Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/53/501fd3-a8cd-4e2d-9d32-2fb72a0aef6d/1/sUBkgJCpD3ZqzX_7qmTArV5BEgk.roa
File:                     sUBkgJCpD3ZqzX_7qmTArV5BEgk.roa (raw, json)
Hash identifier:          dqlXGiz9swMXmXvL7AO/g9/wLQ3iDn3rNE6iqCcU0fQ=
Subject key identifier:   B1:40:64:80:90:A9:0F:76:6A:CD:7F:FB:AA:64:C0:AD:5E:41:12:09
Certificate issuer:       /CN=1faacab8e456bb291979a7357a7024f00bebaaf5
Certificate serial:       019420680CA8E6FB1A9280359050866D0824
Authority key identifier: 1F:AA:CA:B8:E4:56:BB:29:19:79:A7:35:7A:70:24:F0:0B:EB:AA:F5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/H6rKuORWuykZeac1enAk8AvrqvU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/53/501fd3-a8cd-4e2d-9d32-2fb72a0aef6d/1/sUBkgJCpD3ZqzX_7qmTArV5BEgk.roa
Signing time:             Wed 01 Jan 2025 05:47:57 +0000
ROA not before:           Wed 01 Jan 2025 05:47:57 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     216357
IP address blocks:        66.33.37.0/24 maxlen: 24
                          2a14:3b41::/36 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/53/501fd3-a8cd-4e2d-9d32-2fb72a0aef6d/1/H6rKuORWuykZeac1enAk8AvrqvU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/53/501fd3-a8cd-4e2d-9d32-2fb72a0aef6d/1/H6rKuORWuykZeac1enAk8AvrqvU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/H6rKuORWuykZeac1enAk8AvrqvU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 23 Apr 2025 04:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:68:0c:a8:e6:fb:1a:92:80:35:90:50:86:6d:08:24
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1faacab8e456bb291979a7357a7024f00bebaaf5
        Validity
            Not Before: Jan  1 05:47:57 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b140648090a90f766acd7ffbaa64c0ad5e411209
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:31:ff:72:85:b3:5b:9e:c4:94:a6:34:dc:70:
                    d5:d1:22:eb:37:a4:5c:ba:ac:69:70:97:b6:dc:c9:
                    f2:52:f7:fe:0a:6e:6b:d6:77:80:aa:36:4f:3f:66:
                    bf:4d:6d:0f:97:9f:73:9f:44:f9:d6:ad:0f:20:66:
                    3b:b8:84:0f:5a:95:a6:98:c2:f4:9b:4b:41:44:bb:
                    36:18:2f:94:67:8b:d4:35:3a:5f:70:ab:97:1b:7f:
                    1c:6f:cc:fb:a1:8a:78:38:be:90:42:f4:bf:11:d0:
                    4f:91:d2:da:c2:5b:9e:46:52:26:75:e5:73:1d:d8:
                    d0:80:cb:c8:4d:48:a5:dd:23:19:01:fe:01:51:6c:
                    2e:e0:dd:39:af:83:d2:ff:cd:a5:1b:5e:79:02:e8:
                    0e:43:d0:11:ca:70:c2:e4:e6:30:bd:d2:c7:1b:ae:
                    0c:42:c5:fb:ea:e3:22:52:1c:8d:15:43:68:bc:59:
                    e2:4c:33:17:af:90:a7:cd:f3:be:d7:64:ef:33:d6:
                    63:30:f9:f8:74:a4:c6:b4:b5:92:47:e8:4f:2a:70:
                    54:1f:9a:78:ed:fe:10:91:bf:72:a8:85:63:75:ef:
                    63:ce:3c:97:0f:bb:65:6b:11:82:09:10:84:03:67:
                    d6:a4:d9:fa:ad:9b:8f:00:0e:86:83:c3:bf:cc:5e:
                    39:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B1:40:64:80:90:A9:0F:76:6A:CD:7F:FB:AA:64:C0:AD:5E:41:12:09
            X509v3 Authority Key Identifier:
