Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/52/21a4fd-bd8a-4aa4-8c45-5710305439ec/1/p0oZ4q6lHrN2uY6gOzA5xnEORLo.roa
File:                     p0oZ4q6lHrN2uY6gOzA5xnEORLo.roa (raw, json)
Hash identifier:          +3pVCZ5GKtwQuNKqa60g7O/l0ZyA3msRy8do5+lhnMA=
Subject key identifier:   A7:4A:19:E2:AE:A5:1E:B3:76:B9:8E:A0:3B:30:39:C6:71:0E:44:BA
Certificate issuer:       /CN=25292652a9ecd9c6bdc8264b9948df6212207624
Certificate serial:       0190116BC7D5572F0C38BF0CC28BD3D5C42B
Authority key identifier: 25:29:26:52:A9:EC:D9:C6:BD:C8:26:4B:99:48:DF:62:12:20:76:24
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JSkmUqns2ca9yCZLmUjfYhIgdiQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/52/21a4fd-bd8a-4aa4-8c45-5710305439ec/1/p0oZ4q6lHrN2uY6gOzA5xnEORLo.roa
Signing time:             Thu 13 Jun 2024 11:46:34 +0000
ROA not before:           Thu 13 Jun 2024 11:46:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     201698
IP address blocks:        185.64.156.0/22 maxlen: 22
                          2a04:f8c0::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/52/21a4fd-bd8a-4aa4-8c45-5710305439ec/1/JSkmUqns2ca9yCZLmUjfYhIgdiQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/52/21a4fd-bd8a-4aa4-8c45-5710305439ec/1/JSkmUqns2ca9yCZLmUjfYhIgdiQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JSkmUqns2ca9yCZLmUjfYhIgdiQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 19 Sep 2024 20:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:11:6b:c7:d5:57:2f:0c:38:bf:0c:c2:8b:d3:d5:c4:2b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=25292652a9ecd9c6bdc8264b9948df6212207624
        Validity
            Not Before: Jun 13 11:46:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a74a19e2aea51eb376b98ea03b3039c6710e44ba
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:4c:9e:e9:7c:06:aa:61:69:7e:f3:0e:64:e8:
                    ec:f5:40:23:23:d2:e7:ef:ac:28:0a:7c:e4:8c:4d:
                    24:8f:59:17:ca:23:3d:bf:00:8a:06:f1:3b:8a:6e:
                    ee:bd:5e:74:97:1d:54:27:c6:85:08:7b:39:6b:fe:
                    a2:cd:64:6d:97:a8:0a:ba:ed:50:e8:45:c9:de:46:
                    01:25:0b:77:49:ff:18:f5:78:03:d5:11:ec:f2:3f:
                    83:3e:82:e7:f6:ce:69:a1:db:08:2c:76:fc:4f:81:
                    72:d1:ac:1f:d9:27:46:0a:ad:38:51:9c:b1:c3:8c:
                    60:aa:0a:ff:b6:76:3a:b9:f1:77:12:9a:8c:b8:2a:
                    41:82:6b:92:3f:c3:68:a5:26:5e:2d:ad:2a:95:89:
                    92:98:eb:aa:0e:97:2d:0a:3f:fb:dd:26:16:1b:9e:
                    39:87:63:d2:9a:47:71:43:bd:c8:86:d3:d2:01:cf:
                    3b:3a:1a:4d:f2:f4:16:c7:f3:fa:fe:5f:0b:7a:ab:
                    d8:99:ee:2e:ea:5d:a3:fe:20:b9:f9:99:8c:40:07:
                    d0:96:a7:4d:c4:58:1f:4c:89:07:3e:6b:c2:16:43:
                    e5:30:9c:c5:bc:e3:2d:40:c9:f2:14:28:91:9c:46:
                    4d:3b:0d:f5:ce:7f:59:c8:e7:50:f7:36:00:20:4f:
                    61:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A7:4A:19:E2:AE:A5:1E:B3:76:B9:8E:A0:3B:30:39:C6:71:0E:44:BA
            X509v3 Authority Key Identifier:
