Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f5/6e51cb-517f-4cb1-a3a0-d721bd2e9d53/1/1-Mnf3JnGm30D3TVdL8D8i-JJTg.roa
File:                     1-Mnf3JnGm30D3TVdL8D8i-JJTg.roa (raw, json)
Hash identifier:          FQArZOtG/iI5+2OZ+rGhEkabMbeYZiFVJ69aFAVvKUM=
Subject key identifier:   D7:E3:27:7F:72:67:1A:6D:F4:0F:74:D5:74:BF:03:F2:2F:89:25:38
Certificate issuer:       /CN=d22f3bd0bae603ab790602a96bbbc42b5322e88f
Certificate serial:       01942143FF55F2962E8B68213EF3253896A3
Authority key identifier: D2:2F:3B:D0:BA:E6:03:AB:79:06:02:A9:6B:BB:C4:2B:53:22:E8:8F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0i870LrmA6t5BgKpa7vEK1Mi6I8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f5/6e51cb-517f-4cb1-a3a0-d721bd2e9d53/1/1-Mnf3JnGm30D3TVdL8D8i-JJTg.roa
Signing time:             Wed 01 Jan 2025 09:48:11 +0000
ROA not before:           Wed 01 Jan 2025 09:48:11 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     12125
IP address blocks:        194.38.4.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f5/6e51cb-517f-4cb1-a3a0-d721bd2e9d53/1/0i870LrmA6t5BgKpa7vEK1Mi6I8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f5/6e51cb-517f-4cb1-a3a0-d721bd2e9d53/1/0i870LrmA6t5BgKpa7vEK1Mi6I8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0i870LrmA6t5BgKpa7vEK1Mi6I8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 22 Feb 2025 08:00:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:43:ff:55:f2:96:2e:8b:68:21:3e:f3:25:38:96:a3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d22f3bd0bae603ab790602a96bbbc42b5322e88f
        Validity
            Not Before: Jan  1 09:48:11 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d7e3277f72671a6df40f74d574bf03f22f892538
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:45:da:31:77:16:24:2c:7e:b1:8f:a9:44:49:
                    41:9f:b8:8c:0e:49:5f:37:47:26:77:21:c3:7e:88:
                    1a:8c:22:8e:92:42:d5:06:80:a9:14:e4:de:72:6b:
                    34:c0:46:2e:78:bb:5f:aa:2c:bb:3b:83:aa:4e:58:
                    8f:d9:88:4e:6d:ef:98:1a:7c:05:66:30:80:2d:1e:
                    40:79:94:54:a2:9b:07:8e:85:21:1e:77:1f:7e:b0:
                    3f:c1:a5:4c:38:4c:c6:a2:5c:af:dc:62:48:b4:b2:
                    d4:7c:16:7e:cc:18:01:4d:72:91:0c:5b:a8:49:b6:
                    e6:61:bb:bf:dc:0d:4b:e0:34:25:9b:32:bf:80:31:
                    08:3e:12:88:62:31:e1:e2:2a:e3:52:b4:ea:44:b0:
                    07:8f:02:3a:96:1c:dc:6d:ce:37:eb:23:24:c2:4f:
                    1e:c0:cc:96:a2:ad:14:63:ca:0e:7a:2c:56:52:07:
                    86:a2:95:96:6f:6a:8d:dc:d9:51:c3:48:2f:6a:c0:
                    34:cc:db:24:99:1b:ba:d2:ac:ad:76:1b:5d:cf:f1:
                    ab:90:07:2a:79:35:4d:36:d1:24:3a:55:68:e5:85:
                    4a:9b:53:b7:67:44:88:2d:5f:4c:e9:d1:cb:a2:8b:
                    3f:1b:8e:1b:dd:a5:03:a4:63:2b:55:fc:f3:67:70:
                    b4:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D7:E3:27:7F:72:67:1A:6D:F4:0F:74:D5:74:BF:03:F2:2F:89:25:38
            X509v3 Authority Key Identifier:
                keyid:D2:2F:3B:D0:BA:E6:03:AB:79:06:02:A9:6B:BB:C4:2B:53:22:E8:8F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0i870LrmA6t5BgKpa7vEK1Mi6I8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f5/6e51cb-517f-4cb1-a3a0-d721bd2e9d53/1/1-Mnf3JnGm30D3TVdL8D8i-JJTg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f5/6e51cb-517f-4cb1-a3a0-d721bd2e9d53/1/0i870LrmA6t5BgKpa7vEK1Mi6I8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.38.4.0/22

    Signature Algorithm: sha256WithRSAEncryption
         0c:20:c6:98:38:eb:25:c6:a1:00:1b:74:50:fd:ae:89:36:8a:
         d6:a7:e3:ef:9b:69:af:7e:5d:44:6e:01:55:05:6d:77:a5:67:
         7f:b2:4a:04:f8:81:4f:cc:ff:3d:70:72:65:68:bb:3e:f4:6c:
         49:9f:fc:42:d6:0e:c6:a7:63:56:43:bc:63:8c:c3:a2:63:d0:
         c2:57:db:ab:da:77:f0:ce:71:ab:27:d7:94:e7:5e:84:8a:7f:
         6f:12:d7:ac:6e:42:4f:d3:ef:26:d5:85:c3:8e:02:c5:34:e3:
         84:d4:d5:1d:b0:44:da:67:1c:4e:c1:08:48:36:89:a8:c6:fe:
         9d:55:87:76:c5:94:9e:ef:cd:d1:44:30:d1:10:c2:87:f3:9e:
         d6:de:92:92:1e:a3:02:d0:39:86:d6:11:52:b3:ca:ae:79:31:
         b4:9a:83:b1:11:9d:4b:73:7f:ee:ff:66:5f:92:d2:69:f5:4a:
         8f:a7:10:71:ca:b8:e3:93:75:ea:bb:4a:1c:bd:eb:de:ce:c9:
         d1:cb:6f:6a:6b:f7:30:26:85:82:c9:e6:37:6e:f6:99:4f:46:
         9d:87:42:56:dc:e1:e4:27:e7:09:15:d8:cb:c2:8d:0b:07:d3:
         41:9a:ad:fe:bb:8f:ed:80:3b:b7:57:83:ea:a1:c1:cb:17:1d:
         89:ae:59:e7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhQ/9V8pYui2ghPvMlOJajMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQyMmYzYmQwYmFlNjAzYWI3OTA2MDJhOTZiYmJjNDJiNTMy
MmU4OGYwHhcNMjUwMTAxMDk0ODExWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkN2UzMjc3ZjcyNjcxYTZkZjQwZjc0ZDU3NGJmMDNmMjJmODkyNTM4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmkXaMXcWJCx+sY+pRElBn7iMDklf
N0cmdyHDfogajCKOkkLVBoCpFOTecms0wEYueLtfqiy7O4OqTliP2YhObe+YGnwF
ZjCALR5AeZRUopsHjoUhHncffrA/waVMOEzGolyv3GJItLLUfBZ+zBgBTXKRDFuo
SbbmYbu/3A1L4DQlmzK/gDEIPhKIYjHh4irjUrTqRLAHjwI6lhzcbc436yMkwk8e
wMyWoq0UY8oOeixWUgeGopWWb2qN3NlRw0gvasA0zNskmRu60qytdhtdz/GrkAcq
eTVNNtEkOlVo5YVKm1O3Z0SILV9M6dHLoos/G44b3aUDpGMrVfzzZ3C0ywIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNfjJ39yZxpt9A901XS/A/IviSU4MB8GA1UdIwQY
MBaAFNIvO9C65gOreQYCqWu7xCtTIuiPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMGk4NzBMcm1BNnQ1QmdLcGE3dkVLMU1pNkk4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNS82ZTUxY2ItNTE3Zi00Y2IxLWEzYTAt
ZDcyMWJkMmU5ZDUzLzEvMS1NbmYzSm5HbTMwRDNUVmRMOEQ4aS1KSlRnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNS82ZTUxY2ItNTE3Zi00Y2IxLWEzYTAtZDcyMWJkMmU5ZDUz
LzEvMGk4NzBMcm1BNnQ1QmdLcGE3dkVLMU1pNkk4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCwiYEMA0G
CSqGSIb3DQEBCwUAA4IBAQAMIMaYOOslxqEAG3RQ/a6JNorWp+Pvm2mvfl1EbgFV
BW13pWd/skoE+IFPzP89cHJlaLs+9GxJn/xC1g7Gp2NWQ7xjjMOiY9DCV9ur2nfw
znGrJ9eU516Ein9vEtesbkJP0+8m1YXDjgLFNOOE1NUdsETaZxxOwQhINomoxv6d
VYd2xZSe783RRDDREMKH857W3pKSHqMC0DmG1hFSs8queTG0moOxEZ1Lc3/u/2Zf
ktJp9UqPpxBxyrjjk3Xqu0ocvevezsnRy29qa/cwJoWCyeY3bvaZT0adh0JW3OHk
J+cJFdjLwo0LB9NBmq3+u4/tgDu3V4PqocHLFx2Jrlnn
-----END CERTIFICATE-----