Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7b/d70262-f87c-4126-af85-a31853e6997a/1/s_AzbY_4r2Y_-4vfgCGonUFbZoY.roa
File:                     s_AzbY_4r2Y_-4vfgCGonUFbZoY.roa (raw, json)
Hash identifier:          HgaSiRleH54HgG93gpFtFR8yZx0H4YCH5wCdvkPpECU=
Subject key identifier:   B3:F0:33:6D:8F:F8:AF:66:3F:FB:8B:DF:80:21:A8:9D:41:5B:66:86
Certificate issuer:       /CN=23aee94d0fff6c6c752a6942ffa962ae37c7e6b6
Certificate serial:       01942747AA5023F1097A72C539FDECABC095
Authority key identifier: 23:AE:E9:4D:0F:FF:6C:6C:75:2A:69:42:FF:A9:62:AE:37:C7:E6:B6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/I67pTQ__bGx1KmlC_6lirjfH5rY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7b/d70262-f87c-4126-af85-a31853e6997a/1/s_AzbY_4r2Y_-4vfgCGonUFbZoY.roa
Signing time:             Thu 02 Jan 2025 13:49:55 +0000
ROA not before:           Thu 02 Jan 2025 13:49:55 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     31037
IP address blocks:        185.101.16.0/22 maxlen: 22
                          185.101.16.0/24 maxlen: 24
                          185.101.17.0/24 maxlen: 24
                          185.101.18.0/24 maxlen: 24
                          185.101.19.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7b/d70262-f87c-4126-af85-a31853e6997a/1/I67pTQ__bGx1KmlC_6lirjfH5rY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7b/d70262-f87c-4126-af85-a31853e6997a/1/I67pTQ__bGx1KmlC_6lirjfH5rY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/I67pTQ__bGx1KmlC_6lirjfH5rY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 23 Apr 2025 04:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:47:aa:50:23:f1:09:7a:72:c5:39:fd:ec:ab:c0:95
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=23aee94d0fff6c6c752a6942ffa962ae37c7e6b6
        Validity
            Not Before: Jan  2 13:49:55 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b3f0336d8ff8af663ffb8bdf8021a89d415b6686
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:9e:ae:a4:a3:48:8b:72:f2:78:00:c8:09:9c:
                    46:9b:7d:76:85:ba:36:51:67:59:69:c2:d5:ee:5f:
                    12:55:cf:57:7a:e7:b3:ea:c8:5d:06:46:3b:dc:93:
                    83:3b:19:c5:9d:83:58:80:1d:95:c0:e9:b1:0d:11:
                    66:b4:47:4b:ac:77:76:1a:a6:34:80:2c:16:a2:37:
                    55:6d:f6:57:f5:0d:74:31:e1:70:b4:7a:c1:1d:32:
                    a1:40:68:bc:29:3c:34:ab:fd:ae:85:49:6b:e6:36:
                    10:14:6e:b4:aa:09:a2:a1:5f:d0:e6:ef:ab:b8:fe:
                    0e:c3:1d:10:72:5d:c6:b7:69:fd:ee:af:01:1b:07:
                    cd:dc:79:6e:25:48:10:f4:9e:12:60:e9:04:cd:b1:
                    6d:38:eb:c9:e1:40:04:25:4b:b7:c7:56:37:5a:c9:
                    8b:03:8f:08:41:fd:3f:64:7b:72:5a:b9:ae:c5:e1:
                    38:d7:30:9a:8a:31:dd:95:af:7d:76:85:ce:00:fb:
                    35:f0:98:7a:4d:6d:6a:98:1b:11:de:78:7f:55:98:
                    ba:65:1a:53:9a:50:df:4e:a5:be:8d:61:0f:6c:0a:
                    f3:6f:8d:f7:84:af:f7:4b:fe:42:03:ce:f4:a1:c1:
                    e8:ec:cc:ca:f3:13:e8:1c:3f:ac:18:9f:e6:59:3e:
                    30:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B3:F0:33:6D:8F:F8:AF:66:3F:FB:8B:DF:80:21:A8:9D:41:5B:66:86
