Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/72/26331c-34a1-4bc5-b75c-f2c7922faf32/1/dg19fPDPdlao_unFvCVYC9RvrNk.roa
File:                     dg19fPDPdlao_unFvCVYC9RvrNk.roa (raw, json)
Hash identifier:          1cfvjDRPYU7JD/YdM+FbsUT+iUhZddEmRAh2tZhtxpM=
Subject key identifier:   76:0D:7D:7C:F0:CF:76:56:A8:FE:E9:C5:BC:25:58:0B:D4:6F:AC:D9
Certificate issuer:       /CN=cfe0df82121438271c913c24ff50fd3b62d40dc6
Certificate serial:       019421B216CBB1483E5151CCE544A055C5C5
Authority key identifier: CF:E0:DF:82:12:14:38:27:1C:91:3C:24:FF:50:FD:3B:62:D4:0D:C6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/z-DfghIUOCcckTwk_1D9O2LUDcY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/72/26331c-34a1-4bc5-b75c-f2c7922faf32/1/dg19fPDPdlao_unFvCVYC9RvrNk.roa
Signing time:             Wed 01 Jan 2025 11:48:26 +0000
ROA not before:           Wed 01 Jan 2025 11:48:26 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     206844
IP address blocks:        171.22.245.0/24 maxlen: 24
                          171.22.246.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/72/26331c-34a1-4bc5-b75c-f2c7922faf32/1/z-DfghIUOCcckTwk_1D9O2LUDcY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/72/26331c-34a1-4bc5-b75c-f2c7922faf32/1/z-DfghIUOCcckTwk_1D9O2LUDcY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/z-DfghIUOCcckTwk_1D9O2LUDcY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 13 Apr 2025 23:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:b2:16:cb:b1:48:3e:51:51:cc:e5:44:a0:55:c5:c5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cfe0df82121438271c913c24ff50fd3b62d40dc6
        Validity
            Not Before: Jan  1 11:48:26 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=760d7d7cf0cf7656a8fee9c5bc25580bd46facd9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:09:54:7a:8d:7d:fb:ab:50:59:25:15:a7:7a:
                    ba:c8:32:31:e7:06:5f:9d:2a:9d:b3:85:fd:3a:af:
                    b9:55:21:ed:ea:3d:06:ac:79:1c:7d:89:0e:25:5c:
                    7a:15:eb:ff:7f:5d:5b:7e:b4:c3:d0:3d:32:7f:79:
                    f1:0e:a8:d8:81:53:95:c6:cc:e4:b1:7f:4b:12:fb:
                    9a:2e:03:b6:5c:db:0a:37:ce:3d:b3:67:37:54:2c:
                    bc:a3:41:3e:03:9d:e2:97:1f:66:57:e6:95:83:cb:
                    84:10:89:5c:15:ec:70:7b:56:8d:1c:ff:0a:bd:40:
                    38:e1:92:16:be:0e:39:75:72:28:5f:d7:55:72:26:
                    78:16:71:ec:4c:5f:86:fe:ff:04:77:f8:33:e4:6d:
                    5b:b5:01:a0:1b:67:83:2c:0b:fb:05:d3:ee:ca:6e:
                    71:28:39:aa:1f:76:27:1f:e2:c4:10:da:51:ee:45:
                    58:ea:42:14:e0:61:34:15:0c:21:9c:e7:6d:ab:56:
                    70:74:5e:70:10:08:f4:29:91:9b:6a:0f:16:e5:d4:
                    57:a1:6d:be:25:99:f0:34:89:09:09:5c:75:8a:9a:
                    7e:a3:14:ff:b6:bb:43:09:23:a7:7c:3f:8e:e1:92:
                    a3:86:5d:aa:83:5a:2f:5b:25:42:a0:30:25:74:8d:
                    cb:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                76:0D:7D:7C:F0:CF:76:56:A8:FE:E9:C5:BC:25:58:0B:D4:6F:AC:D9
            X509v3 Authority Key Identifier:
                keyid:CF:E0:DF:82:12:14:38:27:1C:91:3C:24:FF:50:FD:3B:62:D4:0D:C6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/z-DfghIUOCcckTwk_1D9O2LUDcY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/72/26331c-34a1-4bc5-b75c-f2c7922faf32/1/dg19fPDPdlao_unFvCVYC9RvrNk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/72/26331c-34a1-4bc5-b75c-f2c7922faf32/1/z-DfghIUOCcckTwk_1D9O2LUDcY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  171.22.245.0-171.22.247.255

    Signature Algorithm: sha256WithRSAEncryption
         a0:d9:e8:bc:fa:85:97:d8:8c:a6:2e:02:9f:cc:b8:e2:38:70:
         47:5a:07:22:d9:a2:d3:db:68:39:6c:bb:2a:3a:95:ea:41:67:
         68:45:e5:dd:12:99:27:f5:f7:71:01:91:8b:fc:49:85:6c:d4:
         8b:fa:17:d0:0c:76:2e:a9:5b:8b:ce:9c:7d:5d:05:dc:a7:00:
         56:3d:65:d7:2b:e8:a3:29:14:84:34:c2:e6:a4:b6:87:82:9c:
         ed:69:f9:b7:84:e3:3b:34:10:93:1a:9a:ed:62:b4:d3:94:f1:
         16:8f:21:7d:71:5a:96:9f:5a:cd:a2:18:1b:05:46:eb:5f:8f:
         15:7e:6f:df:e6:7b:6c:33:62:c9:04:2d:fa:10:17:7a:38:04:
         c7:fd:80:50:a5:ab:90:d3:c7:f9:e5:ab:70:ea:a3:7c:cc:74:
         02:5f:74:6c:70:0b:57:e3:c0:6a:44:b7:d0:6e:15:54:f5:74:
         08:3c:30:0e:08:5c:0c:b3:20:85:1c:ea:95:5f:8e:28:fb:04:
         63:bb:60:8f:c2:3e:3d:ef:38:2c:53:29:4c:73:2f:bc:cb:3a:
         4f:ec:57:3e:48:9a:26:5e:fd:53:43:3b:2d:54:f2:7f:93:8d:
         a4:19:86:f5:91:d5:d1:66:3b:dc:fb:70:da:a5:74:e6:f4:15:
         b2:2d:0e:2b
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZQhshbLsUg+UVHM5USgVcXFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNmZTBkZjgyMTIxNDM4MjcxYzkxM2MyNGZmNTBmZDNiNjJk
NDBkYzYwHhcNMjUwMTAxMTE0ODI2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NjBkN2Q3Y2YwY2Y3NjU2YThmZWU5YzViYzI1NTgwYmQ0NmZhY2Q5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzQlUeo19+6tQWSUVp3q6yDIx5wZf
nSqds4X9Oq+5VSHt6j0GrHkcfYkOJVx6Fev/f11bfrTD0D0yf3nxDqjYgVOVxszk
sX9LEvuaLgO2XNsKN849s2c3VCy8o0E+A53ilx9mV+aVg8uEEIlcFexwe1aNHP8K
vUA44ZIWvg45dXIoX9dVciZ4FnHsTF+G/v8Ed/gz5G1btQGgG2eDLAv7BdPuym5x
KDmqH3YnH+LEENpR7kVY6kIU4GE0FQwhnOdtq1ZwdF5wEAj0KZGbag8W5dRXoW2+
JZnwNIkJCVx1ipp+oxT/trtDCSOnfD+O4ZKjhl2qg1ovWyVCoDAldI3LSwIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFHYNfXzwz3ZWqP7pxbwlWAvUb6zZMB8GA1UdIwQY
MBaAFM/g34ISFDgnHJE8JP9Q/Tti1A3GMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvei1EZmdoSVVPQ2Nja1R3a18xRDlPMkxVRGNZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Mi8yNjMzMWMtMzRhMS00YmM1LWI3NWMt
ZjJjNzkyMmZhZjMyLzEvZGcxOWZQRFBkbGFvX3VuRnZDVllDOVJ2ck5rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Mi8yNjMzMWMtMzRhMS00YmM1LWI3NWMtZjJjNzkyMmZhZjMy
LzEvei1EZmdoSVVPQ2Nja1R3a18xRDlPMkxVRGNZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBACrFvUD
BAOrFvAwDQYJKoZIhvcNAQELBQADggEBAKDZ6Lz6hZfYjKYuAp/MuOI4cEdaByLZ
otPbaDlsuyo6lepBZ2hF5d0SmSf193EBkYv8SYVs1Iv6F9AMdi6pW4vOnH1dBdyn
AFY9Zdcr6KMpFIQ0wuaktoeCnO1p+beE4zs0EJMamu1itNOU8RaPIX1xWpafWs2i
GBsFRutfjxV+b9/me2wzYskELfoQF3o4BMf9gFClq5DTx/nlq3Dqo3zMdAJfdGxw
C1fjwGpEt9BuFVT1dAg8MA4IXAyzIIUc6pVfjij7BGO7YI/CPj3vOCxTKUxzL7zL
Ok/sVz5ImiZe/VNDOy1U8n+TjaQZhvWR1dFmO9z7cNqldOb0FbItDis=
-----END CERTIFICATE-----