Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/37/783f52-034d-46d3-b031-eed45c93775e/1/21v5q3pMDwpvxT2hARKYBVN9oBs.roa
File:                     21v5q3pMDwpvxT2hARKYBVN9oBs.roa (raw, json)
Hash identifier:          td2s5WSN+NdDkVRugdr/XPfHV2CBhN3a/Leo5BS5CwM=
Subject key identifier:   DB:5B:F9:AB:7A:4C:0F:0A:6F:C5:3D:A1:01:12:98:05:53:7D:A0:1B
Certificate issuer:       /CN=786758bea68f0825cf16e66fb02ee7bca454bae2
Certificate serial:       01942747645FC0756DB51D7704453DBBC3B5
Authority key identifier: 78:67:58:BE:A6:8F:08:25:CF:16:E6:6F:B0:2E:E7:BC:A4:54:BA:E2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eGdYvqaPCCXPFuZvsC7nvKRUuuI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/37/783f52-034d-46d3-b031-eed45c93775e/1/21v5q3pMDwpvxT2hARKYBVN9oBs.roa
Signing time:             Thu 02 Jan 2025 13:49:37 +0000
ROA not before:           Thu 02 Jan 2025 13:49:37 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     201912
IP address blocks:        185.162.104.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/37/783f52-034d-46d3-b031-eed45c93775e/1/eGdYvqaPCCXPFuZvsC7nvKRUuuI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/37/783f52-034d-46d3-b031-eed45c93775e/1/eGdYvqaPCCXPFuZvsC7nvKRUuuI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eGdYvqaPCCXPFuZvsC7nvKRUuuI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 17 Apr 2025 10:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:47:64:5f:c0:75:6d:b5:1d:77:04:45:3d:bb:c3:b5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=786758bea68f0825cf16e66fb02ee7bca454bae2
        Validity
            Not Before: Jan  2 13:49:37 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=db5bf9ab7a4c0f0a6fc53da101129805537da01b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:9c:45:20:90:ff:bb:a5:4d:93:f2:ee:5a:41:
                    32:bc:3c:42:b9:db:9e:1f:95:45:ef:2d:5c:14:8c:
                    1d:f1:30:6d:77:70:1e:1c:b7:18:d1:f1:2d:f6:e1:
                    91:54:a3:18:f4:17:7d:c2:25:be:62:50:71:3f:99:
                    1c:fa:7f:f0:cc:ae:da:c0:6a:06:e9:b5:6e:27:a9:
                    f2:47:6a:73:73:ee:e6:1a:61:c7:9c:7d:2d:90:12:
                    d8:c2:4c:55:b1:4f:3c:cb:53:70:6f:0d:14:68:e4:
                    34:2f:df:ed:24:6a:68:84:e5:55:9f:40:5e:92:a3:
                    49:68:db:59:84:1c:9b:86:3f:25:8a:2b:d2:d6:7b:
                    e2:02:23:38:95:61:f7:17:dc:b9:c1:de:9f:e5:a2:
                    c8:5d:d9:25:7d:1d:6c:4e:19:fb:f9:0a:4e:fd:83:
                    61:80:fc:1e:9f:7e:08:7e:23:91:5a:15:0f:bb:c5:
                    0c:4e:c8:c8:df:08:07:54:2c:18:2a:51:8e:3d:78:
                    9f:c0:91:a1:85:11:1c:51:2c:53:c1:ad:8c:4a:c6:
                    5d:8b:04:3c:21:b2:0c:48:fb:7e:e8:4d:1d:bb:dc:
                    4f:f8:d5:91:37:bb:80:2a:8f:58:5c:d9:4d:c9:2e:
                    d9:cc:6b:3f:f9:0c:a3:78:46:8b:84:ef:33:55:9d:
                    63:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DB:5B:F9:AB:7A:4C:0F:0A:6F:C5:3D:A1:01:12:98:05:53:7D:A0:1B
            X509v3 Authority Key Identifier:
                keyid:78:67:58:BE:A6:8F:08:25:CF:16:E6:6F:B0:2E:E7:BC:A4:54:BA:E2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eGdYvqaPCCXPFuZvsC7nvKRUuuI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/37/783f52-034d-46d3-b031-eed45c93775e/1/21v5q3pMDwpvxT2hARKYBVN9oBs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/37/783f52-034d-46d3-b031-eed45c93775e/1/eGdYvqaPCCXPFuZvsC7nvKRUuuI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.162.104.0/22

    Signature Algorithm: sha256WithRSAEncryption
         4a:45:69:df:12:01:8e:9f:9f:a1:56:4b:e4:23:f9:91:6d:9d:
         21:a3:d8:fd:75:1e:52:c7:94:d3:e8:d1:2f:50:bd:0a:c4:23:
         c7:5c:b1:4f:80:4a:42:d7:ed:7b:9f:20:c1:f7:36:ff:3a:17:
         f9:fa:2d:cd:15:6d:86:4a:d3:d5:f1:92:8f:e9:e9:a8:b8:a2:
         b8:06:e3:6b:39:b5:8d:09:7b:48:49:29:b6:50:a0:bc:42:65:
         85:78:86:2e:b5:e2:b7:9b:64:a0:b2:42:df:21:e3:c3:55:31:
         54:bb:f9:26:c2:f1:49:88:32:9f:99:65:38:15:c1:ca:e7:13:
         00:c6:48:08:0f:87:f2:bb:ab:97:68:29:cf:82:30:77:59:a3:
         0a:06:a9:b7:54:e6:1c:5b:e4:b0:8a:05:84:81:00:07:3a:f2:
         f1:a5:1f:bd:79:8b:a0:8c:8d:fc:62:00:35:ab:6b:bb:e1:30:
         1e:c0:bd:f7:fe:7b:12:fc:ff:30:77:ba:ec:df:2b:58:3f:e2:
         06:f3:47:ce:43:5b:78:94:5e:c6:1e:ff:96:5a:e4:80:39:56:
         5d:c2:7a:21:5c:42:7b:4e:0b:88:59:91:49:ef:b5:34:40:35:
         03:94:ed:6b:b3:b8:94:76:b6:ec:11:76:92:82:3d:ed:24:12:
         58:ab:54:22
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQnR2RfwHVttR13BEU9u8O1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc4Njc1OGJlYTY4ZjA4MjVjZjE2ZTY2ZmIwMmVlN2JjYTQ1
NGJhZTIwHhcNMjUwMTAyMTM0OTM3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYjViZjlhYjdhNGMwZjBhNmZjNTNkYTEwMTEyOTgwNTUzN2RhMDFiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnJxFIJD/u6VNk/LuWkEyvDxCudue
H5VF7y1cFIwd8TBtd3AeHLcY0fEt9uGRVKMY9Bd9wiW+YlBxP5kc+n/wzK7awGoG
6bVuJ6nyR2pzc+7mGmHHnH0tkBLYwkxVsU88y1Nwbw0UaOQ0L9/tJGpohOVVn0Be
kqNJaNtZhBybhj8liivS1nviAiM4lWH3F9y5wd6f5aLIXdklfR1sThn7+QpO/YNh
gPwen34IfiORWhUPu8UMTsjI3wgHVCwYKlGOPXifwJGhhREcUSxTwa2MSsZdiwQ8
IbIMSPt+6E0du9xP+NWRN7uAKo9YXNlNyS7ZzGs/+QyjeEaLhO8zVZ1j4wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNtb+at6TA8Kb8U9oQESmAVTfaAbMB8GA1UdIwQY
MBaAFHhnWL6mjwglzxbmb7Au57ykVLriMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZUdkWXZxYVBDQ1hQRnVadnNDN252S1JVdXVJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNy83ODNmNTItMDM0ZC00NmQzLWIwMzEt
ZWVkNDVjOTM3NzVlLzEvMjF2NXEzcE1Ed3B2eFQyaEFSS1lCVk45b0JzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNy83ODNmNTItMDM0ZC00NmQzLWIwMzEtZWVkNDVjOTM3NzVl
LzEvZUdkWXZxYVBDQ1hQRnVadnNDN252S1JVdXVJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuaJoMA0G
CSqGSIb3DQEBCwUAA4IBAQBKRWnfEgGOn5+hVkvkI/mRbZ0ho9j9dR5Sx5TT6NEv
UL0KxCPHXLFPgEpC1+17nyDB9zb/Ohf5+i3NFW2GStPV8ZKP6emouKK4BuNrObWN
CXtISSm2UKC8QmWFeIYuteK3m2SgskLfIePDVTFUu/kmwvFJiDKfmWU4FcHK5xMA
xkgID4fyu6uXaCnPgjB3WaMKBqm3VOYcW+SwigWEgQAHOvLxpR+9eYugjI38YgA1
q2u74TAewL33/nsS/P8wd7rs3ytYP+IG80fOQ1t4lF7GHv+WWuSAOVZdwnohXEJ7
TguIWZFJ77U0QDUDlO1rs7iUdrbsEXaSgj3tJBJYq1Qi
-----END CERTIFICATE-----