Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e3/4ebc33-ee54-437c-8a1b-dec4807cd7e6/1/0SF7pOBg_ur6TuAnhKZvtMcmyMw.roa
File:                     0SF7pOBg_ur6TuAnhKZvtMcmyMw.roa (raw, json)
Hash identifier:          5nIyMEgIsmgFGVdTMcAMulKSrVsz482NfoizOY2OUOA=
Subject key identifier:   D1:21:7B:A4:E0:60:FE:EA:FA:4E:E0:27:84:A6:6F:B4:C7:26:C8:CC
Certificate issuer:       /CN=08fe040242651353d556b8c4240082190f271d13
Certificate serial:       0194221FE753E82C0600A4F714C434BA46F1
Authority key identifier: 08:FE:04:02:42:65:13:53:D5:56:B8:C4:24:00:82:19:0F:27:1D:13
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CP4EAkJlE1PVVrjEJACCGQ8nHRM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e3/4ebc33-ee54-437c-8a1b-dec4807cd7e6/1/0SF7pOBg_ur6TuAnhKZvtMcmyMw.roa
Signing time:             Wed 01 Jan 2025 13:48:23 +0000
ROA not before:           Wed 01 Jan 2025 13:48:23 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     60821
IP address blocks:        185.22.168.0/22 maxlen: 22
                          185.22.168.0/24 maxlen: 24
                          185.22.169.0/24 maxlen: 24
                          185.22.170.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e3/4ebc33-ee54-437c-8a1b-dec4807cd7e6/1/CP4EAkJlE1PVVrjEJACCGQ8nHRM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e3/4ebc33-ee54-437c-8a1b-dec4807cd7e6/1/CP4EAkJlE1PVVrjEJACCGQ8nHRM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CP4EAkJlE1PVVrjEJACCGQ8nHRM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 22:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:1f:e7:53:e8:2c:06:00:a4:f7:14:c4:34:ba:46:f1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=08fe040242651353d556b8c4240082190f271d13
        Validity
            Not Before: Jan  1 13:48:23 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d1217ba4e060feeafa4ee02784a66fb4c726c8cc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:94:61:8d:ed:fe:53:c0:56:0b:4e:21:24:74:
                    2f:e8:5d:10:64:c2:2b:fe:14:52:59:7d:dc:1a:be:
                    5c:0b:94:3d:86:d2:30:f3:c2:ae:e2:6e:0b:0d:d1:
                    ea:c4:37:fc:47:6d:77:1f:ff:34:ce:7a:4b:70:4c:
                    df:58:b5:ed:fa:75:97:8d:e2:99:9c:4d:cd:b9:54:
                    44:e9:2f:cb:3c:86:f1:2c:3e:33:6c:14:06:ab:b7:
                    84:82:6d:03:9b:a6:d9:89:d2:89:7f:15:d0:cf:ce:
                    8f:63:54:0d:64:a7:fa:a9:7d:e3:fa:de:a0:3e:6b:
                    4a:90:75:4f:7d:43:f7:7c:48:5f:d5:22:0c:fe:3d:
                    8f:41:cd:72:ae:99:8d:a5:64:0e:de:1b:05:49:ac:
                    a3:af:4b:7a:c3:9b:c3:2e:49:b1:7e:fd:fd:c9:c3:
                    4a:7f:ca:f0:1a:35:eb:3a:01:85:8f:f7:5f:6b:4a:
                    95:43:da:73:e0:51:99:80:b2:d4:7a:1d:28:f7:f6:
                    83:1b:2b:a9:1d:e6:04:d0:dc:bb:ad:fb:23:a3:60:
                    09:d4:f5:fe:39:79:f6:e0:86:a7:66:99:3c:bd:44:
                    39:d4:72:87:e2:ca:25:81:52:81:8e:58:a2:e6:4f:
                    0c:a2:f7:28:d0:c5:3e:23:f5:66:13:ab:e2:d8:5d:
                    b2:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D1:21:7B:A4:E0:60:FE:EA:FA:4E:E0:27:84:A6:6F:B4:C7:26:C8:CC