                keyid:1F:AA:CA:B8:E4:56:BB:29:19:79:A7:35:7A:70:24:F0:0B:EB:AA:F5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/H6rKuORWuykZeac1enAk8AvrqvU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/53/501fd3-a8cd-4e2d-9d32-2fb72a0aef6d/1/sUBkgJCpD3ZqzX_7qmTArV5BEgk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/53/501fd3-a8cd-4e2d-9d32-2fb72a0aef6d/1/H6rKuORWuykZeac1enAk8AvrqvU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  66.33.37.0/24
                IPv6:
                  2a14:3b41::/36

    Signature Algorithm: sha256WithRSAEncryption
         26:e6:e3:fc:ed:90:9e:1f:fd:17:f4:05:ea:58:d1:51:d9:f6:
         a5:51:39:f8:82:bb:89:6c:a4:bf:4b:38:8c:9a:0f:b6:86:36:
         00:50:93:fc:a4:7d:82:0d:cf:fb:b0:73:4f:ef:00:2e:90:36:
         b9:85:72:ce:d8:a2:6f:68:a1:32:b5:3e:4e:9f:33:1a:94:e9:
         bb:4f:3e:35:a2:bc:fa:70:09:f2:4a:4d:b5:57:c9:d7:8a:05:
         ad:bb:9a:f0:b1:e1:41:d9:fe:85:25:f2:96:b4:fc:90:49:e4:
         ac:06:6d:0a:d5:c8:d0:48:fe:2d:79:c0:ac:3e:5f:81:d3:fc:
         0e:fb:da:e1:fb:af:cb:54:ea:24:64:46:2a:7b:3c:c6:94:73:
         39:e0:e2:e9:15:03:1b:db:e9:42:f5:46:20:96:77:5f:09:f0:
         2f:7f:7e:80:cd:04:90:c8:a9:ea:35:5b:3a:ec:d0:18:65:58:
         3c:c6:67:0d:a5:52:6f:fe:62:71:dd:01:1c:06:d8:83:97:15:
         b4:90:70:24:dd:65:8a:1b:96:29:f1:d8:c2:bc:17:8f:25:55:
         fa:e3:ea:ae:8c:a0:8b:45:4d:df:c1:d5:47:5d:51:81:a0:69:
         87:e2:c7:c0:37:96:44:1c:05:7f:6b:ca:97:fc:f3:c0:e1:ba:
         60:7a:06:81
-----BEGIN CERTIFICATE-----
MIIFDTCCA/WgAwIBAgISAZQgaAyo5vsakoA1kFCGbQgkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFmYWFjYWI4ZTQ1NmJiMjkxOTc5YTczNTdhNzAyNGYwMGJl
YmFhZjUwHhcNMjUwMTAxMDU0NzU3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMTQwNjQ4MDkwYTkwZjc2NmFjZDdmZmJhYTY0YzBhZDVlNDExMjA5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApTH/coWzW57ElKY03HDV0SLrN6Rc
uqxpcJe23MnyUvf+Cm5r1neAqjZPP2a/TW0Pl59zn0T51q0PIGY7uIQPWpWmmML0
m0tBRLs2GC+UZ4vUNTpfcKuXG38cb8z7oYp4OL6QQvS/EdBPkdLawlueRlImdeVz
HdjQgMvITUil3SMZAf4BUWwu4N05r4PS/82lG155AugOQ9ARynDC5OYwvdLHG64M
QsX76uMiUhyNFUNovFniTDMXr5CnzfO+12TvM9ZjMPn4dKTGtLWSR+hPKnBUH5p4
7f4Qkb9yqIVjde9jzjyXD7tlaxGCCRCEA2fWpNn6rZuPAA6Gg8O/zF45EwIDAQAB
o4ICGTCCAhUwHQYDVR0OBBYEFLFAZICQqQ92as1/+6pkwK1eQRIJMB8GA1UdIwQY
MBaAFB+qyrjkVrspGXmnNXpwJPAL66r1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSDZyS3VPUld1eWtaZWFjMWVuQWs4QXZycXZVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81My81MDFmZDMtYThjZC00ZTJkLTlkMzIt
MmZiNzJhMGFlZjZkLzEvc1VCa2dKQ3BEM1pxelhfN3FtVEFyVjVCRWdrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81My81MDFmZDMtYThjZC00ZTJkLTlkMzItMmZiNzJhMGFlZjZk
LzEvSDZyS3VPUld1eWtaZWFjMWVuQWs4QXZycXZVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC8GCCsGAQUFBwEHAQH/BCAwHjAMBAIAATAGAwQAQiElMA4E
AgACMAgDBgQqFDtBADANBgkqhkiG9w0BAQsFAAOCAQEAJubj/O2Qnh/9F/QF6ljR
Udn2pVE5+IK7iWykv0s4jJoPtoY2AFCT/KR9gg3P+7BzT+8ALpA2uYVyztiib2ih
MrU+Tp8zGpTpu08+NaK8+nAJ8kpNtVfJ14oFrbua8LHhQdn+hSXylrT8kEnkrAZt
CtXI0Ej+LXnArD5fgdP8Dvva4fuvy1TqJGRGKns8xpRzOeDi6RUDG9vpQvVGIJZ3
XwnwL39+gM0EkMip6jVbOuzQGGVYPMZnDaVSb/5icd0BHAbYg5cVtJBwJN1lihuW
KfHYwrwXjyVV+uPqroygi0VN38HVR11RgaBph+LHwDeWRBwFf2vKl/zzwOG6YHoG
gQ==
-----END CERTIFICATE-----