Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ef/ab8070-4f58-4634-9a44-387536d03a71/1/kVLjxhxgFuqXEqXn9rCH2eEb9oA.roa
File:                     kVLjxhxgFuqXEqXn9rCH2eEb9oA.roa (raw, json)
Hash identifier:          QbtMbRiPhMHo4O/j41QZux+PuXLhM2M+5dr1jmr3fpA=
Subject key identifier:   91:52:E3:C6:1C:60:16:EA:97:12:A5:E7:F6:B0:87:D9:E1:1B:F6:80
Certificate issuer:       /CN=e22d7eae21d8baee9de6940d8ce6b29d92a9031e
Certificate serial:       019421B22B9A51D1C1313DE1316F3C32F0B1
Authority key identifier: E2:2D:7E:AE:21:D8:BA:EE:9D:E6:94:0D:8C:E6:B2:9D:92:A9:03:1E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4i1-riHYuu6d5pQNjOaynZKpAx4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ef/ab8070-4f58-4634-9a44-387536d03a71/1/kVLjxhxgFuqXEqXn9rCH2eEb9oA.roa
Signing time:             Wed 01 Jan 2025 11:48:32 +0000
ROA not before:           Wed 01 Jan 2025 11:48:32 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     16509
IP address blocks:        185.138.144.0/22 maxlen: 24
                          2a07:ec0::/29 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ef/ab8070-4f58-4634-9a44-387536d03a71/1/4i1-riHYuu6d5pQNjOaynZKpAx4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ef/ab8070-4f58-4634-9a44-387536d03a71/1/4i1-riHYuu6d5pQNjOaynZKpAx4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4i1-riHYuu6d5pQNjOaynZKpAx4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 22:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:b2:2b:9a:51:d1:c1:31:3d:e1:31:6f:3c:32:f0:b1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e22d7eae21d8baee9de6940d8ce6b29d92a9031e
        Validity
            Not Before: Jan  1 11:48:32 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9152e3c61c6016ea9712a5e7f6b087d9e11bf680
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:54:45:4d:e5:2f:62:25:fe:4f:b4:a9:c0:4b:
                    4a:25:e3:bc:95:e8:27:22:2d:4c:fd:9f:8b:6b:9b:
                    47:cb:2c:df:c6:f3:b0:0d:d2:42:85:14:5f:2e:f0:
                    8e:e7:da:1f:99:62:00:10:a3:21:31:32:8c:2f:94:
                    c0:5a:78:7c:08:0a:0f:8b:eb:fd:8f:66:bc:4e:f4:
                    35:eb:5d:4e:a6:ab:1b:f4:b8:7c:5b:a9:28:5f:f6:
                    3e:2c:5a:ee:4d:90:f8:c2:aa:79:47:0f:47:4a:13:
                    d0:87:8d:0a:67:62:cc:d9:60:92:ab:ba:89:9d:68:
                    b1:b5:26:f0:68:cf:c9:ab:ab:a1:a0:f1:6f:6c:ee:
                    65:94:de:a8:bd:d8:a4:ba:45:16:a8:09:12:ee:c8:
                    df:ae:4c:45:b3:82:b5:8c:83:78:aa:8d:76:f8:46:
                    65:e1:99:1a:41:d1:f0:04:0d:e4:fc:23:e5:ac:6e:
                    3d:8c:aa:83:52:47:0e:25:f2:0d:70:7b:67:a6:84:
                    f8:7b:17:22:7c:7f:b5:ff:72:8f:15:9e:3f:13:76:
                    c9:20:b3:21:43:e3:b0:f8:85:a7:43:3a:84:d6:bb:
                    07:40:ef:80:1e:bb:73:62:10:0b:d0:a2:3d:2e:b5:
                    0a:d8:28:ec:74:11:b4:ea:a1:54:b0:55:59:1d:df:
                    ee:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                91:52:E3:C6:1C:60:16:EA:97:12:A5:E7:F6:B0:87:D9:E1:1B:F6:80
            X509v3 Authority Key Identifier:
                keyid:E2:2D:7E:AE:21:D8:BA:EE:9D:E6:94:0D:8C:E6:B2:9D:92:A9:03:1E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4i1-riHYuu6d5pQNjOaynZKpAx4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ef/ab8070-4f58-4634-9a44-387536d03a71/1/kVLjxhxgFuqXEqXn9rCH2eEb9oA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ef/ab8070-4f58-4634-9a44-387536d03a71/1/4i1-riHYuu6d5pQNjOaynZKpAx4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.138.144.0/22
                IPv6:
                  2a07:ec0::/29

    Signature Algorithm: sha256WithRSAEncryption
         35:7a:40:e0:c0:13:49:ec:14:29:9d:89:65:4a:f5:cb:9e:8d:
         62:a6:66:30:82:d4:fa:63:86:84:4a:14:48:82:a4:8e:72:44:
         be:f9:9e:42:10:ee:1a:81:18:a2:15:a9:42:2f:11:b5:c4:a5:
         7d:e1:6a:13:a5:b1:84:27:87:5c:02:29:38:60:65:4c:e5:4f:
         bf:53:05:62:e4:29:31:af:ef:7e:54:34:07:fc:0c:82:b9:8c:
         db:6d:d5:08:31:a1:e6:e3:84:0d:e0:c0:03:6e:9b:0f:78:a0:
         2a:32:5b:76:d5:47:35:19:f2:0a:4d:a4:a2:36:a0:de:b8:49:
         d2:9a:45:e8:05:8f:0f:e0:41:f4:ba:61:1a:a1:3c:8b:2f:3e:
         e0:2b:53:0d:cc:12:85:41:7c:a4:32:72:87:32:d6:ef:09:cf:
         61:5a:6b:ba:87:67:bc:a2:ee:7d:9a:e0:d3:02:7c:80:78:8f:
         bc:6f:3d:f6:17:89:d0:b8:6b:6f:f0:e3:1d:0b:9d:57:e3:2c:
         4b:69:c5:59:15:a3:e9:93:f9:e7:ff:36:5f:13:1e:56:64:58:
         ba:a7:45:4d:81:fb:7a:7a:00:9d:77:44:83:7c:e2:cb:2c:2f:
         71:86:56:d1:7d:95:5f:55:63:34:35:b9:98:95:b1:2d:a5:a8:
         cf:03:58:32
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQhsiuaUdHBMT3hMW88MvCxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUyMmQ3ZWFlMjFkOGJhZWU5ZGU2OTQwZDhjZTZiMjlkOTJh
OTAzMWUwHhcNMjUwMTAxMTE0ODMyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MTUyZTNjNjFjNjAxNmVhOTcxMmE1ZTdmNmIwODdkOWUxMWJmNjgwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn1RFTeUvYiX+T7SpwEtKJeO8legn
Ii1M/Z+La5tHyyzfxvOwDdJChRRfLvCO59ofmWIAEKMhMTKML5TAWnh8CAoPi+v9
j2a8TvQ1611Opqsb9Lh8W6koX/Y+LFruTZD4wqp5Rw9HShPQh40KZ2LM2WCSq7qJ
nWixtSbwaM/Jq6uhoPFvbO5llN6ovdikukUWqAkS7sjfrkxFs4K1jIN4qo12+EZl
4ZkaQdHwBA3k/CPlrG49jKqDUkcOJfINcHtnpoT4excifH+1/3KPFZ4/E3bJILMh
Q+Ow+IWnQzqE1rsHQO+AHrtzYhAL0KI9LrUK2CjsdBG06qFUsFVZHd/u6wIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFJFS48YcYBbqlxKl5/awh9nhG/aAMB8GA1UdIwQY
MBaAFOItfq4h2LruneaUDYzmsp2SqQMeMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNGkxLXJpSFl1dTZkNXBRTmpPYXluWktwQXg0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZi9hYjgwNzAtNGY1OC00NjM0LTlhNDQt
Mzg3NTM2ZDAzYTcxLzEva1ZManhoeGdGdXFYRXFYbjlyQ0gyZUViOW9BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZi9hYjgwNzAtNGY1OC00NjM0LTlhNDQtMzg3NTM2ZDAzYTcx
LzEvNGkxLXJpSFl1dTZkNXBRTmpPYXluWktwQXg0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuYqQMA0E
AgACMAcDBQMqBw7AMA0GCSqGSIb3DQEBCwUAA4IBAQA1ekDgwBNJ7BQpnYllSvXL
no1ipmYwgtT6Y4aEShRIgqSOckS++Z5CEO4agRiiFalCLxG1xKV94WoTpbGEJ4dc
Aik4YGVM5U+/UwVi5Ckxr+9+VDQH/AyCuYzbbdUIMaHm44QN4MADbpsPeKAqMlt2
1Uc1GfIKTaSiNqDeuEnSmkXoBY8P4EH0umEaoTyLLz7gK1MNzBKFQXykMnKHMtbv
Cc9hWmu6h2e8ou59muDTAnyAeI+8bz32F4nQuGtv8OMdC51X4yxLacVZFaPpk/nn
/zZfEx5WZFi6p0VNgft6egCdd0SDfOLLLC9xhlbRfZVfVWM0NbmYlbEtpajPA1gy
-----END CERTIFICATE-----