Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/02/e3694b-77f9-42b0-b5a3-9b7d49adedb3/1/jruZxZ6v3fQQDOP1XhyiLrCoyWo.roa
File:                     jruZxZ6v3fQQDOP1XhyiLrCoyWo.roa (raw, json)
Hash identifier:          JwmXnt+QW5OLkAvlfiLvs8bXFlLMvqHA2E9khKbsWec=
Subject key identifier:   8E:BB:99:C5:9E:AF:DD:F4:10:0C:E3:F5:5E:1C:A2:2E:B0:A8:C9:6A
Certificate issuer:       /CN=b79e5d4f835ea88d76b60256e0037547cd968279
Certificate serial:       019426D979A636B82A3A8945043E08043469
Authority key identifier: B7:9E:5D:4F:83:5E:A8:8D:76:B6:02:56:E0:03:75:47:CD:96:82:79
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/t55dT4NeqI12tgJW4AN1R82Wgnk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/02/e3694b-77f9-42b0-b5a3-9b7d49adedb3/1/jruZxZ6v3fQQDOP1XhyiLrCoyWo.roa
Signing time:             Thu 02 Jan 2025 11:49:33 +0000
ROA not before:           Thu 02 Jan 2025 11:49:33 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     43350
IP address blocks:        185.56.20.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/02/e3694b-77f9-42b0-b5a3-9b7d49adedb3/1/t55dT4NeqI12tgJW4AN1R82Wgnk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/02/e3694b-77f9-42b0-b5a3-9b7d49adedb3/1/t55dT4NeqI12tgJW4AN1R82Wgnk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/t55dT4NeqI12tgJW4AN1R82Wgnk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:d9:79:a6:36:b8:2a:3a:89:45:04:3e:08:04:34:69
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b79e5d4f835ea88d76b60256e0037547cd968279
        Validity
            Not Before: Jan  2 11:49:33 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8ebb99c59eafddf4100ce3f55e1ca22eb0a8c96a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:98:f5:ba:42:76:8b:06:00:b0:6d:d6:f9:64:
                    13:00:9f:71:60:11:bc:26:29:5d:be:fb:6f:be:cf:
                    a6:e0:7a:9d:b4:9f:7b:18:20:ba:20:2b:e9:e9:5f:
                    c2:76:0a:b3:d6:74:ed:5f:2a:f8:27:3a:bf:ab:51:
                    8b:2b:89:d8:0c:93:e5:69:5f:fd:d0:35:c4:d2:a8:
                    6d:fd:9f:98:9c:15:4c:4b:98:db:7f:63:3b:5a:56:
                    d7:4d:1f:7f:8e:52:63:79:ef:e1:1c:aa:3c:90:76:
                    2d:35:e7:ee:cf:ca:b6:53:0a:06:4f:45:aa:90:3e:
                    da:58:e0:03:8e:a5:a7:ce:33:b5:a9:68:97:d3:76:
                    d1:d2:e9:de:33:33:1e:86:c1:a7:a7:f8:69:e6:11:
                    7c:c9:02:87:ae:51:6e:ee:ce:f2:4f:15:ce:26:7a:
                    90:1c:8f:02:bf:24:ad:67:3c:f8:f6:48:53:66:79:
                    2c:dc:b2:57:e7:fc:c1:b1:f8:9e:a0:bb:ca:70:76:
                    b1:4c:27:a1:5a:1e:55:10:e6:83:0d:b9:fb:5e:07:
                    72:29:e6:2b:f8:2c:4a:2b:18:23:d4:b4:ac:de:0c:
                    f4:fc:3d:fe:f2:90:ed:58:fd:69:f1:ec:10:62:31:
                    7d:ee:d4:dd:db:07:38:14:2a:b7:6f:51:f9:32:4f:
                    4b:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8E:BB:99:C5:9E:AF:DD:F4:10:0C:E3:F5:5E:1C:A2:2E:B0:A8:C9:6A
            X509v3 Authority Key Identifier:
                keyid:B7:9E:5D:4F:83:5E:A8:8D:76:B6:02:56:E0:03:75:47:CD:96:82:79

