Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7e/294fa1-e938-4cd2-9a89-29062e870b64/1/d-g1g1WIQH2eW5zQOoLECyf2CbU.roa
File:                     d-g1g1WIQH2eW5zQOoLECyf2CbU.roa (raw, json)
Hash identifier:          4hlHKC2roVEpNMRQA5ne6l615543DSp4qxsP/od40+A=
Subject key identifier:   77:E8:35:83:55:88:40:7D:9E:5B:9C:D0:3A:82:C4:0B:27:F6:09:B5
Certificate issuer:       /CN=f22bed3f37cd72826511c574560deb55542550e4
Certificate serial:       01942369AE76181EF2F74140F4CAF197BE0B
Authority key identifier: F2:2B:ED:3F:37:CD:72:82:65:11:C5:74:56:0D:EB:55:54:25:50:E4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8ivtPzfNcoJlEcV0Vg3rVVQlUOQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7e/294fa1-e938-4cd2-9a89-29062e870b64/1/d-g1g1WIQH2eW5zQOoLECyf2CbU.roa
Signing time:             Wed 01 Jan 2025 19:48:35 +0000
ROA not before:           Wed 01 Jan 2025 19:48:35 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     29396
IP address blocks:        46.22.176.0/23 maxlen: 24
                          195.189.20.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7e/294fa1-e938-4cd2-9a89-29062e870b64/1/8ivtPzfNcoJlEcV0Vg3rVVQlUOQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7e/294fa1-e938-4cd2-9a89-29062e870b64/1/8ivtPzfNcoJlEcV0Vg3rVVQlUOQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8ivtPzfNcoJlEcV0Vg3rVVQlUOQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 22:00:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:69:ae:76:18:1e:f2:f7:41:40:f4:ca:f1:97:be:0b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f22bed3f37cd72826511c574560deb55542550e4
        Validity
            Not Before: Jan  1 19:48:35 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=77e835835588407d9e5b9cd03a82c40b27f609b5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:1b:43:15:13:4c:7f:d3:ff:a3:3b:8f:c2:31:
                    10:d7:67:30:6d:f9:4a:cc:8a:21:f3:93:8d:04:05:
                    91:47:14:3d:ad:87:38:48:5b:23:2b:45:be:d2:5d:
                    22:1d:ff:4a:93:00:35:06:b0:67:9e:94:e6:0d:ca:
                    a2:c9:bc:48:1b:d4:9c:6c:1b:cb:81:f3:8a:bd:c1:
                    7e:07:5b:93:f0:94:34:2a:82:79:c5:56:b3:9a:08:
                    d3:24:cc:05:bf:51:03:77:cd:ca:a4:2a:bf:f8:88:
                    b2:50:b5:ed:08:6b:b1:48:3f:5e:2a:70:3c:d2:c4:
                    71:17:ab:15:cb:43:2c:81:70:15:80:5f:9d:77:c3:
                    09:67:e2:f8:9a:c8:eb:f4:0e:4c:d0:eb:b3:10:1a:
                    7c:0c:68:3c:5a:02:9e:ca:4d:9e:29:a2:fd:6f:0f:
                    b7:92:0a:97:76:ae:f4:bc:79:e3:ad:22:57:ff:2e:
                    f0:30:08:5e:8d:0f:3d:eb:90:0d:79:eb:f5:e2:98:
                    be:23:40:09:73:71:fe:69:74:b8:97:63:ea:e0:6c:
                    17:bb:db:32:40:70:13:31:bd:99:be:7e:17:c4:cb:
                    77:e9:b6:ba:54:6d:ac:03:0c:a1:c4:ef:ab:05:00:
                    e0:14:04:4d:67:5f:0c:0f:db:c0:f1:10:6a:b8:07:
                    5b:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                77:E8:35:83:55:88:40:7D:9E:5B:9C:D0:3A:82:C4:0B:27:F6:09:B5
            X509v3 Authority Key Identifier:
