Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/1000eb-ffd0-4fe3-b7af-0738c2334e7f/1/o0NNJAdQ09Zlx7io8L7w4JsxeRk.roa
File:                     o0NNJAdQ09Zlx7io8L7w4JsxeRk.roa (raw, json)
Hash identifier:          GHDYyjn7cWOGvu2PuaUkyCHLa21ud2IleT+Ydwgziyc=
Subject key identifier:   A3:43:4D:24:07:50:D3:D6:65:C7:B8:A8:F0:BE:F0:E0:9B:31:79:19
Certificate issuer:       /CN=92f85622e22fc96ceacf73114d890f4f3aa7d495
Certificate serial:       01941F8C17C9D2064C967AD8788F1E534E57
Authority key identifier: 92:F8:56:22:E2:2F:C9:6C:EA:CF:73:11:4D:89:0F:4F:3A:A7:D4:95
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/kvhWIuIvyWzqz3MRTYkPTzqn1JU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/1000eb-ffd0-4fe3-b7af-0738c2334e7f/1/o0NNJAdQ09Zlx7io8L7w4JsxeRk.roa
Signing time:             Wed 01 Jan 2025 01:47:42 +0000
ROA not before:           Wed 01 Jan 2025 01:47:42 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     58282
IP address blocks:        185.49.252.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/03/1000eb-ffd0-4fe3-b7af-0738c2334e7f/1/kvhWIuIvyWzqz3MRTYkPTzqn1JU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/03/1000eb-ffd0-4fe3-b7af-0738c2334e7f/1/kvhWIuIvyWzqz3MRTYkPTzqn1JU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/kvhWIuIvyWzqz3MRTYkPTzqn1JU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 22:00:43 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:8c:17:c9:d2:06:4c:96:7a:d8:78:8f:1e:53:4e:57
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=92f85622e22fc96ceacf73114d890f4f3aa7d495
        Validity
            Not Before: Jan  1 01:47:42 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a3434d240750d3d665c7b8a8f0bef0e09b317919
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:91:7b:87:49:a3:99:2f:0a:7e:b8:60:2c:42:
                    20:42:74:16:c9:79:71:a6:ab:35:54:fa:cb:f1:db:
                    ee:c1:8f:9f:6e:7c:60:ae:94:f9:5a:c1:b3:2f:4a:
                    7a:77:fc:a6:06:cc:27:6f:8e:17:a2:2f:86:93:09:
                    ba:1b:39:fc:06:07:a9:5d:ca:43:e4:9d:8b:d3:88:
                    34:ef:9f:71:98:cb:e4:60:fa:5c:9e:53:39:3e:39:
                    0d:b2:fc:cd:eb:94:6f:26:2f:13:bb:f5:84:4d:0c:
                    0d:97:c7:1c:47:e8:55:62:26:eb:fc:29:f9:53:9f:
                    f0:cb:32:82:82:d5:f5:fe:fd:b6:6b:6d:e7:50:fe:
                    7e:ae:d5:4e:14:8b:1c:5a:71:9c:e3:9a:66:3c:a7:
                    92:19:bd:56:d8:89:6b:47:6f:87:61:94:07:6b:c0:
                    c0:e6:f0:55:99:ea:1a:ed:c9:f4:a5:3c:d3:12:e3:
                    07:09:d7:7e:79:b6:58:50:d1:b1:c3:7e:da:2f:4e:
                    50:18:94:97:a3:e7:f3:23:87:3a:d5:56:45:89:49:
                    cd:cb:d8:23:1d:c1:b7:56:eb:83:c0:a3:35:27:4f:
                    40:8d:4f:5b:84:94:58:d4:42:27:fd:31:4d:99:9d:
                    8e:45:49:62:f9:51:e6:a8:88:0f:70:b1:0b:52:f2:
                    dd:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A3:43:4D:24:07:50:D3:D6:65:C7:B8:A8:F0:BE:F0:E0:9B:31:79:19
            X509v3 Authority Key Identifier:
