Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/25/68c296-69b2-4070-9ff9-4243decad360/1/jKEy0LJLh7AqTPNLnCDWho1dIJ0.roa
File:                     jKEy0LJLh7AqTPNLnCDWho1dIJ0.roa (raw, json)
Hash identifier:          BKRsVG5h+FxIv9YJSObhtgL9EqcN1BIPxpc/4d7NHx4=
Subject key identifier:   8C:A1:32:D0:B2:4B:87:B0:2A:4C:F3:4B:9C:20:D6:86:8D:5D:20:9D
Certificate issuer:       /CN=b5faec4b8d992dd6b9cd89a8489d3c3a652aecd2
Certificate serial:       0194206805C3722F37581109CE9D08285BE4
Authority key identifier: B5:FA:EC:4B:8D:99:2D:D6:B9:CD:89:A8:48:9D:3C:3A:65:2A:EC:D2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tfrsS42ZLda5zYmoSJ08OmUq7NI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/25/68c296-69b2-4070-9ff9-4243decad360/1/jKEy0LJLh7AqTPNLnCDWho1dIJ0.roa
Signing time:             Wed 01 Jan 2025 05:47:55 +0000
ROA not before:           Wed 01 Jan 2025 05:47:55 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     16047
IP address blocks:        37.60.176.0/21 maxlen: 21
                          185.220.40.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/25/68c296-69b2-4070-9ff9-4243decad360/1/tfrsS42ZLda5zYmoSJ08OmUq7NI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/25/68c296-69b2-4070-9ff9-4243decad360/1/tfrsS42ZLda5zYmoSJ08OmUq7NI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tfrsS42ZLda5zYmoSJ08OmUq7NI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 18 Apr 2025 16:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:68:05:c3:72:2f:37:58:11:09:ce:9d:08:28:5b:e4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b5faec4b8d992dd6b9cd89a8489d3c3a652aecd2
        Validity
            Not Before: Jan  1 05:47:55 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8ca132d0b24b87b02a4cf34b9c20d6868d5d209d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:61:bb:8f:96:c1:65:df:21:23:74:ca:88:e7:
                    f8:ee:42:aa:30:df:f2:6a:0e:3c:66:6b:60:2a:a8:
                    78:a3:dc:b3:f7:8e:5a:08:fe:a6:47:b8:eb:f0:08:
                    6f:89:da:56:3b:62:69:5d:7b:bd:9e:80:98:a6:0c:
                    a8:2d:1a:b2:10:bb:4c:aa:a1:eb:aa:d8:7e:1e:ee:
                    bd:00:d0:e9:ab:4e:cf:a2:8b:ed:26:77:73:60:3c:
                    b4:26:18:02:5c:01:86:f3:12:a4:bf:14:90:3a:b7:
                    8a:48:60:cf:b4:86:b0:5e:49:5c:d0:35:1e:08:43:
                    15:4a:a8:5c:26:d9:42:36:ff:d9:9c:20:05:95:27:
                    9f:4f:91:55:5b:7d:34:94:6f:89:c8:d3:46:5d:c3:
                    af:d1:51:5c:31:e8:b3:03:52:2f:d6:8f:45:9c:21:
                    2b:48:99:de:21:8c:45:5d:d6:28:54:03:34:07:91:
                    ed:e0:9c:28:14:f4:cb:8e:89:81:90:1a:ab:1a:15:
                    96:a8:3e:19:0f:9d:9b:40:83:33:b6:2c:6a:e5:b4:
                    24:82:20:dc:b7:79:7f:f0:08:f4:9c:db:3e:48:22:
                    80:d3:5d:fb:8a:34:43:4e:49:5d:98:83:e4:b2:bf:
                    94:e2:99:a3:34:80:2c:78:86:16:44:e4:cb:fc:86:
                    e4:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8C:A1:32:D0:B2:4B:87:B0:2A:4C:F3:4B:9C:20:D6:86:8D:5D:20:9D
            X509v3 Authority Key Identifier:
                keyid:B5:FA:EC:4B:8D:99:2D:D6:B9:CD:89:A8:48:9D:3C:3A:65:2A:EC:D2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tfrsS42ZLda5zYmoSJ08OmUq7NI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/25/68c296-69b2-4070-9ff9-4243decad360/1/jKEy0LJLh7AqTPNLnCDWho1dIJ0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/25/68c296-69b2-4070-9ff9-4243decad360/1/tfrsS42ZLda5zYmoSJ08OmUq7NI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.60.176.0/21
                  185.220.40.0/22

    Signature Algorithm: sha256WithRSAEncryption
         52:54:53:47:28:94:11:c3:e6:58:32:94:13:c8:90:37:d6:72:
         cd:90:27:a8:97:b8:28:cb:a1:7b:76:f1:7b:a9:0e:2c:e0:62:
         f5:2a:62:11:0a:4b:93:dd:15:85:11:56:7f:f8:3d:dd:1d:4e:
         bc:2c:84:af:54:e0:b0:58:5d:06:d1:42:37:53:2c:55:2a:e7:
         e4:e5:e4:13:3e:ae:75:c9:62:2c:94:99:2a:22:a2:29:54:a6:
         fe:d3:cc:d9:10:96:e6:71:32:01:66:a9:c1:65:be:21:a9:9a:
         7e:a7:b5:de:bb:68:98:42:de:cb:88:9f:1f:80:9e:1b:6f:9e:
         78:08:8a:75:60:09:3a:49:5d:8b:28:6f:d6:87:15:3f:eb:ed:
         71:f1:0b:a0:b0:3f:50:28:ac:ba:32:35:94:5a:1e:a3:db:f3:
         f1:55:86:72:77:46:20:d9:c8:ab:8b:03:8a:bf:79:ca:1b:5f:
         a2:18:b4:6d:f7:f2:f7:a0:74:82:6a:af:83:9a:c1:d7:81:32:
         24:28:f2:c6:99:f4:fd:7d:9c:40:72:84:1b:e8:29:5c:2a:46:
         ce:d0:ba:8f:df:69:5b:ba:f7:f7:bf:b9:05:66:03:a3:71:83:
         54:52:19:53:3a:3d:23:a0:f2:43:d6:af:13:23:6e:f6:9a:6c:
         84:7d:05:9b
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQgaAXDci83WBEJzp0IKFvkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI1ZmFlYzRiOGQ5OTJkZDZiOWNkODlhODQ4OWQzYzNhNjUy
YWVjZDIwHhcNMjUwMTAxMDU0NzU1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4Y2ExMzJkMGIyNGI4N2IwMmE0Y2YzNGI5YzIwZDY4NjhkNWQyMDlkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0WG7j5bBZd8hI3TKiOf47kKqMN/y
ag48ZmtgKqh4o9yz945aCP6mR7jr8AhvidpWO2JpXXu9noCYpgyoLRqyELtMqqHr
qth+Hu69ANDpq07PoovtJndzYDy0JhgCXAGG8xKkvxSQOreKSGDPtIawXklc0DUe
CEMVSqhcJtlCNv/ZnCAFlSefT5FVW300lG+JyNNGXcOv0VFcMeizA1Iv1o9FnCEr
SJneIYxFXdYoVAM0B5Ht4JwoFPTLjomBkBqrGhWWqD4ZD52bQIMztixq5bQkgiDc
t3l/8Aj0nNs+SCKA0137ijRDTkldmIPksr+U4pmjNIAseIYWROTL/IbkZwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFIyhMtCyS4ewKkzzS5wg1oaNXSCdMB8GA1UdIwQY
MBaAFLX67EuNmS3Wuc2JqEidPDplKuzSMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdGZyc1M0MlpMZGE1elltb1NKMDhPbVVxN05JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNS82OGMyOTYtNjliMi00MDcwLTlmZjkt
NDI0M2RlY2FkMzYwLzEvaktFeTBMSkxoN0FxVFBOTG5DRFdobzFkSUowLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNS82OGMyOTYtNjliMi00MDcwLTlmZjktNDI0M2RlY2FkMzYw
LzEvdGZyc1M0MlpMZGE1elltb1NKMDhPbVVxN05JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQDJTywAwQC
udwoMA0GCSqGSIb3DQEBCwUAA4IBAQBSVFNHKJQRw+ZYMpQTyJA31nLNkCeol7go
y6F7dvF7qQ4s4GL1KmIRCkuT3RWFEVZ/+D3dHU68LISvVOCwWF0G0UI3UyxVKufk
5eQTPq51yWIslJkqIqIpVKb+08zZEJbmcTIBZqnBZb4hqZp+p7Xeu2iYQt7LiJ8f
gJ4bb554CIp1YAk6SV2LKG/WhxU/6+1x8QugsD9QKKy6MjWUWh6j2/PxVYZyd0Yg
2ciriwOKv3nKG1+iGLRt9/L3oHSCaq+DmsHXgTIkKPLGmfT9fZxAcoQb6ClcKkbO
0LqP32lbuvf3v7kFZgOjcYNUUhlTOj0joPJD1q8TI272mmyEfQWb
-----END CERTIFICATE-----