Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ac/157299-9d1c-4c5b-9a41-c25fdc4ca2f6/1/BIIEZlMRbg4gFcs3vd0E2vnjAC0.roa
File:                     BIIEZlMRbg4gFcs3vd0E2vnjAC0.roa (raw, json)
Hash identifier:          dLd9sOD+PRZDAt8utITG0xeDO7qLojT8kdoKvMI+HQ0=
Subject key identifier:   04:82:04:66:53:11:6E:0E:20:15:CB:37:BD:DD:04:DA:F9:E3:00:2D
Certificate issuer:       /CN=1713129ef4fa454e0f0ac407e008e957a1b795a0
Certificate serial:       019424B2C6534BF7E08A24FD4D603A15DC72
Authority key identifier: 17:13:12:9E:F4:FA:45:4E:0F:0A:C4:07:E0:08:E9:57:A1:B7:95:A0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/FxMSnvT6RU4PCsQH4AjpV6G3laA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ac/157299-9d1c-4c5b-9a41-c25fdc4ca2f6/1/BIIEZlMRbg4gFcs3vd0E2vnjAC0.roa
Signing time:             Thu 02 Jan 2025 01:48:03 +0000
ROA not before:           Thu 02 Jan 2025 01:48:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     204786
IP address blocks:        185.240.52.0/22 maxlen: 24
                          2a0c:7280::/29 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ac/157299-9d1c-4c5b-9a41-c25fdc4ca2f6/1/FxMSnvT6RU4PCsQH4AjpV6G3laA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ac/157299-9d1c-4c5b-9a41-c25fdc4ca2f6/1/FxMSnvT6RU4PCsQH4AjpV6G3laA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/FxMSnvT6RU4PCsQH4AjpV6G3laA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 22 Apr 2025 01:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:b2:c6:53:4b:f7:e0:8a:24:fd:4d:60:3a:15:dc:72
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1713129ef4fa454e0f0ac407e008e957a1b795a0
        Validity
            Not Before: Jan  2 01:48:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0482046653116e0e2015cb37bddd04daf9e3002d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:7d:ab:3e:6d:48:26:d4:82:49:5f:8c:b0:30:
                    e2:14:d2:5b:30:ad:ab:ba:b6:f8:c4:ca:98:c8:1d:
                    33:be:93:bc:ec:20:c9:df:3a:0e:7c:d5:00:85:8e:
                    f1:74:27:c2:26:6b:6d:fd:c7:17:2d:e1:3d:88:c5:
                    83:f5:21:6f:2c:ff:7f:1a:5a:6e:9c:82:2f:a1:64:
                    ae:fe:32:61:46:03:7e:cb:78:da:e6:50:93:38:4b:
                    58:cd:ef:9e:4b:ec:53:7c:af:c1:6e:a7:da:40:23:
                    39:29:c4:03:41:78:af:25:1b:dd:1f:61:3a:94:31:
                    10:64:dc:b3:1e:5a:7a:9d:7c:b3:8d:26:94:8c:e6:
                    5c:c4:65:0b:5c:f9:98:a3:f6:80:e4:21:72:29:c2:
                    1b:49:21:3e:3b:30:bd:b0:34:55:05:0b:39:59:12:
                    7e:f4:18:a4:ac:75:98:ca:89:1e:9b:7e:dc:60:ac:
                    8c:ce:99:f5:cb:49:35:ae:76:19:5e:1f:88:68:63:
                    37:c8:9e:15:df:16:5f:f8:6a:70:81:0c:0a:35:97:
                    08:57:fe:f9:70:45:d9:1f:13:5d:a8:20:00:0b:34:
                    0e:b2:fc:0a:f9:50:bc:b7:72:02:35:f3:9d:42:d8:
                    62:3e:93:79:66:0f:3e:c0:dc:31:69:ab:fd:2a:4c:
                    ff:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                04:82:04:66:53:11:6E:0E:20:15:CB:37:BD:DD:04:DA:F9:E3:00:2D
            X509v3 Authority Key Identifier:
