Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/46/5a2919-6d5f-475b-ab0a-dc6315e7ed8b/1/Ex_2ickmNwSl468A43nBNWlR1U4.roa
File:                     Ex_2ickmNwSl468A43nBNWlR1U4.roa (raw, json)
Hash identifier:          2F6N+mLC+ZFSEAJYbcx9IRB+VD26lz+G1r697PEXjx4=
Subject key identifier:   13:1F:F6:89:C9:26:37:04:A5:E3:AF:00:E3:79:C1:35:69:51:D5:4E
Certificate issuer:       /CN=372535eac158c026727a25e1ebe46d8a5c9cfbbf
Certificate serial:       01941F8C67FE6D2D8B12EDDD2F3CF8992280
Authority key identifier: 37:25:35:EA:C1:58:C0:26:72:7A:25:E1:EB:E4:6D:8A:5C:9C:FB:BF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NyU16sFYwCZyeiXh6-Rtilyc-78.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/46/5a2919-6d5f-475b-ab0a-dc6315e7ed8b/1/Ex_2ickmNwSl468A43nBNWlR1U4.roa
Signing time:             Wed 01 Jan 2025 01:48:02 +0000
ROA not before:           Wed 01 Jan 2025 01:48:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     202862
IP address blocks:        185.151.180.0/22 maxlen: 22
                          185.151.180.0/23 maxlen: 23
                          185.151.182.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/46/5a2919-6d5f-475b-ab0a-dc6315e7ed8b/1/NyU16sFYwCZyeiXh6-Rtilyc-78.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/46/5a2919-6d5f-475b-ab0a-dc6315e7ed8b/1/NyU16sFYwCZyeiXh6-Rtilyc-78.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NyU16sFYwCZyeiXh6-Rtilyc-78.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 22:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:8c:67:fe:6d:2d:8b:12:ed:dd:2f:3c:f8:99:22:80
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=372535eac158c026727a25e1ebe46d8a5c9cfbbf
        Validity
            Not Before: Jan  1 01:48:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=131ff689c9263704a5e3af00e379c1356951d54e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:5c:a6:64:0c:73:75:4e:60:06:59:71:9b:c9:
                    a9:d2:3a:52:29:da:a7:c0:db:4a:fc:71:74:59:f1:
                    f5:c8:9e:37:5b:e2:18:4d:9a:27:c8:04:32:21:12:
                    55:4b:71:60:58:83:22:62:1f:b8:54:fc:94:c2:22:
                    59:a2:a2:eb:f3:9c:a1:56:b9:5a:2e:58:11:db:d9:
                    e4:be:cf:50:3f:89:43:b8:0e:13:34:b1:0c:2c:22:
                    3d:a3:99:74:1b:eb:a2:89:cb:25:66:a8:2d:1a:d7:
                    06:3e:42:f2:a3:09:03:e5:1b:d0:d7:9a:de:44:dd:
                    34:75:41:b6:d0:5f:13:75:75:32:22:ef:14:fd:0e:
                    9e:45:0f:0e:ec:51:92:2c:40:24:b9:6d:cc:c6:99:
                    b6:88:43:17:f9:f7:04:7b:7c:f0:8f:47:17:08:30:
                    8c:81:4d:7d:81:c1:be:e2:a2:1e:f2:21:6f:03:ce:
                    7a:9f:89:ad:53:4c:68:7c:43:b0:40:f4:5f:8e:0e:
                    06:52:cc:be:ca:c4:32:ac:b9:6a:fb:74:c0:1c:62:
                    54:0e:1f:db:e4:e5:be:d5:63:44:5a:79:48:40:85:
                    b1:7c:e3:f4:42:79:f4:a6:e2:5d:53:68:97:c2:96:
                    ae:2e:d3:b9:1f:93:dc:05:13:6e:c6:8f:05:cd:dc:
                    fd:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                13:1F:F6:89:C9:26:37:04:A5:E3:AF:00:E3:79:C1:35:69:51:D5:4E
