Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fd/726b60-8aa7-461f-9cd9-7ccbb45dca51/1/P7kra4ub5VF3YEJjz3ym8CwbAXA.roa
File:                     P7kra4ub5VF3YEJjz3ym8CwbAXA.roa (raw, json)
Hash identifier:          AJEYR0xnzVy6utllNh8R4LIoanjGY6stnMXm+hMmUEo=
Subject key identifier:   3F:B9:2B:6B:8B:9B:E5:51:77:60:42:63:CF:7C:A6:F0:2C:1B:01:70
Certificate issuer:       /CN=8466a5dde27f911da8be73c261ff55b5881198a9
Certificate serial:       01942143EE4C8A1A4996648C90ED22009D31
Authority key identifier: 84:66:A5:DD:E2:7F:91:1D:A8:BE:73:C2:61:FF:55:B5:88:11:98:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hGal3eJ_kR2ovnPCYf9VtYgRmKk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fd/726b60-8aa7-461f-9cd9-7ccbb45dca51/1/P7kra4ub5VF3YEJjz3ym8CwbAXA.roa
Signing time:             Wed 01 Jan 2025 09:48:07 +0000
ROA not before:           Wed 01 Jan 2025 09:48:07 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     205945
IP address blocks:        185.201.92.0/22 maxlen: 25
                          185.201.92.0/24 maxlen: 24
                          185.201.92.0/25 maxlen: 25
                          185.201.92.128/25 maxlen: 25
                          185.201.93.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fd/726b60-8aa7-461f-9cd9-7ccbb45dca51/1/hGal3eJ_kR2ovnPCYf9VtYgRmKk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fd/726b60-8aa7-461f-9cd9-7ccbb45dca51/1/hGal3eJ_kR2ovnPCYf9VtYgRmKk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hGal3eJ_kR2ovnPCYf9VtYgRmKk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:43:ee:4c:8a:1a:49:96:64:8c:90:ed:22:00:9d:31
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8466a5dde27f911da8be73c261ff55b5881198a9
        Validity
            Not Before: Jan  1 09:48:07 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3fb92b6b8b9be55177604263cf7ca6f02c1b0170
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e1:e0:1e:46:a4:1a:bd:ee:ad:e9:bb:f5:39:32:
                    64:f0:82:40:55:db:20:8c:36:fb:4e:c5:6b:a4:f8:
                    7d:1e:4d:79:5f:a1:f5:16:76:59:1e:06:98:82:8c:
                    62:81:5a:6d:6c:76:a4:96:ff:62:ed:c0:6a:7b:e7:
                    ca:7d:35:97:99:f6:1a:63:31:b6:a9:8d:db:e7:af:
                    5f:b4:80:6a:f1:8f:c3:9e:87:e4:0f:da:cf:30:c0:
                    4f:d7:bc:2f:93:d6:67:ce:bf:63:fe:1b:ea:29:08:
                    0b:ae:b4:fd:53:88:c1:3f:5a:13:37:ff:ab:24:24:
                    3a:94:57:ff:83:b2:35:2e:69:8e:44:65:fa:82:65:
                    ba:2d:1d:68:f7:24:21:2c:10:da:d1:94:0d:b2:33:
                    f3:6d:93:e6:ee:4e:54:e2:90:67:3a:59:9c:d3:e6:
                    b3:a8:fb:c9:00:c0:cc:cd:c5:4d:af:98:a7:8d:9b:
                    50:09:f1:06:87:95:2b:a5:a9:32:ed:eb:ae:11:ab:
                    e6:93:5d:82:9d:98:77:34:1f:a1:76:8b:db:ae:f1:
                    5e:9d:0d:32:4d:3e:e0:6b:72:9b:e0:db:50:eb:98:
                    1b:04:c5:12:f4:34:cf:1f:97:d1:60:1e:3e:0e:10:
                    28:0d:17:24:52:2d:ee:71:6b:15:93:e8:bb:37:dd:
                    49:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3F:B9:2B:6B:8B:9B:E5:51:77:60:42:63:CF:7C:A6:F0:2C:1B:01:70
