Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f2/66b692-4bb3-473e-9413-6261e5b1fc20/1/1-SAfEHIPvpIzjeCy5Q8AoZxny3k.roa
File:                     1-SAfEHIPvpIzjeCy5Q8AoZxny3k.roa (raw, json)
Hash identifier:          B/T0TK6WDLMTtz5a/Y6n6GO2yVmrFuy+pcNqZ8mftfA=
Subject key identifier:   F9:20:1F:10:72:0F:BE:92:33:8D:E0:B2:E5:0F:00:A1:9C:67:CB:79
Certificate issuer:       /CN=3fd4d2fdbee3aa3e121428ea7050c9439d8886a9
Certificate serial:       0194228D8B591D2EA208B7502B8816BE8138
Authority key identifier: 3F:D4:D2:FD:BE:E3:AA:3E:12:14:28:EA:70:50:C9:43:9D:88:86:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9TS_b7jqj4SFCjqcFDJQ52Ihqk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f2/66b692-4bb3-473e-9413-6261e5b1fc20/1/1-SAfEHIPvpIzjeCy5Q8AoZxny3k.roa
Signing time:             Wed 01 Jan 2025 15:48:09 +0000
ROA not before:           Wed 01 Jan 2025 15:48:09 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     50254
IP address blocks:        185.145.124.0/22 maxlen: 22
                          185.145.124.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f2/66b692-4bb3-473e-9413-6261e5b1fc20/1/P9TS_b7jqj4SFCjqcFDJQ52Ihqk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f2/66b692-4bb3-473e-9413-6261e5b1fc20/1/P9TS_b7jqj4SFCjqcFDJQ52Ihqk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9TS_b7jqj4SFCjqcFDJQ52Ihqk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 18:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:8d:8b:59:1d:2e:a2:08:b7:50:2b:88:16:be:81:38
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd4d2fdbee3aa3e121428ea7050c9439d8886a9
        Validity
            Not Before: Jan  1 15:48:09 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f9201f10720fbe92338de0b2e50f00a19c67cb79
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:27:8f:6c:c4:ee:6a:49:ee:6c:64:40:4c:6a:
                    5e:71:e3:6a:5e:51:ca:47:0c:35:92:4c:51:4e:87:
                    27:23:f7:79:d1:26:bb:50:9e:f3:f3:45:4a:c6:38:
                    87:b1:44:c0:09:61:de:1b:c2:9d:fe:a2:61:0b:2d:
                    25:2c:51:33:87:21:b9:0c:b8:df:c0:08:43:33:77:
                    bb:0c:97:79:ba:c1:1a:5d:23:3d:dc:f0:df:cd:79:
                    8c:3b:a5:4c:f8:eb:d1:c8:1d:8b:1d:cf:66:e0:e3:
                    74:12:63:ed:79:a4:d4:c1:5b:f0:48:f4:f7:4d:d1:
                    86:15:ba:73:ec:89:10:99:ce:23:ec:61:c9:ef:77:
                    1e:f5:bd:32:aa:99:1c:4d:44:be:cc:ad:03:f8:aa:
                    1d:71:0f:c9:74:25:ca:83:8f:9a:22:51:52:99:bb:
                    10:57:54:2e:91:17:f1:80:b0:02:c4:9f:e8:b5:b8:
                    d4:7d:79:0c:32:ad:4e:1f:56:85:ad:38:aa:f2:8d:
                    26:35:18:e6:29:ac:3a:da:98:0e:dd:12:34:3f:32:
                    1f:b6:ce:3b:b7:4d:24:f6:c2:2c:40:f4:5f:70:fa:
                    f1:f0:01:97:1a:3b:c6:98:3e:a6:c3:b1:94:96:6e:
                    7a:58:7f:73:48:01:f5:b5:77:d8:76:47:42:cf:1d:
                    13:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F9:20:1F:10:72:0F:BE:92:33:8D:E0:B2:E5:0F:00:A1:9C:67:CB:79
            X509v3 Authority Key Identifier:
                keyid:3F:D4:D2:FD:BE:E3:AA:3E:12:14:28:EA:70:50:C9:43:9D:88:86:A9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9TS_b7jqj4SFCjqcFDJQ52Ihqk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f2/66b692-4bb3-473e-9413-6261e5b1fc20/1/1-SAfEHIPvpIzjeCy5Q8AoZxny3k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f2/66b692-4bb3-473e-9413-6261e5b1fc20/1/P9TS_b7jqj4SFCjqcFDJQ52Ihqk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.145.124.0/22

    Signature Algorithm: sha256WithRSAEncryption
         21:2f:c9:60:74:41:bf:80:74:ef:02:33:ec:ed:2b:86:46:62:
         2a:27:03:bf:fa:f1:f6:e7:e9:73:23:cc:0e:7a:77:c6:cf:3d:
         14:0b:c8:40:ae:74:62:69:4c:72:ab:bf:13:6c:cc:68:04:97:
         b9:31:87:4c:1d:bd:44:2f:16:61:cc:71:1c:78:33:3c:f3:52:
         37:f8:8e:5e:a0:eb:90:d6:4d:40:05:ed:7a:95:f5:69:14:61:
         7c:cd:81:d3:66:8b:a7:e7:9e:1a:30:86:0f:50:6f:30:91:9f:
         d2:f3:45:6c:1e:0e:81:f7:c0:78:09:6c:62:4c:8d:37:7e:cc:
         9b:60:ad:12:49:aa:b9:d8:7d:85:14:ed:cd:3b:b6:19:04:ea:
         ac:42:00:48:db:bd:72:e6:6c:bb:d7:6b:1c:67:98:b5:36:8b:
         1a:8e:4d:17:d0:f8:bc:b8:38:09:68:0a:42:1f:aa:c0:f3:d5:
         ad:1d:5d:6f:c6:e0:5c:03:98:b8:ec:ef:df:4d:03:21:f6:a7:
         72:5c:77:49:46:e5:49:3a:62:ed:90:6e:7a:32:52:35:e5:65:
         22:15:6e:03:83:7e:28:61:3a:67:70:cd:b9:4a:f1:12:8e:7f:
         2c:7d:b1:31:87:9f:e3:3b:65:fd:72:b0:8f:61:01:80:3b:07:
         b2:f8:ac:c6
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZQijYtZHS6iCLdQK4gWvoE4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDRkMmZkYmVlM2FhM2UxMjE0MjhlYTcwNTBjOTQzOWQ4
ODg2YTkwHhcNMjUwMTAxMTU0ODA5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmOTIwMWYxMDcyMGZiZTkyMzM4ZGUwYjJlNTBmMDBhMTljNjdjYjc5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuCePbMTuaknubGRATGpeceNqXlHK
Rww1kkxRTocnI/d50Sa7UJ7z80VKxjiHsUTACWHeG8Kd/qJhCy0lLFEzhyG5DLjf
wAhDM3e7DJd5usEaXSM93PDfzXmMO6VM+OvRyB2LHc9m4ON0EmPteaTUwVvwSPT3
TdGGFbpz7IkQmc4j7GHJ73ce9b0yqpkcTUS+zK0D+KodcQ/JdCXKg4+aIlFSmbsQ
V1QukRfxgLACxJ/otbjUfXkMMq1OH1aFrTiq8o0mNRjmKaw62pgO3RI0PzIfts47
t00k9sIsQPRfcPrx8AGXGjvGmD6mw7GUlm56WH9zSAH1tXfYdkdCzx0TpwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFPkgHxByD76SM43gsuUPAKGcZ8t5MB8GA1UdIwQY
MBaAFD/U0v2+46o+EhQo6nBQyUOdiIapMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlUU19iN2pxajRTRkNqcWNGREpRNTJJaHFrLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMi82NmI2OTItNGJiMy00NzNlLTk0MTMt
NjI2MWU1YjFmYzIwLzEvMS1TQWZFSElQdnBJemplQ3k1UThBb1p4bnkzay5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvZjIvNjZiNjkyLTRiYjMtNDczZS05NDEzLTYyNjFlNWIxZmMy
MC8xL1A5VFNfYjdqcWo0U0ZDanFjRkRKUTUySWhxay5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEArmRfDAN
BgkqhkiG9w0BAQsFAAOCAQEAIS/JYHRBv4B07wIz7O0rhkZiKicDv/rx9ufpcyPM
Dnp3xs89FAvIQK50YmlMcqu/E2zMaASXuTGHTB29RC8WYcxxHHgzPPNSN/iOXqDr
kNZNQAXtepX1aRRhfM2B02aLp+eeGjCGD1BvMJGf0vNFbB4OgffAeAlsYkyNN37M
m2CtEkmqudh9hRTtzTu2GQTqrEIASNu9cuZsu9drHGeYtTaLGo5NF9D4vLg4CWgK
Qh+qwPPVrR1db8bgXAOYuOzv300DIfanclx3SUblSTpi7ZBuejJSNeVlIhVuA4N+
KGE6Z3DNuUrxEo5/LH2xMYef4ztl/XKwj2EBgDsHsvisxg==
-----END CERTIFICATE-----