Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/58/875ba5-8bb1-48ab-b47d-81fea0f77286/1/tI06KHzBBY3ciTxCvrFdxn-AF88.roa
File:                     tI06KHzBBY3ciTxCvrFdxn-AF88.roa (raw, json)
Hash identifier:          S7ryr3BP0FqkUSqJufb4MUZCom0jlItHHtPlMcuWHB8=
Subject key identifier:   B4:8D:3A:28:7C:C1:05:8D:DC:89:3C:42:BE:B1:5D:C6:7F:80:17:CF
Certificate issuer:       /CN=ce70fe698e4dae9d7c32bc156c418064fdcff4b0
Certificate serial:       019421B1A7D1824334CB651C29D128E4B195
Authority key identifier: CE:70:FE:69:8E:4D:AE:9D:7C:32:BC:15:6C:41:80:64:FD:CF:F4:B0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/znD-aY5Nrp18MrwVbEGAZP3P9LA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/58/875ba5-8bb1-48ab-b47d-81fea0f77286/1/tI06KHzBBY3ciTxCvrFdxn-AF88.roa
Signing time:             Wed 01 Jan 2025 11:47:58 +0000
ROA not before:           Wed 01 Jan 2025 11:47:58 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     199473
IP address blocks:        185.15.132.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/58/875ba5-8bb1-48ab-b47d-81fea0f77286/1/znD-aY5Nrp18MrwVbEGAZP3P9LA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/58/875ba5-8bb1-48ab-b47d-81fea0f77286/1/znD-aY5Nrp18MrwVbEGAZP3P9LA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/znD-aY5Nrp18MrwVbEGAZP3P9LA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 13 Apr 2025 14:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:b1:a7:d1:82:43:34:cb:65:1c:29:d1:28:e4:b1:95
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ce70fe698e4dae9d7c32bc156c418064fdcff4b0
        Validity
            Not Before: Jan  1 11:47:58 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b48d3a287cc1058ddc893c42beb15dc67f8017cf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:f4:97:a1:53:2d:f7:44:ea:cc:ea:63:0b:aa:
                    9c:5a:8f:2a:0a:dc:df:82:9f:65:4e:31:66:fa:e9:
                    9a:11:c6:a7:c2:20:36:ad:81:58:02:3f:f0:dd:a2:
                    a6:fc:33:20:f6:75:e4:2e:b2:c8:b3:77:83:e9:dc:
                    c4:df:8f:45:52:1c:56:2b:92:08:4c:09:ea:9a:73:
                    ac:55:d6:4f:c8:ca:8e:2d:7a:b2:f8:44:a4:11:ee:
                    ca:d6:9a:f1:60:90:a1:b3:67:d4:c4:cd:a5:17:98:
                    cb:69:55:cf:7a:7b:d6:b8:11:a9:ee:bd:c7:2d:61:
                    b8:bb:e8:5e:1c:40:f5:c5:c0:09:72:36:2a:b8:f2:
                    01:29:19:3a:34:81:9c:b8:98:51:e6:68:30:cf:80:
                    1e:e3:c9:33:d3:7d:f8:06:81:76:05:19:9b:9f:b8:
                    73:11:90:1f:ec:4b:e5:8e:36:36:cf:15:69:f7:12:
                    bd:f7:6e:2b:8f:63:b4:d4:85:82:83:79:80:84:48:
                    14:f5:3f:1b:31:d9:bb:ce:68:b9:76:2a:44:a5:a6:
                    c4:2a:ab:ba:7a:eb:1b:c2:d2:cb:b6:6c:0a:87:47:
                    68:33:66:25:98:19:5c:5b:da:89:d3:2d:14:dc:8a:
                    5d:b7:1e:08:60:da:41:73:12:fc:28:cb:63:64:46:
                    68:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B4:8D:3A:28:7C:C1:05:8D:DC:89:3C:42:BE:B1:5D:C6:7F:80:17:CF
            X509v3 Authority Key Identifier:
                keyid:CE:70:FE:69:8E:4D:AE:9D:7C:32:BC:15:6C:41:80:64:FD:CF:F4:B0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/znD-aY5Nrp18MrwVbEGAZP3P9LA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/58/875ba5-8bb1-48ab-b47d-81fea0f77286/1/tI06KHzBBY3ciTxCvrFdxn-AF88.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/58/875ba5-8bb1-48ab-b47d-81fea0f77286/1/znD-aY5Nrp18MrwVbEGAZP3P9LA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.15.132.0/22

    Signature Algorithm: sha256WithRSAEncryption
         25:2b:fb:16:4f:16:c9:4f:ec:09:89:71:8f:9b:2c:8e:bc:34:
         e6:1e:57:9f:20:15:6e:98:95:ee:ae:85:c1:c9:d6:ca:b6:3b:
         64:2c:75:08:b2:49:b3:ff:8b:a1:0e:f9:54:55:93:ca:6f:c2:
         98:1f:90:98:34:09:0e:99:95:51:93:d4:a6:85:26:9a:6f:d5:
         8f:35:37:68:44:a9:e3:3c:95:be:61:4d:08:6e:a6:81:4d:db:
         07:76:ae:71:0b:c8:a4:b5:68:17:10:45:3c:e8:69:4c:d0:f8:
         3a:81:d8:7c:66:38:84:0f:f7:01:11:91:bc:2c:5e:b1:03:75:
         6f:9e:2d:7c:1f:fc:5b:6f:84:26:9a:be:8e:2e:d5:75:55:ab:
         af:4c:18:da:ee:c7:b3:54:2c:cb:24:a2:a4:25:20:7f:b0:a5:
         91:c9:76:2b:c2:f6:99:9f:9a:50:a2:be:a4:9a:0d:73:17:e8:
         46:dc:fc:56:6a:64:aa:d0:ee:c0:5c:fc:93:7a:ce:9a:52:49:
         cf:44:fd:dd:5f:10:b5:2a:62:fb:b8:ae:1d:ea:61:73:51:94:
         de:1b:69:16:28:bc:a8:74:08:48:fc:1b:b3:d4:29:6e:05:b7:
         1b:50:eb:cc:18:26:fd:fb:a5:c0:41:9c:1c:f4:54:ee:ac:0a:
         df:f3:66:56
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhsafRgkM0y2UcKdEo5LGVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNlNzBmZTY5OGU0ZGFlOWQ3YzMyYmMxNTZjNDE4MDY0ZmRj
ZmY0YjAwHhcNMjUwMTAxMTE0NzU4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNDhkM2EyODdjYzEwNThkZGM4OTNjNDJiZWIxNWRjNjdmODAxN2NmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArvSXoVMt90TqzOpjC6qcWo8qCtzf
gp9lTjFm+umaEcanwiA2rYFYAj/w3aKm/DMg9nXkLrLIs3eD6dzE349FUhxWK5II
TAnqmnOsVdZPyMqOLXqy+ESkEe7K1prxYJChs2fUxM2lF5jLaVXPenvWuBGp7r3H
LWG4u+heHED1xcAJcjYquPIBKRk6NIGcuJhR5mgwz4Ae48kz0334BoF2BRmbn7hz
EZAf7EvljjY2zxVp9xK9924rj2O01IWCg3mAhEgU9T8bMdm7zmi5dipEpabEKqu6
eusbwtLLtmwKh0doM2YlmBlcW9qJ0y0U3Ipdtx4IYNpBcxL8KMtjZEZoWwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLSNOih8wQWN3Ik8Qr6xXcZ/gBfPMB8GA1UdIwQY
MBaAFM5w/mmOTa6dfDK8FWxBgGT9z/SwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvem5ELWFZNU5ycDE4TXJ3VmJFR0FaUDNQOUxBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OC84NzViYTUtOGJiMS00OGFiLWI0N2Qt
ODFmZWEwZjc3Mjg2LzEvdEkwNktIekJCWTNjaVR4Q3ZyRmR4bi1BRjg4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OC84NzViYTUtOGJiMS00OGFiLWI0N2QtODFmZWEwZjc3Mjg2
LzEvem5ELWFZNU5ycDE4TXJ3VmJFR0FaUDNQOUxBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuQ+EMA0G
CSqGSIb3DQEBCwUAA4IBAQAlK/sWTxbJT+wJiXGPmyyOvDTmHlefIBVumJXuroXB
ydbKtjtkLHUIskmz/4uhDvlUVZPKb8KYH5CYNAkOmZVRk9SmhSaab9WPNTdoRKnj
PJW+YU0IbqaBTdsHdq5xC8iktWgXEEU86GlM0Pg6gdh8ZjiED/cBEZG8LF6xA3Vv
ni18H/xbb4Qmmr6OLtV1VauvTBja7sezVCzLJKKkJSB/sKWRyXYrwvaZn5pQor6k
mg1zF+hG3PxWamSq0O7AXPyTes6aUknPRP3dXxC1KmL7uK4d6mFzUZTeG2kWKLyo
dAhI/Buz1CluBbcbUOvMGCb9+6XAQZwc9FTurArf82ZW
-----END CERTIFICATE-----