Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/53/e5ce8f-5ea0-479f-93e9-89d5c60f501f/1/_HX0nKUguEjDK_UXSZxDRu7j10o.roa
File:                     _HX0nKUguEjDK_UXSZxDRu7j10o.roa (raw, json)
Hash identifier:          nDwDdh/G4BS8EpikB8I09Ea4NwJkgiqchJXpY1cDAL4=
Subject key identifier:   FC:75:F4:9C:A5:20:B8:48:C3:2B:F5:17:49:9C:43:46:EE:E3:D7:4A
Certificate issuer:       /CN=95461fbee1c06e3eafac0f2f95253ca8603accf2
Certificate serial:       0194221FC305612EFB52A99793FB91FA632E
Authority key identifier: 95:46:1F:BE:E1:C0:6E:3E:AF:AC:0F:2F:95:25:3C:A8:60:3A:CC:F2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/lUYfvuHAbj6vrA8vlSU8qGA6zPI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/53/e5ce8f-5ea0-479f-93e9-89d5c60f501f/1/_HX0nKUguEjDK_UXSZxDRu7j10o.roa
Signing time:             Wed 01 Jan 2025 13:48:14 +0000
ROA not before:           Wed 01 Jan 2025 13:48:14 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     12843
IP address blocks:        185.66.196.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/53/e5ce8f-5ea0-479f-93e9-89d5c60f501f/1/lUYfvuHAbj6vrA8vlSU8qGA6zPI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/53/e5ce8f-5ea0-479f-93e9-89d5c60f501f/1/lUYfvuHAbj6vrA8vlSU8qGA6zPI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/lUYfvuHAbj6vrA8vlSU8qGA6zPI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 21:01:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:1f:c3:05:61:2e:fb:52:a9:97:93:fb:91:fa:63:2e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=95461fbee1c06e3eafac0f2f95253ca8603accf2
        Validity
            Not Before: Jan  1 13:48:14 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=fc75f49ca520b848c32bf517499c4346eee3d74a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:b1:ad:24:c5:7e:a4:8e:bd:4a:2a:5b:de:0a:
                    bb:7d:76:6f:2f:2a:45:d9:a4:19:01:c5:63:c3:57:
                    a3:31:e6:66:88:1d:fc:31:ac:d8:87:74:96:be:b5:
                    ae:a3:c5:4c:ac:63:c3:ec:8c:a7:fd:7b:73:fb:dd:
                    59:4e:f4:4a:24:93:09:37:99:66:90:05:bd:50:06:
                    d2:05:39:60:51:f7:ce:55:3f:02:17:5f:62:41:eb:
                    57:1f:20:ca:9e:11:e6:a5:e0:6a:10:46:e8:7c:60:
                    90:20:c0:88:15:86:be:b9:ad:01:9d:0d:f2:d4:63:
                    49:56:52:7c:02:ca:e6:0d:a6:e1:21:cd:62:d0:e8:
                    d4:11:f9:4d:11:45:6f:6a:66:79:04:c9:87:03:a8:
                    3d:d1:dd:c8:43:b0:c2:15:ea:1e:b5:b3:88:c1:c1:
                    ca:57:e9:db:08:bb:6f:41:fb:c7:9d:80:6b:d9:e2:
                    43:3a:be:04:01:91:9f:00:0c:9b:6a:c1:cc:f6:96:
                    9a:59:46:86:d7:e6:73:d9:1c:4a:39:57:b7:63:30:
                    1d:04:d4:eb:c8:ad:5d:9d:9e:61:7a:d2:b0:66:e7:
                    55:62:53:6f:c2:4c:a1:77:b4:cd:ec:e9:5c:43:65:
                    41:78:85:d7:00:39:50:ab:d2:40:6f:26:5d:fd:e0:
                    2e:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FC:75:F4:9C:A5:20:B8:48:C3:2B:F5:17:49:9C:43:46:EE:E3:D7:4A
            X509v3 Authority Key Identifier:
                keyid:95:46:1F:BE:E1:C0:6E:3E:AF:AC:0F:2F:95:25:3C:A8:60:3A:CC:F2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lUYfvuHAbj6vrA8vlSU8qGA6zPI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/53/e5ce8f-5ea0-479f-93e9-89d5c60f501f/1/_HX0nKUguEjDK_UXSZxDRu7j10o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/53/e5ce8f-5ea0-479f-93e9-89d5c60f501f/1/lUYfvuHAbj6vrA8vlSU8qGA6zPI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.66.196.0/22

    Signature Algorithm: sha256WithRSAEncryption
         9d:0b:e6:b1:1c:29:9b:87:ef:b6:b6:8a:90:d2:f1:d7:a6:da:
         57:19:fa:3b:5a:71:b3:17:5e:27:fe:b4:5c:c7:c3:88:10:4b:
         5c:63:de:6a:61:33:5f:0b:0e:00:f5:41:c3:57:0f:f5:a8:5e:
         7c:b8:3a:03:d1:3b:e1:ae:10:43:42:3e:28:09:5d:5d:bf:bd:
         27:99:a3:d4:5d:59:ce:79:6c:c1:33:12:42:10:90:9a:97:2e:
         e2:7e:40:0b:cc:f5:77:7d:e2:e1:30:f4:df:4b:5c:81:0e:85:
         28:c3:d3:24:ae:35:ad:8d:d4:ae:6f:b3:72:0d:d4:5c:f0:82:
         a8:9f:14:e0:2b:ba:d2:d9:be:88:f2:e8:a5:71:b1:82:72:5a:
         e9:d3:b4:2c:c0:ea:ab:eb:7a:76:38:75:82:41:7e:a1:a7:71:
         70:32:1d:e2:d3:be:42:c6:19:8d:57:ae:dd:ce:d7:07:da:5e:
         77:86:f0:4e:fe:5c:71:2c:d3:e3:58:e9:bf:b9:38:f7:ac:06:
         e7:41:42:41:a0:d5:a9:fc:ff:0d:87:49:8b:17:ad:3d:90:96:
         b4:8e:e9:6e:fc:96:ff:76:b7:04:0a:74:51:fb:0d:a9:b0:8b:
         2e:e0:e0:ce:95:00:ee:4f:f3:62:1c:ba:00:3f:9a:12:65:ff:
         b7:ee:18:84
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQiH8MFYS77UqmXk/uR+mMuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk1NDYxZmJlZTFjMDZlM2VhZmFjMGYyZjk1MjUzY2E4NjAz
YWNjZjIwHhcNMjUwMTAxMTM0ODE0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYzc1ZjQ5Y2E1MjBiODQ4YzMyYmY1MTc0OTljNDM0NmVlZTNkNzRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv7GtJMV+pI69Sipb3gq7fXZvLypF
2aQZAcVjw1ejMeZmiB38MazYh3SWvrWuo8VMrGPD7Iyn/Xtz+91ZTvRKJJMJN5lm
kAW9UAbSBTlgUffOVT8CF19iQetXHyDKnhHmpeBqEEbofGCQIMCIFYa+ua0BnQ3y
1GNJVlJ8AsrmDabhIc1i0OjUEflNEUVvamZ5BMmHA6g90d3IQ7DCFeoetbOIwcHK
V+nbCLtvQfvHnYBr2eJDOr4EAZGfAAybasHM9paaWUaG1+Zz2RxKOVe3YzAdBNTr
yK1dnZ5hetKwZudVYlNvwkyhd7TN7OlcQ2VBeIXXADlQq9JAbyZd/eAuSwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPx19JylILhIwyv1F0mcQ0bu49dKMB8GA1UdIwQY
MBaAFJVGH77hwG4+r6wPL5UlPKhgOszyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbFVZZnZ1SEFiajZ2ckE4dmxTVThxR0E2elBJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81My9lNWNlOGYtNWVhMC00NzlmLTkzZTkt
ODlkNWM2MGY1MDFmLzEvX0hYMG5LVWd1RWpES19VWFNaeERSdTdqMTBvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81My9lNWNlOGYtNWVhMC00NzlmLTkzZTktODlkNWM2MGY1MDFm
LzEvbFVZZnZ1SEFiajZ2ckE4dmxTVThxR0E2elBJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuULEMA0G
CSqGSIb3DQEBCwUAA4IBAQCdC+axHCmbh++2toqQ0vHXptpXGfo7WnGzF14n/rRc
x8OIEEtcY95qYTNfCw4A9UHDVw/1qF58uDoD0TvhrhBDQj4oCV1dv70nmaPUXVnO
eWzBMxJCEJCaly7ifkALzPV3feLhMPTfS1yBDoUow9MkrjWtjdSub7NyDdRc8IKo
nxTgK7rS2b6I8uilcbGCclrp07QswOqr63p2OHWCQX6hp3FwMh3i075CxhmNV67d
ztcH2l53hvBO/lxxLNPjWOm/uTj3rAbnQUJBoNWp/P8Nh0mLF609kJa0julu/Jb/
drcECnRR+w2psIsu4ODOlQDuT/NiHLoAP5oSZf+37hiE
-----END CERTIFICATE-----