Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6b/158da5-b3df-4122-b35c-121645d98e94/1/zXewAjWGvMnM0TC9WYL-KIwYeTc.roa
File:                     zXewAjWGvMnM0TC9WYL-KIwYeTc.roa (raw, json)
Hash identifier:          lBVP9+96UyCRaPNC0pu5UG19WbXzwH4ZL/S+8Cro2UA=
Subject key identifier:   CD:77:B0:02:35:86:BC:C9:CC:D1:30:BD:59:82:FE:28:8C:18:79:37
Certificate issuer:       /CN=8dcd7d398fc466e121bc45faf50dd87c36bbc96d
Certificate serial:       0194F588FC3215CE455E97A84BACD7B69068
Authority key identifier: 8D:CD:7D:39:8F:C4:66:E1:21:BC:45:FA:F5:0D:D8:7C:36:BB:C9:6D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jc19OY_EZuEhvEX69Q3YfDa7yW0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6b/158da5-b3df-4122-b35c-121645d98e94/1/zXewAjWGvMnM0TC9WYL-KIwYeTc.roa
Signing time:             Tue 11 Feb 2025 15:03:02 +0000
ROA not before:           Tue 11 Feb 2025 15:03:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     5430
IP address blocks:        185.251.140.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6b/158da5-b3df-4122-b35c-121645d98e94/1/jc19OY_EZuEhvEX69Q3YfDa7yW0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6b/158da5-b3df-4122-b35c-121645d98e94/1/jc19OY_EZuEhvEX69Q3YfDa7yW0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jc19OY_EZuEhvEX69Q3YfDa7yW0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 17 Apr 2025 22:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:f5:88:fc:32:15:ce:45:5e:97:a8:4b:ac:d7:b6:90:68
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8dcd7d398fc466e121bc45faf50dd87c36bbc96d
        Validity
            Not Before: Feb 11 15:03:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=cd77b0023586bcc9ccd130bd5982fe288c187937
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:70:3d:ea:b9:5d:cd:ba:13:aa:5e:31:c5:4d:
                    f3:c2:ec:3b:9d:13:ad:49:b2:16:a7:73:03:68:04:
                    86:90:2d:7f:53:dc:0e:71:98:f6:7c:06:31:ef:19:
                    6d:6a:45:be:da:49:33:ea:19:6a:ad:8a:20:d6:ba:
                    78:24:9f:0e:b7:5f:60:c3:98:db:1c:dd:80:a5:16:
                    ca:4e:ed:37:43:d3:18:c3:03:70:91:85:fb:f2:7f:
                    5a:7c:ec:67:d9:0d:fe:d2:78:05:57:6f:4f:d3:7f:
                    44:a9:04:20:34:2b:7f:06:2f:73:9e:42:75:46:f4:
                    0d:15:cc:d5:c9:81:bc:e1:6e:85:62:0f:95:2e:c4:
                    bd:82:ea:93:ec:60:e8:06:da:84:77:fb:97:00:d4:
                    a6:7c:3b:75:04:ac:7b:18:94:b9:fc:0c:36:f5:6d:
                    3b:5f:37:cc:13:64:cf:f1:d9:79:f5:26:b6:0f:67:
                    cb:b4:5f:46:d6:47:5e:6c:fc:e7:cf:ad:9c:99:37:
                    57:28:0e:99:1c:86:35:ec:76:76:d2:eb:a2:3c:01:
                    2f:dd:31:f3:e1:cf:ce:7f:ff:a4:82:62:bc:10:06:
                    a0:3b:af:c5:c4:8b:7b:1c:d1:d7:4a:d7:73:4b:06:
                    e1:b5:01:0c:be:d8:b4:a3:cb:b9:f8:6a:95:b9:d5:
                    6c:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CD:77:B0:02:35:86:BC:C9:CC:D1:30:BD:59:82:FE:28:8C:18:79:37
            X509v3 Authority Key Identifier:
                keyid:8D:CD:7D:39:8F:C4:66:E1:21:BC:45:FA:F5:0D:D8:7C:36:BB:C9:6D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jc19OY_EZuEhvEX69Q3YfDa7yW0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6b/158da5-b3df-4122-b35c-121645d98e94/1/zXewAjWGvMnM0TC9WYL-KIwYeTc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6b/158da5-b3df-4122-b35c-121645d98e94/1/jc19OY_EZuEhvEX69Q3YfDa7yW0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.251.140.0/22

    Signature Algorithm: sha256WithRSAEncryption
         14:ab:f3:fd:13:7d:d2:36:98:bc:df:f2:24:15:5a:d9:70:8f:
         19:30:bb:a2:ad:c8:20:e1:a0:9a:00:85:7e:7c:10:cf:bf:64:
         db:4b:6d:2d:2a:f1:8c:cc:a5:12:ca:85:09:cd:89:63:28:a5:
         e1:80:b3:c8:b8:41:7c:57:36:ae:98:b1:77:88:33:8c:ce:97:
         06:8b:37:05:60:76:9b:f8:41:7b:63:a9:74:be:ca:e4:61:79:
         6f:8b:32:e8:79:48:88:0a:59:cb:61:b2:70:a5:c6:b1:64:4b:
         31:54:05:29:82:55:bb:80:d4:39:d8:c7:4c:34:8a:4d:15:bb:
         ef:0a:be:1f:7f:fc:84:aa:6e:37:00:2a:c6:56:44:0b:82:8d:
         fd:06:88:d3:1e:ff:e0:3a:02:11:e3:20:d7:2d:76:c6:62:19:
         40:71:4d:75:53:cf:00:c8:ca:7a:aa:17:30:00:e9:84:27:55:
         16:43:d5:1f:75:2f:c8:3c:50:db:22:8d:39:05:37:4f:63:92:
         ad:3f:79:d8:09:a9:72:d9:4e:9b:c3:ed:e9:e0:b6:9e:21:52:
         10:b9:1d:d1:64:da:26:2f:a7:b6:76:85:85:af:54:20:b0:4d:
         9b:26:ec:1d:e4:8c:51:c7:c6:d9:a0:ac:21:fb:db:fd:85:1f:
         61:83:be:1e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZT1iPwyFc5FXpeoS6zXtpBoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhkY2Q3ZDM5OGZjNDY2ZTEyMWJjNDVmYWY1MGRkODdjMzZi
YmM5NmQwHhcNMjUwMjExMTUwMzAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZDc3YjAwMjM1ODZiY2M5Y2NkMTMwYmQ1OTgyZmUyODhjMTg3OTM3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq3A96rldzboTql4xxU3zwuw7nROt
SbIWp3MDaASGkC1/U9wOcZj2fAYx7xltakW+2kkz6hlqrYog1rp4JJ8Ot19gw5jb
HN2ApRbKTu03Q9MYwwNwkYX78n9afOxn2Q3+0ngFV29P039EqQQgNCt/Bi9znkJ1
RvQNFczVyYG84W6FYg+VLsS9guqT7GDoBtqEd/uXANSmfDt1BKx7GJS5/Aw29W07
XzfME2TP8dl59Sa2D2fLtF9G1kdebPznz62cmTdXKA6ZHIY17HZ20uuiPAEv3THz
4c/Of/+kgmK8EAagO6/FxIt7HNHXStdzSwbhtQEMvti0o8u5+GqVudVs0QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFM13sAI1hrzJzNEwvVmC/iiMGHk3MB8GA1UdIwQY
MBaAFI3NfTmPxGbhIbxF+vUN2Hw2u8ltMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvamMxOU9ZX0VadUVodkVYNjlRM1lmRGE3eVcwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Yi8xNThkYTUtYjNkZi00MTIyLWIzNWMt
MTIxNjQ1ZDk4ZTk0LzEvelhld0FqV0d2TW5NMFRDOVdZTC1LSXdZZVRjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Yi8xNThkYTUtYjNkZi00MTIyLWIzNWMtMTIxNjQ1ZDk4ZTk0
LzEvamMxOU9ZX0VadUVodkVYNjlRM1lmRGE3eVcwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCufuMMA0G
CSqGSIb3DQEBCwUAA4IBAQAUq/P9E33SNpi83/IkFVrZcI8ZMLuircgg4aCaAIV+
fBDPv2TbS20tKvGMzKUSyoUJzYljKKXhgLPIuEF8VzaumLF3iDOMzpcGizcFYHab
+EF7Y6l0vsrkYXlvizLoeUiIClnLYbJwpcaxZEsxVAUpglW7gNQ52MdMNIpNFbvv
Cr4ff/yEqm43ACrGVkQLgo39BojTHv/gOgIR4yDXLXbGYhlAcU11U88AyMp6qhcw
AOmEJ1UWQ9UfdS/IPFDbIo05BTdPY5KtP3nYCaly2U6bw+3p4LaeIVIQuR3RZNom
L6e2doWFr1QgsE2bJuwd5IxRx8bZoKwh+9v9hR9hg74e
-----END CERTIFICATE-----