            X509v3 Authority Key Identifier:
                keyid:23:AE:E9:4D:0F:FF:6C:6C:75:2A:69:42:FF:A9:62:AE:37:C7:E6:B6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/I67pTQ__bGx1KmlC_6lirjfH5rY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/d70262-f87c-4126-af85-a31853e6997a/1/s_AzbY_4r2Y_-4vfgCGonUFbZoY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/d70262-f87c-4126-af85-a31853e6997a/1/I67pTQ__bGx1KmlC_6lirjfH5rY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.101.16.0/22

    Signature Algorithm: sha256WithRSAEncryption
         48:5a:4f:ae:4d:17:05:a0:e5:af:c5:a7:3a:ca:ac:6f:00:a8:
         91:3b:62:e9:99:ec:1a:a0:3d:85:64:6f:a2:42:08:88:ea:10:
         0b:7e:e9:84:38:70:dd:0f:cb:cf:ed:b1:bb:97:fc:c6:15:9f:
         c5:56:d9:a8:b7:3d:d5:49:94:60:4d:f9:9a:34:ff:47:fb:a6:
         80:b3:25:24:3c:60:c4:b4:2d:1f:64:4a:d8:21:01:fe:78:9c:
         f3:7b:61:ef:8a:ab:15:bf:1c:7d:4d:95:ed:5c:4b:26:3b:ce:
         b8:6d:d5:40:cb:54:14:ce:2f:c0:d9:fc:93:95:2f:a8:d0:c0:
         22:5d:72:c7:73:21:d4:c6:ea:5d:2d:fd:16:ee:16:4a:0c:20:
         9f:88:54:37:a8:40:ae:bf:36:25:4a:86:45:4d:7e:b7:09:7f:
         79:19:ef:9e:66:a4:92:25:39:58:d3:8f:65:92:82:50:7d:e4:
         32:e0:cf:89:98:3f:41:c1:05:09:68:27:06:ee:ec:3b:63:48:
         7e:f5:d3:ec:39:d7:1d:ad:48:87:b5:30:ed:83:34:65:0f:17:
         ab:12:19:ce:7f:c3:2a:46:4e:7c:38:0b:e5:d3:63:c0:79:63:
         5a:fa:e4:26:d6:8d:e7:55:b8:af:f2:4f:e7:33:c9:0f:bb:53:
         9b:f5:54:85
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQnR6pQI/EJenLFOf3sq8CVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIzYWVlOTRkMGZmZjZjNmM3NTJhNjk0MmZmYTk2MmFlMzdj
N2U2YjYwHhcNMjUwMTAyMTM0OTU1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiM2YwMzM2ZDhmZjhhZjY2M2ZmYjhiZGY4MDIxYTg5ZDQxNWI2Njg2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu56upKNIi3LyeADICZxGm312hbo2
UWdZacLV7l8SVc9Xeuez6shdBkY73JODOxnFnYNYgB2VwOmxDRFmtEdLrHd2GqY0
gCwWojdVbfZX9Q10MeFwtHrBHTKhQGi8KTw0q/2uhUlr5jYQFG60qgmioV/Q5u+r
uP4Owx0Qcl3Gt2n97q8BGwfN3HluJUgQ9J4SYOkEzbFtOOvJ4UAEJUu3x1Y3WsmL
A48IQf0/ZHtyWrmuxeE41zCaijHdla99doXOAPs18Jh6TW1qmBsR3nh/VZi6ZRpT
mlDfTqW+jWEPbArzb433hK/3S/5CA870ocHo7MzK8xPoHD+sGJ/mWT4wMwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLPwM22P+K9mP/uL34AhqJ1BW2aGMB8GA1UdIwQY
MBaAFCOu6U0P/2xsdSppQv+pYq43x+a2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSTY3cFRRX19iR3gxS21sQ182bGlyamZINXJZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Yi9kNzAyNjItZjg3Yy00MTI2LWFmODUt
YTMxODUzZTY5OTdhLzEvc19BemJZXzRyMllfLTR2ZmdDR29uVUZiWm9ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Yi9kNzAyNjItZjg3Yy00MTI2LWFmODUtYTMxODUzZTY5OTdh
LzEvSTY3cFRRX19iR3gxS21sQ182bGlyamZINXJZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuWUQMA0G
CSqGSIb3DQEBCwUAA4IBAQBIWk+uTRcFoOWvxac6yqxvAKiRO2LpmewaoD2FZG+i
QgiI6hALfumEOHDdD8vP7bG7l/zGFZ/FVtmotz3VSZRgTfmaNP9H+6aAsyUkPGDE
tC0fZErYIQH+eJzze2HviqsVvxx9TZXtXEsmO864bdVAy1QUzi/A2fyTlS+o0MAi
XXLHcyHUxupdLf0W7hZKDCCfiFQ3qECuvzYlSoZFTX63CX95Ge+eZqSSJTlY049l
koJQfeQy4M+JmD9BwQUJaCcG7uw7Y0h+9dPsOdcdrUiHtTDtgzRlDxerEhnOf8Mq
Rk58OAvl02PAeWNa+uQm1o3nVbiv8k/nM8kPu1Ob9VSF
-----END CERTIFICATE-----