Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6c/185362-c8d9-456f-9e2c-eb4a96c38c6f/1/C33JEEkzeUPfbth7teviRKyxbuE.roa
File:                     C33JEEkzeUPfbth7teviRKyxbuE.roa (raw, json)
Hash identifier:          bhxYSOeRjG5Bc/CRRVr1eQSS4+raxx1XaOAQhc1D4HU=
Subject key identifier:   0B:7D:C9:10:49:33:79:43:DF:6E:D8:7B:B5:EB:E2:44:AC:B1:6E:E1
Certificate issuer:       /CN=edfe3f6f6d98714e01f08c73b2644368774e8660
Certificate serial:       019422FC39DF452F285FD0DF89A4ADB4FBDF
Authority key identifier: ED:FE:3F:6F:6D:98:71:4E:01:F0:8C:73:B2:64:43:68:77:4E:86:60
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7f4_b22YcU4B8IxzsmRDaHdOhmA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6c/185362-c8d9-456f-9e2c-eb4a96c38c6f/1/C33JEEkzeUPfbth7teviRKyxbuE.roa
Signing time:             Wed 01 Jan 2025 17:49:02 +0000
ROA not before:           Wed 01 Jan 2025 17:49:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     5650
IP address blocks:        194.50.144.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6c/185362-c8d9-456f-9e2c-eb4a96c38c6f/1/7f4_b22YcU4B8IxzsmRDaHdOhmA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6c/185362-c8d9-456f-9e2c-eb4a96c38c6f/1/7f4_b22YcU4B8IxzsmRDaHdOhmA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7f4_b22YcU4B8IxzsmRDaHdOhmA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 11:01:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:fc:39:df:45:2f:28:5f:d0:df:89:a4:ad:b4:fb:df
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=edfe3f6f6d98714e01f08c73b2644368774e8660
        Validity
            Not Before: Jan  1 17:49:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0b7dc91049337943df6ed87bb5ebe244acb16ee1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:7d:ad:97:52:13:fe:de:d7:94:92:1b:07:8a:
                    49:4c:13:51:74:e4:42:9a:47:4a:a9:7f:6f:e9:81:
                    42:dd:15:e5:4b:35:9f:e6:ca:79:2f:d1:34:bc:55:
                    5f:fe:09:fb:d8:4b:ea:d6:4c:63:8a:eb:e0:05:97:
                    2b:fb:5a:fd:91:fb:98:1a:9f:70:69:60:a9:94:9d:
                    01:33:ab:d9:c4:90:ee:95:39:e8:08:54:97:7a:eb:
                    40:84:7d:1d:e1:68:19:70:ec:a1:06:45:52:d8:23:
                    2a:f1:65:b0:3e:0a:83:30:8a:9d:06:b3:31:e9:de:
                    6f:c8:fa:e6:32:ba:ef:16:2f:a8:2b:28:21:8f:bf:
                    6e:aa:55:88:ef:ca:07:a8:fd:6c:9a:a9:74:e6:54:
                    2b:c7:a9:a1:90:c2:84:63:18:9c:fa:29:ab:b4:9f:
                    b3:18:1c:38:91:56:f6:b8:98:67:83:0e:df:0f:b1:
                    3c:e0:e7:ec:7b:be:8e:7f:ac:f8:b6:36:69:42:e0:
                    69:b2:3b:00:ab:f6:01:87:13:3f:58:f0:7b:f5:67:
                    e9:0c:73:88:13:90:56:6c:ee:29:34:1e:70:5f:d6:
                    a0:9c:74:f8:0f:f0:c5:fa:d0:a7:c1:16:93:e2:3d:
                    ed:9e:5c:da:e3:7c:64:c6:5e:f0:86:23:c2:ca:2c:
                    8c:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0B:7D:C9:10:49:33:79:43:DF:6E:D8:7B:B5:EB:E2:44:AC:B1:6E:E1
            X509v3 Authority Key Identifier:
