Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0a/d9a01c-5c91-4d00-a09a-f8792f577b9a/1/RbCZ4FuBiM5bQVW3sP5PrxSE_ic.roa
File:                     RbCZ4FuBiM5bQVW3sP5PrxSE_ic.roa (raw, json)
Hash identifier:          heyjJE1M941WJSvHrhTQkBoLwbj5RIQs9kFiPjSVnUw=
Subject key identifier:   45:B0:99:E0:5B:81:88:CE:5B:41:55:B7:B0:FE:4F:AF:14:84:FE:27
Certificate issuer:       /CN=75386a6fae1e55f576a405bd74b7f08e7a6c4653
Certificate serial:       0194266BE3E00D130903A1CEE2E714D341BE
Authority key identifier: 75:38:6A:6F:AE:1E:55:F5:76:A4:05:BD:74:B7:F0:8E:7A:6C:46:53
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dThqb64eVfV2pAW9dLfwjnpsRlM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0a/d9a01c-5c91-4d00-a09a-f8792f577b9a/1/RbCZ4FuBiM5bQVW3sP5PrxSE_ic.roa
Signing time:             Thu 02 Jan 2025 09:49:52 +0000
ROA not before:           Thu 02 Jan 2025 09:49:52 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     62000
IP address blocks:        185.163.124.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0a/d9a01c-5c91-4d00-a09a-f8792f577b9a/1/dThqb64eVfV2pAW9dLfwjnpsRlM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0a/d9a01c-5c91-4d00-a09a-f8792f577b9a/1/dThqb64eVfV2pAW9dLfwjnpsRlM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dThqb64eVfV2pAW9dLfwjnpsRlM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 10:07:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:6b:e3:e0:0d:13:09:03:a1:ce:e2:e7:14:d3:41:be
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=75386a6fae1e55f576a405bd74b7f08e7a6c4653
        Validity
            Not Before: Jan  2 09:49:52 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=45b099e05b8188ce5b4155b7b0fe4faf1484fe27
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:e1:5d:52:82:7f:97:43:37:14:81:4b:4a:ec:
                    12:ad:c9:8e:c6:6c:c1:9e:e5:a8:3a:94:67:48:53:
                    1e:74:f5:ea:77:4f:27:86:68:7f:b0:75:a3:96:ce:
                    62:a3:4f:d7:78:7f:68:33:b0:fc:af:f7:e8:33:a1:
                    fa:77:5c:c1:23:fb:52:b6:07:2b:a3:c3:07:86:59:
                    45:a7:19:3d:eb:3d:91:72:7c:61:bd:7c:4f:40:81:
                    51:e1:3e:26:61:28:78:09:44:7e:f0:e1:98:bc:c8:
                    90:46:19:a3:26:79:93:12:ba:a0:93:ab:4b:dd:8e:
                    db:94:b3:74:b7:bf:f6:06:11:50:70:ed:dc:83:4d:
                    f0:30:3c:ec:36:e3:2a:23:4a:f9:a8:cd:15:e9:df:
                    79:75:b1:28:e6:84:0c:b2:fc:8f:a5:48:94:ef:66:
                    96:58:ae:2c:46:1e:f8:a6:b8:63:56:bb:36:0d:4a:
                    20:0c:a6:9a:cd:b6:bc:e0:96:04:1a:ee:69:34:69:
                    e2:17:9e:e5:7e:30:2c:df:a9:24:f5:c1:26:09:a0:
                    dd:70:1e:21:5b:f3:fe:b7:79:15:f9:96:22:e8:72:
                    82:8e:93:ae:5b:fe:cd:e3:37:06:ca:63:b6:e5:61:
                    03:41:51:cb:b8:6b:67:50:a2:2a:20:2a:02:a9:72:
                    2e:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                45:B0:99:E0:5B:81:88:CE:5B:41:55:B7:B0:FE:4F:AF:14:84:FE:27
            X509v3 Authority Key Identifier:
