Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4a/36b3fa-c925-4b09-b8ea-32f59fa5b311/1/mAE3_QFYxLK2bxPNIhFbVq5Pufo.roa
File:                     mAE3_QFYxLK2bxPNIhFbVq5Pufo.roa (raw, json)
Hash identifier:          8Db1Fqvg0Iw4fJZLlY1WJu1zNG21SFNmOlpLtn7VYgI=
Subject key identifier:   98:01:37:FD:01:58:C4:B2:B6:6F:13:CD:22:11:5B:56:AE:4F:B9:FA
Certificate issuer:       /CN=b435f526d7d0909e7f4a7df2c5cad72d2af6b2c3
Certificate serial:       019421B1DBFED304332091F7776648225607
Authority key identifier: B4:35:F5:26:D7:D0:90:9E:7F:4A:7D:F2:C5:CA:D7:2D:2A:F6:B2:C3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tDX1JtfQkJ5_Sn3yxcrXLSr2ssM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4a/36b3fa-c925-4b09-b8ea-32f59fa5b311/1/mAE3_QFYxLK2bxPNIhFbVq5Pufo.roa
Signing time:             Wed 01 Jan 2025 11:48:11 +0000
ROA not before:           Wed 01 Jan 2025 11:48:11 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     199367
IP address blocks:        185.19.144.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4a/36b3fa-c925-4b09-b8ea-32f59fa5b311/1/tDX1JtfQkJ5_Sn3yxcrXLSr2ssM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4a/36b3fa-c925-4b09-b8ea-32f59fa5b311/1/tDX1JtfQkJ5_Sn3yxcrXLSr2ssM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tDX1JtfQkJ5_Sn3yxcrXLSr2ssM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 16:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:b1:db:fe:d3:04:33:20:91:f7:77:66:48:22:56:07
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b435f526d7d0909e7f4a7df2c5cad72d2af6b2c3
        Validity
            Not Before: Jan  1 11:48:11 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=980137fd0158c4b2b66f13cd22115b56ae4fb9fa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:04:34:3c:77:2d:f6:51:a1:c8:cc:54:a8:26:
                    52:70:e8:e8:cb:61:11:09:7a:f3:d6:3d:16:e1:f3:
                    7f:25:11:b0:79:b8:09:0a:ec:94:38:ec:ac:c7:b5:
                    c0:0b:df:b6:37:35:e8:8b:3a:aa:59:7c:36:31:bb:
                    f3:5f:03:33:6c:d5:ed:12:6b:91:b0:a5:84:51:e7:
                    2f:77:8d:04:70:42:c2:0b:19:b2:64:cd:0e:14:88:
                    63:d6:49:8b:53:0e:34:7e:b5:4e:21:4d:2a:a0:cc:
                    43:0d:10:99:0a:2b:6b:21:0a:b4:ec:6e:a1:c9:8e:
                    18:c0:3c:e2:90:47:38:0e:a5:51:5f:a7:8f:7e:81:
                    bf:49:7f:c8:8b:f9:b6:05:9c:a1:0d:03:dc:95:3d:
                    26:7a:fb:ed:50:f2:ca:0f:e2:8b:24:05:56:dc:ba:
                    dd:47:27:45:48:0a:6c:9d:0d:69:82:a5:37:b9:bd:
                    33:86:f0:f5:01:7d:bc:71:84:9d:af:1d:db:e3:e4:
                    7b:43:c0:a0:ea:36:73:6f:91:02:bd:84:04:85:ab:
                    2d:fe:97:ce:e9:e8:83:0c:74:13:50:af:a3:12:76:
                    27:29:90:89:86:5a:95:b8:16:cf:f2:15:52:96:71:
                    4f:21:98:f0:bb:80:df:15:77:9c:69:2b:fc:07:f3:
                    71:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                98:01:37:FD:01:58:C4:B2:B6:6F:13:CD:22:11:5B:56:AE:4F:B9:FA
            X509v3 Authority Key Identifier:
                keyid:B4:35:F5:26:D7:D0:90:9E:7F:4A:7D:F2:C5:CA:D7:2D:2A:F6:B2:C3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tDX1JtfQkJ5_Sn3yxcrXLSr2ssM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4a/36b3fa-c925-4b09-b8ea-32f59fa5b311/1/mAE3_QFYxLK2bxPNIhFbVq5Pufo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4a/36b3fa-c925-4b09-b8ea-32f59fa5b311/1/tDX1JtfQkJ5_Sn3yxcrXLSr2ssM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.19.144.0/22

    Signature Algorithm: sha256WithRSAEncryption
         40:3e:6a:48:54:fd:fa:25:2f:f9:c3:0b:de:fb:07:e1:4a:65:
         17:b5:14:0f:9c:3c:c5:03:83:4c:f3:c9:54:e1:77:50:d4:d9:
         6f:66:53:ec:6d:d4:67:4b:a9:5c:30:74:e5:e9:39:68:c2:6d:
         bf:28:e2:03:fc:f7:43:1f:13:64:e4:31:63:28:c2:e2:e1:8a:
         40:b3:e9:2c:16:35:ed:ce:3b:33:3d:85:e0:ec:24:b5:57:92:
         0d:14:47:e3:c8:63:75:48:c2:6e:da:cb:3e:a7:6d:6d:c9:9b:
         c3:04:0b:d5:b1:48:d3:b6:11:59:b5:21:96:18:15:f5:6d:f5:
         fb:a0:29:37:3c:04:16:5a:61:1a:74:04:06:cd:be:32:24:7e:
         6b:bb:55:d8:a9:f9:ff:4d:46:27:16:59:3f:d4:80:21:82:52:
         a9:96:7c:02:f4:9e:37:4e:12:9d:54:49:e7:96:53:db:9a:59:
         b6:ec:4f:5e:83:30:39:27:09:09:4a:5d:10:1e:41:5f:70:3c:
         a8:d6:0f:7a:fa:6b:3b:aa:ac:e4:a6:8d:7b:52:f9:52:fe:d2:
         b0:5f:a6:7e:64:3f:52:40:5e:0a:d2:9f:f9:82:e7:c4:1f:e7:
         99:08:f1:42:12:7e:74:da:58:9f:b8:98:d1:a6:03:38:6e:62:
         8c:df:71:7c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhsdv+0wQzIJH3d2ZIIlYHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0MzVmNTI2ZDdkMDkwOWU3ZjRhN2RmMmM1Y2FkNzJkMmFm
NmIyYzMwHhcNMjUwMTAxMTE0ODExWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ODAxMzdmZDAxNThjNGIyYjY2ZjEzY2QyMjExNWI1NmFlNGZiOWZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAswQ0PHct9lGhyMxUqCZScOjoy2ER
CXrz1j0W4fN/JRGwebgJCuyUOOysx7XAC9+2NzXoizqqWXw2MbvzXwMzbNXtEmuR
sKWEUecvd40EcELCCxmyZM0OFIhj1kmLUw40frVOIU0qoMxDDRCZCitrIQq07G6h
yY4YwDzikEc4DqVRX6ePfoG/SX/Ii/m2BZyhDQPclT0mevvtUPLKD+KLJAVW3Lrd
RydFSApsnQ1pgqU3ub0zhvD1AX28cYSdrx3b4+R7Q8Cg6jZzb5ECvYQEhast/pfO
6eiDDHQTUK+jEnYnKZCJhlqVuBbP8hVSlnFPIZjwu4DfFXecaSv8B/NxzwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJgBN/0BWMSytm8TzSIRW1auT7n6MB8GA1UdIwQY
MBaAFLQ19SbX0JCef0p98sXK1y0q9rLDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdERYMUp0ZlFrSjVfU24zeXhjclhMU3Iyc3NNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80YS8zNmIzZmEtYzkyNS00YjA5LWI4ZWEt
MzJmNTlmYTViMzExLzEvbUFFM19RRll4TEsyYnhQTkloRmJWcTVQdWZvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80YS8zNmIzZmEtYzkyNS00YjA5LWI4ZWEtMzJmNTlmYTViMzEx
LzEvdERYMUp0ZlFrSjVfU24zeXhjclhMU3Iyc3NNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuROQMA0G
CSqGSIb3DQEBCwUAA4IBAQBAPmpIVP36JS/5wwve+wfhSmUXtRQPnDzFA4NM88lU
4XdQ1NlvZlPsbdRnS6lcMHTl6Tlowm2/KOID/PdDHxNk5DFjKMLi4YpAs+ksFjXt
zjszPYXg7CS1V5INFEfjyGN1SMJu2ss+p21tyZvDBAvVsUjTthFZtSGWGBX1bfX7
oCk3PAQWWmEadAQGzb4yJH5ru1XYqfn/TUYnFlk/1IAhglKplnwC9J43ThKdVEnn
llPbmlm27E9egzA5JwkJSl0QHkFfcDyo1g96+ms7qqzkpo17UvlS/tKwX6Z+ZD9S
QF4K0p/5gufEH+eZCPFCEn502lifuJjRpgM4bmKM33F8
-----END CERTIFICATE-----