Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1c/5b0222-ed64-4f55-b45b-0059f737ef05/1/43y7EOGBptoEQuKUeXgk6SpCiKM.roa
File:                     43y7EOGBptoEQuKUeXgk6SpCiKM.roa (raw, json)
Hash identifier:          JqRad2v+qIhbHewbO6BDiGvY7klaYPQyg0QWPHcgDXg=
Subject key identifier:   E3:7C:BB:10:E1:81:A6:DA:04:42:E2:94:79:78:24:E9:2A:42:88:A3
Certificate issuer:       /CN=e501815c6f98f3a2b6184afebf18ea341be882ea
Certificate serial:       0194252223FDCCD588B6375E63D76F4924E6
Authority key identifier: E5:01:81:5C:6F:98:F3:A2:B6:18:4A:FE:BF:18:EA:34:1B:E8:82:EA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5QGBXG-Y86K2GEr-vxjqNBvoguo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1c/5b0222-ed64-4f55-b45b-0059f737ef05/1/43y7EOGBptoEQuKUeXgk6SpCiKM.roa
Signing time:             Thu 02 Jan 2025 03:49:41 +0000
ROA not before:           Thu 02 Jan 2025 03:49:41 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     62425
IP address blocks:        185.203.33.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1c/5b0222-ed64-4f55-b45b-0059f737ef05/1/5QGBXG-Y86K2GEr-vxjqNBvoguo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1c/5b0222-ed64-4f55-b45b-0059f737ef05/1/5QGBXG-Y86K2GEr-vxjqNBvoguo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/5QGBXG-Y86K2GEr-vxjqNBvoguo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 12:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:22:23:fd:cc:d5:88:b6:37:5e:63:d7:6f:49:24:e6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e501815c6f98f3a2b6184afebf18ea341be882ea
        Validity
            Not Before: Jan  2 03:49:41 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e37cbb10e181a6da0442e294797824e92a4288a3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:cf:ac:44:dc:3f:81:15:78:f5:65:23:3c:88:
                    9c:41:a7:96:87:48:c0:d3:57:cb:17:f9:f3:df:37:
                    ea:34:cc:ea:e8:a8:3c:ae:a9:b9:14:8f:d7:07:22:
                    e6:ff:e8:d0:55:21:d2:90:7e:6c:99:ee:7f:f9:41:
                    af:ed:15:8a:ad:e7:ef:72:23:a6:1a:69:02:a0:a3:
                    a9:cb:46:58:48:a7:98:bc:6c:11:98:a4:47:d4:d7:
                    b8:9a:64:8f:1d:b9:be:5e:6e:e9:1e:b5:3e:9e:fc:
                    e7:fc:95:d3:b1:8d:ad:ee:04:23:0e:6a:66:1d:9e:
                    c4:00:56:45:b7:ba:d6:6d:44:11:ba:2c:51:ea:b8:
                    0e:00:2a:a1:9a:e0:eb:7d:61:20:76:6d:7e:9e:20:
                    f5:96:40:b6:d0:0e:31:95:e1:85:6a:33:f8:69:3b:
                    0c:d0:cb:62:c2:bf:bc:59:43:57:b6:74:f5:7a:92:
                    e7:41:8e:8f:e1:a8:4e:0f:a4:6e:c0:7f:88:3c:49:
                    9f:af:ac:e3:0e:ba:35:31:f2:4f:a6:9e:24:45:a4:
                    93:99:09:4e:a0:6a:e4:4a:98:91:ce:da:e6:fc:75:
                    ba:79:64:9a:62:e4:20:52:24:7a:13:ba:d0:5f:62:
                    6f:6d:a5:62:61:ac:ce:40:74:79:49:9d:a9:4e:35:
                    fb:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E3:7C:BB:10:E1:81:A6:DA:04:42:E2:94:79:78:24:E9:2A:42:88:A3
            X509v3 Authority Key Identifier:
                keyid:E5:01:81:5C:6F:98:F3:A2:B6:18:4A:FE:BF:18:EA:34:1B:E8:82:EA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5QGBXG-Y86K2GEr-vxjqNBvoguo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/5b0222-ed64-4f55-b45b-0059f737ef05/1/43y7EOGBptoEQuKUeXgk6SpCiKM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/5b0222-ed64-4f55-b45b-0059f737ef05/1/5QGBXG-Y86K2GEr-vxjqNBvoguo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.203.33.0/24

    Signature Algorithm: sha256WithRSAEncryption
         95:7d:0b:81:fa:04:15:2b:35:27:4e:2f:a9:19:43:80:c1:84:
         b9:38:6e:36:cc:fc:4e:bf:59:b5:c9:7b:be:4d:bf:cc:07:7e:
         48:03:b8:47:9d:04:a1:47:14:67:a3:d5:0c:35:93:a5:f2:78:
         55:58:4b:77:66:c9:21:35:fb:ac:52:a4:88:83:3f:c6:5b:45:
         bd:79:26:7d:72:18:ed:98:df:ba:fa:df:ce:ed:39:26:1e:d4:
         62:7d:b5:0f:d9:c3:31:fc:5f:92:f0:c9:ae:5d:42:98:59:40:
         67:6c:29:d1:de:87:3e:e4:96:08:48:d0:45:13:7e:89:76:79:
         19:e0:85:22:19:90:5a:91:73:5d:96:c9:fe:a8:32:e6:fd:48:
         33:c1:d5:cb:5d:93:07:7e:28:2f:69:f5:18:b8:88:ee:5e:a3:
         47:d8:77:ce:a6:e3:8f:7f:a7:ad:e7:26:e5:ab:8f:0e:08:d2:
         7e:20:40:cd:fb:cb:e2:7c:5e:3c:2a:65:2e:f7:f8:55:6c:bf:
         bf:da:33:38:3d:fc:38:56:c1:12:f0:a6:49:3c:06:c4:9c:19:
         4c:95:8b:8a:7b:05:a7:48:00:0a:89:b3:bd:b5:fe:33:1e:ac:
         0c:3a:48:ad:18:94:48:87:f4:c6:b4:7b:ec:4c:2f:78:fa:af:
         af:53:23:cd
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQlIiP9zNWItjdeY9dvSSTmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU1MDE4MTVjNmY5OGYzYTJiNjE4NGFmZWJmMThlYTM0MWJl
ODgyZWEwHhcNMjUwMTAyMDM0OTQxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMzdjYmIxMGUxODFhNmRhMDQ0MmUyOTQ3OTc4MjRlOTJhNDI4OGEzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA08+sRNw/gRV49WUjPIicQaeWh0jA
01fLF/nz3zfqNMzq6Kg8rqm5FI/XByLm/+jQVSHSkH5sme5/+UGv7RWKrefvciOm
GmkCoKOpy0ZYSKeYvGwRmKRH1Ne4mmSPHbm+Xm7pHrU+nvzn/JXTsY2t7gQjDmpm
HZ7EAFZFt7rWbUQRuixR6rgOACqhmuDrfWEgdm1+niD1lkC20A4xleGFajP4aTsM
0Mtiwr+8WUNXtnT1epLnQY6P4ahOD6RuwH+IPEmfr6zjDro1MfJPpp4kRaSTmQlO
oGrkSpiRztrm/HW6eWSaYuQgUiR6E7rQX2JvbaViYazOQHR5SZ2pTjX7swIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFON8uxDhgabaBELilHl4JOkqQoijMB8GA1UdIwQY
MBaAFOUBgVxvmPOithhK/r8Y6jQb6ILqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNVFHQlhHLVk4NksyR0VyLXZ4anFOQnZvZ3VvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYy81YjAyMjItZWQ2NC00ZjU1LWI0NWIt
MDA1OWY3MzdlZjA1LzEvNDN5N0VPR0JwdG9FUXVLVWVYZ2s2U3BDaUtNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYy81YjAyMjItZWQ2NC00ZjU1LWI0NWItMDA1OWY3MzdlZjA1
LzEvNVFHQlhHLVk4NksyR0VyLXZ4anFOQnZvZ3VvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAucshMA0G
CSqGSIb3DQEBCwUAA4IBAQCVfQuB+gQVKzUnTi+pGUOAwYS5OG42zPxOv1m1yXu+
Tb/MB35IA7hHnQShRxRno9UMNZOl8nhVWEt3ZskhNfusUqSIgz/GW0W9eSZ9chjt
mN+6+t/O7TkmHtRifbUP2cMx/F+S8MmuXUKYWUBnbCnR3oc+5JYISNBFE36JdnkZ
4IUiGZBakXNdlsn+qDLm/UgzwdXLXZMHfigvafUYuIjuXqNH2HfOpuOPf6et5ybl
q48OCNJ+IEDN+8vifF48KmUu9/hVbL+/2jM4Pfw4VsES8KZJPAbEnBlMlYuKewWn
SAAKibO9tf4zHqwMOkitGJRIh/TGtHvsTC94+q+vUyPN
-----END CERTIFICATE-----