                keyid:25:29:26:52:A9:EC:D9:C6:BD:C8:26:4B:99:48:DF:62:12:20:76:24

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JSkmUqns2ca9yCZLmUjfYhIgdiQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/52/21a4fd-bd8a-4aa4-8c45-5710305439ec/1/p0oZ4q6lHrN2uY6gOzA5xnEORLo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/52/21a4fd-bd8a-4aa4-8c45-5710305439ec/1/JSkmUqns2ca9yCZLmUjfYhIgdiQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.64.156.0/22
                IPv6:
                  2a04:f8c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         a3:e7:59:9c:87:82:06:0a:16:66:ba:a9:fa:43:d6:7a:29:ee:
         b9:e9:a6:f0:64:01:9e:8e:32:7f:57:4f:7e:53:85:ce:58:aa:
         2a:1d:8e:dd:9f:2a:1d:4c:43:3b:80:e4:a8:b4:bb:66:a3:0b:
         7b:0c:03:49:50:73:ca:4e:4b:86:a6:58:a3:6c:c2:e7:74:09:
         a7:bb:32:41:ad:99:1e:e4:ef:8c:e9:11:28:f4:cb:90:db:3e:
         e4:fb:d3:9a:6a:b2:c9:59:2c:cb:2a:e9:d0:68:d0:92:a3:e4:
         aa:6a:c8:da:d7:23:06:bb:1b:cd:5c:bb:df:e8:80:1a:0f:58:
         98:d4:a0:eb:42:d8:7b:cb:94:2f:69:98:4c:7a:78:c9:53:eb:
         44:66:62:2c:56:ad:e0:a9:8e:a2:88:30:c4:34:e7:95:a0:68:
         6b:9b:6a:fc:66:55:e4:c3:73:91:f0:2a:97:ec:2e:44:62:17:
         a2:0e:40:16:f3:fb:a4:87:87:7a:fa:97:a9:2c:d5:4a:c5:81:
         84:47:0e:36:b0:d6:d0:75:ef:94:bd:28:9f:d9:c3:68:e5:4b:
         ea:ba:1c:63:9e:1e:21:e3:4e:01:5b:5b:a5:db:2c:5a:72:14:
         28:03:72:3c:98:32:89:a4:ec:68:67:68:55:e1:79:4e:2d:10:
         46:33:a4:c1
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZARa8fVVy8MOL8MwovT1cQrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI1MjkyNjUyYTllY2Q5YzZiZGM4MjY0Yjk5NDhkZjYyMTIy
MDc2MjQwHhcNMjQwNjEzMTE0NjM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNzRhMTllMmFlYTUxZWIzNzZiOThlYTAzYjMwMzljNjcxMGU0NGJhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnkye6XwGqmFpfvMOZOjs9UAjI9Ln
76woCnzkjE0kj1kXyiM9vwCKBvE7im7uvV50lx1UJ8aFCHs5a/6izWRtl6gKuu1Q
6EXJ3kYBJQt3Sf8Y9XgD1RHs8j+DPoLn9s5podsILHb8T4Fy0awf2SdGCq04UZyx
w4xgqgr/tnY6ufF3EpqMuCpBgmuSP8NopSZeLa0qlYmSmOuqDpctCj/73SYWG545
h2PSmkdxQ73IhtPSAc87OhpN8vQWx/P6/l8LeqvYme4u6l2j/iC5+ZmMQAfQlqdN
xFgfTIkHPmvCFkPlMJzFvOMtQMnyFCiRnEZNOw31zn9ZyOdQ9zYAIE9howIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFKdKGeKupR6zdrmOoDswOcZxDkS6MB8GA1UdIwQY
MBaAFCUpJlKp7NnGvcgmS5lI32ISIHYkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSlNrbVVxbnMyY2E5eUNaTG1VamZZaElnZGlRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Mi8yMWE0ZmQtYmQ4YS00YWE0LThjNDUt
NTcxMDMwNTQzOWVjLzEvcDBvWjRxNmxIck4ydVk2Z096QTV4bkVPUkxvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Mi8yMWE0ZmQtYmQ4YS00YWE0LThjNDUtNTcxMDMwNTQzOWVj
LzEvSlNrbVVxbnMyY2E5eUNaTG1VamZZaElnZGlRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuUCcMA0E
AgACMAcDBQMqBPjAMA0GCSqGSIb3DQEBCwUAA4IBAQCj51mch4IGChZmuqn6Q9Z6
Ke656abwZAGejjJ/V09+U4XOWKoqHY7dnyodTEM7gOSotLtmowt7DANJUHPKTkuG
plijbMLndAmnuzJBrZke5O+M6REo9MuQ2z7k+9OaarLJWSzLKunQaNCSo+Sqasja
1yMGuxvNXLvf6IAaD1iY1KDrQth7y5QvaZhMenjJU+tEZmIsVq3gqY6iiDDENOeV
oGhrm2r8ZlXkw3OR8CqX7C5EYheiDkAW8/ukh4d6+pepLNVKxYGERw42sNbQde+U
vSif2cNo5Uvquhxjnh4h404BW1ul2yxachQoA3I8mDKJpOxoZ2hV4XlOLRBGM6TB
-----END CERTIFICATE-----