Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/URcS44h5p_ee9dsnwhclak6T8jU.roa
File:                     URcS44h5p_ee9dsnwhclak6T8jU.roa (raw, json)
Hash identifier:          PloYM4VGnKlDlq+Kl1UcDwczYmFtR6608rE1ZX7nGRk=
Subject key identifier:   51:17:12:E3:88:79:A7:F7:9E:F5:DB:27:C2:17:25:6A:4E:93:F2:35
Certificate issuer:       /CN=f04a58047f37bbc057944bbf8cad8742879592da
Certificate serial:       01942369C416414F5BA8B46856139C6F5F7A
Authority key identifier: F0:4A:58:04:7F:37:BB:C0:57:94:4B:BF:8C:AD:87:42:87:95:92:DA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/URcS44h5p_ee9dsnwhclak6T8jU.roa
Signing time:             Wed 01 Jan 2025 19:48:41 +0000
ROA not before:           Wed 01 Jan 2025 19:48:41 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     28022
IP address blocks:        190.106.64.0/20 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 13:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:69:c4:16:41:4f:5b:a8:b4:68:56:13:9c:6f:5f:7a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f04a58047f37bbc057944bbf8cad8742879592da
        Validity
            Not Before: Jan  1 19:48:41 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=511712e38879a7f79ef5db27c217256a4e93f235
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:e1:48:ea:f3:85:4b:96:f5:63:6a:ba:67:44:
                    c3:43:f0:66:7c:67:51:ae:4f:ec:eb:53:e4:40:55:
                    8c:80:22:7d:33:77:bf:20:e2:d0:cf:8c:fc:c5:6e:
                    fd:61:59:b0:af:93:ce:5a:9d:88:ed:e2:be:35:2a:
                    29:46:e1:e7:a5:19:36:e8:91:1c:c9:99:2c:b6:15:
                    3b:9d:e5:f0:3a:b0:48:7c:75:e1:5d:e8:bd:79:c7:
                    3f:23:cb:f3:49:36:e3:c4:df:23:3d:7c:2e:4f:a2:
                    6c:dc:37:65:24:31:49:76:f8:48:61:6f:fd:2c:08:
                    a2:7a:d6:45:8d:bc:34:e2:0d:b4:01:a2:55:c1:6a:
                    4b:38:89:46:cd:41:c0:c6:0d:3e:91:37:be:a0:d3:
                    1f:6a:a1:0e:ed:a2:f9:31:e9:9b:ee:70:2f:bf:27:
                    0e:a4:33:ec:a9:6a:54:e8:85:6e:6e:e4:57:69:7d:
                    a5:22:58:bf:37:41:8f:65:da:1d:43:a4:43:fa:32:
                    d5:b4:c4:1a:ff:f5:e5:66:13:b0:91:92:9d:b3:c7:
                    f6:9f:be:28:46:05:94:24:bf:ad:47:d6:9c:e7:a1:
                    97:97:f3:b4:55:f0:81:c9:cb:f5:2e:19:c2:e5:b6:
                    6b:05:d7:dd:92:c3:6e:8d:5a:9d:53:3f:9c:97:d3:
                    1f:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                51:17:12:E3:88:79:A7:F7:9E:F5:DB:27:C2:17:25:6A:4E:93:F2:35
            X509v3 Authority Key Identifier:
                keyid:F0:4A:58:04:7F:37:BB:C0:57:94:4B:BF:8C:AD:87:42:87:95:92:DA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/URcS44h5p_ee9dsnwhclak6T8jU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  190.106.64.0/20

