Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ea/7ded1f-c40d-47f2-a110-8456dce59ce0/1/MBtZdpS4ymxgginyDhvfCoGQ29s.roa
File:                     MBtZdpS4ymxgginyDhvfCoGQ29s.roa (raw, json)
Hash identifier:          Taga/JoIPOZ2TxBr6cVw0HmmUo2VGq5/DtsPjFffmvI=
Subject key identifier:   30:1B:59:76:94:B8:CA:6C:60:82:29:F2:0E:1B:DF:0A:81:90:DB:DB
Certificate issuer:       /CN=2f0e3b758e248b801fc1f30d345d608b07af1bf6
Certificate serial:       019427B61A841CBEABE12F3753CFAE6AE1EA
Authority key identifier: 2F:0E:3B:75:8E:24:8B:80:1F:C1:F3:0D:34:5D:60:8B:07:AF:1B:F6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Lw47dY4ki4AfwfMNNF1giwevG_Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ea/7ded1f-c40d-47f2-a110-8456dce59ce0/1/MBtZdpS4ymxgginyDhvfCoGQ29s.roa
Signing time:             Thu 02 Jan 2025 15:50:33 +0000
ROA not before:           Thu 02 Jan 2025 15:50:33 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     49798
IP address blocks:        185.140.28.0/22 maxlen: 22
                          2a0c:c500::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ea/7ded1f-c40d-47f2-a110-8456dce59ce0/1/Lw47dY4ki4AfwfMNNF1giwevG_Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ea/7ded1f-c40d-47f2-a110-8456dce59ce0/1/Lw47dY4ki4AfwfMNNF1giwevG_Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Lw47dY4ki4AfwfMNNF1giwevG_Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 23:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:b6:1a:84:1c:be:ab:e1:2f:37:53:cf:ae:6a:e1:ea
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2f0e3b758e248b801fc1f30d345d608b07af1bf6
        Validity
            Not Before: Jan  2 15:50:33 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=301b597694b8ca6c608229f20e1bdf0a8190dbdb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:c2:be:d0:d1:c6:c4:dd:92:2d:e1:cb:25:db:
                    8d:3b:1e:c7:9b:b3:8a:5b:18:98:eb:a4:2c:a6:35:
                    be:23:66:7b:95:84:5c:76:a3:52:7f:99:d1:b5:8d:
                    3c:74:2d:ab:1c:8b:7d:50:8c:70:33:a6:bf:e6:19:
                    ed:62:1c:19:63:cb:c9:c7:31:a1:2d:b5:3b:54:ec:
                    c7:95:f8:fa:c6:aa:91:90:63:c0:95:4a:ed:ac:62:
                    23:e1:49:52:44:b9:5f:7d:1b:46:58:79:2e:5b:89:
                    1b:5a:a7:40:7c:21:9e:4b:7c:a0:df:a5:0a:3b:c9:
                    56:7f:d5:65:88:20:61:54:f8:91:5c:f0:79:ab:6b:
                    11:81:5d:92:a0:cb:13:ba:a4:9d:00:fa:6a:e2:ff:
                    d4:40:97:76:eb:52:7e:37:a4:53:8e:8b:10:72:fb:
                    ac:61:40:5c:35:8e:c8:57:87:f8:2c:d4:be:81:a2:
                    31:e5:cb:ca:9d:67:b3:ed:90:32:2b:7b:4e:c9:d8:
                    88:94:b1:f0:87:0d:ca:0b:82:a9:53:79:5b:40:a3:
                    60:48:ac:a1:c3:1d:68:04:53:7a:56:ef:da:24:99:
                    29:a9:c1:db:15:53:33:c0:04:2e:98:73:72:bd:88:
                    6c:77:cd:08:d7:46:20:6c:4d:89:cb:0e:8e:9a:ac:
                    e3:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                30:1B:59:76:94:B8:CA:6C:60:82:29:F2:0E:1B:DF:0A:81:90:DB:DB
            X509v3 Authority Key Identifier:
                keyid:2F:0E:3B:75:8E:24:8B:80:1F:C1:F3:0D:34:5D:60:8B:07:AF:1B:F6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Lw47dY4ki4AfwfMNNF1giwevG_Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ea/7ded1f-c40d-47f2-a110-8456dce59ce0/1/MBtZdpS4ymxgginyDhvfCoGQ29s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ea/7ded1f-c40d-47f2-a110-8456dce59ce0/1/Lw47dY4ki4AfwfMNNF1giwevG_Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.140.28.0/22
                IPv6:
                  2a0c:c500::/32

    Signature Algorithm: sha256WithRSAEncryption
         9d:01:49:c3:3f:04:63:55:27:2f:c5:fc:a6:04:ca:87:4e:00:
         b6:a2:63:de:8a:ca:b0:58:66:ed:c3:ae:2e:66:13:2f:1b:fb:
         71:44:2a:bc:53:04:d2:49:9b:ce:05:53:fc:38:c1:02:b3:89:
         5f:fa:aa:e7:8a:9f:a2:7a:ee:89:9b:aa:83:b2:b0:62:e4:98:
         0c:37:1c:da:6a:94:f7:df:42:2d:83:d9:65:22:fd:de:ed:d9:
         e3:7f:e9:ea:23:23:25:66:8f:86:b2:af:1a:85:57:86:98:31:
         fe:33:26:b3:28:3f:7e:d6:d2:32:ea:75:1c:70:7d:0d:fc:bb:
         4a:27:02:fb:8e:90:5f:b4:9e:dc:8e:ca:3e:11:49:91:b2:d2:
         e8:b0:ca:c7:e2:96:14:d2:cc:72:8b:ce:f1:10:83:67:8f:12:
         05:4a:ea:5e:87:3a:39:7b:18:07:19:37:5d:ac:7d:9b:5d:63:
         95:83:3f:8a:55:dd:df:08:8a:a2:80:83:bd:00:83:29:93:ce:
         2c:9a:09:f5:e4:b8:5d:09:7d:6e:14:13:33:fe:59:71:0a:70:
         8d:a8:d9:97:97:cc:23:b0:e6:aa:55:27:4e:a4:b1:ea:e4:f8:
         ad:f1:82:be:64:53:c4:e4:fe:63:6c:f7:b7:4e:2c:e3:cf:7f:
         44:31:39:a0
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQnthqEHL6r4S83U8+uauHqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJmMGUzYjc1OGUyNDhiODAxZmMxZjMwZDM0NWQ2MDhiMDdh
ZjFiZjYwHhcNMjUwMTAyMTU1MDMzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMDFiNTk3Njk0YjhjYTZjNjA4MjI5ZjIwZTFiZGYwYTgxOTBkYmRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqMK+0NHGxN2SLeHLJduNOx7Hm7OK
WxiY66QspjW+I2Z7lYRcdqNSf5nRtY08dC2rHIt9UIxwM6a/5hntYhwZY8vJxzGh
LbU7VOzHlfj6xqqRkGPAlUrtrGIj4UlSRLlffRtGWHkuW4kbWqdAfCGeS3yg36UK
O8lWf9VliCBhVPiRXPB5q2sRgV2SoMsTuqSdAPpq4v/UQJd261J+N6RTjosQcvus
YUBcNY7IV4f4LNS+gaIx5cvKnWez7ZAyK3tOydiIlLHwhw3KC4KpU3lbQKNgSKyh
wx1oBFN6Vu/aJJkpqcHbFVMzwAQumHNyvYhsd80I10YgbE2Jyw6OmqzjLwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFDAbWXaUuMpsYIIp8g4b3wqBkNvbMB8GA1UdIwQY
MBaAFC8OO3WOJIuAH8HzDTRdYIsHrxv2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTHc0N2RZNGtpNEFmd2ZNTk5GMWdpd2V2R19ZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYS83ZGVkMWYtYzQwZC00N2YyLWExMTAt
ODQ1NmRjZTU5Y2UwLzEvTUJ0WmRwUzR5bXhnZ2lueURodmZDb0dRMjlzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYS83ZGVkMWYtYzQwZC00N2YyLWExMTAtODQ1NmRjZTU5Y2Uw
LzEvTHc0N2RZNGtpNEFmd2ZNTk5GMWdpd2V2R19ZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuYwcMA0E
AgACMAcDBQAqDMUAMA0GCSqGSIb3DQEBCwUAA4IBAQCdAUnDPwRjVScvxfymBMqH
TgC2omPeisqwWGbtw64uZhMvG/txRCq8UwTSSZvOBVP8OMECs4lf+qrnip+ieu6J
m6qDsrBi5JgMNxzaapT330Itg9llIv3e7dnjf+nqIyMlZo+Gsq8ahVeGmDH+Myaz
KD9+1tIy6nUccH0N/LtKJwL7jpBftJ7cjso+EUmRstLosMrH4pYU0sxyi87xEINn
jxIFSupehzo5exgHGTddrH2bXWOVgz+KVd3fCIqigIO9AIMpk84smgn15LhdCX1u
FBMz/llxCnCNqNmXl8wjsOaqVSdOpLHq5Pit8YK+ZFPE5P5jbPe3Tizjz39EMTmg
-----END CERTIFICATE-----