                keyid:17:13:12:9E:F4:FA:45:4E:0F:0A:C4:07:E0:08:E9:57:A1:B7:95:A0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/FxMSnvT6RU4PCsQH4AjpV6G3laA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ac/157299-9d1c-4c5b-9a41-c25fdc4ca2f6/1/BIIEZlMRbg4gFcs3vd0E2vnjAC0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ac/157299-9d1c-4c5b-9a41-c25fdc4ca2f6/1/FxMSnvT6RU4PCsQH4AjpV6G3laA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.240.52.0/22
                IPv6:
                  2a0c:7280::/29

    Signature Algorithm: sha256WithRSAEncryption
         87:bc:c6:31:27:99:93:d6:d2:a2:e0:33:8f:dc:d2:1c:1d:7c:
         e3:af:13:4d:72:79:e1:fc:3f:47:cd:81:e4:cb:4f:a8:db:a6:
         b4:27:9a:7d:54:b7:53:c6:14:4d:21:b6:30:15:87:71:b4:fb:
         32:dc:a0:df:b5:35:ba:ba:43:f1:4b:8e:5b:b6:93:6c:55:60:
         97:de:93:23:85:d5:be:ec:01:5c:8a:cb:94:58:5e:bb:a4:a0:
         4a:b5:e8:3f:fb:39:d1:b8:39:b0:7f:88:d2:9b:07:e5:db:5a:
         b3:ad:e6:27:02:21:d7:eb:51:2a:a1:bf:48:f2:26:23:23:78:
         18:9f:a6:ae:eb:60:8d:75:1d:5b:a1:1b:98:fe:1c:30:86:e2:
         d9:fa:d6:d2:50:b9:20:a4:90:c6:6a:e2:d5:de:11:80:29:b2:
         b4:db:a9:60:86:36:92:c5:1b:c5:4f:9f:4b:c2:75:51:59:3c:
         45:a4:66:db:a7:55:27:5f:a0:cf:34:79:39:7d:a9:c0:e2:54:
         3a:fa:52:57:5e:36:81:e4:de:d1:49:a6:79:76:fe:bd:25:b4:
         ea:58:5e:b8:28:b2:d5:f7:c9:20:dd:be:fc:b5:d3:43:16:f8:
         7a:af:72:94:f1:79:17:ad:7c:d7:7b:a2:f7:0d:d7:9f:ea:a2:
         e8:c7:83:42
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQkssZTS/fgiiT9TWA6FdxyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE3MTMxMjllZjRmYTQ1NGUwZjBhYzQwN2UwMDhlOTU3YTFi
Nzk1YTAwHhcNMjUwMTAyMDE0ODAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNDgyMDQ2NjUzMTE2ZTBlMjAxNWNiMzdiZGRkMDRkYWY5ZTMwMDJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvH2rPm1IJtSCSV+MsDDiFNJbMK2r
urb4xMqYyB0zvpO87CDJ3zoOfNUAhY7xdCfCJmtt/ccXLeE9iMWD9SFvLP9/Glpu
nIIvoWSu/jJhRgN+y3ja5lCTOEtYze+eS+xTfK/BbqfaQCM5KcQDQXivJRvdH2E6
lDEQZNyzHlp6nXyzjSaUjOZcxGULXPmYo/aA5CFyKcIbSSE+OzC9sDRVBQs5WRJ+
9BikrHWYyokem37cYKyMzpn1y0k1rnYZXh+IaGM3yJ4V3xZf+GpwgQwKNZcIV/75
cEXZHxNdqCAACzQOsvwK+VC8t3ICNfOdQthiPpN5Zg8+wNwxaav9Kkz/wQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFASCBGZTEW4OIBXLN73dBNr54wAtMB8GA1UdIwQY
MBaAFBcTEp70+kVODwrEB+AI6Veht5WgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRnhNU252VDZSVTRQQ3NRSDRBanBWNkczbGFBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYy8xNTcyOTktOWQxYy00YzViLTlhNDEt
YzI1ZmRjNGNhMmY2LzEvQklJRVpsTVJiZzRnRmNzM3ZkMEUydm5qQUMwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYy8xNTcyOTktOWQxYy00YzViLTlhNDEtYzI1ZmRjNGNhMmY2
LzEvRnhNU252VDZSVTRQQ3NRSDRBanBWNkczbGFBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCufA0MA0E
AgACMAcDBQMqDHKAMA0GCSqGSIb3DQEBCwUAA4IBAQCHvMYxJ5mT1tKi4DOP3NIc
HXzjrxNNcnnh/D9HzYHky0+o26a0J5p9VLdTxhRNIbYwFYdxtPsy3KDftTW6ukPx
S45btpNsVWCX3pMjhdW+7AFcisuUWF67pKBKteg/+znRuDmwf4jSmwfl21qzreYn
AiHX61Eqob9I8iYjI3gYn6au62CNdR1boRuY/hwwhuLZ+tbSULkgpJDGauLV3hGA
KbK026lghjaSxRvFT59LwnVRWTxFpGbbp1UnX6DPNHk5fanA4lQ6+lJXXjaB5N7R
SaZ5dv69JbTqWF64KLLV98kg3b78tdNDFvh6r3KU8XkXrXzXe6L3Ddef6qLox4NC
-----END CERTIFICATE-----