Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/fb0032-bc45-458f-ab2b-2936aa227765/1/cEfVPR5BCH6wIIt0Scz-CewioBQ.roa
File:                     cEfVPR5BCH6wIIt0Scz-CewioBQ.roa (raw, json)
Hash identifier:          uAMhXs6DpT0RTpQCmLK6tpFYd7c3BBCguRMW7ETBwj8=
Subject key identifier:   70:47:D5:3D:1E:41:08:7E:B0:20:8B:74:49:CC:FE:09:EC:22:A0:14
Certificate issuer:       /CN=62dfe53884b95a09f66a416e14f56c6b0f789afc
Certificate serial:       01941F8C21A3201A434ABB6036B1E6C9787D
Authority key identifier: 62:DF:E5:38:84:B9:5A:09:F6:6A:41:6E:14:F5:6C:6B:0F:78:9A:FC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Yt_lOIS5Wgn2akFuFPVsaw94mvw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/fb0032-bc45-458f-ab2b-2936aa227765/1/cEfVPR5BCH6wIIt0Scz-CewioBQ.roa
Signing time:             Wed 01 Jan 2025 01:47:44 +0000
ROA not before:           Wed 01 Jan 2025 01:47:44 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     205345
IP address blocks:        185.221.124.0/22 maxlen: 22
                          2a0d:c000::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5a/fb0032-bc45-458f-ab2b-2936aa227765/1/Yt_lOIS5Wgn2akFuFPVsaw94mvw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5a/fb0032-bc45-458f-ab2b-2936aa227765/1/Yt_lOIS5Wgn2akFuFPVsaw94mvw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Yt_lOIS5Wgn2akFuFPVsaw94mvw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 22 Apr 2025 07:01:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:8c:21:a3:20:1a:43:4a:bb:60:36:b1:e6:c9:78:7d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=62dfe53884b95a09f66a416e14f56c6b0f789afc
        Validity
            Not Before: Jan  1 01:47:44 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=7047d53d1e41087eb0208b7449ccfe09ec22a014
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:90:c1:a4:b7:dc:c6:7f:99:e7:d0:1d:0c:b3:
                    a0:d1:6c:f6:89:60:bd:56:5b:81:8d:9b:45:7b:6b:
                    d3:7e:97:aa:c1:81:04:ed:36:8b:a5:67:5c:fb:ec:
                    e4:36:5b:03:eb:4b:78:d6:6a:bb:45:51:45:c7:a9:
                    a6:bf:16:c7:57:8c:05:9f:80:1f:ba:ec:18:2f:cb:
                    88:e3:7c:b8:9f:5c:22:11:de:4f:f4:2a:52:4b:61:
                    39:7b:68:99:87:bc:d1:fa:e8:b4:cb:74:f6:a7:88:
                    3f:fc:6d:bf:aa:6a:ca:d5:38:2f:8f:b0:93:f2:cf:
                    35:af:99:b9:54:d9:67:42:da:60:fe:e7:4a:e4:b5:
                    9b:40:34:0d:e9:18:a2:f7:f6:4e:af:61:db:bb:d6:
                    57:ca:f9:4c:e5:cc:90:b3:3f:73:65:c4:56:b3:22:
                    cf:17:0d:8b:25:51:03:4c:f5:fe:64:75:09:73:d5:
                    2b:ff:2d:f7:db:d0:8e:e8:2d:d8:98:13:87:93:b6:
                    90:d7:c6:c1:07:41:77:cb:c3:e5:b2:1f:9b:41:bc:
                    7f:a6:03:26:79:34:e3:12:3e:f9:ac:79:44:ad:0e:
                    a8:8b:51:80:04:72:0d:ad:b4:d4:cb:f8:c8:9e:4c:
                    83:fc:12:5b:31:35:9d:83:42:f0:e5:13:18:25:08:
                    8a:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                70:47:D5:3D:1E:41:08:7E:B0:20:8B:74:49:CC:FE:09:EC:22:A0:14
            X509v3 Authority Key Identifier:
                keyid:62:DF:E5:38:84:B9:5A:09:F6:6A:41:6E:14:F5:6C:6B:0F:78:9A:FC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Yt_lOIS5Wgn2akFuFPVsaw94mvw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/fb0032-bc45-458f-ab2b-2936aa227765/1/cEfVPR5BCH6wIIt0Scz-CewioBQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/fb0032-bc45-458f-ab2b-2936aa227765/1/Yt_lOIS5Wgn2akFuFPVsaw94mvw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.221.124.0/22
                IPv6:
                  2a0d:c000::/29

    Signature Algorithm: sha256WithRSAEncryption
         24:85:78:7e:b4:14:99:35:0d:7b:4a:af:64:a1:53:f3:99:38:
         f0:e7:31:5d:d6:11:ef:02:f9:b7:82:f4:b0:47:8a:1c:5c:88:
         7b:7f:d0:cf:3b:b3:7c:ed:94:00:d0:b4:83:85:46:2c:26:c0:
         f7:f2:04:8a:bb:5a:05:2a:16:17:48:71:c4:ac:43:cd:90:16:
         34:30:76:48:b1:5d:aa:d0:bc:31:6b:f8:7f:c8:84:3f:8a:48:
         72:9d:ec:f5:7a:a0:18:1c:ac:6c:5c:51:00:99:0c:5e:6f:89:
         6e:52:d3:f6:3f:20:18:c9:cf:d1:6f:47:e1:5f:39:ca:65:d1:
         1e:4d:18:67:ca:32:5e:76:6b:1c:b8:d5:7b:b8:b1:2c:66:ef:
         c2:22:b8:27:d8:66:e3:38:62:dc:30:c9:fb:69:51:df:7e:53:
         b2:59:c8:7c:a1:58:f8:9c:9d:fb:ca:7a:ed:d0:bb:57:fb:f9:
         1b:ce:ed:76:df:37:01:c4:74:57:c2:b8:d4:78:22:9a:79:d6:
         dd:fa:5f:c8:63:d3:1e:96:57:91:71:a3:57:53:b0:41:41:aa:
         ff:bb:18:ce:07:58:33:a7:c5:4e:f6:d2:2b:e6:56:47:f4:b8:
         f2:52:d9:fe:03:fe:34:2d:be:df:31:07:0f:7e:96:d9:4d:a5:
         e4:90:2b:46
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQfjCGjIBpDSrtgNrHmyXh9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYyZGZlNTM4ODRiOTVhMDlmNjZhNDE2ZTE0ZjU2YzZiMGY3
ODlhZmMwHhcNMjUwMTAxMDE0NzQ0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MDQ3ZDUzZDFlNDEwODdlYjAyMDhiNzQ0OWNjZmUwOWVjMjJhMDE0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuZDBpLfcxn+Z59AdDLOg0Wz2iWC9
VluBjZtFe2vTfpeqwYEE7TaLpWdc++zkNlsD60t41mq7RVFFx6mmvxbHV4wFn4Af
uuwYL8uI43y4n1wiEd5P9CpSS2E5e2iZh7zR+ui0y3T2p4g//G2/qmrK1Tgvj7CT
8s81r5m5VNlnQtpg/udK5LWbQDQN6Rii9/ZOr2Hbu9ZXyvlM5cyQsz9zZcRWsyLP
Fw2LJVEDTPX+ZHUJc9Ur/y3329CO6C3YmBOHk7aQ18bBB0F3y8Plsh+bQbx/pgMm
eTTjEj75rHlErQ6oi1GABHINrbTUy/jInkyD/BJbMTWdg0Lw5RMYJQiKrwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFHBH1T0eQQh+sCCLdEnM/gnsIqAUMB8GA1UdIwQY
MBaAFGLf5TiEuVoJ9mpBbhT1bGsPeJr8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWXRfbE9JUzVXZ24yYWtGdUZQVnNhdzk0bXZ3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS9mYjAwMzItYmM0NS00NThmLWFiMmIt
MjkzNmFhMjI3NzY1LzEvY0VmVlBSNUJDSDZ3SUl0MFNjei1DZXdpb0JRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS9mYjAwMzItYmM0NS00NThmLWFiMmItMjkzNmFhMjI3NzY1
LzEvWXRfbE9JUzVXZ24yYWtGdUZQVnNhdzk0bXZ3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCud18MA0E
AgACMAcDBQMqDcAAMA0GCSqGSIb3DQEBCwUAA4IBAQAkhXh+tBSZNQ17Sq9koVPz
mTjw5zFd1hHvAvm3gvSwR4ocXIh7f9DPO7N87ZQA0LSDhUYsJsD38gSKu1oFKhYX
SHHErEPNkBY0MHZIsV2q0Lwxa/h/yIQ/ikhynez1eqAYHKxsXFEAmQxeb4luUtP2
PyAYyc/Rb0fhXznKZdEeTRhnyjJedmscuNV7uLEsZu/CIrgn2GbjOGLcMMn7aVHf
flOyWch8oVj4nJ37ynrt0LtX+/kbzu123zcBxHRXwrjUeCKaedbd+l/IY9MelleR
caNXU7BBQar/uxjOB1gzp8VO9tIr5lZH9LjyUtn+A/40Lb7fMQcPfpbZTaXkkCtG
-----END CERTIFICATE-----