Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/30/d73ac9-3d65-4e2d-8bbf-e034f65e7f60/1/ToVVgCXoslxYoBXJ20dyufaadGQ.roa
File:                     ToVVgCXoslxYoBXJ20dyufaadGQ.roa (raw, json)
Hash identifier:          pQi4XzfxTHe7c0yuSomBxVB+uUc5SATfiB1mQxdDEJI=
Subject key identifier:   4E:85:55:80:25:E8:B2:5C:58:A0:15:C9:DB:47:72:B9:F6:9A:74:64
Certificate issuer:       /CN=644cdbae84b26a8484b10c00ebfdfbcb4990c157
Certificate serial:       019426D94605A8A206685B622BCF3B57E15F
Authority key identifier: 64:4C:DB:AE:84:B2:6A:84:84:B1:0C:00:EB:FD:FB:CB:49:90:C1:57
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ZEzbroSyaoSEsQwA6_37y0mQwVc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/30/d73ac9-3d65-4e2d-8bbf-e034f65e7f60/1/ToVVgCXoslxYoBXJ20dyufaadGQ.roa
Signing time:             Thu 02 Jan 2025 11:49:20 +0000
ROA not before:           Thu 02 Jan 2025 11:49:20 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     174
IP address blocks:        185.244.16.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/30/d73ac9-3d65-4e2d-8bbf-e034f65e7f60/1/ZEzbroSyaoSEsQwA6_37y0mQwVc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/30/d73ac9-3d65-4e2d-8bbf-e034f65e7f60/1/ZEzbroSyaoSEsQwA6_37y0mQwVc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ZEzbroSyaoSEsQwA6_37y0mQwVc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 05:00:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:d9:46:05:a8:a2:06:68:5b:62:2b:cf:3b:57:e1:5f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=644cdbae84b26a8484b10c00ebfdfbcb4990c157
        Validity
            Not Before: Jan  2 11:49:20 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4e85558025e8b25c58a015c9db4772b9f69a7464
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:cc:fc:c6:b1:13:62:e9:06:2f:2b:67:ec:26:
                    42:64:f0:8c:e9:97:c9:2c:cd:fe:82:49:81:4b:9a:
                    ff:ae:18:dc:09:9a:ed:04:56:5f:dd:8d:82:bc:5d:
                    81:c5:40:94:be:10:c7:f9:76:90:91:78:77:6f:23:
                    01:9c:69:23:38:38:6c:83:c2:9f:62:12:a7:ec:88:
                    53:b1:a7:0b:fa:49:48:44:47:2b:73:71:e4:dd:19:
                    9c:a6:34:a9:19:ed:25:1f:6b:a3:68:7f:cf:24:2d:
                    89:f5:ab:2f:f6:07:eb:07:09:b6:90:90:8b:dc:50:
                    e4:f0:73:22:50:18:8c:7f:d8:8a:13:24:d7:34:7f:
                    96:64:d7:04:a4:ec:45:e6:7e:03:87:62:da:aa:04:
                    03:49:15:29:78:04:6b:e5:0c:9d:bd:c7:85:93:ed:
                    e0:46:2e:06:45:5c:db:07:4c:27:17:1a:32:90:f9:
                    d0:54:e9:c4:20:df:aa:05:51:b9:e4:a3:f1:d6:dc:
                    c0:15:88:75:5a:47:3f:21:08:dc:df:a8:c5:37:82:
                    7a:ef:69:0c:cb:9f:6d:47:29:e1:a9:e8:39:7c:43:
                    bd:55:3a:b7:cd:4c:89:01:ce:7e:b1:68:3e:87:7c:
                    2c:a3:c0:e9:28:fa:4c:d4:4b:a3:b8:ad:1a:9a:48:
                    a2:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4E:85:55:80:25:E8:B2:5C:58:A0:15:C9:DB:47:72:B9:F6:9A:74:64
            X509v3 Authority Key Identifier:
