Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5c/bab194-5e24-4ead-8f49-37ed99143aae/1/7IOpXXsSdgZOXKMUMqGRoYqSO7Y.roa
File:                     7IOpXXsSdgZOXKMUMqGRoYqSO7Y.roa (raw, json)
Hash identifier:          eWhYbG4w7zhq0NpzbdSAGZQzXbPmck0Kggk9IJsP8fM=
Subject key identifier:   EC:83:A9:5D:7B:12:76:06:4E:5C:A3:14:32:A1:91:A1:8A:92:3B:B6
Certificate issuer:       /CN=44f885220f1719f5837cb5a36fa62f3f537e8e3f
Certificate serial:       019422FB54DD1423F6F3CB8764893846001F
Authority key identifier: 44:F8:85:22:0F:17:19:F5:83:7C:B5:A3:6F:A6:2F:3F:53:7E:8E:3F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RPiFIg8XGfWDfLWjb6YvP1N-jj8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5c/bab194-5e24-4ead-8f49-37ed99143aae/1/7IOpXXsSdgZOXKMUMqGRoYqSO7Y.roa
Signing time:             Wed 01 Jan 2025 17:48:04 +0000
ROA not before:           Wed 01 Jan 2025 17:48:04 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     51222
IP address blocks:        195.54.36.0/24 maxlen: 24
                          195.54.37.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5c/bab194-5e24-4ead-8f49-37ed99143aae/1/RPiFIg8XGfWDfLWjb6YvP1N-jj8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5c/bab194-5e24-4ead-8f49-37ed99143aae/1/RPiFIg8XGfWDfLWjb6YvP1N-jj8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RPiFIg8XGfWDfLWjb6YvP1N-jj8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 14 Mar 2025 00:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:fb:54:dd:14:23:f6:f3:cb:87:64:89:38:46:00:1f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=44f885220f1719f5837cb5a36fa62f3f537e8e3f
        Validity
            Not Before: Jan  1 17:48:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ec83a95d7b1276064e5ca31432a191a18a923bb6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:c4:fe:f8:4d:f7:68:4e:5f:ca:03:04:e3:5b:
                    a1:71:42:99:de:c1:14:40:4d:f3:53:e4:5b:b5:43:
                    fb:65:1d:a5:81:69:d7:77:eb:d0:e1:a2:98:7f:1d:
                    a0:0a:ba:cc:60:de:c4:80:b9:96:ce:1d:07:91:4d:
                    01:12:8f:8d:f1:50:a3:67:d6:d4:5c:64:86:01:ee:
                    19:c9:b0:02:29:9a:e3:10:52:5e:d8:aa:82:61:b2:
                    7b:3f:df:08:d6:44:a7:61:b0:a4:58:6b:c9:cb:c4:
                    f2:d9:40:ef:1b:0e:18:5b:a0:d2:b0:38:2b:de:3e:
                    37:47:e2:3a:db:ff:ac:c3:65:55:57:9a:c8:e7:8e:
                    4a:e3:08:20:b2:99:10:ea:00:d1:33:98:93:f6:7f:
                    41:a4:67:f3:1f:f5:0c:ce:e4:3e:24:1e:1a:75:72:
                    2a:cd:b5:a8:f2:13:71:17:80:20:07:c9:b2:82:51:
                    b4:f4:32:f2:1e:ef:8e:ad:af:ec:86:34:44:0c:57:
                    23:af:7b:12:44:22:52:ee:4c:33:d9:39:6e:4b:64:
                    56:d5:4c:cd:2b:b5:a3:85:b9:bc:6c:a3:ca:c4:99:
                    73:b2:4c:12:13:15:e8:7e:4a:ec:81:a2:ce:db:7d:
                    d7:31:5d:ab:6a:14:e2:46:f3:d1:76:0a:2b:cc:2a:
                    69:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EC:83:A9:5D:7B:12:76:06:4E:5C:A3:14:32:A1:91:A1:8A:92:3B:B6
            X509v3 Authority Key Identifier:
                keyid:44:F8:85:22:0F:17:19:F5:83:7C:B5:A3:6F:A6:2F:3F:53:7E:8E:3F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RPiFIg8XGfWDfLWjb6YvP1N-jj8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5c/bab194-5e24-4ead-8f49-37ed99143aae/1/7IOpXXsSdgZOXKMUMqGRoYqSO7Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5c/bab194-5e24-4ead-8f49-37ed99143aae/1/RPiFIg8XGfWDfLWjb6YvP1N-jj8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.54.36.0/23

    Signature Algorithm: sha256WithRSAEncryption
         54:88:68:6a:e7:34:b7:8e:e0:e7:3f:b0:ba:76:59:29:32:47:
         66:37:82:e5:bd:58:37:eb:6f:3c:ba:1f:6f:a5:2d:f6:56:09:
         f8:9e:ac:5f:fc:cc:ea:bd:2d:30:44:f6:f8:9b:63:4c:87:07:
         03:46:a9:a6:ff:70:3a:56:c4:ed:fc:94:30:4c:8b:16:4d:78:
         44:42:b3:81:d4:7b:9b:93:e4:df:ff:73:0c:b8:49:54:e5:f8:
         39:f0:3e:7d:b9:3c:86:5e:8f:e4:44:70:47:73:bc:c6:f4:cf:
         b2:b5:0c:ea:a7:8b:cb:7a:96:0a:16:84:e7:73:08:66:21:a8:
         fb:87:db:9d:cf:42:e9:7c:36:7a:10:da:13:fa:14:92:72:75:
         71:a9:fc:14:04:94:72:b6:17:e5:56:3c:98:93:e7:1e:a7:15:
         08:64:f0:b0:56:d8:0d:dc:6e:ec:45:2a:9f:22:dd:be:41:9f:
         77:a7:15:20:77:8d:10:7c:9b:9d:b7:66:db:2d:df:6d:33:9e:
         b6:78:96:69:96:17:5d:f0:65:ac:31:09:99:7f:3f:94:a3:07:
         b7:e3:0a:b6:bf:43:33:1a:52:ca:20:8b:8f:c8:14:46:17:ea:
         47:d8:82:0d:7f:3e:a4:3d:f2:bd:b5:39:c8:0c:71:5d:03:4f:
         08:48:07:42
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQi+1TdFCP288uHZIk4RgAfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ0Zjg4NTIyMGYxNzE5ZjU4MzdjYjVhMzZmYTYyZjNmNTM3
ZThlM2YwHhcNMjUwMTAxMTc0ODA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYzgzYTk1ZDdiMTI3NjA2NGU1Y2EzMTQzMmExOTFhMThhOTIzYmI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtcT++E33aE5fygME41uhcUKZ3sEU
QE3zU+RbtUP7ZR2lgWnXd+vQ4aKYfx2gCrrMYN7EgLmWzh0HkU0BEo+N8VCjZ9bU
XGSGAe4ZybACKZrjEFJe2KqCYbJ7P98I1kSnYbCkWGvJy8Ty2UDvGw4YW6DSsDgr
3j43R+I62/+sw2VVV5rI545K4wggspkQ6gDRM5iT9n9BpGfzH/UMzuQ+JB4adXIq
zbWo8hNxF4AgB8myglG09DLyHu+Ora/shjREDFcjr3sSRCJS7kwz2TluS2RW1UzN
K7Wjhbm8bKPKxJlzskwSExXofkrsgaLO233XMV2rahTiRvPRdgorzCpppwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOyDqV17EnYGTlyjFDKhkaGKkju2MB8GA1UdIwQY
MBaAFET4hSIPFxn1g3y1o2+mLz9Tfo4/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUlBpRklnOFhHZldEZkxXamI2WXZQMU4tamo4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yy9iYWIxOTQtNWUyNC00ZWFkLThmNDkt
MzdlZDk5MTQzYWFlLzEvN0lPcFhYc1NkZ1pPWEtNVU1xR1JvWXFTTzdZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yy9iYWIxOTQtNWUyNC00ZWFkLThmNDktMzdlZDk5MTQzYWFl
LzEvUlBpRklnOFhHZldEZkxXamI2WXZQMU4tamo4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwzYkMA0G
CSqGSIb3DQEBCwUAA4IBAQBUiGhq5zS3juDnP7C6dlkpMkdmN4LlvVg36288uh9v
pS32Vgn4nqxf/MzqvS0wRPb4m2NMhwcDRqmm/3A6VsTt/JQwTIsWTXhEQrOB1Hub
k+Tf/3MMuElU5fg58D59uTyGXo/kRHBHc7zG9M+ytQzqp4vLepYKFoTncwhmIaj7
h9udz0LpfDZ6ENoT+hSScnVxqfwUBJRythflVjyYk+cepxUIZPCwVtgN3G7sRSqf
It2+QZ93pxUgd40QfJudt2bbLd9tM562eJZplhdd8GWsMQmZfz+Uowe34wq2v0Mz
GlLKIIuPyBRGF+pH2IINfz6kPfK9tTnIDHFdA08ISAdC
-----END CERTIFICATE-----