Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/05/014088-5684-49c2-b630-eb53a518c263/1/RWXMqjkV2JSmE_jNgsIntDAZ40E.roa
File:                     RWXMqjkV2JSmE_jNgsIntDAZ40E.roa (raw, json)
Hash identifier:          JlOZyqtU1Xw8rdg1LgiJgni//bw4mMZ1Qt4Pvh5z6tE=
Subject key identifier:   45:65:CC:AA:39:15:D8:94:A6:13:F8:CD:82:C2:27:B4:30:19:E3:41
Certificate issuer:       /CN=4021dff35edf0ce6e428d6affc212c4717679ee1
Certificate serial:       019428251E0FB357EC6B8FF59B792028CF1A
Authority key identifier: 40:21:DF:F3:5E:DF:0C:E6:E4:28:D6:AF:FC:21:2C:47:17:67:9E:E1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/QCHf817fDObkKNav_CEsRxdnnuE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/05/014088-5684-49c2-b630-eb53a518c263/1/RWXMqjkV2JSmE_jNgsIntDAZ40E.roa
Signing time:             Thu 02 Jan 2025 17:51:48 +0000
ROA not before:           Thu 02 Jan 2025 17:51:48 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     50427
IP address blocks:        185.112.224.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/05/014088-5684-49c2-b630-eb53a518c263/1/QCHf817fDObkKNav_CEsRxdnnuE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/05/014088-5684-49c2-b630-eb53a518c263/1/QCHf817fDObkKNav_CEsRxdnnuE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/QCHf817fDObkKNav_CEsRxdnnuE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 23:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:28:25:1e:0f:b3:57:ec:6b:8f:f5:9b:79:20:28:cf:1a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4021dff35edf0ce6e428d6affc212c4717679ee1
        Validity
            Not Before: Jan  2 17:51:48 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4565ccaa3915d894a613f8cd82c227b43019e341
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:a3:8a:13:43:09:31:e1:37:57:57:a5:13:c7:
                    7c:89:50:99:12:a7:c6:84:90:6d:0d:37:77:86:1d:
                    2f:ba:d8:10:8a:5d:45:fa:2b:a6:2e:fc:5b:e4:8e:
                    e2:95:71:c4:ed:43:5f:70:e3:76:8b:76:98:54:20:
                    2a:92:9d:c2:61:7f:1a:10:d1:80:4d:ec:fb:44:3e:
                    09:7e:b3:0e:7b:92:52:c8:b7:ae:69:c0:c3:d6:61:
                    aa:ce:85:aa:e7:be:9d:85:a6:f7:c7:fb:29:f2:52:
                    cb:c2:5a:12:9a:b2:ee:b4:4a:de:ae:b7:8b:bf:8c:
                    d2:0b:77:10:d3:84:ef:75:0a:ad:13:68:23:1c:81:
                    d2:38:8b:7b:2a:af:06:48:02:92:0c:2d:ba:f6:af:
                    fa:44:74:54:e2:1f:10:20:85:19:1e:18:34:a4:a3:
                    eb:64:c1:fe:7a:be:29:c2:9e:0d:f3:da:37:29:ab:
                    b5:c3:ad:96:1f:b7:7b:24:0c:37:b2:0e:c6:0c:45:
                    5f:52:33:c2:60:19:35:a7:6a:05:38:fe:0f:03:c5:
                    46:10:10:e9:5e:1c:66:e4:29:37:03:85:47:f3:b0:
                    92:be:a3:3a:36:41:40:3d:bd:5b:51:5b:bb:2f:11:
                    31:fa:d1:b4:b4:18:c5:48:54:ab:59:8b:26:1a:4c:
                    b4:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                45:65:CC:AA:39:15:D8:94:A6:13:F8:CD:82:C2:27:B4:30:19:E3:41
            X509v3 Authority Key Identifier:
                keyid:40:21:DF:F3:5E:DF:0C:E6:E4:28:D6:AF:FC:21:2C:47:17:67:9E:E1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QCHf817fDObkKNav_CEsRxdnnuE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/05/014088-5684-49c2-b630-eb53a518c263/1/RWXMqjkV2JSmE_jNgsIntDAZ40E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/05/014088-5684-49c2-b630-eb53a518c263/1/QCHf817fDObkKNav_CEsRxdnnuE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.112.224.0/22

    Signature Algorithm: sha256WithRSAEncryption
         01:7a:49:51:13:c5:9e:b1:5c:09:72:e3:ae:3c:80:e3:40:bd:
         62:51:e3:e6:7f:fa:e1:61:0d:d3:93:32:d7:94:4f:3c:b9:32:
         2c:1f:8d:e1:5e:08:a1:cb:95:9a:9c:b1:76:72:ee:1a:60:80:
         db:93:67:da:06:90:26:f8:f5:ba:55:f5:0d:7d:95:34:33:0b:
         aa:dc:b8:9c:b3:bc:6f:15:0f:11:85:82:c1:21:dd:76:53:f6:
         13:76:59:92:dd:55:cb:79:a3:3e:5b:db:65:4a:a6:b8:1d:fd:
         d7:36:c8:4c:90:8e:06:4d:0b:db:86:84:53:a3:a7:31:f8:59:
         af:99:e2:1d:49:95:24:7b:06:9f:6e:bd:2e:db:2f:82:b3:44:
         51:3b:81:81:88:1d:7e:00:fa:64:82:b1:1b:ce:7d:0f:10:07:
         e5:82:8d:e0:2b:69:4e:df:b0:85:c6:14:dc:a3:a8:39:d8:28:
         e5:af:2f:5e:20:96:5a:3a:eb:7e:11:9a:4c:60:f2:9b:44:48:
         38:ac:a0:59:52:2e:b1:8a:15:b8:d0:83:17:18:20:23:33:59:
         1c:16:3f:bf:66:f8:b8:53:54:5e:4b:00:04:ac:27:7f:e1:a3:
         c4:53:ba:f2:ba:3f:ef:de:80:c5:de:d1:8c:35:ac:f6:1f:73:
         b9:23:e9:8a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQoJR4Ps1fsa4/1m3kgKM8aMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQwMjFkZmYzNWVkZjBjZTZlNDI4ZDZhZmZjMjEyYzQ3MTc2
NzllZTEwHhcNMjUwMTAyMTc1MTQ4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NTY1Y2NhYTM5MTVkODk0YTYxM2Y4Y2Q4MmMyMjdiNDMwMTllMzQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA06OKE0MJMeE3V1elE8d8iVCZEqfG
hJBtDTd3hh0vutgQil1F+iumLvxb5I7ilXHE7UNfcON2i3aYVCAqkp3CYX8aENGA
Tez7RD4JfrMOe5JSyLeuacDD1mGqzoWq576dhab3x/sp8lLLwloSmrLutErerreL
v4zSC3cQ04TvdQqtE2gjHIHSOIt7Kq8GSAKSDC269q/6RHRU4h8QIIUZHhg0pKPr
ZMH+er4pwp4N89o3Kau1w62WH7d7JAw3sg7GDEVfUjPCYBk1p2oFOP4PA8VGEBDp
Xhxm5Ck3A4VH87CSvqM6NkFAPb1bUVu7LxEx+tG0tBjFSFSrWYsmGky0wQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEVlzKo5FdiUphP4zYLCJ7QwGeNBMB8GA1UdIwQY
MBaAFEAh3/Ne3wzm5CjWr/whLEcXZ57hMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUUNIZjgxN2ZET2JrS05hdl9DRXNSeGRubnVFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNS8wMTQwODgtNTY4NC00OWMyLWI2MzAt
ZWI1M2E1MThjMjYzLzEvUldYTXFqa1YySlNtRV9qTmdzSW50REFaNDBFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNS8wMTQwODgtNTY4NC00OWMyLWI2MzAtZWI1M2E1MThjMjYz
LzEvUUNIZjgxN2ZET2JrS05hdl9DRXNSeGRubnVFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuXDgMA0G
CSqGSIb3DQEBCwUAA4IBAQABeklRE8WesVwJcuOuPIDjQL1iUePmf/rhYQ3TkzLX
lE88uTIsH43hXgihy5WanLF2cu4aYIDbk2faBpAm+PW6VfUNfZU0Mwuq3Lics7xv
FQ8RhYLBId12U/YTdlmS3VXLeaM+W9tlSqa4Hf3XNshMkI4GTQvbhoRTo6cx+Fmv
meIdSZUkewafbr0u2y+Cs0RRO4GBiB1+APpkgrEbzn0PEAflgo3gK2lO37CFxhTc
o6g52Cjlry9eIJZaOut+EZpMYPKbREg4rKBZUi6xihW40IMXGCAjM1kcFj+/Zvi4
U1ReSwAErCd/4aPEU7ryuj/v3oDF3tGMNaz2H3O5I+mK
-----END CERTIFICATE-----