            X509v3 Authority Key Identifier:
                keyid:84:66:A5:DD:E2:7F:91:1D:A8:BE:73:C2:61:FF:55:B5:88:11:98:A9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hGal3eJ_kR2ovnPCYf9VtYgRmKk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/726b60-8aa7-461f-9cd9-7ccbb45dca51/1/P7kra4ub5VF3YEJjz3ym8CwbAXA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/726b60-8aa7-461f-9cd9-7ccbb45dca51/1/hGal3eJ_kR2ovnPCYf9VtYgRmKk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.201.92.0/22

    Signature Algorithm: sha256WithRSAEncryption
         42:b4:16:d5:f9:64:c3:2e:21:b3:24:ec:4c:a2:fe:37:e8:6c:
         a0:a0:2d:7e:55:cd:9d:70:57:4e:85:de:bb:6a:81:c7:3b:d9:
         00:f5:91:70:ff:48:6f:f6:73:10:3b:71:85:f4:7f:3d:ea:fc:
         15:fa:ca:63:8a:9d:0c:85:40:24:2e:5b:6b:ae:47:ef:3e:65:
         48:88:18:99:f1:4a:e5:5a:31:3f:f0:2e:ab:e3:66:2c:7a:6e:
         5d:60:f7:d0:6b:e8:31:06:c0:6a:a8:2b:65:65:98:4c:d0:df:
         eb:17:12:07:b2:f2:3d:7c:3a:a0:31:3b:57:c5:13:f0:ce:a6:
         48:67:9b:c2:be:b8:e5:30:5a:fb:71:f0:be:7c:d1:97:c0:ef:
         3a:82:da:1f:eb:fd:8d:53:a9:bf:47:d2:ab:6f:57:ca:9c:dd:
         a5:66:a6:a2:8a:70:f4:28:8e:4a:11:db:49:f9:cd:09:34:24:
         0c:4d:9a:57:70:30:b9:f8:b2:23:f2:03:a4:1e:5d:8a:8d:7b:
         30:46:fe:c3:bd:4c:71:1d:23:82:fe:39:b8:c2:7a:a9:64:0e:
         ba:b3:b8:bb:d4:c9:66:53:5a:5b:1e:b9:fb:33:1e:83:13:4b:
         a5:ac:1f:f0:a4:0b:86:0b:e2:50:30:d0:94:bc:8a:66:a4:e9:
         09:c1:f8:c8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhQ+5MihpJlmSMkO0iAJ0xMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg0NjZhNWRkZTI3ZjkxMWRhOGJlNzNjMjYxZmY1NWI1ODgx
MTk4YTkwHhcNMjUwMTAxMDk0ODA3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZmI5MmI2YjhiOWJlNTUxNzc2MDQyNjNjZjdjYTZmMDJjMWIwMTcwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4eAeRqQave6t6bv1OTJk8IJAVdsg
jDb7TsVrpPh9Hk15X6H1FnZZHgaYgoxigVptbHaklv9i7cBqe+fKfTWXmfYaYzG2
qY3b569ftIBq8Y/DnofkD9rPMMBP17wvk9Znzr9j/hvqKQgLrrT9U4jBP1oTN/+r
JCQ6lFf/g7I1LmmORGX6gmW6LR1o9yQhLBDa0ZQNsjPzbZPm7k5U4pBnOlmc0+az
qPvJAMDMzcVNr5injZtQCfEGh5Urpaky7euuEavmk12CnZh3NB+hdovbrvFenQ0y
TT7ga3Kb4NtQ65gbBMUS9DTPH5fRYB4+DhAoDRckUi3ucWsVk+i7N91J2wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFD+5K2uLm+VRd2BCY898pvAsGwFwMB8GA1UdIwQY
MBaAFIRmpd3if5EdqL5zwmH/VbWIEZipMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaEdhbDNlSl9rUjJvdm5QQ1lmOVZ0WWdSbUtrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZC83MjZiNjAtOGFhNy00NjFmLTljZDkt
N2NjYmI0NWRjYTUxLzEvUDdrcmE0dWI1VkYzWUVKanozeW04Q3diQVhBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZC83MjZiNjAtOGFhNy00NjFmLTljZDktN2NjYmI0NWRjYTUx
LzEvaEdhbDNlSl9rUjJvdm5QQ1lmOVZ0WWdSbUtrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuclcMA0G
CSqGSIb3DQEBCwUAA4IBAQBCtBbV+WTDLiGzJOxMov436GygoC1+Vc2dcFdOhd67
aoHHO9kA9ZFw/0hv9nMQO3GF9H896vwV+spjip0MhUAkLltrrkfvPmVIiBiZ8Url
WjE/8C6r42Ysem5dYPfQa+gxBsBqqCtlZZhM0N/rFxIHsvI9fDqgMTtXxRPwzqZI
Z5vCvrjlMFr7cfC+fNGXwO86gtof6/2NU6m/R9Krb1fKnN2lZqaiinD0KI5KEdtJ
+c0JNCQMTZpXcDC5+LIj8gOkHl2KjXswRv7DvUxxHSOC/jm4wnqpZA66s7i71Mlm
U1pbHrn7Mx6DE0ulrB/wpAuGC+JQMNCUvIpmpOkJwfjI
-----END CERTIFICATE-----