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/t55dT4NeqI12tgJW4AN1R82Wgnk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/02/e3694b-77f9-42b0-b5a3-9b7d49adedb3/1/jruZxZ6v3fQQDOP1XhyiLrCoyWo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/02/e3694b-77f9-42b0-b5a3-9b7d49adedb3/1/t55dT4NeqI12tgJW4AN1R82Wgnk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.56.20.0/22

    Signature Algorithm: sha256WithRSAEncryption
         34:cd:d4:eb:e8:5e:72:d0:28:b2:72:03:3d:b4:2d:37:42:5e:
         88:3e:39:28:31:9a:af:12:e3:8a:dc:44:b9:36:06:df:4e:e3:
         f7:d9:75:dc:6f:69:a8:97:25:0b:70:47:70:c1:ac:2e:9e:0d:
         19:87:60:2a:33:95:39:91:3f:66:d6:db:05:78:68:ff:3f:88:
         f3:88:51:a9:cf:f1:ca:60:99:68:f6:9c:35:12:0f:11:f8:b2:
         6d:4b:0c:f9:41:cd:82:c5:46:89:3d:ad:a0:2b:17:b3:cf:0d:
         b2:88:23:21:8d:31:64:71:6e:3c:8e:d4:42:65:3b:84:d2:b2:
         51:10:d0:f3:42:82:7b:3b:5f:7f:c6:6e:c8:4c:66:83:ee:8c:
         2d:32:75:49:78:3f:79:96:55:07:6b:d4:38:58:b2:90:9f:d8:
         88:c7:91:b6:a4:e0:6e:cd:d5:9b:c2:b0:8b:05:3b:9a:ca:ab:
         77:b3:57:d1:57:9d:30:af:a9:cb:8a:75:35:b2:0e:c6:23:a0:
         56:86:60:2e:21:6e:66:57:08:fe:0d:42:1d:8e:0a:b0:67:99:
         d5:ec:10:37:9c:0a:1a:47:81:3b:a8:53:be:cd:9c:6a:d5:a6:
         69:42:b8:c9:35:c5:b9:b6:d4:a1:13:ae:6e:07:82:ce:79:c3:
         78:ff:52:55
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQm2XmmNrgqOolFBD4IBDRpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI3OWU1ZDRmODM1ZWE4OGQ3NmI2MDI1NmUwMDM3NTQ3Y2Q5
NjgyNzkwHhcNMjUwMTAyMTE0OTMzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZWJiOTljNTllYWZkZGY0MTAwY2UzZjU1ZTFjYTIyZWIwYThjOTZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt5j1ukJ2iwYAsG3W+WQTAJ9xYBG8
Jildvvtvvs+m4HqdtJ97GCC6ICvp6V/Cdgqz1nTtXyr4Jzq/q1GLK4nYDJPlaV/9
0DXE0qht/Z+YnBVMS5jbf2M7WlbXTR9/jlJjee/hHKo8kHYtNefuz8q2UwoGT0Wq
kD7aWOADjqWnzjO1qWiX03bR0uneMzMehsGnp/hp5hF8yQKHrlFu7s7yTxXOJnqQ
HI8CvyStZzz49khTZnks3LJX5/zBsfieoLvKcHaxTCehWh5VEOaDDbn7XgdyKeYr
+CxKKxgj1LSs3gz0/D3+8pDtWP1p8ewQYjF97tTd2wc4FCq3b1H5Mk9LuQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFI67mcWer930EAzj9V4coi6wqMlqMB8GA1UdIwQY
MBaAFLeeXU+DXqiNdrYCVuADdUfNloJ5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdDU1ZFQ0TmVxSTEydGdKVzRBTjFSODJXZ25rLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMi9lMzY5NGItNzdmOS00MmIwLWI1YTMt
OWI3ZDQ5YWRlZGIzLzEvanJ1WnhaNnYzZlFRRE9QMVhoeWlMckNveVdvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMi9lMzY5NGItNzdmOS00MmIwLWI1YTMtOWI3ZDQ5YWRlZGIz
LzEvdDU1ZFQ0TmVxSTEydGdKVzRBTjFSODJXZ25rLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuTgUMA0G
CSqGSIb3DQEBCwUAA4IBAQA0zdTr6F5y0CiycgM9tC03Ql6IPjkoMZqvEuOK3ES5
NgbfTuP32XXcb2molyULcEdwwawung0Zh2AqM5U5kT9m1tsFeGj/P4jziFGpz/HK
YJlo9pw1Eg8R+LJtSwz5Qc2CxUaJPa2gKxezzw2yiCMhjTFkcW48jtRCZTuE0rJR
ENDzQoJ7O19/xm7ITGaD7owtMnVJeD95llUHa9Q4WLKQn9iIx5G2pOBuzdWbwrCL
BTuayqt3s1fRV50wr6nLinU1sg7GI6BWhmAuIW5mVwj+DUIdjgqwZ5nV7BA3nAoa
R4E7qFO+zZxq1aZpQrjJNcW5ttShE65uB4LOecN4/1JV
-----END CERTIFICATE-----