Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5b/7eb7c3-e34a-4fbc-9272-4c1c57a81ffd/1/KrWaj3PmGUr__R-XWPo-LvjSSzE.roa
File:                     KrWaj3PmGUr__R-XWPo-LvjSSzE.roa (raw, json)
Hash identifier:          D32/8FWqAF1z0NVQywtDopSVNiH+dneRDeaovNlaE+U=
Subject key identifier:   2A:B5:9A:8F:73:E6:19:4A:FF:FD:1F:97:58:FA:3E:2E:F8:D2:4B:31
Certificate issuer:       /CN=b859db7f2c2e3b3abd8bf415f0ce1fff334329ec
Certificate serial:       019421B190F012D0DDE392FEE168B003C15C
Authority key identifier: B8:59:DB:7F:2C:2E:3B:3A:BD:8B:F4:15:F0:CE:1F:FF:33:43:29:EC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uFnbfywuOzq9i_QV8M4f_zNDKew.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5b/7eb7c3-e34a-4fbc-9272-4c1c57a81ffd/1/KrWaj3PmGUr__R-XWPo-LvjSSzE.roa
Signing time:             Wed 01 Jan 2025 11:47:52 +0000
ROA not before:           Wed 01 Jan 2025 11:47:52 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     43366
IP address blocks:        185.159.136.0/22 maxlen: 24
                          195.28.22.0/23 maxlen: 24
                          2a07:b440::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5b/7eb7c3-e34a-4fbc-9272-4c1c57a81ffd/1/uFnbfywuOzq9i_QV8M4f_zNDKew.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5b/7eb7c3-e34a-4fbc-9272-4c1c57a81ffd/1/uFnbfywuOzq9i_QV8M4f_zNDKew.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/uFnbfywuOzq9i_QV8M4f_zNDKew.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 08:01:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:b1:90:f0:12:d0:dd:e3:92:fe:e1:68:b0:03:c1:5c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b859db7f2c2e3b3abd8bf415f0ce1fff334329ec
        Validity
            Not Before: Jan  1 11:47:52 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=2ab59a8f73e6194afffd1f9758fa3e2ef8d24b31
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:8b:bf:ae:f3:e9:47:a8:95:95:54:a8:8b:1c:
                    5b:49:ac:62:2f:02:28:8f:5d:1d:a7:7f:53:f9:b0:
                    e0:4a:b8:ec:74:31:c9:c2:92:1c:28:3e:2c:e4:c8:
                    a5:c7:06:4d:70:10:7c:6c:35:bd:c4:c5:8b:f6:21:
                    04:fb:8c:7a:4d:71:9b:98:94:5a:83:9b:eb:7f:70:
                    c8:4f:96:2c:03:98:ab:bb:17:f4:52:91:93:ac:4f:
                    df:ba:65:6c:2c:f3:e0:1c:d2:ac:ed:21:fa:c4:3f:
                    80:ad:84:77:88:c9:c6:65:3e:24:ab:dc:4d:cd:67:
                    7e:96:e3:ab:c8:04:fb:28:ab:33:8d:61:6e:d6:4b:
                    17:b6:db:c0:28:ba:f0:5f:5f:82:46:e8:9f:9b:52:
                    c1:a0:47:f9:9c:4e:7e:6f:3f:ca:bb:59:42:15:62:
                    a5:9c:1d:22:b0:e5:4d:21:0e:71:e8:52:c7:bd:d1:
                    01:64:ce:7e:1a:28:63:67:d7:54:22:52:29:77:be:
                    2d:2e:00:70:65:c7:e7:f2:4d:9d:d5:e1:3a:d4:95:
                    2b:70:f4:94:a2:8b:a4:aa:e6:de:18:4c:57:46:55:
                    25:0f:2d:fb:7a:93:46:27:1b:60:89:41:07:b1:70:
                    42:cd:ca:48:5c:b7:f6:23:7c:24:53:e5:d4:ca:53:
                    b0:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2A:B5:9A:8F:73:E6:19:4A:FF:FD:1F:97:58:FA:3E:2E:F8:D2:4B:31
            X509v3 Authority Key Identifier:
                keyid:B8:59:DB:7F:2C:2E:3B:3A:BD:8B:F4:15:F0:CE:1F:FF:33:43:29:EC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uFnbfywuOzq9i_QV8M4f_zNDKew.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/7eb7c3-e34a-4fbc-9272-4c1c57a81ffd/1/KrWaj3PmGUr__R-XWPo-LvjSSzE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/7eb7c3-e34a-4fbc-9272-4c1c57a81ffd/1/uFnbfywuOzq9i_QV8M4f_zNDKew.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.159.136.0/22
                  195.28.22.0/23
                IPv6:
                  2a07:b440::/29

    Signature Algorithm: sha256WithRSAEncryption
         2c:a6:74:d1:f0:2c:3e:f5:56:0f:44:8b:d5:99:57:37:6e:19:
         fb:b9:36:9e:28:54:53:44:50:75:25:8a:bf:05:d0:89:0e:ec:
         0b:34:9c:f3:92:65:71:be:46:37:8c:fb:f4:f0:c8:43:23:40:
         91:d0:f9:2b:b8:48:0b:da:a1:af:aa:e3:f1:ca:0a:8d:9a:95:
         48:25:34:eb:d7:5d:ba:c3:58:91:64:82:84:3d:aa:3e:7b:41:
         6f:8b:a4:13:2b:c1:f6:86:4d:bd:01:e4:ad:2b:39:04:78:f5:
         7c:c8:c2:61:0a:9d:f5:6f:53:62:04:b3:ce:8f:85:4e:35:a3:
         7f:c7:d2:a2:81:e5:30:b8:97:97:9f:29:91:a3:aa:1a:e1:37:
         d4:e3:63:29:06:8c:e3:17:29:27:73:15:f4:9c:4c:b2:85:48:
         99:be:62:d2:73:57:ba:6e:f8:f2:c8:50:e2:00:c1:53:e1:09:
         27:46:f9:54:ff:55:ac:26:8c:fb:8a:0a:fc:45:2b:70:bf:52:
         cf:df:46:b7:cd:fa:c6:7e:53:60:61:33:24:78:e4:65:ef:19:
         89:b6:2c:76:34:39:44:2d:20:20:dc:59:4b:05:74:44:44:31:
         45:7b:07:71:6a:b5:e9:ca:62:11:f4:3d:fe:4b:c8:1d:27:1f:
         16:77:f1:c7
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZQhsZDwEtDd45L+4WiwA8FcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI4NTlkYjdmMmMyZTNiM2FiZDhiZjQxNWYwY2UxZmZmMzM0
MzI5ZWMwHhcNMjUwMTAxMTE0NzUyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYWI1OWE4ZjczZTYxOTRhZmZmZDFmOTc1OGZhM2UyZWY4ZDI0YjMxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1ou/rvPpR6iVlVSoixxbSaxiLwIo
j10dp39T+bDgSrjsdDHJwpIcKD4s5MilxwZNcBB8bDW9xMWL9iEE+4x6TXGbmJRa
g5vrf3DIT5YsA5iruxf0UpGTrE/fumVsLPPgHNKs7SH6xD+ArYR3iMnGZT4kq9xN
zWd+luOryAT7KKszjWFu1ksXttvAKLrwX1+CRuifm1LBoEf5nE5+bz/Ku1lCFWKl
nB0isOVNIQ5x6FLHvdEBZM5+GihjZ9dUIlIpd74tLgBwZcfn8k2d1eE61JUrcPSU
ooukqubeGExXRlUlDy37epNGJxtgiUEHsXBCzcpIXLf2I3wkU+XUylOwBQIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFCq1mo9z5hlK//0fl1j6Pi740ksxMB8GA1UdIwQY
MBaAFLhZ238sLjs6vYv0FfDOH/8zQynsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdUZuYmZ5d3VPenE5aV9RVjhNNGZfek5ES2V3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yi83ZWI3YzMtZTM0YS00ZmJjLTkyNzIt
NGMxYzU3YTgxZmZkLzEvS3JXYWozUG1HVXJfX1ItWFdQby1MdmpTU3pFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yi83ZWI3YzMtZTM0YS00ZmJjLTkyNzItNGMxYzU3YTgxZmZk
LzEvdUZuYmZ5d3VPenE5aV9RVjhNNGZfek5ES2V3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQCuZ+IAwQB
wxwWMA0EAgACMAcDBQMqB7RAMA0GCSqGSIb3DQEBCwUAA4IBAQAspnTR8Cw+9VYP
RIvVmVc3bhn7uTaeKFRTRFB1JYq/BdCJDuwLNJzzkmVxvkY3jPv08MhDI0CR0Pkr
uEgL2qGvquPxygqNmpVIJTTr1126w1iRZIKEPao+e0Fvi6QTK8H2hk29AeStKzkE
ePV8yMJhCp31b1NiBLPOj4VONaN/x9KigeUwuJeXnymRo6oa4TfU42MpBozjFykn
cxX0nEyyhUiZvmLSc1e6bvjyyFDiAMFT4QknRvlU/1WsJoz7igr8RStwv1LP30a3
zfrGflNgYTMkeORl7xmJtix2NDlELSAg3FlLBXRERDFFewdxarXpymIR9D3+S8gd
Jx8Wd/HH
-----END CERTIFICATE-----