Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6f/f2c803-43c8-44bb-9dd0-651229830170/1/SjvSMbvX_pvw3i1Pn6Bx1TTyu6U.roa
File:                     SjvSMbvX_pvw3i1Pn6Bx1TTyu6U.roa (raw, json)
Hash identifier:          kgWKItzA9z25TXtV7XlZgfoMV6KRvWKz0GsOPfm6isI=
Subject key identifier:   4A:3B:D2:31:BB:D7:FE:9B:F0:DE:2D:4F:9F:A0:71:D5:34:F2:BB:A5
Certificate issuer:       /CN=2aa380e230cb334361b4861e2f694124387f8529
Certificate serial:       01941F8C9C1DEAFFA6B6BBCC64948518A882
Authority key identifier: 2A:A3:80:E2:30:CB:33:43:61:B4:86:1E:2F:69:41:24:38:7F:85:29
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KqOA4jDLM0NhtIYeL2lBJDh_hSk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6f/f2c803-43c8-44bb-9dd0-651229830170/1/SjvSMbvX_pvw3i1Pn6Bx1TTyu6U.roa
Signing time:             Wed 01 Jan 2025 01:48:16 +0000
ROA not before:           Wed 01 Jan 2025 01:48:16 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     203022
IP address blocks:        185.213.128.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6f/f2c803-43c8-44bb-9dd0-651229830170/1/KqOA4jDLM0NhtIYeL2lBJDh_hSk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6f/f2c803-43c8-44bb-9dd0-651229830170/1/KqOA4jDLM0NhtIYeL2lBJDh_hSk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KqOA4jDLM0NhtIYeL2lBJDh_hSk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:8c:9c:1d:ea:ff:a6:b6:bb:cc:64:94:85:18:a8:82
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2aa380e230cb334361b4861e2f694124387f8529
        Validity
            Not Before: Jan  1 01:48:16 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4a3bd231bbd7fe9bf0de2d4f9fa071d534f2bba5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:1a:87:03:68:d1:96:37:9e:13:1c:b1:7b:9b:
                    94:1c:93:c9:f9:07:15:c4:7b:cd:c9:76:d3:aa:0c:
                    80:5d:e1:13:06:6a:2b:70:9a:4b:11:f6:ca:a5:52:
                    ca:ce:61:bf:5a:ad:d1:71:19:5d:5c:03:ef:5d:96:
                    20:7d:fe:30:fe:ad:ee:7a:2c:5b:fa:e6:67:b9:73:
                    69:19:ce:3e:c7:5b:2e:4c:68:4d:76:a0:94:f5:0b:
                    ab:16:6f:d8:05:51:44:6a:df:86:0e:fe:b7:85:65:
                    a4:08:47:38:7e:35:f0:69:65:2b:fc:74:f9:a7:2c:
                    60:21:6e:89:f0:dd:f4:3b:f1:55:9e:55:17:52:1b:
                    31:a5:54:d9:2d:21:52:91:cf:75:7d:0b:e8:f0:3f:
                    5f:9a:7d:11:b2:cc:9d:98:4c:02:de:b4:d8:fd:6a:
                    c6:b3:d6:4b:bb:70:3c:ff:7e:88:8b:1e:6f:ee:cc:
                    d7:cd:99:eb:15:75:92:3f:d5:f6:d0:f6:7e:46:f4:
                    58:ec:fa:a1:82:42:b6:8b:ef:1e:c2:13:59:e3:1f:
                    a8:26:e7:aa:51:89:c5:1c:2d:78:2e:a6:f3:44:34:
                    b0:e4:32:2a:ac:82:03:c8:9a:34:f9:18:9e:a3:f7:
                    e3:f5:13:51:ea:9a:2b:80:13:d2:00:ab:63:44:33:
                    58:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4A:3B:D2:31:BB:D7:FE:9B:F0:DE:2D:4F:9F:A0:71:D5:34:F2:BB:A5
            X509v3 Authority Key Identifier:
                keyid:2A:A3:80:E2:30:CB:33:43:61:B4:86:1E:2F:69:41:24:38:7F:85:29