                keyid:64:4C:DB:AE:84:B2:6A:84:84:B1:0C:00:EB:FD:FB:CB:49:90:C1:57

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZEzbroSyaoSEsQwA6_37y0mQwVc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/30/d73ac9-3d65-4e2d-8bbf-e034f65e7f60/1/ToVVgCXoslxYoBXJ20dyufaadGQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/30/d73ac9-3d65-4e2d-8bbf-e034f65e7f60/1/ZEzbroSyaoSEsQwA6_37y0mQwVc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.244.16.0/22

    Signature Algorithm: sha256WithRSAEncryption
         7a:56:71:e0:11:68:2f:9e:21:c6:f5:44:84:4a:a5:49:b4:86:
         7b:34:8c:4e:36:4e:2f:5b:79:b9:ad:d0:7f:d8:d3:23:fc:ab:
         87:d1:29:d6:b2:02:71:86:f1:48:94:78:f5:e7:46:5e:bf:59:
         4b:47:16:13:82:50:16:f7:49:10:d1:ea:f1:09:4d:4a:cc:a5:
         5b:65:f5:e0:14:e7:0d:bf:3a:45:31:37:0d:37:0b:f6:43:ad:
         17:64:1b:41:b7:35:dc:c3:a9:5d:38:6d:a9:43:de:87:d1:de:
         cb:58:56:ac:cd:2f:33:b3:e9:c2:4a:12:56:8f:b8:89:62:88:
         83:d7:55:97:b7:75:75:0f:1e:a4:cf:2f:2d:3f:0d:a2:57:79:
         0c:af:2c:fd:d4:96:9f:51:24:d1:3d:e5:27:7a:15:b7:31:20:
         da:80:fe:f4:95:1e:da:ff:51:28:32:52:bc:73:f7:4f:69:8e:
         30:48:57:eb:05:1b:5e:c7:36:ab:f0:a9:df:7a:9b:a8:0a:a0:
         00:be:8e:73:91:07:bf:61:e8:8f:ca:22:fb:37:d1:cd:d1:ba:
         22:e8:fa:e3:9c:bf:c1:5c:c9:12:45:49:a8:36:42:57:dc:f7:
         8f:91:cb:6d:c3:45:f8:26:cb:6a:d8:25:18:4e:de:5f:82:fb:
         82:fd:7c:b6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQm2UYFqKIGaFtiK887V+FfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY0NGNkYmFlODRiMjZhODQ4NGIxMGMwMGViZmRmYmNiNDk5
MGMxNTcwHhcNMjUwMTAyMTE0OTIwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZTg1NTU4MDI1ZThiMjVjNThhMDE1YzlkYjQ3NzJiOWY2OWE3NDY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAssz8xrETYukGLytn7CZCZPCM6ZfJ
LM3+gkmBS5r/rhjcCZrtBFZf3Y2CvF2BxUCUvhDH+XaQkXh3byMBnGkjODhsg8Kf
YhKn7IhTsacL+klIREcrc3Hk3RmcpjSpGe0lH2ujaH/PJC2J9asv9gfrBwm2kJCL
3FDk8HMiUBiMf9iKEyTXNH+WZNcEpOxF5n4Dh2LaqgQDSRUpeARr5QydvceFk+3g
Ri4GRVzbB0wnFxoykPnQVOnEIN+qBVG55KPx1tzAFYh1Wkc/IQjc36jFN4J672kM
y59tRynhqeg5fEO9VTq3zUyJAc5+sWg+h3wso8DpKPpM1EujuK0amkiiaQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFE6FVYAl6LJcWKAVydtHcrn2mnRkMB8GA1UdIwQY
MBaAFGRM266EsmqEhLEMAOv9+8tJkMFXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWkV6YnJvU3lhb1NFc1F3QTZfMzd5MG1Rd1ZjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMC9kNzNhYzktM2Q2NS00ZTJkLThiYmYt
ZTAzNGY2NWU3ZjYwLzEvVG9WVmdDWG9zbHhZb0JYSjIwZHl1ZmFhZEdRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMC9kNzNhYzktM2Q2NS00ZTJkLThiYmYtZTAzNGY2NWU3ZjYw
LzEvWkV6YnJvU3lhb1NFc1F3QTZfMzd5MG1Rd1ZjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCufQQMA0G
CSqGSIb3DQEBCwUAA4IBAQB6VnHgEWgvniHG9USESqVJtIZ7NIxONk4vW3m5rdB/
2NMj/KuH0SnWsgJxhvFIlHj150Zev1lLRxYTglAW90kQ0erxCU1KzKVbZfXgFOcN
vzpFMTcNNwv2Q60XZBtBtzXcw6ldOG2pQ96H0d7LWFaszS8zs+nCShJWj7iJYoiD
11WXt3V1Dx6kzy8tPw2iV3kMryz91JafUSTRPeUnehW3MSDagP70lR7a/1EoMlK8
c/dPaY4wSFfrBRtexzar8KnfepuoCqAAvo5zkQe/YeiPyiL7N9HN0boi6PrjnL/B
XMkSRUmoNkJX3PePkcttw0X4Jstq2CUYTt5fgvuC/Xy2
-----END CERTIFICATE-----