Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/10/453aed-7645-459d-85d8-85d80a544beb/1/XKgFLRL69SL60NdfQXwm1QTIJjA.roa
File:                     XKgFLRL69SL60NdfQXwm1QTIJjA.roa (raw, json)
Hash identifier:          gmsw3/0a1oqoWvmsXkV41iDiqrBjRS4S2LvnTqx2H9E=
Subject key identifier:   5C:A8:05:2D:12:FA:F5:22:FA:D0:D7:5F:41:7C:26:D5:04:C8:26:30
Certificate issuer:       /CN=e4ccd73508a9b59985d5597868e3a5d5ec745f5e
Certificate serial:       019420D5AEB390EFB38CE0F29EF23AE73E40
Authority key identifier: E4:CC:D7:35:08:A9:B5:99:85:D5:59:78:68:E3:A5:D5:EC:74:5F:5E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5MzXNQiptZmF1Vl4aOOl1ex0X14.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/10/453aed-7645-459d-85d8-85d80a544beb/1/XKgFLRL69SL60NdfQXwm1QTIJjA.roa
Signing time:             Wed 01 Jan 2025 07:47:42 +0000
ROA not before:           Wed 01 Jan 2025 07:47:42 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     57152
IP address blocks:        185.122.12.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/10/453aed-7645-459d-85d8-85d80a544beb/1/5MzXNQiptZmF1Vl4aOOl1ex0X14.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/10/453aed-7645-459d-85d8-85d80a544beb/1/5MzXNQiptZmF1Vl4aOOl1ex0X14.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/5MzXNQiptZmF1Vl4aOOl1ex0X14.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 10:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:d5:ae:b3:90:ef:b3:8c:e0:f2:9e:f2:3a:e7:3e:40
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e4ccd73508a9b59985d5597868e3a5d5ec745f5e
        Validity
            Not Before: Jan  1 07:47:42 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5ca8052d12faf522fad0d75f417c26d504c82630
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:22:16:b0:00:fb:86:8e:93:7b:f7:56:24:9f:
                    0f:ec:49:44:3c:f6:43:f0:5e:bd:d4:be:f8:e0:12:
                    42:d6:6e:c8:cc:9c:a3:9b:b1:69:28:42:ef:30:8c:
                    bc:c1:ef:d4:20:4a:b2:bb:ae:2b:a1:c2:d8:69:a7:
                    00:1a:96:5d:60:3b:b3:2c:b9:d1:a8:5f:2c:9f:9c:
                    a0:b7:dc:73:7d:43:ac:17:f8:05:6e:77:4a:53:92:
                    8b:ed:98:e0:cb:93:c3:6a:1d:0c:c5:f8:ed:f4:24:
                    c2:72:34:11:b3:99:00:bc:10:c3:13:aa:98:b3:a0:
                    b5:4b:b6:d5:7d:89:68:85:d5:3b:c6:92:96:1b:a5:
                    5f:88:d4:47:b4:0b:49:0e:bb:6c:e4:d1:d3:19:66:
                    c5:ea:6e:5a:b8:0b:88:e0:83:57:94:5d:a0:64:6a:
                    f1:cd:82:36:65:c7:4f:03:d4:2e:c9:60:f9:f4:33:
                    43:23:80:79:aa:a0:a8:f2:3d:64:8b:2f:1d:78:73:
                    9f:ab:38:f3:12:c9:67:45:bf:55:77:e5:1d:ac:2a:
                    74:d0:e3:41:80:53:fd:48:65:da:bf:dd:7d:4a:7c:
                    0e:1b:cd:9d:04:44:cc:10:05:2b:36:08:77:e2:b2:
                    e9:bb:36:de:93:70:d9:5e:18:a1:3e:99:1e:31:3c:
                    65:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5C:A8:05:2D:12:FA:F5:22:FA:D0:D7:5F:41:7C:26:D5:04:C8:26:30
            X509v3 Authority Key Identifier:
