Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/41/ebf381-00c8-480d-a66c-76a1d4d83197/1/apLqK898oR7RE-dAFEvdyErBOzE.roa
File:                     apLqK898oR7RE-dAFEvdyErBOzE.roa (raw, json)
Hash identifier:          7wPWjmBIQU48S3GSQT90DN//sDuxGXlKRA7f0n/Hjc8=
Subject key identifier:   6A:92:EA:2B:CF:7C:A1:1E:D1:13:E7:40:14:4B:DD:C8:4A:C1:3B:31
Certificate issuer:       /CN=3ad734cf90c773428806b968209515b914831a9d
Certificate serial:       0194214429BAABB33058250EAB2193C30805
Authority key identifier: 3A:D7:34:CF:90:C7:73:42:88:06:B9:68:20:95:15:B9:14:83:1A:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Otc0z5DHc0KIBrloIJUVuRSDGp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/41/ebf381-00c8-480d-a66c-76a1d4d83197/1/apLqK898oR7RE-dAFEvdyErBOzE.roa
Signing time:             Wed 01 Jan 2025 09:48:22 +0000
ROA not before:           Wed 01 Jan 2025 09:48:22 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     16125
IP address blocks:        185.191.22.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/41/ebf381-00c8-480d-a66c-76a1d4d83197/1/Otc0z5DHc0KIBrloIJUVuRSDGp0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/41/ebf381-00c8-480d-a66c-76a1d4d83197/1/Otc0z5DHc0KIBrloIJUVuRSDGp0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Otc0z5DHc0KIBrloIJUVuRSDGp0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 13:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:44:29:ba:ab:b3:30:58:25:0e:ab:21:93:c3:08:05
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3ad734cf90c773428806b968209515b914831a9d
        Validity
            Not Before: Jan  1 09:48:22 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6a92ea2bcf7ca11ed113e740144bddc84ac13b31
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:47:34:e6:cd:78:8b:69:25:48:a4:66:bc:ef:
                    b7:7e:cf:19:b4:ac:35:5f:62:e6:cb:15:b5:18:25:
                    44:2f:e7:2b:85:4f:ec:ea:89:54:14:23:3f:10:88:
                    bd:53:4d:38:32:43:e6:36:80:d7:a1:f8:46:53:73:
                    58:a4:09:2d:91:5e:45:e7:e5:15:fb:42:85:5a:77:
                    2d:a2:8a:78:e0:4b:ab:13:6e:9b:ff:54:f4:66:93:
                    12:81:16:45:82:50:7d:a1:2c:74:00:ac:fd:ab:5d:
                    ae:00:7c:db:6c:3d:81:df:15:07:e6:21:68:da:4a:
                    17:1d:33:7a:e5:10:4e:ed:cc:c7:ad:c7:50:04:20:
                    b4:74:dd:8e:e9:fb:ec:1c:db:55:89:ee:72:69:e2:
                    95:14:6d:5d:b8:f6:bc:4a:83:44:7b:30:bc:98:3e:
                    50:41:92:0b:3b:2f:6a:12:12:14:07:2a:24:64:9a:
                    7c:be:06:70:6c:15:95:31:1a:c1:60:66:1a:8c:1f:
                    5c:1f:05:c4:06:ab:10:3e:74:4c:e0:70:74:08:81:
                    82:ed:a8:8c:44:bd:72:8c:e8:9c:88:86:26:ee:ed:
                    34:07:a3:27:ec:42:a1:65:0d:53:d8:e4:e5:08:90:
                    85:1b:87:02:33:fc:09:91:04:1e:6c:68:57:75:d3:
                    75:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6A:92:EA:2B:CF:7C:A1:1E:D1:13:E7:40:14:4B:DD:C8:4A:C1:3B:31
            X509v3 Authority Key Identifier:
                keyid:3A:D7:34:CF:90:C7:73:42:88:06:B9:68:20:95:15:B9:14:83:1A:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Otc0z5DHc0KIBrloIJUVuRSDGp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/41/ebf381-00c8-480d-a66c-76a1d4d83197/1/apLqK898oR7RE-dAFEvdyErBOzE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/41/ebf381-00c8-480d-a66c-76a1d4d83197/1/Otc0z5DHc0KIBrloIJUVuRSDGp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.191.22.0/23

    Signature Algorithm: sha256WithRSAEncryption
         b0:7d:17:bd:d4:0b:cd:e4:b3:63:25:3f:66:1d:a1:9a:fd:dc:
         06:a7:2f:de:aa:ea:24:b5:77:77:a1:5d:fb:61:9b:ac:b3:05:
         db:6c:40:21:10:f4:61:1b:83:91:d1:22:4b:12:dd:e7:04:9e:
         08:89:99:8b:fb:d4:e2:69:d6:c6:a8:29:4e:3b:ff:ec:87:f7:
         e2:fc:18:ad:aa:32:39:76:a4:af:a0:dc:00:08:fb:11:ea:6c:
         14:ce:bb:1e:3a:49:77:07:59:c8:75:e5:95:a9:00:8a:93:f7:
         97:c5:2a:4a:69:05:89:38:50:c0:2d:fe:6b:ff:4a:7c:b6:2f:
         08:5e:31:47:27:df:5f:63:20:dd:c6:f6:6b:81:09:7d:f4:bf:
         72:b9:20:39:87:88:2e:00:83:d6:31:d5:8a:18:95:28:1c:8b:
         4e:11:03:d8:c0:a1:86:69:98:28:8b:53:73:02:b0:c1:38:ca:
         d9:84:c0:c7:8a:53:06:a4:ce:8a:9b:d8:f6:a3:9a:f4:02:ae:
         de:c5:89:f3:83:62:a2:43:4a:a2:cd:61:53:b8:18:22:a8:6b:
         bf:c3:99:dd:0c:fa:f8:d5:df:e9:f2:fd:57:d8:a4:5e:df:d6:
         98:fb:ce:f9:07:62:14:0a:51:0b:12:3e:9d:d4:b0:90:6f:99:
         f5:cd:e5:96
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhRCm6q7MwWCUOqyGTwwgFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNhZDczNGNmOTBjNzczNDI4ODA2Yjk2ODIwOTUxNWI5MTQ4
MzFhOWQwHhcNMjUwMTAxMDk0ODIyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YTkyZWEyYmNmN2NhMTFlZDExM2U3NDAxNDRiZGRjODRhYzEzYjMxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwUc05s14i2klSKRmvO+3fs8ZtKw1
X2LmyxW1GCVEL+crhU/s6olUFCM/EIi9U004MkPmNoDXofhGU3NYpAktkV5F5+UV
+0KFWnctoop44EurE26b/1T0ZpMSgRZFglB9oSx0AKz9q12uAHzbbD2B3xUH5iFo
2koXHTN65RBO7czHrcdQBCC0dN2O6fvsHNtVie5yaeKVFG1duPa8SoNEezC8mD5Q
QZILOy9qEhIUByokZJp8vgZwbBWVMRrBYGYajB9cHwXEBqsQPnRM4HB0CIGC7aiM
RL1yjOiciIYm7u00B6Mn7EKhZQ1T2OTlCJCFG4cCM/wJkQQebGhXddN1/wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGqS6ivPfKEe0RPnQBRL3chKwTsxMB8GA1UdIwQY
MBaAFDrXNM+Qx3NCiAa5aCCVFbkUgxqdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT3RjMHo1REhjMEtJQnJsb0lKVVZ1UlNER3AwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MS9lYmYzODEtMDBjOC00ODBkLWE2NmMt
NzZhMWQ0ZDgzMTk3LzEvYXBMcUs4OThvUjdSRS1kQUZFdmR5RXJCT3pFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MS9lYmYzODEtMDBjOC00ODBkLWE2NmMtNzZhMWQ0ZDgzMTk3
LzEvT3RjMHo1REhjMEtJQnJsb0lKVVZ1UlNER3AwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBub8WMA0G
CSqGSIb3DQEBCwUAA4IBAQCwfRe91AvN5LNjJT9mHaGa/dwGpy/equoktXd3oV37
YZusswXbbEAhEPRhG4OR0SJLEt3nBJ4IiZmL+9TiadbGqClOO//sh/fi/BitqjI5
dqSvoNwACPsR6mwUzrseOkl3B1nIdeWVqQCKk/eXxSpKaQWJOFDALf5r/0p8ti8I
XjFHJ99fYyDdxvZrgQl99L9yuSA5h4guAIPWMdWKGJUoHItOEQPYwKGGaZgoi1Nz
ArDBOMrZhMDHilMGpM6Km9j2o5r0Aq7exYnzg2KiQ0qizWFTuBgiqGu/w5ndDPr4
1d/p8v1X2KRe39aY+875B2IUClELEj6d1LCQb5n1zeWW
-----END CERTIFICATE-----