Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f9/36b085-1a5b-4af9-878b-376426ffd662/1/f4y74uV6kMhl3FZG7eMTxtB1xcg.roa
File:                     f4y74uV6kMhl3FZG7eMTxtB1xcg.roa (raw, json)
Hash identifier:          xNcDjYfpiNRJh2gGbrd1whQfo3MpBF28ckRw6gIMCZ8=
Subject key identifier:   7F:8C:BB:E2:E5:7A:90:C8:65:DC:56:46:ED:E3:13:C6:D0:75:C5:C8
Certificate issuer:       /CN=07f2a175be20108641c649553213f212511667a5
Certificate serial:       01942521503C42A69FF1B119904AA8D86CFE
Authority key identifier: 07:F2:A1:75:BE:20:10:86:41:C6:49:55:32:13:F2:12:51:16:67:A5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/B_Khdb4gEIZBxklVMhPyElEWZ6U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f9/36b085-1a5b-4af9-878b-376426ffd662/1/f4y74uV6kMhl3FZG7eMTxtB1xcg.roa
Signing time:             Thu 02 Jan 2025 03:48:47 +0000
ROA not before:           Thu 02 Jan 2025 03:48:47 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     50673
IP address blocks:        185.166.232.0/23 maxlen: 24
                          185.166.235.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f9/36b085-1a5b-4af9-878b-376426ffd662/1/B_Khdb4gEIZBxklVMhPyElEWZ6U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f9/36b085-1a5b-4af9-878b-376426ffd662/1/B_Khdb4gEIZBxklVMhPyElEWZ6U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/B_Khdb4gEIZBxklVMhPyElEWZ6U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 21:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:21:50:3c:42:a6:9f:f1:b1:19:90:4a:a8:d8:6c:fe
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=07f2a175be20108641c649553213f212511667a5
        Validity
            Not Before: Jan  2 03:48:47 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=7f8cbbe2e57a90c865dc5646ede313c6d075c5c8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:76:ca:e9:94:01:57:1d:f8:aa:ca:7d:f0:d6:
                    d6:37:31:44:dc:ac:e2:2c:30:38:b8:86:20:7f:57:
                    ef:04:57:3d:57:d1:05:99:28:82:f2:2a:85:7a:13:
                    d5:cf:24:95:27:e4:97:37:36:82:c9:97:16:f2:27:
                    d6:25:de:ee:aa:af:7b:80:2b:52:d4:fd:53:cf:8c:
                    90:73:95:8f:c6:b0:b3:52:2d:f4:54:53:03:f9:36:
                    2d:db:25:76:9f:19:89:52:a8:ec:0f:a7:18:d9:5b:
                    d9:1c:ab:3e:93:86:59:c7:ad:8c:7f:ff:c8:9c:b7:
                    35:9f:a6:fd:29:f4:fa:92:af:b3:f6:a7:6c:57:c3:
                    0d:64:46:6d:3e:f2:21:f8:39:a2:50:00:42:51:1f:
                    ec:54:7a:5a:6f:03:3a:f3:03:0a:75:7f:a9:9f:a4:
                    f5:eb:ca:3d:43:0d:c9:73:be:b1:97:e2:12:87:97:
                    83:a9:4b:d5:1c:fb:f1:02:7f:f9:24:6b:c0:1b:d0:
                    bd:13:55:ec:0c:31:b2:d6:ee:3b:21:85:1e:ce:8c:
                    00:c2:8e:a0:61:97:2d:a3:34:05:92:2b:b1:00:cd:
                    34:81:01:e7:ff:f4:97:18:b8:16:88:6c:dd:d0:73:
                    6c:e9:ac:be:99:48:e3:04:b5:3e:f5:46:f5:7d:00:
                    1e:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7F:8C:BB:E2:E5:7A:90:C8:65:DC:56:46:ED:E3:13:C6:D0:75:C5:C8
            X509v3 Authority Key Identifier:
                keyid:07:F2:A1:75:BE:20:10:86:41:C6:49:55:32:13:F2:12:51:16:67:A5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/B_Khdb4gEIZBxklVMhPyElEWZ6U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f9/36b085-1a5b-4af9-878b-376426ffd662/1/f4y74uV6kMhl3FZG7eMTxtB1xcg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f9/36b085-1a5b-4af9-878b-376426ffd662/1/B_Khdb4gEIZBxklVMhPyElEWZ6U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.166.232.0/23
                  185.166.235.0/24

    Signature Algorithm: sha256WithRSAEncryption
         56:47:4e:0d:51:85:0c:b8:e4:d6:fe:35:1c:8d:f1:90:84:64:
         0b:bd:b6:ce:49:2b:2b:89:7d:5e:b4:d9:26:76:03:9d:e3:54:
         75:38:c9:1f:c0:bf:f6:62:95:c1:cc:9e:f5:94:56:ba:42:6a:
         f0:81:fd:9c:a9:96:b9:b3:1f:4f:23:63:15:26:1f:79:fb:3e:
         6a:9b:86:99:c1:e6:5b:6b:23:7b:10:2c:aa:7b:f7:d8:38:fc:
         ac:81:c5:e1:83:62:3f:26:14:aa:28:89:f4:11:b2:ba:29:06:
         7b:fc:53:54:e2:18:c0:1c:4b:e4:0a:17:3b:e8:7e:9f:d2:56:
         a1:5c:2f:87:05:df:6d:e9:4b:78:5b:90:ba:73:d5:66:59:92:
         88:56:22:57:34:22:00:16:26:82:c4:3e:21:74:c1:e2:6b:d5:
         c5:7e:86:cc:03:06:cf:14:fa:f1:04:10:f3:86:fb:f9:bc:95:
         4c:30:1d:0b:ac:9d:2a:6f:fc:43:99:6f:b7:94:81:8c:f2:4b:
         97:e1:dd:7f:e0:7c:36:ee:11:63:55:d4:09:65:b5:28:a1:92:
         b0:cc:f3:6c:5a:3b:2f:13:e7:22:d0:0c:38:5f:1d:d6:6d:56:
         b1:4f:b2:de:c1:95:65:dd:6c:ac:23:57:67:5a:88:21:a7:2d:
         12:00:17:bf
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQlIVA8Qqaf8bEZkEqo2Gz+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA3ZjJhMTc1YmUyMDEwODY0MWM2NDk1NTMyMTNmMjEyNTEx
NjY3YTUwHhcNMjUwMTAyMDM0ODQ3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZjhjYmJlMmU1N2E5MGM4NjVkYzU2NDZlZGUzMTNjNmQwNzVjNWM4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhXbK6ZQBVx34qsp98NbWNzFE3Kzi
LDA4uIYgf1fvBFc9V9EFmSiC8iqFehPVzySVJ+SXNzaCyZcW8ifWJd7uqq97gCtS
1P1Tz4yQc5WPxrCzUi30VFMD+TYt2yV2nxmJUqjsD6cY2VvZHKs+k4ZZx62Mf//I
nLc1n6b9KfT6kq+z9qdsV8MNZEZtPvIh+DmiUABCUR/sVHpabwM68wMKdX+pn6T1
68o9Qw3Jc76xl+ISh5eDqUvVHPvxAn/5JGvAG9C9E1XsDDGy1u47IYUezowAwo6g
YZctozQFkiuxAM00gQHn//SXGLgWiGzd0HNs6ay+mUjjBLU+9Ub1fQAe0wIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFH+Mu+LlepDIZdxWRu3jE8bQdcXIMB8GA1UdIwQY
MBaAFAfyoXW+IBCGQcZJVTIT8hJRFmelMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQl9LaGRiNGdFSVpCeGtsVk1oUHlFbEVXWjZVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mOS8zNmIwODUtMWE1Yi00YWY5LTg3OGIt
Mzc2NDI2ZmZkNjYyLzEvZjR5NzR1VjZrTWhsM0ZaRzdlTVR4dEIxeGNnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mOS8zNmIwODUtMWE1Yi00YWY5LTg3OGItMzc2NDI2ZmZkNjYy
LzEvQl9LaGRiNGdFSVpCeGtsVk1oUHlFbEVXWjZVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBuaboAwQA
uabrMA0GCSqGSIb3DQEBCwUAA4IBAQBWR04NUYUMuOTW/jUcjfGQhGQLvbbOSSsr
iX1etNkmdgOd41R1OMkfwL/2YpXBzJ71lFa6Qmrwgf2cqZa5sx9PI2MVJh95+z5q
m4aZweZbayN7ECyqe/fYOPysgcXhg2I/JhSqKIn0EbK6KQZ7/FNU4hjAHEvkChc7
6H6f0lahXC+HBd9t6Ut4W5C6c9VmWZKIViJXNCIAFiaCxD4hdMHia9XFfobMAwbP
FPrxBBDzhvv5vJVMMB0LrJ0qb/xDmW+3lIGM8kuX4d1/4Hw27hFjVdQJZbUooZKw
zPNsWjsvE+ci0Aw4Xx3WbVaxT7LewZVl3WysI1dnWoghpy0SABe/
-----END CERTIFICATE-----