Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e2/b6c991-1fd4-487f-8778-d15e516dc45c/1/sJl_QdCBuSIuDI71IvgJXADnTiM.roa
File:                     sJl_QdCBuSIuDI71IvgJXADnTiM.roa (raw, json)
Hash identifier:          Jf4sGBR81s0wwCP57KaJL+znXy3bEncdMGZygIhMNj4=
Subject key identifier:   B0:99:7F:41:D0:81:B9:22:2E:0C:8E:F5:22:F8:09:5C:00:E7:4E:23
Certificate issuer:       /CN=111e0cbbe5d1c0a09465095e444fbc1c7932c683
Certificate serial:       0194221FECA8425AAA54513E40835A35751D
Authority key identifier: 11:1E:0C:BB:E5:D1:C0:A0:94:65:09:5E:44:4F:BC:1C:79:32:C6:83
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ER4Mu-XRwKCUZQleRE-8HHkyxoM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e2/b6c991-1fd4-487f-8778-d15e516dc45c/1/sJl_QdCBuSIuDI71IvgJXADnTiM.roa
Signing time:             Wed 01 Jan 2025 13:48:25 +0000
ROA not before:           Wed 01 Jan 2025 13:48:25 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     203740
IP address blocks:        185.125.40.0/22 maxlen: 22
                          185.125.40.0/23 maxlen: 24
                          185.125.43.0/24 maxlen: 24
                          2a06:b7c0::/29 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e2/b6c991-1fd4-487f-8778-d15e516dc45c/1/ER4Mu-XRwKCUZQleRE-8HHkyxoM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e2/b6c991-1fd4-487f-8778-d15e516dc45c/1/ER4Mu-XRwKCUZQleRE-8HHkyxoM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ER4Mu-XRwKCUZQleRE-8HHkyxoM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 18 Apr 2025 16:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:1f:ec:a8:42:5a:aa:54:51:3e:40:83:5a:35:75:1d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=111e0cbbe5d1c0a09465095e444fbc1c7932c683
        Validity
            Not Before: Jan  1 13:48:25 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b0997f41d081b9222e0c8ef522f8095c00e74e23
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:23:89:1f:57:5a:7d:48:4e:9e:f8:25:87:b8:
                    b9:07:34:21:d2:94:77:b1:a3:a6:60:c9:a4:08:f2:
                    71:34:e1:af:07:7b:df:e6:05:88:8c:6e:36:cc:d9:
                    06:7b:88:bf:16:16:94:a2:95:37:10:32:17:36:0c:
                    88:d6:1c:44:37:78:48:c1:99:69:8a:3f:39:9e:dd:
                    29:bf:7d:d9:fc:af:a0:87:5d:44:18:aa:44:8c:bf:
                    15:ab:f2:5f:f4:41:92:a6:2b:5c:ce:ee:3d:06:19:
                    6c:84:4c:43:5e:5d:c6:2d:5d:2a:04:32:4c:d6:d7:
                    34:91:9d:a4:28:57:7a:2c:ad:35:20:a2:e8:23:93:
                    ac:b1:cc:97:8e:ba:f9:b4:0c:c8:41:87:f9:d5:c7:
                    b2:b5:11:c1:0f:a5:5c:0f:e5:50:4e:52:94:4e:86:
                    38:25:54:ef:b8:52:f8:b7:c7:4e:fb:03:32:43:cd:
                    96:80:a0:9f:a2:cb:e0:3b:5e:be:f8:18:9c:74:c1:
                    d3:12:53:41:11:91:66:73:27:ad:f4:c6:f4:2b:ad:
                    01:af:ca:27:92:e2:91:de:23:7d:c6:b6:33:58:8e:
                    05:8a:cf:c0:2f:b8:0e:29:8a:10:5f:21:b1:1d:13:
                    20:8f:9a:82:f3:c3:00:16:b9:e6:11:2f:9e:9a:67:
                    28:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B0:99:7F:41:D0:81:B9:22:2E:0C:8E:F5:22:F8:09:5C:00:E7:4E:23
            X509v3 Authority Key Identifier:
                keyid:11:1E:0C:BB:E5:D1:C0:A0:94:65:09:5E:44:4F:BC:1C:79:32:C6:83

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ER4Mu-XRwKCUZQleRE-8HHkyxoM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/b6c991-1fd4-487f-8778-d15e516dc45c/1/sJl_QdCBuSIuDI71IvgJXADnTiM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/b6c991-1fd4-487f-8778-d15e516dc45c/1/ER4Mu-XRwKCUZQleRE-8HHkyxoM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.125.40.0/22
                IPv6:
                  2a06:b7c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         86:02:c1:f1:61:88:77:0c:c4:15:f2:7c:54:a0:b4:9a:05:c2:
         7e:ee:f8:b4:93:0a:2b:55:3a:be:08:b8:a3:62:de:eb:bb:c1:
         8b:17:85:7f:cf:1c:5f:36:10:70:a6:a5:bb:71:74:ef:fd:52:
         80:4b:7d:e2:b8:ad:7c:fe:c3:77:6d:0d:98:0a:3c:4c:c0:e7:
         59:aa:4b:5e:1a:f7:21:ea:8c:36:57:b3:1b:0d:7d:2e:38:e2:
         0c:28:a0:c2:d7:60:5d:31:9f:3f:11:46:91:b8:48:92:ca:cd:
         f5:3f:9d:b9:cc:68:9b:f2:33:c8:38:8e:d0:5d:37:78:b2:b1:
         eb:08:49:3c:1e:e9:62:41:8e:ee:54:d6:67:fc:e2:f0:1a:5f:
         5d:59:4b:cf:9b:84:77:cc:d3:60:ec:d5:f1:a1:ce:bd:39:8d:
         bd:b7:8a:81:85:50:81:aa:11:9e:f2:ae:4a:76:d6:a6:c9:e5:
         7a:a0:24:56:f5:8e:01:bd:93:af:db:d0:c0:fe:44:73:4a:8e:
         42:0b:ca:ec:d5:a1:05:d4:71:0b:ca:25:fb:c2:ca:c7:0b:ab:
         1c:d4:c3:24:c2:22:8a:e9:b9:d4:14:7f:c3:96:63:65:85:e9:
         62:ba:60:60:fb:8c:66:a6:f9:59:07:f9:55:8f:dd:c7:af:89:
         1b:55:79:6e
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQiH+yoQlqqVFE+QINaNXUdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDExMWUwY2JiZTVkMWMwYTA5NDY1MDk1ZTQ0NGZiYzFjNzkz
MmM2ODMwHhcNMjUwMTAxMTM0ODI1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMDk5N2Y0MWQwODFiOTIyMmUwYzhlZjUyMmY4MDk1YzAwZTc0ZTIzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtyOJH1dafUhOnvglh7i5BzQh0pR3
saOmYMmkCPJxNOGvB3vf5gWIjG42zNkGe4i/FhaUopU3EDIXNgyI1hxEN3hIwZlp
ij85nt0pv33Z/K+gh11EGKpEjL8Vq/Jf9EGSpitczu49BhlshExDXl3GLV0qBDJM
1tc0kZ2kKFd6LK01IKLoI5OsscyXjrr5tAzIQYf51ceytRHBD6VcD+VQTlKUToY4
JVTvuFL4t8dO+wMyQ82WgKCfosvgO16++BicdMHTElNBEZFmcyet9Mb0K60Br8on
kuKR3iN9xrYzWI4Fis/AL7gOKYoQXyGxHRMgj5qC88MAFrnmES+emmcoSQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFLCZf0HQgbkiLgyO9SL4CVwA504jMB8GA1UdIwQY
MBaAFBEeDLvl0cCglGUJXkRPvBx5MsaDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRVI0TXUtWFJ3S0NVWlFsZVJFLThISGt5eG9NLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMi9iNmM5OTEtMWZkNC00ODdmLTg3Nzgt
ZDE1ZTUxNmRjNDVjLzEvc0psX1FkQ0J1U0l1REk3MUl2Z0pYQURuVGlNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMi9iNmM5OTEtMWZkNC00ODdmLTg3NzgtZDE1ZTUxNmRjNDVj
LzEvRVI0TXUtWFJ3S0NVWlFsZVJFLThISGt5eG9NLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuX0oMA0E
AgACMAcDBQMqBrfAMA0GCSqGSIb3DQEBCwUAA4IBAQCGAsHxYYh3DMQV8nxUoLSa
BcJ+7vi0kworVTq+CLijYt7ru8GLF4V/zxxfNhBwpqW7cXTv/VKAS33iuK18/sN3
bQ2YCjxMwOdZqkteGvch6ow2V7MbDX0uOOIMKKDC12BdMZ8/EUaRuEiSys31P525
zGib8jPIOI7QXTd4srHrCEk8HuliQY7uVNZn/OLwGl9dWUvPm4R3zNNg7NXxoc69
OY29t4qBhVCBqhGe8q5KdtamyeV6oCRW9Y4BvZOv29DA/kRzSo5CC8rs1aEF1HEL
yiX7wsrHC6sc1MMkwiKK6bnUFH/DlmNlheliumBg+4xmpvlZB/lVj93Hr4kbVXlu
-----END CERTIFICATE-----