Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3e/e7f6aa-6ee4-4b4c-8681-7db8eba79ef1/1/YwjVQrwYeFZPTMiqnnut8eO8rkw.roa
File:                     YwjVQrwYeFZPTMiqnnut8eO8rkw.roa (raw, json)
Hash identifier:          o942C1AhbUgPtgCYdOmXc46V0WMZFJ062pG0YGycwpc=
Subject key identifier:   63:08:D5:42:BC:18:78:56:4F:4C:C8:AA:9E:7B:AD:F1:E3:BC:AE:4C
Certificate issuer:       /CN=3da213f02a670b05370c55eccce90fe1ad70c49b
Certificate serial:       0194221F638F772D8DFFC2AA4CE9BF7DD222
Authority key identifier: 3D:A2:13:F0:2A:67:0B:05:37:0C:55:EC:CC:E9:0F:E1:AD:70:C4:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PaIT8CpnCwU3DFXszOkP4a1wxJs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3e/e7f6aa-6ee4-4b4c-8681-7db8eba79ef1/1/YwjVQrwYeFZPTMiqnnut8eO8rkw.roa
Signing time:             Wed 01 Jan 2025 13:47:49 +0000
ROA not before:           Wed 01 Jan 2025 13:47:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     200924
IP address blocks:        185.50.122.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3e/e7f6aa-6ee4-4b4c-8681-7db8eba79ef1/1/PaIT8CpnCwU3DFXszOkP4a1wxJs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3e/e7f6aa-6ee4-4b4c-8681-7db8eba79ef1/1/PaIT8CpnCwU3DFXszOkP4a1wxJs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PaIT8CpnCwU3DFXszOkP4a1wxJs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 14 Apr 2025 17:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:1f:63:8f:77:2d:8d:ff:c2:aa:4c:e9:bf:7d:d2:22
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3da213f02a670b05370c55eccce90fe1ad70c49b
        Validity
            Not Before: Jan  1 13:47:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6308d542bc1878564f4cc8aa9e7badf1e3bcae4c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:3d:c9:17:c5:21:c3:b0:d7:62:d2:2f:56:ae:
                    fc:19:d0:3e:79:a8:c1:e0:54:8b:25:07:a9:c6:89:
                    a3:91:ea:b2:b3:95:28:41:08:a4:0a:ee:93:09:0f:
                    55:05:36:3f:c8:fa:57:1c:c9:a4:63:14:2a:0b:05:
                    18:7a:3e:f1:e0:de:15:e8:09:de:39:cc:cc:38:53:
                    73:a1:d8:11:75:9b:58:ee:32:ac:1c:ee:fc:af:ed:
                    77:1b:66:12:49:c4:4f:9f:6e:f1:90:f3:f7:40:f9:
                    4a:9b:77:9b:8e:cd:ec:ac:42:ff:63:f0:e3:6c:95:
                    ac:60:24:ff:d7:e3:91:a2:1d:11:6f:82:f5:c6:86:
                    5c:19:2b:90:2c:4f:d3:54:36:6f:bf:dc:cf:e3:9d:
                    01:c4:3a:f6:41:c9:c0:21:c7:28:7d:d7:09:25:3a:
                    3d:e9:b0:99:d1:da:62:e1:c6:a1:6f:27:93:66:2e:
                    ea:07:0c:dc:28:7e:e0:3e:f6:0c:a6:ba:d4:da:05:
                    b0:fd:5b:03:d3:d2:b6:8a:05:29:7a:3e:38:d7:7b:
                    93:3d:5d:de:65:67:fc:8e:1d:cc:f8:b8:5a:ec:6c:
                    f8:da:fe:c5:29:4b:29:f1:6c:81:78:25:9e:4b:61:
                    c3:e9:b1:9b:80:1b:03:69:88:35:92:5e:86:ad:d4:
                    15:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                63:08:D5:42:BC:18:78:56:4F:4C:C8:AA:9E:7B:AD:F1:E3:BC:AE:4C
            X509v3 Authority Key Identifier:
                keyid:3D:A2:13:F0:2A:67:0B:05:37:0C:55:EC:CC:E9:0F:E1:AD:70:C4:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PaIT8CpnCwU3DFXszOkP4a1wxJs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3e/e7f6aa-6ee4-4b4c-8681-7db8eba79ef1/1/YwjVQrwYeFZPTMiqnnut8eO8rkw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3e/e7f6aa-6ee4-4b4c-8681-7db8eba79ef1/1/PaIT8CpnCwU3DFXszOkP4a1wxJs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.50.122.0/23

    Signature Algorithm: sha256WithRSAEncryption
         93:83:94:4b:88:78:fc:9d:6f:07:c6:4f:b5:37:60:a4:e5:17:
         1a:07:a9:f1:d7:e4:0f:29:72:95:05:69:3e:bc:52:79:93:19:
         80:bc:c8:39:26:c7:4b:5d:dc:20:5e:27:c1:2b:75:4a:00:69:
         6a:b7:1f:ca:57:48:db:b0:14:62:bf:2d:81:3e:8a:c7:3d:9e:
         d8:91:89:dc:23:c7:06:2a:d0:12:8f:a9:30:22:71:1e:45:ac:
         fa:dc:dd:04:80:15:bb:31:06:34:35:82:4f:5c:47:f5:87:d0:
         1a:b3:a4:78:be:07:31:a9:73:47:d6:f1:2f:ef:9e:3d:f9:83:
         e1:ac:97:45:1d:bb:9d:85:b4:44:01:fd:d9:4b:84:e1:0a:e3:
         7e:0c:c3:08:88:0b:2b:c0:4f:d1:48:9d:98:fc:5b:e6:3a:2e:
         28:bd:f7:3d:b8:5f:31:2d:71:42:b2:46:e3:f5:ec:fa:7c:d2:
         39:ac:67:4e:e9:fd:36:0b:91:cc:db:a3:61:3f:ff:db:56:1d:
         df:57:36:c3:51:d7:5e:f5:c5:4b:f4:71:ac:b4:78:56:93:d6:
         42:cc:cf:19:13:ed:87:75:3a:52:39:c2:19:cc:b4:39:d6:f3:
         96:b8:7c:56:0b:16:11:df:11:1c:6c:4c:b0:ca:c4:8c:d5:44:
         c8:cf:10:ec
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQiH2OPdy2N/8KqTOm/fdIiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNkYTIxM2YwMmE2NzBiMDUzNzBjNTVlY2NjZTkwZmUxYWQ3
MGM0OWIwHhcNMjUwMTAxMTM0NzQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MzA4ZDU0MmJjMTg3ODU2NGY0Y2M4YWE5ZTdiYWRmMWUzYmNhZTRjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxT3JF8Uhw7DXYtIvVq78GdA+eajB
4FSLJQepxomjkeqys5UoQQikCu6TCQ9VBTY/yPpXHMmkYxQqCwUYej7x4N4V6Ane
OczMOFNzodgRdZtY7jKsHO78r+13G2YSScRPn27xkPP3QPlKm3ebjs3srEL/Y/Dj
bJWsYCT/1+ORoh0Rb4L1xoZcGSuQLE/TVDZvv9zP450BxDr2QcnAIccofdcJJTo9
6bCZ0dpi4cahbyeTZi7qBwzcKH7gPvYMprrU2gWw/VsD09K2igUpej4413uTPV3e
ZWf8jh3M+Lha7Gz42v7FKUsp8WyBeCWeS2HD6bGbgBsDaYg1kl6GrdQVQQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGMI1UK8GHhWT0zIqp57rfHjvK5MMB8GA1UdIwQY
MBaAFD2iE/AqZwsFNwxV7MzpD+GtcMSbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUGFJVDhDcG5Dd1UzREZYc3pPa1A0YTF3eEpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZS9lN2Y2YWEtNmVlNC00YjRjLTg2ODEt
N2RiOGViYTc5ZWYxLzEvWXdqVlFyd1llRlpQVE1pcW5udXQ4ZU84cmt3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZS9lN2Y2YWEtNmVlNC00YjRjLTg2ODEtN2RiOGViYTc5ZWYx
LzEvUGFJVDhDcG5Dd1UzREZYc3pPa1A0YTF3eEpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBuTJ6MA0G
CSqGSIb3DQEBCwUAA4IBAQCTg5RLiHj8nW8Hxk+1N2Ck5RcaB6nx1+QPKXKVBWk+
vFJ5kxmAvMg5JsdLXdwgXifBK3VKAGlqtx/KV0jbsBRivy2BPorHPZ7YkYncI8cG
KtASj6kwInEeRaz63N0EgBW7MQY0NYJPXEf1h9Aas6R4vgcxqXNH1vEv7549+YPh
rJdFHbudhbREAf3ZS4ThCuN+DMMIiAsrwE/RSJ2Y/FvmOi4ovfc9uF8xLXFCskbj
9ez6fNI5rGdO6f02C5HM26NhP//bVh3fVzbDUdde9cVL9HGstHhWk9ZCzM8ZE+2H
dTpSOcIZzLQ51vOWuHxWCxYR3xEcbEywysSM1UTIzxDs
-----END CERTIFICATE-----