Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6a/c38797-d7fa-4a57-9f83-a16a34c46f30/1/xj83lBqnCiYenkchlr_-eEoB-30.roa
File:                     xj83lBqnCiYenkchlr_-eEoB-30.roa (raw, json)
Hash identifier:          rDaj6xDIGI3i5anidMQG7nyOyM3UPZwMFnNZdzH+C5s=
Subject key identifier:   C6:3F:37:94:1A:A7:0A:26:1E:9E:47:21:96:BF:FE:78:4A:01:FB:7D
Certificate issuer:       /CN=38879a78a58a485ccd8970f0432db8f3d771725b
Certificate serial:       019423D702F414D85125A7F2C21BF61D9414
Authority key identifier: 38:87:9A:78:A5:8A:48:5C:CD:89:70:F0:43:2D:B8:F3:D7:71:72:5B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OIeaeKWKSFzNiXDwQy2489dxcls.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6a/c38797-d7fa-4a57-9f83-a16a34c46f30/1/xj83lBqnCiYenkchlr_-eEoB-30.roa
Signing time:             Wed 01 Jan 2025 21:48:01 +0000
ROA not before:           Wed 01 Jan 2025 21:48:01 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     29422
IP address blocks:        185.196.232.0/22 maxlen: 22
                          2a0a:73c0::/29 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6a/c38797-d7fa-4a57-9f83-a16a34c46f30/1/OIeaeKWKSFzNiXDwQy2489dxcls.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6a/c38797-d7fa-4a57-9f83-a16a34c46f30/1/OIeaeKWKSFzNiXDwQy2489dxcls.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OIeaeKWKSFzNiXDwQy2489dxcls.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 23:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:d7:02:f4:14:d8:51:25:a7:f2:c2:1b:f6:1d:94:14
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=38879a78a58a485ccd8970f0432db8f3d771725b
        Validity
            Not Before: Jan  1 21:48:01 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c63f37941aa70a261e9e472196bffe784a01fb7d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:d9:7a:c8:e2:04:64:2c:c3:72:83:f1:d0:57:
                    85:3b:dd:45:2e:f4:86:1c:82:45:5e:44:10:9f:a5:
                    cd:59:1a:1c:ae:51:e3:3c:c0:77:97:b1:7a:77:59:
                    ec:4c:a4:66:b0:51:1a:90:9d:ab:9d:78:60:c3:4d:
                    b2:55:fc:65:44:c1:18:1e:66:46:b1:aa:c4:29:8c:
                    01:88:2b:62:eb:b8:85:68:29:a0:30:35:3c:7d:e1:
                    6c:e7:2b:14:3c:83:5f:79:fd:7b:d9:da:1b:0d:90:
                    f0:7c:38:37:a1:1b:76:97:9f:f9:c9:5a:74:29:dc:
                    35:11:c0:95:81:13:96:9e:8f:58:e7:eb:fc:04:55:
                    79:82:30:63:4a:74:08:9f:21:f9:88:3b:29:cd:05:
                    b0:33:fc:0a:45:2e:66:98:7f:05:d8:2e:66:4d:c7:
                    c1:43:c7:e0:d1:15:e5:f5:98:70:dc:c7:87:8e:89:
                    fa:2c:fc:f3:ce:05:cb:4c:44:1d:ba:24:d8:a6:e6:
                    99:0f:cd:58:36:8e:b4:96:c5:7c:24:93:b9:80:2e:
                    54:a3:df:bc:cb:66:ac:43:cb:6f:02:c0:64:ba:44:
                    0b:a2:58:98:bc:22:13:ad:0e:8a:a5:76:32:ee:73:
                    53:e3:47:f2:99:6d:80:79:fc:ff:b1:61:34:3a:76:
                    fb:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C6:3F:37:94:1A:A7:0A:26:1E:9E:47:21:96:BF:FE:78:4A:01:FB:7D
            X509v3 Authority Key Identifier:
                keyid:38:87:9A:78:A5:8A:48:5C:CD:89:70:F0:43:2D:B8:F3:D7:71:72:5B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OIeaeKWKSFzNiXDwQy2489dxcls.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/c38797-d7fa-4a57-9f83-a16a34c46f30/1/xj83lBqnCiYenkchlr_-eEoB-30.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/c38797-d7fa-4a57-9f83-a16a34c46f30/1/OIeaeKWKSFzNiXDwQy2489dxcls.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.196.232.0/22
                IPv6:
                  2a0a:73c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         1b:ba:71:0f:32:85:65:8f:c0:59:85:04:6e:05:4e:5b:ca:24:
         7f:8c:fc:6c:c6:9d:18:60:4c:2d:c5:58:be:68:12:39:28:e4:
         d7:52:fd:22:16:22:fa:1f:31:30:06:12:41:58:f4:a7:92:21:
         c0:46:1d:dd:d8:da:83:f4:85:bf:cc:a9:9a:cf:f2:92:07:5e:
         92:1b:91:c6:1d:e9:82:e1:7d:60:94:9c:ee:ea:13:3d:80:8b:
         52:3a:7a:d6:a9:45:45:13:a6:97:0d:1e:95:7b:f5:93:49:26:
         25:92:b1:a5:30:41:d5:51:c2:93:fc:a0:08:7d:75:9b:16:7f:
         a1:b2:94:6b:7f:be:ad:c0:41:6c:08:c7:c0:ec:5b:7a:7f:18:
         be:84:38:10:b9:f1:19:04:3c:0f:ce:7b:ac:e8:79:be:63:e1:
         28:1e:92:d4:8c:97:94:4b:77:91:60:c3:5c:bc:22:63:ee:f5:
         84:f2:5a:24:a0:3c:b7:a9:1f:fa:49:b7:94:2b:12:99:44:51:
         02:44:cf:53:78:e1:67:03:9f:0f:a5:3b:b9:3b:24:d0:e2:eb:
         b4:d6:b0:c7:9f:c7:f6:c2:b6:e3:0c:e1:96:f3:31:73:60:b8:
         ce:a5:fb:76:04:c8:2f:59:c7:56:61:31:0d:6b:ea:eb:5f:3a:
         91:cf:c5:2a
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQj1wL0FNhRJafywhv2HZQUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM4ODc5YTc4YTU4YTQ4NWNjZDg5NzBmMDQzMmRiOGYzZDc3
MTcyNWIwHhcNMjUwMTAxMjE0ODAxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNjNmMzc5NDFhYTcwYTI2MWU5ZTQ3MjE5NmJmZmU3ODRhMDFmYjdkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2tl6yOIEZCzDcoPx0FeFO91FLvSG
HIJFXkQQn6XNWRocrlHjPMB3l7F6d1nsTKRmsFEakJ2rnXhgw02yVfxlRMEYHmZG
sarEKYwBiCti67iFaCmgMDU8feFs5ysUPINfef172dobDZDwfDg3oRt2l5/5yVp0
Kdw1EcCVgROWno9Y5+v8BFV5gjBjSnQInyH5iDspzQWwM/wKRS5mmH8F2C5mTcfB
Q8fg0RXl9Zhw3MeHjon6LPzzzgXLTEQduiTYpuaZD81YNo60lsV8JJO5gC5Uo9+8
y2asQ8tvAsBkukQLoliYvCITrQ6KpXYy7nNT40fymW2Aefz/sWE0Onb7zwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFMY/N5QapwomHp5HIZa//nhKAft9MB8GA1UdIwQY
MBaAFDiHmnilikhczYlw8EMtuPPXcXJbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT0llYWVLV0tTRnpOaVhEd1F5MjQ4OWR4Y2xzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82YS9jMzg3OTctZDdmYS00YTU3LTlmODMt
YTE2YTM0YzQ2ZjMwLzEveGo4M2xCcW5DaVllbmtjaGxyXy1lRW9CLTMwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82YS9jMzg3OTctZDdmYS00YTU3LTlmODMtYTE2YTM0YzQ2ZjMw
LzEvT0llYWVLV0tTRnpOaVhEd1F5MjQ4OWR4Y2xzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCucToMA0E
AgACMAcDBQMqCnPAMA0GCSqGSIb3DQEBCwUAA4IBAQAbunEPMoVlj8BZhQRuBU5b
yiR/jPxsxp0YYEwtxVi+aBI5KOTXUv0iFiL6HzEwBhJBWPSnkiHARh3d2NqD9IW/
zKmaz/KSB16SG5HGHemC4X1glJzu6hM9gItSOnrWqUVFE6aXDR6Ve/WTSSYlkrGl
MEHVUcKT/KAIfXWbFn+hspRrf76twEFsCMfA7Ft6fxi+hDgQufEZBDwPznus6Hm+
Y+EoHpLUjJeUS3eRYMNcvCJj7vWE8lokoDy3qR/6SbeUKxKZRFECRM9TeOFnA58P
pTu5OyTQ4uu01rDHn8f2wrbjDOGW8zFzYLjOpft2BMgvWcdWYTENa+rrXzqRz8Uq
-----END CERTIFICATE-----