                keyid:92:F8:56:22:E2:2F:C9:6C:EA:CF:73:11:4D:89:0F:4F:3A:A7:D4:95

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/kvhWIuIvyWzqz3MRTYkPTzqn1JU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/1000eb-ffd0-4fe3-b7af-0738c2334e7f/1/o0NNJAdQ09Zlx7io8L7w4JsxeRk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/1000eb-ffd0-4fe3-b7af-0738c2334e7f/1/kvhWIuIvyWzqz3MRTYkPTzqn1JU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.49.252.0/22

    Signature Algorithm: sha256WithRSAEncryption
         51:c3:1c:69:f8:ff:b7:6a:f5:8c:27:6c:89:d4:75:13:5e:9b:
         7e:24:06:99:25:ad:19:b5:c4:d9:2a:57:77:f3:e0:06:77:e6:
         cf:b7:a7:d1:c8:13:32:ea:03:ad:a2:54:f8:c9:98:22:4b:7c:
         ab:1e:54:9a:1b:15:d9:d4:c0:eb:3b:ef:97:58:19:51:c5:f2:
         16:f0:b4:e3:6a:1b:70:a8:aa:76:42:07:e7:82:5c:7b:da:13:
         52:55:c2:f1:38:e9:0a:b1:c2:74:73:f0:a9:13:49:ac:24:ab:
         39:53:f6:d9:83:13:d7:0f:69:38:a6:dc:2c:f5:74:60:64:f7:
         34:4b:b4:b8:88:b1:d6:20:96:dd:25:67:07:24:f2:0f:fa:9f:
         57:02:89:dd:a2:42:e2:5c:8a:eb:06:48:ce:44:78:a7:3e:f7:
         50:20:58:3b:94:83:67:02:f1:69:07:9f:99:ca:e2:98:da:d7:
         29:9f:49:ed:a0:3f:7b:6b:b6:31:c7:a2:16:0f:c2:cd:9e:bd:
         57:27:64:20:80:b5:64:e8:25:f2:ec:60:3e:91:32:5b:2d:fe:
         41:08:d3:fc:2a:c3:11:5e:99:43:92:fa:14:05:55:a1:e1:49:
         1a:1d:04:62:64:5a:7a:3d:35:50:bc:55:b3:b3:80:fe:ad:58:
         e2:be:76:22
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQfjBfJ0gZMlnrYeI8eU05XMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkyZjg1NjIyZTIyZmM5NmNlYWNmNzMxMTRkODkwZjRmM2Fh
N2Q0OTUwHhcNMjUwMTAxMDE0NzQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMzQzNGQyNDA3NTBkM2Q2NjVjN2I4YThmMGJlZjBlMDliMzE3OTE5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1pF7h0mjmS8KfrhgLEIgQnQWyXlx
pqs1VPrL8dvuwY+fbnxgrpT5WsGzL0p6d/ymBswnb44Xoi+Gkwm6Gzn8BgepXcpD
5J2L04g0759xmMvkYPpcnlM5PjkNsvzN65RvJi8Tu/WETQwNl8ccR+hVYibr/Cn5
U5/wyzKCgtX1/v22a23nUP5+rtVOFIscWnGc45pmPKeSGb1W2IlrR2+HYZQHa8DA
5vBVmeoa7cn0pTzTEuMHCdd+ebZYUNGxw37aL05QGJSXo+fzI4c61VZFiUnNy9gj
HcG3VuuDwKM1J09AjU9bhJRY1EIn/TFNmZ2ORUli+VHmqIgPcLELUvLdtwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKNDTSQHUNPWZce4qPC+8OCbMXkZMB8GA1UdIwQY
MBaAFJL4ViLiL8ls6s9zEU2JD086p9SVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva3ZoV0l1SXZ5V3pxejNNUlRZa1BUenFuMUpVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy8xMDAwZWItZmZkMC00ZmUzLWI3YWYt
MDczOGMyMzM0ZTdmLzEvbzBOTkpBZFEwOVpseDdpbzhMN3c0SnN4ZVJrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy8xMDAwZWItZmZkMC00ZmUzLWI3YWYtMDczOGMyMzM0ZTdm
LzEva3ZoV0l1SXZ5V3pxejNNUlRZa1BUenFuMUpVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuTH8MA0G
CSqGSIb3DQEBCwUAA4IBAQBRwxxp+P+3avWMJ2yJ1HUTXpt+JAaZJa0ZtcTZKld3
8+AGd+bPt6fRyBMy6gOtolT4yZgiS3yrHlSaGxXZ1MDrO++XWBlRxfIW8LTjahtw
qKp2Qgfnglx72hNSVcLxOOkKscJ0c/CpE0msJKs5U/bZgxPXD2k4ptws9XRgZPc0
S7S4iLHWIJbdJWcHJPIP+p9XAondokLiXIrrBkjORHinPvdQIFg7lINnAvFpB5+Z
yuKY2tcpn0ntoD97a7Yxx6IWD8LNnr1XJ2QggLVk6CXy7GA+kTJbLf5BCNP8KsMR
XplDkvoUBVWh4UkaHQRiZFp6PTVQvFWzs4D+rVjivnYi
-----END CERTIFICATE-----