            X509v3 Authority Key Identifier:
                keyid:37:25:35:EA:C1:58:C0:26:72:7A:25:E1:EB:E4:6D:8A:5C:9C:FB:BF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NyU16sFYwCZyeiXh6-Rtilyc-78.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/46/5a2919-6d5f-475b-ab0a-dc6315e7ed8b/1/Ex_2ickmNwSl468A43nBNWlR1U4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/46/5a2919-6d5f-475b-ab0a-dc6315e7ed8b/1/NyU16sFYwCZyeiXh6-Rtilyc-78.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.151.180.0/22

    Signature Algorithm: sha256WithRSAEncryption
         53:af:0c:44:8c:4f:ca:57:be:d5:2a:56:27:64:10:f0:de:46:
         ed:5e:c0:2e:57:c4:19:f1:a9:95:71:cd:67:ae:d5:69:58:f3:
         93:60:59:ae:76:e0:21:3e:b7:0d:74:72:6b:f7:c2:ef:65:ae:
         83:85:4d:bc:57:9f:ff:56:5b:73:be:65:be:9b:50:ab:26:c6:
         eb:6b:f6:77:2f:a1:90:fa:05:51:d1:b1:93:48:01:e1:31:8e:
         47:34:87:a0:af:87:0f:04:84:a9:d7:60:5d:53:3b:33:1e:ce:
         fd:ab:ec:68:b7:6e:53:50:96:c1:ff:0e:28:b1:d8:9d:1e:c9:
         b5:68:a6:ba:1f:58:09:09:6b:b5:46:f3:cf:54:c6:01:ce:36:
         15:65:3d:eb:1b:8d:5b:d7:e6:1c:07:1c:12:44:18:ee:a4:d4:
         f7:10:18:1a:44:f0:f4:31:8c:22:dd:a8:52:44:5d:24:f4:28:
         a0:21:55:be:2c:d8:f7:4f:b4:d1:32:64:7d:af:72:cb:3b:82:
         de:b6:47:e3:5a:ba:57:fe:ae:0c:9b:11:3b:d6:5f:94:cc:68:
         f9:de:df:2c:a7:43:da:8c:10:dd:28:b6:47:87:65:82:7c:2b:
         5c:b9:14:2c:6b:d4:54:0b:a9:dc:45:e7:9f:51:f8:12:ae:d4:
         55:40:b5:71
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQfjGf+bS2LEu3dLzz4mSKAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM3MjUzNWVhYzE1OGMwMjY3MjdhMjVlMWViZTQ2ZDhhNWM5
Y2ZiYmYwHhcNMjUwMTAxMDE0ODAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMzFmZjY4OWM5MjYzNzA0YTVlM2FmMDBlMzc5YzEzNTY5NTFkNTRlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1VymZAxzdU5gBllxm8mp0jpSKdqn
wNtK/HF0WfH1yJ43W+IYTZonyAQyIRJVS3FgWIMiYh+4VPyUwiJZoqLr85yhVrla
LlgR29nkvs9QP4lDuA4TNLEMLCI9o5l0G+uiicslZqgtGtcGPkLyowkD5RvQ15re
RN00dUG20F8TdXUyIu8U/Q6eRQ8O7FGSLEAkuW3Mxpm2iEMX+fcEe3zwj0cXCDCM
gU19gcG+4qIe8iFvA856n4mtU0xofEOwQPRfjg4GUsy+ysQyrLlq+3TAHGJUDh/b
5OW+1WNEWnlIQIWxfOP0Qnn0puJdU2iXwpauLtO5H5PcBRNuxo8Fzdz9DwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBMf9onJJjcEpeOvAON5wTVpUdVOMB8GA1UdIwQY
MBaAFDclNerBWMAmcnol4evkbYpcnPu/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnlVMTZzRll3Q1p5ZWlYaDYtUnRpbHljLTc4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ni81YTI5MTktNmQ1Zi00NzViLWFiMGEt
ZGM2MzE1ZTdlZDhiLzEvRXhfMmlja21Od1NsNDY4QTQzbkJOV2xSMVU0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ni81YTI5MTktNmQ1Zi00NzViLWFiMGEtZGM2MzE1ZTdlZDhi
LzEvTnlVMTZzRll3Q1p5ZWlYaDYtUnRpbHljLTc4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuZe0MA0G
CSqGSIb3DQEBCwUAA4IBAQBTrwxEjE/KV77VKlYnZBDw3kbtXsAuV8QZ8amVcc1n
rtVpWPOTYFmuduAhPrcNdHJr98LvZa6DhU28V5//VltzvmW+m1CrJsbra/Z3L6GQ
+gVR0bGTSAHhMY5HNIegr4cPBISp12BdUzszHs79q+xot25TUJbB/w4osdidHsm1
aKa6H1gJCWu1RvPPVMYBzjYVZT3rG41b1+YcBxwSRBjupNT3EBgaRPD0MYwi3ahS
RF0k9CigIVW+LNj3T7TRMmR9r3LLO4LetkfjWrpX/q4MmxE71l+UzGj53t8sp0Pa
jBDdKLZHh2WCfCtcuRQsa9RUC6ncReefUfgSrtRVQLVx
-----END CERTIFICATE-----