Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2e/3ec24a-b191-434a-bdc2-06a810af8d34/1/Cx9kha5bv103Kq3bAG_MTrrJE34.roa
File:                     Cx9kha5bv103Kq3bAG_MTrrJE34.roa (raw, json)
Hash identifier:          johgfLtk10gvNPvG8Domyd4XBTCwy6ebk0g5h9P2w50=
Subject key identifier:   0B:1F:64:85:AE:5B:BF:5D:37:2A:AD:DB:00:6F:CC:4E:BA:C9:13:7E
Certificate issuer:       /CN=d890d4ee07fc21c111d635284da7fb19fd706ce2
Certificate serial:       019426D9AFDA0E1F316979ABBFC7AADDFD7F
Authority key identifier: D8:90:D4:EE:07:FC:21:C1:11:D6:35:28:4D:A7:FB:19:FD:70:6C:E2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2JDU7gf8IcER1jUoTaf7Gf1wbOI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2e/3ec24a-b191-434a-bdc2-06a810af8d34/1/Cx9kha5bv103Kq3bAG_MTrrJE34.roa
Signing time:             Thu 02 Jan 2025 11:49:48 +0000
ROA not before:           Thu 02 Jan 2025 11:49:48 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     200845
IP address blocks:        185.157.92.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2e/3ec24a-b191-434a-bdc2-06a810af8d34/1/2JDU7gf8IcER1jUoTaf7Gf1wbOI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2e/3ec24a-b191-434a-bdc2-06a810af8d34/1/2JDU7gf8IcER1jUoTaf7Gf1wbOI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2JDU7gf8IcER1jUoTaf7Gf1wbOI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 23:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:d9:af:da:0e:1f:31:69:79:ab:bf:c7:aa:dd:fd:7f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d890d4ee07fc21c111d635284da7fb19fd706ce2
        Validity
            Not Before: Jan  2 11:49:48 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0b1f6485ae5bbf5d372aaddb006fcc4ebac9137e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:34:f1:cf:33:87:b0:93:c6:c3:97:5b:61:03:
                    e5:1e:41:59:3a:ed:d6:51:7a:c4:f8:c7:24:de:49:
                    2b:b3:d9:64:04:42:9d:ce:3e:0d:8b:85:e8:c4:9b:
                    a9:f5:74:bd:b3:9a:71:5b:04:6a:64:60:be:6e:22:
                    01:73:e3:85:45:de:76:82:e4:9f:e2:02:c3:a3:51:
                    c3:ab:e4:85:22:e0:26:61:dc:2a:71:42:84:57:2f:
                    b3:35:ea:28:9f:a9:6c:d7:49:9d:ba:7c:0f:72:25:
                    8e:72:0b:5a:f9:97:85:5c:96:c8:37:64:ef:f3:d9:
                    4b:73:61:bd:f8:3d:e0:49:4f:e2:0a:8e:bc:5e:a1:
                    ed:04:c2:42:a2:c8:af:50:31:e3:56:b6:24:c1:af:
                    5b:80:1c:47:ff:8d:6f:ad:d1:50:0a:c6:48:60:a5:
                    be:3a:19:63:bc:2a:e8:c2:44:3d:1c:2a:cd:e5:29:
                    b2:46:7d:cb:8c:31:71:35:a9:d4:15:50:21:34:25:
                    2c:84:97:5f:bc:a9:a8:70:4e:c3:80:6d:37:a9:ff:
                    97:c1:54:0d:08:8f:24:a0:a7:4f:b1:44:65:34:ec:
                    6e:a9:d2:5f:6f:49:ce:29:a7:0b:e5:7d:bc:e4:59:
                    a1:4e:8f:97:c9:a2:91:aa:61:8f:ff:fe:f0:94:33:
                    8d:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0B:1F:64:85:AE:5B:BF:5D:37:2A:AD:DB:00:6F:CC:4E:BA:C9:13:7E
            X509v3 Authority Key Identifier:
                keyid:D8:90:D4:EE:07:FC:21:C1:11:D6:35:28:4D:A7:FB:19:FD:70:6C:E2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2JDU7gf8IcER1jUoTaf7Gf1wbOI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2e/3ec24a-b191-434a-bdc2-06a810af8d34/1/Cx9kha5bv103Kq3bAG_MTrrJE34.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2e/3ec24a-b191-434a-bdc2-06a810af8d34/1/2JDU7gf8IcER1jUoTaf7Gf1wbOI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.157.92.0/22

    Signature Algorithm: sha256WithRSAEncryption
         6b:a6:d4:b1:f2:02:0c:1c:06:d0:e4:b8:b6:2d:f9:66:78:0f:
         20:a9:6a:93:78:e8:b7:36:c7:18:70:8d:f4:69:c0:c1:7c:52:
         75:d2:33:28:19:b8:4a:bc:e2:d5:f3:bc:0b:d3:1f:ae:48:c6:
         84:57:13:91:63:df:f2:04:d5:79:00:24:c5:52:49:54:91:25:
         3b:3b:92:cd:43:9d:75:83:49:b4:1c:81:f6:c2:bd:28:66:cd:
         71:93:b0:e9:9a:74:f0:1f:88:fc:d0:41:95:ca:09:42:18:d8:
         9c:94:06:a2:99:5b:01:08:80:89:97:32:58:b7:61:74:45:95:
         b5:d7:90:4b:71:81:86:d6:97:4c:02:fc:00:29:16:21:a0:63:
         11:a0:33:95:2c:73:a9:d4:8a:47:3d:81:ef:33:96:c1:2c:c5:
         2d:aa:f5:81:3d:6a:b7:51:06:21:44:34:74:78:24:ca:ed:4c:
         c7:a6:7d:2f:b4:91:31:c7:c4:a4:ee:88:28:63:8e:78:f7:1a:
         a7:07:7b:c3:a9:a9:0c:19:a6:de:48:f9:e8:55:b2:1d:21:28:
         88:5b:b2:bc:e2:b6:14:25:b6:ae:d7:12:dd:e8:31:ec:98:b1:
         f4:0b:75:4e:dd:94:14:5c:cb:a1:ac:8d:cd:f5:d5:16:ac:63:
         04:b1:62:28
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQm2a/aDh8xaXmrv8eq3f1/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ4OTBkNGVlMDdmYzIxYzExMWQ2MzUyODRkYTdmYjE5ZmQ3
MDZjZTIwHhcNMjUwMTAyMTE0OTQ4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYjFmNjQ4NWFlNWJiZjVkMzcyYWFkZGIwMDZmY2M0ZWJhYzkxMzdlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0TTxzzOHsJPGw5dbYQPlHkFZOu3W
UXrE+Mck3kkrs9lkBEKdzj4Ni4XoxJup9XS9s5pxWwRqZGC+biIBc+OFRd52guSf
4gLDo1HDq+SFIuAmYdwqcUKEVy+zNeoon6ls10mdunwPciWOcgta+ZeFXJbIN2Tv
89lLc2G9+D3gSU/iCo68XqHtBMJCosivUDHjVrYkwa9bgBxH/41vrdFQCsZIYKW+
OhljvCrowkQ9HCrN5SmyRn3LjDFxNanUFVAhNCUshJdfvKmocE7DgG03qf+XwVQN
CI8koKdPsURlNOxuqdJfb0nOKacL5X285FmhTo+XyaKRqmGP//7wlDONfwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAsfZIWuW79dNyqt2wBvzE66yRN+MB8GA1UdIwQY
MBaAFNiQ1O4H/CHBEdY1KE2n+xn9cGziMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMkpEVTdnZjhJY0VSMWpVb1RhZjdHZjF3Yk9JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZS8zZWMyNGEtYjE5MS00MzRhLWJkYzIt
MDZhODEwYWY4ZDM0LzEvQ3g5a2hhNWJ2MTAzS3EzYkFHX01UcnJKRTM0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZS8zZWMyNGEtYjE5MS00MzRhLWJkYzItMDZhODEwYWY4ZDM0
LzEvMkpEVTdnZjhJY0VSMWpVb1RhZjdHZjF3Yk9JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuZ1cMA0G
CSqGSIb3DQEBCwUAA4IBAQBrptSx8gIMHAbQ5Li2LflmeA8gqWqTeOi3NscYcI30
acDBfFJ10jMoGbhKvOLV87wL0x+uSMaEVxORY9/yBNV5ACTFUklUkSU7O5LNQ511
g0m0HIH2wr0oZs1xk7DpmnTwH4j80EGVyglCGNiclAaimVsBCICJlzJYt2F0RZW1
15BLcYGG1pdMAvwAKRYhoGMRoDOVLHOp1IpHPYHvM5bBLMUtqvWBPWq3UQYhRDR0
eCTK7UzHpn0vtJExx8Sk7ogoY4549xqnB3vDqakMGabeSPnoVbIdISiIW7K84rYU
Jbau1xLd6DHsmLH0C3VO3ZQUXMuhrI3N9dUWrGMEsWIo
-----END CERTIFICATE-----