            X509v3 Authority Key Identifier:
                keyid:08:FE:04:02:42:65:13:53:D5:56:B8:C4:24:00:82:19:0F:27:1D:13

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CP4EAkJlE1PVVrjEJACCGQ8nHRM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e3/4ebc33-ee54-437c-8a1b-dec4807cd7e6/1/0SF7pOBg_ur6TuAnhKZvtMcmyMw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e3/4ebc33-ee54-437c-8a1b-dec4807cd7e6/1/CP4EAkJlE1PVVrjEJACCGQ8nHRM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.22.168.0/22

    Signature Algorithm: sha256WithRSAEncryption
         5f:23:9a:1d:fc:17:ba:90:4c:cc:64:e0:3f:b9:05:0d:6a:b7:
         59:5c:f1:c3:0a:b5:f8:92:90:45:04:ff:91:08:84:c3:9a:69:
         72:61:87:8b:56:d7:5b:81:e7:18:1a:3b:1f:ac:26:c4:2e:34:
         98:90:3d:15:e9:df:9f:8e:5c:40:ac:dc:6d:e5:31:0b:a0:5a:
         25:bc:7d:40:ce:b3:5a:48:87:6d:ee:81:ed:8d:0e:b1:3b:b7:
         e9:c9:36:ae:5c:3f:7c:fe:95:89:8e:e6:b4:b4:68:0e:da:ee:
         90:0d:cd:3f:a8:5e:68:f4:d1:72:0d:0d:d3:37:2d:ea:48:35:
         c1:8a:bd:58:36:96:0c:c1:04:44:46:bd:6f:b1:46:94:35:cc:
         c7:a2:4c:26:e0:cc:9d:e1:12:de:0d:b3:38:c9:2b:fd:93:9e:
         a6:94:12:2c:19:fc:c8:f9:27:20:13:c8:02:24:13:59:17:30:
         87:c0:4f:1e:7b:0b:96:b9:98:e8:af:79:61:42:ba:e9:b0:1a:
         87:bd:23:ea:18:99:30:18:71:c2:ed:e4:8f:a7:1d:61:6e:d0:
         b3:24:11:24:e3:6d:2e:c3:65:1c:cf:c2:48:52:e8:a7:83:56:
         68:fa:d5:59:d7:14:0e:2c:a5:b3:76:1e:17:62:0f:04:a5:03:
         0f:bf:2f:16
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQiH+dT6CwGAKT3FMQ0ukbxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA4ZmUwNDAyNDI2NTEzNTNkNTU2YjhjNDI0MDA4MjE5MGYy
NzFkMTMwHhcNMjUwMTAxMTM0ODIzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMTIxN2JhNGUwNjBmZWVhZmE0ZWUwMjc4NGE2NmZiNGM3MjZjOGNjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnZRhje3+U8BWC04hJHQv6F0QZMIr
/hRSWX3cGr5cC5Q9htIw88Ku4m4LDdHqxDf8R213H/80znpLcEzfWLXt+nWXjeKZ
nE3NuVRE6S/LPIbxLD4zbBQGq7eEgm0Dm6bZidKJfxXQz86PY1QNZKf6qX3j+t6g
PmtKkHVPfUP3fEhf1SIM/j2PQc1yrpmNpWQO3hsFSayjr0t6w5vDLkmxfv39ycNK
f8rwGjXrOgGFj/dfa0qVQ9pz4FGZgLLUeh0o9/aDGyupHeYE0Ny7rfsjo2AJ1PX+
OXn24IanZpk8vUQ51HKH4solgVKBjlii5k8Movco0MU+I/VmE6vi2F2yGwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNEhe6TgYP7q+k7gJ4Smb7THJsjMMB8GA1UdIwQY
MBaAFAj+BAJCZRNT1Va4xCQAghkPJx0TMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ1A0RUFrSmxFMVBWVnJqRUpBQ0NHUThuSFJNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMy80ZWJjMzMtZWU1NC00MzdjLThhMWIt
ZGVjNDgwN2NkN2U2LzEvMFNGN3BPQmdfdXI2VHVBbmhLWnZ0TWNteU13LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMy80ZWJjMzMtZWU1NC00MzdjLThhMWItZGVjNDgwN2NkN2U2
LzEvQ1A0RUFrSmxFMVBWVnJqRUpBQ0NHUThuSFJNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuRaoMA0G
CSqGSIb3DQEBCwUAA4IBAQBfI5od/Be6kEzMZOA/uQUNardZXPHDCrX4kpBFBP+R
CITDmmlyYYeLVtdbgecYGjsfrCbELjSYkD0V6d+fjlxArNxt5TELoFolvH1AzrNa
SIdt7oHtjQ6xO7fpyTauXD98/pWJjua0tGgO2u6QDc0/qF5o9NFyDQ3TNy3qSDXB
ir1YNpYMwQRERr1vsUaUNczHokwm4Myd4RLeDbM4ySv9k56mlBIsGfzI+ScgE8gC
JBNZFzCHwE8eewuWuZjor3lhQrrpsBqHvSPqGJkwGHHC7eSPpx1hbtCzJBEk420u
w2Ucz8JIUuing1Zo+tVZ1xQOLKWzdh4XYg8EpQMPvy8W
-----END CERTIFICATE-----