithm: sha256WithRSAEncryption
         ab:34:ce:75:81:dd:58:08:c9:0f:ab:95:75:13:8e:88:bb:87:
         72:f2:fe:fa:02:8e:a7:3f:4e:ad:8f:37:8b:a0:fe:d1:a6:6e:
         2d:08:f5:1e:40:c2:b0:26:e1:51:6d:47:3c:fb:0e:65:c2:0d:
         b5:79:f9:15:27:a1:f6:74:95:fe:c9:1e:35:c2:76:0f:35:a0:
         01:b1:3c:44:b2:cf:1f:b5:59:95:34:eb:23:25:6b:48:a1:23:
         f2:03:4f:64:fb:3e:18:40:b3:e0:48:48:6d:78:5e:eb:ce:8a:
         87:fa:7b:94:ea:4f:72:3a:eb:2e:74:ce:b7:4d:32:af:29:81:
         e3:09:ea:ca:07:76:bc:1a:05:67:c9:18:ab:36:6d:9a:42:9b:
         6a:13:56:2c:02:d4:ed:89:99:2c:07:76:f7:8c:bf:b6:77:a6:
         1e:40:1e:96:6b:ea:69:2b:13:f1:7c:b5:9a:06:a3:1f:3c:73:
         aa:5d:47:72:5e:48:f4:10:ca:41:de:be:b0:97:97:e6:65:96:
         cd:f8:8b:3c:0b:4e:4b:b2:77:89:64:7a:38:41:52:2e:0b:86:
         f4:e8:b5:27:42:10:97:15:03:b2:2e:0c:1c:77:6a:3b:34:54:
         4e:86:4e:9b:77:5e:d6:59:50:11:3c:53:8a:5b:89:4e:e4:a4:
         74:7e:50:98
-----BEGIN CERTIFICATE-----
MIIFDTCCA/WgAwIBAgISAZQg1gxwT2wJOtPOt7sZOrYlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ0MDA3MTcyZGY5ZmMyZDRhMmRkYmJhOTM0Y2ViYzlmMDI4
NmQzY2EwHhcNMjUwMTAxMDc0ODA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2OWFkYTNlNzA1NjZkMWNmYTU0Mjc2N2ZiMzVlOTAxYzY0NzE2ZDU1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkXEzhd46HCMxO6acbHkaSFu8lc9e
U+x1m9SdQJ2RmDY1WTfD3oCBMgd5/1YtjtA7qsinZT/Bok5xD8CBV/Bg+8lbk4YT
Zf048r1g5vC4LPAVMlzAQ239TcwwSVayUExUIE+2ReU7RfAszl1VSfoTNTW1nBTC
+5aMfDRg+wmLiuRZCjHXWKkhHt08T6LagFH0T2SBqtK0LgUdFAKimp1lcr+XWQwu
yMn1QDPAMHiqdEzzrtV2q4cCuuODd/TnQGpkXTBYTWyP5zgiU5xgeCyksFWp02HO
lXaPnOFeOkeB0BfvNuCkkEwXFhc4v/2PK9fzYLLFbgos/8l8Wovv3RReAwIDAQAB
o4ICGTCCAhUwHQYDVR0OBBYEFGmto+cFZtHPpUJ2f7NekBxkcW1VMB8GA1UdIwQY
MBaAFEQAcXLfn8LUot27qTTOvJ8ChtPKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUkFCeGN0LWZ3dFNpM2J1cE5NNjhud0tHMDhvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMS85NDVkYmQtMmZiNy00ZGQxLTk2YTYt
MDU4NWRlNGQ0ZWU3LzEvYWEyajV3Vm0wYy1sUW5aX3MxNlFIR1J4YlZVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMS85NDVkYmQtMmZiNy00ZGQxLTk2YTYtMDU4NWRlNGQ0ZWU3
LzEvUkFCeGN0LWZ3dFNpM2J1cE5NNjhud0tHMDhvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC8GCCsGAQUFBwEHAQH/BCAwHjAMBAIAATAGAwQAuVPXMA4E
AgACMAgDBgAqBZ8EADANBgkqhkiG9w0BAQsFAAOCAQEAqzTOdYHdWAjJD6uVdROO
iLuHcvL++gKOpz9OrY83i6D+0aZuLQj1HkDCsCbhUW1HPPsOZcINtXn5FSeh9nSV
/skeNcJ2DzWgAbE8RLLPH7VZlTTrIyVrSKEj8gNPZPs+GECz4EhIbXhe686Kh/p7
lOpPcjrrLnTOt00yrymB4wnqygd2vBoFZ8kYqzZtmkKbahNWLALU7YmZLAd294y/
tnemHkAelmvqaSsT8Xy1mgajHzxzql1Hcl5I9BDKQd6+sJeX5mWWzfiLPAtOS7J3
iWR6OEFSLguG9Oi1J0IQlxUDsi4MHHdqOzRUToZOm3de1llQETxTiluJTuSkdH5Q
mA==
-----END CERTIFICATE-----