Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f1/b717c5-a64b-4475-be3e-5da8d677d847/1/DFcDai4MmMP-4I9ZmvHSmiuuiVo.roa
File:                     DFcDai4MmMP-4I9ZmvHSmiuuiVo.roa (raw, json)
Hash identifier:          P1EgClV7bkG9omjLGc5Uu3/ShqO9L3Dji7Yyz/EuHLk=
Subject key identifier:   0C:57:03:6A:2E:0C:98:C3:FE:E0:8F:59:9A:F1:D2:9A:2B:AE:89:5A
Certificate issuer:       /CN=9256ebf66b80f08135858d144ced6f785834f5f4
Certificate serial:       019421B21042FE01CBCC67B0A53DC3B0A342
Authority key identifier: 92:56:EB:F6:6B:80:F0:81:35:85:8D:14:4C:ED:6F:78:58:34:F5:F4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/klbr9muA8IE1hY0UTO1veFg09fQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f1/b717c5-a64b-4475-be3e-5da8d677d847/1/DFcDai4MmMP-4I9ZmvHSmiuuiVo.roa
Signing time:             Wed 01 Jan 2025 11:48:25 +0000
ROA not before:           Wed 01 Jan 2025 11:48:25 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     35421
IP address blocks:        185.168.160.0/22 maxlen: 24
                          185.168.160.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f1/b717c5-a64b-4475-be3e-5da8d677d847/1/klbr9muA8IE1hY0UTO1veFg09fQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f1/b717c5-a64b-4475-be3e-5da8d677d847/1/klbr9muA8IE1hY0UTO1veFg09fQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/klbr9muA8IE1hY0UTO1veFg09fQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 13 Apr 2025 05:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:b2:10:42:fe:01:cb:cc:67:b0:a5:3d:c3:b0:a3:42
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9256ebf66b80f08135858d144ced6f785834f5f4
        Validity
            Not Before: Jan  1 11:48:25 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0c57036a2e0c98c3fee08f599af1d29a2bae895a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:4b:b4:50:df:a8:67:d6:bc:3c:f6:ba:69:9d:
                    c8:04:64:3d:20:90:96:8f:97:2f:b9:c7:38:9a:f7:
                    d1:76:d0:f7:b0:37:24:57:61:be:17:f4:f5:44:d4:
                    d9:8c:7e:ef:b7:d6:c1:5c:f6:d7:39:21:2f:59:65:
                    11:a1:9b:77:04:3d:86:91:75:dc:da:03:99:b4:cc:
                    a8:07:b6:42:a2:c1:68:0c:0b:b3:33:a0:69:78:d7:
                    15:44:ec:f7:d0:07:d5:7f:82:19:05:04:64:4d:4f:
                    4c:5c:39:7a:15:63:09:d7:c3:f1:5f:4e:ab:8f:35:
                    94:00:64:cc:1e:d5:c5:d7:5e:75:ee:c7:39:4d:9f:
                    b2:ed:42:b8:8e:b1:f3:90:d2:2c:fd:b6:6a:20:06:
                    2b:1f:5f:46:e5:29:27:ff:42:8e:12:4f:b9:b0:dd:
                    7c:70:21:49:f0:7c:bc:12:64:0d:bd:de:59:49:7f:
                    8f:35:09:08:68:ea:ad:63:3e:6b:29:60:72:e7:df:
                    72:3e:7a:e0:a2:88:39:66:97:7f:d7:07:e3:b2:c7:
                    21:c0:6c:8a:b1:c2:12:2c:d1:9e:f3:67:99:d7:b2:
                    1c:38:30:06:08:ba:c5:94:15:c8:22:32:7e:e5:39:
                    c4:20:6c:47:b3:ab:c1:3f:5f:9d:95:e9:a2:02:05:
                    f3:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0C:57:03:6A:2E:0C:98:C3:FE:E0:8F:59:9A:F1:D2:9A:2B:AE:89:5A
            X509v3 Authority Key Identifier:
