Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/84/18181f-5554-4fa0-8c6d-8c23f6f57c8c/1/shpqgGwHCQF0iwWzIowmkJNit-Q.roa
File:                     shpqgGwHCQF0iwWzIowmkJNit-Q.roa (raw, json)
Hash identifier:          7k0pF5mbWO4TDYU7lL9EvWKWpS8YgHKXuR5li2e0+ys=
Subject key identifier:   B2:1A:6A:80:6C:07:09:01:74:8B:05:B3:22:8C:26:90:93:62:B7:E4
Certificate issuer:       /CN=e74aaba5989badb60274760deef6c40cd0112026
Certificate serial:       0195FB742DAFD7E9B15C8F9EE6326B75C00B
Authority key identifier: E7:4A:AB:A5:98:9B:AD:B6:02:74:76:0D:EE:F6:C4:0C:D0:11:20:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/50qrpZibrbYCdHYN7vbEDNARICY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/84/18181f-5554-4fa0-8c6d-8c23f6f57c8c/1/shpqgGwHCQF0iwWzIowmkJNit-Q.roa
Signing time:             Thu 03 Apr 2025 11:40:49 +0000
ROA not before:           Thu 03 Apr 2025 11:40:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     945
IP address blocks:        185.155.75.0/24 maxlen: 24
                          2a13:c000::/32 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/84/18181f-5554-4fa0-8c6d-8c23f6f57c8c/1/50qrpZibrbYCdHYN7vbEDNARICY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/84/18181f-5554-4fa0-8c6d-8c23f6f57c8c/1/50qrpZibrbYCdHYN7vbEDNARICY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/50qrpZibrbYCdHYN7vbEDNARICY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 27 Apr 2025 11:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:fb:74:2d:af:d7:e9:b1:5c:8f:9e:e6:32:6b:75:c0:0b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e74aaba5989badb60274760deef6c40cd0112026
        Validity
            Not Before: Apr  3 11:40:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b21a6a806c070901748b05b3228c26909362b7e4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:66:f6:c3:63:62:08:2f:b7:16:6d:f2:6c:6b:
                    46:84:02:d3:2d:15:b3:6f:72:d7:17:86:43:e5:e0:
                    2d:5e:14:dd:6d:4e:89:27:56:df:4b:41:58:c9:78:
                    12:63:bf:73:4e:58:a1:8f:3b:7e:a3:dd:98:38:ed:
                    87:92:3d:d6:4c:f4:30:8c:73:10:ad:ca:72:25:93:
                    c5:e7:e3:a7:5c:99:e6:bc:1e:a1:9b:39:06:e3:99:
                    55:a3:b9:96:18:e9:b8:b4:64:0e:53:2c:1f:d1:46:
                    56:b9:3f:13:5f:55:3d:d4:f8:3c:ac:e0:ae:e2:d5:
                    7f:d9:f6:28:f8:27:2b:b0:86:09:e0:d7:e4:36:92:
                    52:c5:1a:89:ef:4f:f6:ce:f2:ba:8a:12:a5:73:49:
                    6f:0b:00:fd:76:a1:a3:ac:5d:76:5e:b6:0b:13:b2:
                    c4:b9:e2:ad:13:99:f2:3c:c9:2c:76:0e:fa:3e:c0:
                    d8:ba:ae:48:91:a3:47:b1:20:83:60:cd:6f:ea:b2:
                    b1:8d:f7:f5:eb:bb:92:28:10:a6:ca:31:64:d7:09:
                    cb:7d:1a:63:ed:58:06:59:07:4b:f4:4e:2d:2c:ac:
                    2c:54:fe:67:c6:5c:2b:1d:b8:a2:74:f3:9c:78:c3:
                    ad:57:ef:e3:98:0c:f2:38:e7:a6:21:2a:0a:89:b3:
                    06:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B2:1A:6A:80:6C:07:09:01:74:8B:05:B3:22:8C:26:90:93:62:B7:E4
            X509v3 Authority Key Identifier:
                keyid:E7:4A:AB:A5:98:9B:AD:B6:02:74:76:0D:EE:F6:C4:0C:D0:11:20:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/50qrpZibrbYCdHYN7vbEDNARICY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/84/18181f-5554-4fa0-8c6d-8c23f6f57c8c/1/shpqgGwHCQF0iwWzIowmkJNit-Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/84/18181f-5554-4fa0-8c6d-8c23f6f57c8c/1/50qrpZibrbYCdHYN7vbEDNARICY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.155.75.0/24
                IPv6:
                  2a13:c000::/32

    Signature Algorithm: sha256WithRSAEncryption
         82:bd:9c:64:77:99:f0:e3:1b:36:2b:6c:03:6d:ef:fb:94:89:
         ac:2c:8a:99:a1:6b:a2:1d:42:35:85:68:eb:b9:47:2c:51:f3:
         de:66:f9:d1:74:9f:fb:9e:42:b8:43:89:b8:9f:ea:56:3a:e1:
         b3:c0:93:4f:94:29:ed:e3:73:d1:d5:10:20:ba:af:ee:70:cc:
         10:9d:9b:d6:7e:aa:a0:02:2b:ae:a2:44:bb:41:e5:f4:dd:40:
         72:2d:4e:bc:1e:4f:8b:98:c8:d2:56:fb:fe:93:4b:30:87:53:
         fa:42:e6:46:63:b3:69:28:2e:58:5b:8e:e4:86:96:81:19:d4:
         ec:87:c4:02:da:45:a6:11:aa:7b:e6:4a:8d:7c:ec:99:37:a4:
         d2:a3:71:18:18:7b:3c:43:b8:bf:f2:93:3c:78:72:5f:04:ac:
         1c:8f:02:02:9c:bb:86:d5:2b:1e:9e:34:31:7b:86:fb:ef:d0:
         13:a2:98:c1:50:d1:a9:d3:90:17:be:67:25:9f:5a:96:79:df:
         7e:6d:0a:ae:76:0c:de:8b:f7:a4:58:11:3a:f4:0f:b5:4c:57:
         7f:92:c7:fa:25:64:9e:bd:3e:07:86:ec:8f:56:f2:fa:37:70:
         ef:99:17:a3:3a:fe:bf:80:b3:0c:d1:90:c4:2e:89:f4:8d:31:
         03:35:8b:55
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZX7dC2v1+mxXI+e5jJrdcALMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU3NGFhYmE1OTg5YmFkYjYwMjc0NzYwZGVlZjZjNDBjZDAx
MTIwMjYwHhcNMjUwNDAzMTE0MDQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMjFhNmE4MDZjMDcwOTAxNzQ4YjA1YjMyMjhjMjY5MDkzNjJiN2U0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArGb2w2NiCC+3Fm3ybGtGhALTLRWz
b3LXF4ZD5eAtXhTdbU6JJ1bfS0FYyXgSY79zTlihjzt+o92YOO2Hkj3WTPQwjHMQ
rcpyJZPF5+OnXJnmvB6hmzkG45lVo7mWGOm4tGQOUywf0UZWuT8TX1U91Pg8rOCu
4tV/2fYo+CcrsIYJ4NfkNpJSxRqJ70/2zvK6ihKlc0lvCwD9dqGjrF12XrYLE7LE
ueKtE5nyPMksdg76PsDYuq5IkaNHsSCDYM1v6rKxjff167uSKBCmyjFk1wnLfRpj
7VgGWQdL9E4tLKwsVP5nxlwrHbiidPOceMOtV+/jmAzyOOemISoKibMGewIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFLIaaoBsBwkBdIsFsyKMJpCTYrfkMB8GA1UdIwQY
MBaAFOdKq6WYm622AnR2De72xAzQESAmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNTBxcnBaaWJyYllDZEhZTjd2YkVETkFSSUNZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84NC8xODE4MWYtNTU1NC00ZmEwLThjNmQt
OGMyM2Y2ZjU3YzhjLzEvc2hwcWdHd0hDUUYwaXdXeklvd21rSk5pdC1RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84NC8xODE4MWYtNTU1NC00ZmEwLThjNmQtOGMyM2Y2ZjU3Yzhj
LzEvNTBxcnBaaWJyYllDZEhZTjd2YkVETkFSSUNZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAuZtLMA0E
AgACMAcDBQAqE8AAMA0GCSqGSIb3DQEBCwUAA4IBAQCCvZxkd5nw4xs2K2wDbe/7
lImsLIqZoWuiHUI1hWjruUcsUfPeZvnRdJ/7nkK4Q4m4n+pWOuGzwJNPlCnt43PR
1RAguq/ucMwQnZvWfqqgAiuuokS7QeX03UByLU68Hk+LmMjSVvv+k0swh1P6QuZG
Y7NpKC5YW47khpaBGdTsh8QC2kWmEap75kqNfOyZN6TSo3EYGHs8Q7i/8pM8eHJf
BKwcjwICnLuG1SsenjQxe4b779ATopjBUNGp05AXvmcln1qWed9+bQqudgzei/ek
WBE69A+1TFd/ksf6JWSevT4HhuyPVvL6N3DvmRejOv6/gLMM0ZDELon0jTEDNYtV
-----END CERTIFICATE-----