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KqOA4jDLM0NhtIYeL2lBJDh_hSk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6f/f2c803-43c8-44bb-9dd0-651229830170/1/SjvSMbvX_pvw3i1Pn6Bx1TTyu6U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6f/f2c803-43c8-44bb-9dd0-651229830170/1/KqOA4jDLM0NhtIYeL2lBJDh_hSk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.213.128.0/22

    Signature Algorithm: sha256WithRSAEncryption
         41:b8:ca:7e:aa:ca:75:a5:b5:88:c0:73:be:fc:8e:0f:20:c2:
         df:18:28:2b:28:bb:91:dc:70:82:34:48:42:18:7a:2e:37:59:
         73:f8:94:06:0d:e9:a1:06:14:2a:af:da:d0:e9:fd:e8:9c:10:
         16:9d:fd:fa:66:9a:a6:4f:c5:f6:03:8e:a8:82:7e:79:d4:ce:
         a0:09:50:8c:61:05:2b:56:49:f8:da:65:55:29:80:a9:2b:2c:
         f0:77:0a:fc:ec:27:f0:9e:b1:70:85:b0:f0:c1:63:00:3d:f7:
         ab:00:9a:ec:6e:13:27:5a:1d:53:6e:95:65:9a:ee:13:25:11:
         e6:be:58:db:76:55:e5:af:02:c5:d2:08:cd:6f:6e:0b:4b:d4:
         c5:57:c7:68:b2:e6:87:f4:ac:90:44:03:12:14:2d:fe:b2:c2:
         97:b9:3b:ca:ee:b1:b2:51:ef:a7:ba:49:7d:95:2e:86:9a:81:
         4c:ff:42:b8:f0:8c:1a:43:0e:1e:e6:8c:67:18:8a:26:ce:30:
         b0:19:61:74:47:b5:df:ea:bb:0d:b9:70:38:59:cd:d9:86:2e:
         e2:c2:8c:d4:b6:0e:c7:7e:59:22:46:6b:53:1b:41:31:03:cc:
         69:2d:7c:c0:be:98:c6:4a:94:dc:21:0e:cb:1d:8b:64:58:2f:
         e9:34:fd:e7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQfjJwd6v+mtrvMZJSFGKiCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhYTM4MGUyMzBjYjMzNDM2MWI0ODYxZTJmNjk0MTI0Mzg3
Zjg1MjkwHhcNMjUwMTAxMDE0ODE2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YTNiZDIzMWJiZDdmZTliZjBkZTJkNGY5ZmEwNzFkNTM0ZjJiYmE1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0hqHA2jRljeeExyxe5uUHJPJ+QcV
xHvNyXbTqgyAXeETBmorcJpLEfbKpVLKzmG/Wq3RcRldXAPvXZYgff4w/q3ueixb
+uZnuXNpGc4+x1suTGhNdqCU9QurFm/YBVFEat+GDv63hWWkCEc4fjXwaWUr/HT5
pyxgIW6J8N30O/FVnlUXUhsxpVTZLSFSkc91fQvo8D9fmn0RssydmEwC3rTY/WrG
s9ZLu3A8/36Iix5v7szXzZnrFXWSP9X20PZ+RvRY7PqhgkK2i+8ewhNZ4x+oJueq
UYnFHC14LqbzRDSw5DIqrIIDyJo0+Rieo/fj9RNR6porgBPSAKtjRDNYRQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEo70jG71/6b8N4tT5+gcdU08rulMB8GA1UdIwQY
MBaAFCqjgOIwyzNDYbSGHi9pQSQ4f4UpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS3FPQTRqRExNME5odElZZUwybEJKRGhfaFNrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Zi9mMmM4MDMtNDNjOC00NGJiLTlkZDAt
NjUxMjI5ODMwMTcwLzEvU2p2U01idlhfcHZ3M2kxUG42QngxVFR5dTZVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Zi9mMmM4MDMtNDNjOC00NGJiLTlkZDAtNjUxMjI5ODMwMTcw
LzEvS3FPQTRqRExNME5odElZZUwybEJKRGhfaFNrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCudWAMA0G
CSqGSIb3DQEBCwUAA4IBAQBBuMp+qsp1pbWIwHO+/I4PIMLfGCgrKLuR3HCCNEhC
GHouN1lz+JQGDemhBhQqr9rQ6f3onBAWnf36ZpqmT8X2A46ogn551M6gCVCMYQUr
Vkn42mVVKYCpKyzwdwr87CfwnrFwhbDwwWMAPferAJrsbhMnWh1TbpVlmu4TJRHm
vljbdlXlrwLF0gjNb24LS9TFV8dosuaH9KyQRAMSFC3+ssKXuTvK7rGyUe+nukl9
lS6GmoFM/0K48IwaQw4e5oxnGIomzjCwGWF0R7Xf6rsNuXA4Wc3Zhi7iwozUtg7H
flkiRmtTG0ExA8xpLXzAvpjGSpTcIQ7LHYtkWC/pNP3n
-----END CERTIFICATE-----