                keyid:F2:2B:ED:3F:37:CD:72:82:65:11:C5:74:56:0D:EB:55:54:25:50:E4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8ivtPzfNcoJlEcV0Vg3rVVQlUOQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7e/294fa1-e938-4cd2-9a89-29062e870b64/1/d-g1g1WIQH2eW5zQOoLECyf2CbU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7e/294fa1-e938-4cd2-9a89-29062e870b64/1/8ivtPzfNcoJlEcV0Vg3rVVQlUOQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.22.176.0/23
                  195.189.20.0/22

    Signature Algorithm: sha256WithRSAEncryption
         95:69:21:60:a5:2c:cf:62:40:6f:6c:11:6c:af:7f:7e:1d:08:
         5e:dc:ba:8d:9f:09:89:72:9a:25:bf:45:60:d2:58:2e:7f:da:
         cd:05:43:20:bd:4f:9a:cc:49:9b:e9:68:e1:d6:e8:cb:26:a8:
         d9:07:70:48:21:5c:28:59:70:44:14:d2:7d:dd:30:7f:8a:49:
         b9:72:0f:91:ed:d8:ce:6d:d6:b6:ff:70:7e:4b:26:b1:45:43:
         09:69:05:c6:88:3c:3e:65:02:23:31:6a:22:64:d8:b4:1d:d8:
         16:8f:ec:32:89:62:43:b3:bb:f0:b3:41:f7:0a:1d:a8:25:57:
         e4:d9:1c:5c:31:87:91:68:27:d5:b6:fd:27:18:80:c5:5a:1b:
         ae:f4:9d:f5:b5:a1:2f:20:ee:6a:85:05:d8:24:e4:26:c9:59:
         53:28:2f:1e:cf:08:61:9b:b4:ec:2f:7c:cd:42:25:b3:25:7f:
         87:3b:87:4c:b6:ee:db:01:a7:e4:79:56:59:28:50:f6:f0:17:
         41:b8:1d:99:16:7d:df:cc:a1:d9:54:b4:a6:fa:99:ff:27:6f:
         8e:12:a2:29:71:4d:1a:2f:15:c1:9b:f5:6c:f8:2f:93:f1:ae:
         c1:80:ca:da:03:bb:c4:5c:ae:4a:f8:dc:34:a5:cd:45:be:6d:
         ca:62:40:8a
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQjaa52GB7y90FA9Mrxl74LMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYyMmJlZDNmMzdjZDcyODI2NTExYzU3NDU2MGRlYjU1NTQy
NTUwZTQwHhcNMjUwMTAxMTk0ODM1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3N2U4MzU4MzU1ODg0MDdkOWU1YjljZDAzYTgyYzQwYjI3ZjYwOWI1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApxtDFRNMf9P/ozuPwjEQ12cwbflK
zIoh85ONBAWRRxQ9rYc4SFsjK0W+0l0iHf9KkwA1BrBnnpTmDcqiybxIG9ScbBvL
gfOKvcF+B1uT8JQ0KoJ5xVazmgjTJMwFv1EDd83KpCq/+IiyULXtCGuxSD9eKnA8
0sRxF6sVy0MsgXAVgF+dd8MJZ+L4msjr9A5M0OuzEBp8DGg8WgKeyk2eKaL9bw+3
kgqXdq70vHnjrSJX/y7wMAhejQ8965ANeev14pi+I0AJc3H+aXS4l2Pq4GwXu9sy
QHATMb2Zvn4XxMt36ba6VG2sAwyhxO+rBQDgFARNZ18MD9vA8RBquAdbtQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFHfoNYNViEB9nluc0DqCxAsn9gm1MB8GA1UdIwQY
MBaAFPIr7T83zXKCZRHFdFYN61VUJVDkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOGl2dFB6Zk5jb0psRWNWMFZnM3JWVlFsVU9RLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83ZS8yOTRmYTEtZTkzOC00Y2QyLTlhODkt
MjkwNjJlODcwYjY0LzEvZC1nMWcxV0lRSDJlVzV6UU9vTEVDeWYyQ2JVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83ZS8yOTRmYTEtZTkzOC00Y2QyLTlhODktMjkwNjJlODcwYjY0
LzEvOGl2dFB6Zk5jb0psRWNWMFZnM3JWVlFsVU9RLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBLhawAwQC
w70UMA0GCSqGSIb3DQEBCwUAA4IBAQCVaSFgpSzPYkBvbBFsr39+HQhe3LqNnwmJ
cpolv0Vg0lguf9rNBUMgvU+azEmb6Wjh1ujLJqjZB3BIIVwoWXBEFNJ93TB/ikm5
cg+R7djObda2/3B+SyaxRUMJaQXGiDw+ZQIjMWoiZNi0HdgWj+wyiWJDs7vws0H3
Ch2oJVfk2RxcMYeRaCfVtv0nGIDFWhuu9J31taEvIO5qhQXYJOQmyVlTKC8ezwhh
m7TsL3zNQiWzJX+HO4dMtu7bAafkeVZZKFD28BdBuB2ZFn3fzKHZVLSm+pn/J2+O
EqIpcU0aLxXBm/Vs+C+T8a7BgMraA7vEXK5K+Nw0pc1Fvm3KYkCK
-----END CERTIFICATE-----