                keyid:ED:FE:3F:6F:6D:98:71:4E:01:F0:8C:73:B2:64:43:68:77:4E:86:60

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7f4_b22YcU4B8IxzsmRDaHdOhmA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6c/185362-c8d9-456f-9e2c-eb4a96c38c6f/1/C33JEEkzeUPfbth7teviRKyxbuE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6c/185362-c8d9-456f-9e2c-eb4a96c38c6f/1/7f4_b22YcU4B8IxzsmRDaHdOhmA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.50.144.0/22

    Signature Algorithm: sha256WithRSAEncryption
         3a:d4:95:a9:f8:d5:f8:54:33:8d:89:1b:54:de:6d:ca:ca:00:
         90:a0:a7:16:98:79:67:6b:78:5b:4f:d8:b9:fa:f6:3b:85:c8:
         da:86:12:78:78:ca:b8:ac:dd:20:a6:24:d2:8d:48:2c:29:f8:
         35:94:22:3a:b3:b5:09:0b:bc:b6:d0:03:3b:0f:9d:38:0f:92:
         37:2b:c4:94:37:7b:ae:f7:49:f2:f3:a7:c0:d1:06:ed:73:30:
         56:6c:df:67:00:37:80:a0:30:81:be:6b:ce:ed:30:3a:31:98:
         30:67:1b:84:44:82:3b:2a:d4:f4:e1:6d:b4:be:e4:34:09:8d:
         46:86:5e:c7:cf:36:4a:f3:d9:1d:62:d8:09:a2:cd:47:78:be:
         57:29:44:b1:d5:5e:ae:b8:9d:29:bc:b5:81:cc:9c:94:02:a0:
         b3:85:15:9d:1e:af:e5:01:d1:54:84:ca:8e:53:f1:67:fc:60:
         69:bd:0c:62:ca:f9:ca:e4:ee:62:fd:fd:f6:1a:59:db:79:de:
         fa:2f:61:e7:73:49:a9:58:8a:99:95:85:a5:a1:85:12:95:0b:
         17:39:e4:1f:a7:08:d1:45:c1:52:68:28:25:e8:f6:29:65:b0:
         1d:1d:9b:1e:1a:7b:85:3e:9b:ab:b3:e4:65:2b:7d:2f:fc:80:
         25:f1:b0:66
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQi/DnfRS8oX9DfiaSttPvfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVkZmUzZjZmNmQ5ODcxNGUwMWYwOGM3M2IyNjQ0MzY4Nzc0
ZTg2NjAwHhcNMjUwMTAxMTc0OTAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYjdkYzkxMDQ5MzM3OTQzZGY2ZWQ4N2JiNWViZTI0NGFjYjE2ZWUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx32tl1IT/t7XlJIbB4pJTBNRdORC
mkdKqX9v6YFC3RXlSzWf5sp5L9E0vFVf/gn72Evq1kxjiuvgBZcr+1r9kfuYGp9w
aWCplJ0BM6vZxJDulTnoCFSXeutAhH0d4WgZcOyhBkVS2CMq8WWwPgqDMIqdBrMx
6d5vyPrmMrrvFi+oKyghj79uqlWI78oHqP1smql05lQrx6mhkMKEYxic+imrtJ+z
GBw4kVb2uJhngw7fD7E84Ofse76Of6z4tjZpQuBpsjsAq/YBhxM/WPB79WfpDHOI
E5BWbO4pNB5wX9agnHT4D/DF+tCnwRaT4j3tnlza43xkxl7whiPCyiyM0QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAt9yRBJM3lD327Ye7Xr4kSssW7hMB8GA1UdIwQY
MBaAFO3+P29tmHFOAfCMc7JkQ2h3ToZgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN2Y0X2IyMlljVTRCOEl4enNtUkRhSGRPaG1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Yy8xODUzNjItYzhkOS00NTZmLTllMmMt
ZWI0YTk2YzM4YzZmLzEvQzMzSkVFa3plVVBmYnRoN3RldmlSS3l4YnVFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Yy8xODUzNjItYzhkOS00NTZmLTllMmMtZWI0YTk2YzM4YzZm
LzEvN2Y0X2IyMlljVTRCOEl4enNtUkRhSGRPaG1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCwjKQMA0G
CSqGSIb3DQEBCwUAA4IBAQA61JWp+NX4VDONiRtU3m3KygCQoKcWmHlna3hbT9i5
+vY7hcjahhJ4eMq4rN0gpiTSjUgsKfg1lCI6s7UJC7y20AM7D504D5I3K8SUN3uu
90ny86fA0QbtczBWbN9nADeAoDCBvmvO7TA6MZgwZxuERII7KtT04W20vuQ0CY1G
hl7HzzZK89kdYtgJos1HeL5XKUSx1V6uuJ0pvLWBzJyUAqCzhRWdHq/lAdFUhMqO
U/Fn/GBpvQxiyvnK5O5i/f32Glnbed76L2Hnc0mpWIqZlYWloYUSlQsXOeQfpwjR
RcFSaCgl6PYpZbAdHZseGnuFPpurs+RlK30v/IAl8bBm
-----END CERTIFICATE-----