                keyid:92:56:EB:F6:6B:80:F0:81:35:85:8D:14:4C:ED:6F:78:58:34:F5:F4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/klbr9muA8IE1hY0UTO1veFg09fQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f1/b717c5-a64b-4475-be3e-5da8d677d847/1/DFcDai4MmMP-4I9ZmvHSmiuuiVo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f1/b717c5-a64b-4475-be3e-5da8d677d847/1/klbr9muA8IE1hY0UTO1veFg09fQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.168.160.0/22

    Signature Algorithm: sha256WithRSAEncryption
         a1:cb:9f:9a:3f:fb:b4:53:17:30:c7:bd:87:5b:94:5f:23:3b:
         57:3b:86:91:8c:aa:c2:96:80:65:5d:1a:89:ce:a4:7d:e0:9b:
         22:2a:de:7c:a6:ed:2f:6e:33:8f:34:5f:f6:36:e7:f2:a0:fd:
         5c:c8:06:bb:37:32:da:69:a3:b7:f5:ac:b7:72:d9:5e:2e:29:
         fb:78:52:dc:4e:5d:5e:44:a6:c7:aa:d2:da:6d:a0:05:17:cc:
         da:f0:fd:a9:14:ec:2c:6d:a8:95:64:3c:56:45:20:79:0c:67:
         7e:92:28:f9:5f:4f:16:23:52:f7:0b:64:88:68:82:83:81:a6:
         3b:45:47:57:58:e6:82:74:6c:b2:d9:bd:5c:99:19:11:a7:b7:
         4f:25:3e:c2:6c:2d:5f:12:b8:27:08:9f:99:be:e9:83:ac:34:
         4a:9e:72:31:ff:5a:75:01:b6:1f:60:61:83:0a:f1:1a:99:57:
         40:34:92:e8:c8:fe:5d:5b:04:e2:ef:0f:40:b8:c9:72:a3:40:
         40:dc:d8:fc:49:14:fe:86:d0:29:9e:eb:7d:49:b3:11:a7:e5:
         e2:c7:58:e0:8d:53:4b:98:39:a3:ad:df:eb:31:ad:76:89:9f:
         bd:a0:f0:dc:1f:61:da:b4:67:fb:1d:6e:73:f9:9e:4c:7c:36:
         d2:16:18:2e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhshBC/gHLzGewpT3DsKNCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkyNTZlYmY2NmI4MGYwODEzNTg1OGQxNDRjZWQ2Zjc4NTgz
NGY1ZjQwHhcNMjUwMTAxMTE0ODI1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYzU3MDM2YTJlMGM5OGMzZmVlMDhmNTk5YWYxZDI5YTJiYWU4OTVhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyEu0UN+oZ9a8PPa6aZ3IBGQ9IJCW
j5cvucc4mvfRdtD3sDckV2G+F/T1RNTZjH7vt9bBXPbXOSEvWWURoZt3BD2GkXXc
2gOZtMyoB7ZCosFoDAuzM6BpeNcVROz30AfVf4IZBQRkTU9MXDl6FWMJ18PxX06r
jzWUAGTMHtXF11517sc5TZ+y7UK4jrHzkNIs/bZqIAYrH19G5Skn/0KOEk+5sN18
cCFJ8Hy8EmQNvd5ZSX+PNQkIaOqtYz5rKWBy599yPnrgoog5Zpd/1wfjsschwGyK
scISLNGe82eZ17IcODAGCLrFlBXIIjJ+5TnEIGxHs6vBP1+dlemiAgXz1QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAxXA2ouDJjD/uCPWZrx0porrolaMB8GA1UdIwQY
MBaAFJJW6/ZrgPCBNYWNFEztb3hYNPX0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva2xicjltdUE4SUUxaFkwVVRPMXZlRmcwOWZRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMS9iNzE3YzUtYTY0Yi00NDc1LWJlM2Ut
NWRhOGQ2NzdkODQ3LzEvREZjRGFpNE1tTVAtNEk5Wm12SFNtaXV1aVZvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMS9iNzE3YzUtYTY0Yi00NDc1LWJlM2UtNWRhOGQ2NzdkODQ3
LzEva2xicjltdUE4SUUxaFkwVVRPMXZlRmcwOWZRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuaigMA0G
CSqGSIb3DQEBCwUAA4IBAQChy5+aP/u0Uxcwx72HW5RfIztXO4aRjKrCloBlXRqJ
zqR94JsiKt58pu0vbjOPNF/2NufyoP1cyAa7NzLaaaO39ay3ctleLin7eFLcTl1e
RKbHqtLabaAFF8za8P2pFOwsbaiVZDxWRSB5DGd+kij5X08WI1L3C2SIaIKDgaY7
RUdXWOaCdGyy2b1cmRkRp7dPJT7CbC1fErgnCJ+ZvumDrDRKnnIx/1p1AbYfYGGD
CvEamVdANJLoyP5dWwTi7w9AuMlyo0BA3Nj8SRT+htApnut9SbMRp+Xix1jgjVNL
mDmjrd/rMa12iZ+9oPDcH2HatGf7HW5z+Z5MfDbSFhgu
-----END CERTIFICATE-----