                keyid:75:38:6A:6F:AE:1E:55:F5:76:A4:05:BD:74:B7:F0:8E:7A:6C:46:53

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dThqb64eVfV2pAW9dLfwjnpsRlM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0a/d9a01c-5c91-4d00-a09a-f8792f577b9a/1/RbCZ4FuBiM5bQVW3sP5PrxSE_ic.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0a/d9a01c-5c91-4d00-a09a-f8792f577b9a/1/dThqb64eVfV2pAW9dLfwjnpsRlM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.163.124.0/22

    Signature Algorithm: sha256WithRSAEncryption
         3b:b4:c7:37:7f:08:3c:78:1d:3b:a2:7d:d4:c2:aa:e5:3a:df:
         cd:f9:ab:00:7e:fa:75:1e:83:2a:a1:63:94:7f:1b:63:65:d8:
         33:49:c0:8d:1b:9b:19:7d:84:d3:b9:88:17:82:42:d7:01:56:
         3e:d5:97:19:28:5b:53:05:3a:6e:65:5d:89:0a:9c:b6:13:6d:
         84:34:5b:33:62:b0:3d:b3:de:00:d7:4a:05:51:da:03:89:df:
         87:c4:0c:e0:d2:a9:e0:df:4e:15:10:25:e2:e9:f9:92:fd:2e:
         59:49:04:c8:3d:f4:51:79:ff:2f:55:70:31:db:e2:80:ef:41:
         00:6c:96:3a:cf:34:f4:60:c1:17:e8:14:11:ad:b1:00:6d:38:
         41:9c:33:11:75:97:dd:89:bf:78:37:3b:2e:16:02:5f:32:8b:
         f8:d9:0f:bf:ed:85:60:70:46:a0:71:c1:48:33:30:29:c7:36:
         d1:d4:9f:01:69:0c:c1:6a:43:c4:94:21:aa:45:25:35:c5:db:
         6f:2a:9f:63:4b:80:8a:49:64:83:87:e3:b7:f6:e3:0c:d3:6a:
         09:5e:9f:e1:9e:13:74:99:38:03:6f:38:5a:32:a2:4d:6d:f7:
         8c:28:94:12:43:a8:5a:50:7a:5f:35:ad:57:3e:2a:ce:ee:b3:
         73:ad:0c:c1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQma+PgDRMJA6HO4ucU00G+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc1Mzg2YTZmYWUxZTU1ZjU3NmE0MDViZDc0YjdmMDhlN2E2
YzQ2NTMwHhcNMjUwMTAyMDk0OTUyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NWIwOTllMDViODE4OGNlNWI0MTU1YjdiMGZlNGZhZjE0ODRmZTI3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs+FdUoJ/l0M3FIFLSuwSrcmOxmzB
nuWoOpRnSFMedPXqd08nhmh/sHWjls5io0/XeH9oM7D8r/foM6H6d1zBI/tStgcr
o8MHhllFpxk96z2RcnxhvXxPQIFR4T4mYSh4CUR+8OGYvMiQRhmjJnmTErqgk6tL
3Y7blLN0t7/2BhFQcO3cg03wMDzsNuMqI0r5qM0V6d95dbEo5oQMsvyPpUiU72aW
WK4sRh74prhjVrs2DUogDKaazba84JYEGu5pNGniF57lfjAs36kk9cEmCaDdcB4h
W/P+t3kV+ZYi6HKCjpOuW/7N4zcGymO25WEDQVHLuGtnUKIqICoCqXIurQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEWwmeBbgYjOW0FVt7D+T68UhP4nMB8GA1UdIwQY
MBaAFHU4am+uHlX1dqQFvXS38I56bEZTMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZFRocWI2NGVWZlYycEFXOWRMZndqbnBzUmxNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYS9kOWEwMWMtNWM5MS00ZDAwLWEwOWEt
Zjg3OTJmNTc3YjlhLzEvUmJDWjRGdUJpTTViUVZXM3NQNVByeFNFX2ljLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYS9kOWEwMWMtNWM5MS00ZDAwLWEwOWEtZjg3OTJmNTc3Yjlh
LzEvZFRocWI2NGVWZlYycEFXOWRMZndqbnBzUmxNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuaN8MA0G
CSqGSIb3DQEBCwUAA4IBAQA7tMc3fwg8eB07on3UwqrlOt/N+asAfvp1HoMqoWOU
fxtjZdgzScCNG5sZfYTTuYgXgkLXAVY+1ZcZKFtTBTpuZV2JCpy2E22ENFszYrA9
s94A10oFUdoDid+HxAzg0qng304VECXi6fmS/S5ZSQTIPfRRef8vVXAx2+KA70EA
bJY6zzT0YMEX6BQRrbEAbThBnDMRdZfdib94NzsuFgJfMov42Q+/7YVgcEagccFI
MzApxzbR1J8BaQzBakPElCGqRSU1xdtvKp9jS4CKSWSDh+O39uMM02oJXp/hnhN0
mTgDbzhaMqJNbfeMKJQSQ6haUHpfNa1XPirO7rNzrQzB
-----END CERTIFICATE-----