    Signature Algorithm: sha256WithRSAEncryption
         66:93:8f:13:b2:83:c2:2b:9a:a1:16:e4:70:c2:52:e6:6d:44:
         d5:ad:44:b8:c4:6d:67:69:8e:e9:b8:94:b0:bd:3a:01:d5:99:
         4b:fa:06:8d:b3:3b:e5:48:90:aa:9d:c0:ce:b3:cd:79:62:90:
         ee:9c:b7:ed:bd:95:77:09:4f:73:01:3a:31:78:e3:b9:0d:84:
         1c:f6:6e:4b:ca:24:5e:88:e7:b8:5d:c3:bc:16:9b:eb:86:b8:
         58:a6:ba:43:ba:18:f9:70:b6:ee:ba:ec:d9:f4:ce:17:a8:a3:
         82:1b:e5:a9:05:cb:63:a2:25:12:9b:9b:21:5e:15:11:7d:d8:
         d7:2c:2a:17:38:f8:a0:2d:54:fb:f0:a9:02:66:c0:17:64:86:
         dc:f0:a3:61:57:b7:26:82:c4:4f:7c:a9:da:17:83:90:f9:8b:
         ea:ad:46:0c:f0:82:68:c2:14:d7:0b:d7:c0:94:9a:60:0f:c3:
         b4:dd:22:93:4d:62:e1:41:31:32:8c:41:60:50:50:3c:98:c3:
         b5:64:4b:00:fe:8e:75:11:c6:10:5b:a1:94:e0:36:41:ec:24:
         fe:15:97:b1:9f:5e:a2:c0:55:15:5c:fc:1a:dc:dd:27:95:9e:
         e3:fb:7b:d1:8f:e3:76:34:5e:b5:7f:8d:a8:10:28:ee:9a:63:
         a3:29:5b:03
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQjacQWQU9bqLRoVhOcb196MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYwNGE1ODA0N2YzN2JiYzA1Nzk0NGJiZjhjYWQ4NzQyODc5
NTkyZGEwHhcNMjUwMTAxMTk0ODQxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MTE3MTJlMzg4NzlhN2Y3OWVmNWRiMjdjMjE3MjU2YTRlOTNmMjM1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs+FI6vOFS5b1Y2q6Z0TDQ/BmfGdR
rk/s61PkQFWMgCJ9M3e/IOLQz4z8xW79YVmwr5POWp2I7eK+NSopRuHnpRk26JEc
yZksthU7neXwOrBIfHXhXei9ecc/I8vzSTbjxN8jPXwuT6Js3DdlJDFJdvhIYW/9
LAiietZFjbw04g20AaJVwWpLOIlGzUHAxg0+kTe+oNMfaqEO7aL5Memb7nAvvycO
pDPsqWpU6IVubuRXaX2lIli/N0GPZdodQ6RD+jLVtMQa//XlZhOwkZKds8f2n74o
RgWUJL+tR9ac56GXl/O0VfCBycv1LhnC5bZrBdfdksNujVqdUz+cl9MfnwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFEXEuOIeaf3nvXbJ8IXJWpOk/I1MB8GA1UdIwQY
MBaAFPBKWAR/N7vAV5RLv4yth0KHlZLaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOEVwWUJIODN1OEJYbEV1X2pLMkhRb2VWa3RvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni8yYmE5N2UtNTk4Yi00OGRkLThkNTYt
ZjVmYjcxYjlhNTFmLzEvVVJjUzQ0aDVwX2VlOWRzbndoY2xhazZUOGpVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni8yYmE5N2UtNTk4Yi00OGRkLThkNTYtZjVmYjcxYjlhNTFm
LzEvOEVwWUJIODN1OEJYbEV1X2pLMkhRb2VWa3RvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQEvmpAMA0G
CSqGSIb3DQEBCwUAA4IBAQBmk48TsoPCK5qhFuRwwlLmbUTVrUS4xG1naY7puJSw
vToB1ZlL+gaNszvlSJCqncDOs815YpDunLftvZV3CU9zAToxeOO5DYQc9m5LyiRe
iOe4XcO8FpvrhrhYprpDuhj5cLbuuuzZ9M4XqKOCG+WpBctjoiUSm5shXhURfdjX
LCoXOPigLVT78KkCZsAXZIbc8KNhV7cmgsRPfKnaF4OQ+YvqrUYM8IJowhTXC9fA
lJpgD8O03SKTTWLhQTEyjEFgUFA8mMO1ZEsA/o51EcYQW6GU4DZB7CT+FZexn16i
wFUVXPwa3N0nlZ7j+3vRj+N2NF61f42oECjummOjKVsD
-----END CERTIFICATE-----