                keyid:E4:CC:D7:35:08:A9:B5:99:85:D5:59:78:68:E3:A5:D5:EC:74:5F:5E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5MzXNQiptZmF1Vl4aOOl1ex0X14.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/453aed-7645-459d-85d8-85d80a544beb/1/XKgFLRL69SL60NdfQXwm1QTIJjA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/10/453aed-7645-459d-85d8-85d80a544beb/1/5MzXNQiptZmF1Vl4aOOl1ex0X14.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.122.12.0/22

    Signature Algorithm: sha256WithRSAEncryption
         c3:23:eb:98:4d:9e:7a:d8:d4:90:34:de:f7:79:d2:b1:ce:5e:
         9e:64:8f:47:d8:7d:1d:af:4a:0e:82:2f:6a:e0:60:68:56:e2:
         fd:1b:d8:cc:2b:c9:43:ee:22:da:68:a6:f8:2e:74:c2:90:78:
         a1:e2:88:55:b0:bc:09:8a:c1:06:2a:63:40:8a:64:48:bb:1c:
         b6:50:11:0d:f7:35:b2:63:33:40:86:e6:81:9b:cf:c5:f7:14:
         f1:c1:4a:bf:08:59:eb:f5:62:c3:1c:09:0c:10:24:2a:b7:b4:
         c7:48:44:53:3d:4d:22:93:ae:98:f9:23:a5:19:7b:e6:8f:cc:
         8e:2e:fb:1b:a5:6d:e5:cb:d7:e4:9b:66:35:4a:15:7c:78:19:
         72:3c:98:fd:e4:34:4b:ad:ed:1c:5f:69:ad:8c:46:6d:f4:e4:
         e2:23:fe:e0:e8:bc:6c:03:86:d2:db:6f:00:02:ed:1f:34:b2:
         a6:a6:7e:1d:6f:9a:f9:06:a8:75:b6:96:0e:88:f7:de:09:19:
         22:28:e6:6a:e7:5c:48:45:77:89:f3:7c:81:8c:f4:d4:c5:85:
         b9:b7:d6:d6:c3:56:c3:29:71:2a:a3:ae:ff:c5:b7:ba:bc:c9:
         a1:b4:19:7c:33:ec:8b:90:7f:56:e8:03:7f:4f:b1:c4:a8:73:
         df:28:8e:71
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQg1a6zkO+zjODynvI65z5AMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU0Y2NkNzM1MDhhOWI1OTk4NWQ1NTk3ODY4ZTNhNWQ1ZWM3
NDVmNWUwHhcNMjUwMTAxMDc0NzQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1Y2E4MDUyZDEyZmFmNTIyZmFkMGQ3NWY0MTdjMjZkNTA0YzgyNjMwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwCIWsAD7ho6Te/dWJJ8P7ElEPPZD
8F691L744BJC1m7IzJyjm7FpKELvMIy8we/UIEqyu64rocLYaacAGpZdYDuzLLnR
qF8sn5ygt9xzfUOsF/gFbndKU5KL7Zjgy5PDah0Mxfjt9CTCcjQRs5kAvBDDE6qY
s6C1S7bVfYlohdU7xpKWG6VfiNRHtAtJDrts5NHTGWbF6m5auAuI4INXlF2gZGrx
zYI2ZcdPA9QuyWD59DNDI4B5qqCo8j1kiy8deHOfqzjzEslnRb9Vd+UdrCp00ONB
gFP9SGXav919SnwOG82dBETMEAUrNgh34rLpuzbek3DZXhihPpkeMTxl5wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFyoBS0S+vUi+tDXX0F8JtUEyCYwMB8GA1UdIwQY
MBaAFOTM1zUIqbWZhdVZeGjjpdXsdF9eMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNU16WE5RaXB0Wm1GMVZsNGFPT2wxZXgwWDE0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMC80NTNhZWQtNzY0NS00NTlkLTg1ZDgt
ODVkODBhNTQ0YmViLzEvWEtnRkxSTDY5U0w2ME5kZlFYd20xUVRJSmpBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMC80NTNhZWQtNzY0NS00NTlkLTg1ZDgtODVkODBhNTQ0YmVi
LzEvNU16WE5RaXB0Wm1GMVZsNGFPT2wxZXgwWDE0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuXoMMA0G
CSqGSIb3DQEBCwUAA4IBAQDDI+uYTZ562NSQNN73edKxzl6eZI9H2H0dr0oOgi9q
4GBoVuL9G9jMK8lD7iLaaKb4LnTCkHih4ohVsLwJisEGKmNAimRIuxy2UBEN9zWy
YzNAhuaBm8/F9xTxwUq/CFnr9WLDHAkMECQqt7THSERTPU0ik66Y+SOlGXvmj8yO
LvsbpW3ly9fkm2Y1ShV8eBlyPJj95DRLre0cX2mtjEZt9OTiI/7g6LxsA4bS228A
Au0fNLKmpn4db5r5Bqh1tpYOiPfeCRkiKOZq51xIRXeJ83yBjPTUxYW5t9bWw1bD
KXEqo67/xbe6vMmhtBl8M+yLkH9W6AN/T7HEqHPfKI5x
-----END CERTIFICATE-----