Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7e/7474e1-4d65-43b4-8bb1-feef105f0a77/1/Alm1D_jWQV3HZ_xMIEfApNUj0bw.roa
File:                     Alm1D_jWQV3HZ_xMIEfApNUj0bw.roa (raw, json)
Hash identifier:          roFDOJ4zN70FlLWN8DtAuHmCiQQVdXLTUDn3OTUhXvI=
Subject key identifier:   02:59:B5:0F:F8:D6:41:5D:C7:67:FC:4C:20:47:C0:A4:D5:23:D1:BC
Certificate issuer:       /CN=ee3be768d28668f490afb74e9aefe41e03495d7a
Certificate serial:       01941F8C12D7BC2553FF3D3535056CDB5A42
Authority key identifier: EE:3B:E7:68:D2:86:68:F4:90:AF:B7:4E:9A:EF:E4:1E:03:49:5D:7A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7jvnaNKGaPSQr7dOmu_kHgNJXXo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7e/7474e1-4d65-43b4-8bb1-feef105f0a77/1/Alm1D_jWQV3HZ_xMIEfApNUj0bw.roa
Signing time:             Wed 01 Jan 2025 01:47:41 +0000
ROA not before:           Wed 01 Jan 2025 01:47:41 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     25540
IP address blocks:        185.19.224.0/22 maxlen: 24
                          185.243.16.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7e/7474e1-4d65-43b4-8bb1-feef105f0a77/1/7jvnaNKGaPSQr7dOmu_kHgNJXXo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7e/7474e1-4d65-43b4-8bb1-feef105f0a77/1/7jvnaNKGaPSQr7dOmu_kHgNJXXo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7jvnaNKGaPSQr7dOmu_kHgNJXXo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 22:01:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:8c:12:d7:bc:25:53:ff:3d:35:35:05:6c:db:5a:42
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ee3be768d28668f490afb74e9aefe41e03495d7a
        Validity
            Not Before: Jan  1 01:47:41 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0259b50ff8d6415dc767fc4c2047c0a4d523d1bc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:04:81:e0:70:c6:81:14:27:c7:1c:12:78:6e:
                    41:a4:95:18:58:28:7a:3b:85:c9:c2:5f:f7:fa:49:
                    f6:67:44:8d:af:29:2b:2d:1c:75:4f:f3:ab:d2:84:
                    5e:6b:21:a9:52:ed:35:78:04:05:d7:ae:a4:68:53:
                    5d:6b:ba:58:1b:69:fc:70:d7:31:09:11:5f:94:7f:
                    98:b8:b7:60:64:17:c0:3f:0a:c6:12:e8:93:65:b4:
                    1c:e8:7c:52:f3:55:a4:c0:92:b8:51:b1:e9:2a:01:
                    1b:40:be:4d:5b:9c:66:48:50:3c:aa:a2:d9:1b:ac:
                    88:60:d4:31:9f:bd:d7:fe:9c:bc:46:d4:8c:27:de:
                    ba:a4:c4:15:3d:43:dc:79:4f:2b:dc:63:71:b8:9d:
                    83:2c:e0:2d:e4:fd:c3:60:92:c2:6d:b4:d2:79:51:
                    6f:d7:a4:a8:f3:7c:9d:3a:57:fa:65:93:1a:17:3b:
                    c6:51:0d:a9:ef:be:ec:b3:ea:b4:f3:ff:d4:c9:ab:
                    c9:1c:85:a3:46:ba:0d:06:7f:59:3a:da:df:61:66:
                    51:30:01:a6:07:45:26:e0:7a:d0:0f:a0:8a:4c:9b:
                    1b:97:60:5e:fd:c4:48:6b:8a:b9:8f:c6:e7:73:fe:
                    85:70:ef:6b:ed:02:72:2d:58:fc:80:81:b1:6c:46:
                    e1:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                02:59:B5:0F:F8:D6:41:5D:C7:67:FC:4C:20:47:C0:A4:D5:23:D1:BC
            X509v3 Authority Key Identifier:
                keyid:EE:3B:E7:68:D2:86:68:F4:90:AF:B7:4E:9A:EF:E4:1E:03:49:5D:7A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7jvnaNKGaPSQr7dOmu_kHgNJXXo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7e/7474e1-4d65-43b4-8bb1-feef105f0a77/1/Alm1D_jWQV3HZ_xMIEfApNUj0bw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7e/7474e1-4d65-43b4-8bb1-feef105f0a77/1/7jvnaNKGaPSQr7dOmu_kHgNJXXo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.19.224.0/22
                  185.243.16.0/22

    Signature Algorithm: sha256WithRSAEncryption
         65:1d:27:89:da:ea:55:65:93:bd:fc:08:d9:81:26:b0:33:1a:
         94:83:6c:80:89:9d:cb:76:eb:10:2d:b1:0b:bd:c2:c1:26:f6:
         0e:33:98:c9:b7:55:2f:1e:b1:9f:a1:3e:b0:48:1e:0d:88:82:
         38:71:9c:a2:39:74:d8:8d:aa:e6:68:45:e7:16:c1:0b:1b:87:
         3d:fb:77:66:4d:95:83:32:f9:8c:00:8f:48:49:46:ed:0d:b8:
         5e:ca:fe:09:62:ed:eb:ec:0d:4a:33:b3:05:77:5b:dd:ec:c1:
         1d:56:18:b2:fb:39:ce:29:d5:27:44:d5:b3:fe:cb:9b:06:e1:
         a8:ea:62:75:84:80:7b:d4:eb:08:29:21:b2:02:ec:f9:dc:a5:
         0d:95:01:0b:8f:e6:d7:68:c7:bb:d2:3a:be:9d:8a:db:32:b0:
         80:6b:54:13:1b:54:87:8c:65:7a:7e:34:47:09:2e:f3:b3:29:
         e2:4c:e5:5f:de:b3:fe:39:a5:f6:ef:34:fd:6f:bb:0f:fa:9c:
         89:c5:14:b9:08:81:62:63:48:f1:f0:85:c2:20:89:e0:bf:a3:
         99:58:a0:c6:55:f7:c2:26:6c:28:12:ca:27:ae:bf:c3:df:d5:
         e9:b2:30:24:9d:94:86:e2:fe:91:84:6e:4c:b6:13:c8:9e:4f:
         53:80:c3:83
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQfjBLXvCVT/z01NQVs21pCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVlM2JlNzY4ZDI4NjY4ZjQ5MGFmYjc0ZTlhZWZlNDFlMDM0
OTVkN2EwHhcNMjUwMTAxMDE0NzQxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMjU5YjUwZmY4ZDY0MTVkYzc2N2ZjNGMyMDQ3YzBhNGQ1MjNkMWJjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwgSB4HDGgRQnxxwSeG5BpJUYWCh6
O4XJwl/3+kn2Z0SNrykrLRx1T/Or0oReayGpUu01eAQF166kaFNda7pYG2n8cNcx
CRFflH+YuLdgZBfAPwrGEuiTZbQc6HxS81WkwJK4UbHpKgEbQL5NW5xmSFA8qqLZ
G6yIYNQxn73X/py8RtSMJ966pMQVPUPceU8r3GNxuJ2DLOAt5P3DYJLCbbTSeVFv
16So83ydOlf6ZZMaFzvGUQ2p777ss+q08//UyavJHIWjRroNBn9ZOtrfYWZRMAGm
B0Um4HrQD6CKTJsbl2Be/cRIa4q5j8bnc/6FcO9r7QJyLVj8gIGxbEbhywIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFAJZtQ/41kFdx2f8TCBHwKTVI9G8MB8GA1UdIwQY
MBaAFO4752jShmj0kK+3Tprv5B4DSV16MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN2p2bmFOS0dhUFNRcjdkT211X2tIZ05KWFhvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83ZS83NDc0ZTEtNGQ2NS00M2I0LThiYjEt
ZmVlZjEwNWYwYTc3LzEvQWxtMURfaldRVjNIWl94TUlFZkFwTlVqMGJ3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83ZS83NDc0ZTEtNGQ2NS00M2I0LThiYjEtZmVlZjEwNWYwYTc3
LzEvN2p2bmFOS0dhUFNRcjdkT211X2tIZ05KWFhvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCuRPgAwQC
ufMQMA0GCSqGSIb3DQEBCwUAA4IBAQBlHSeJ2upVZZO9/AjZgSawMxqUg2yAiZ3L
dusQLbELvcLBJvYOM5jJt1UvHrGfoT6wSB4NiII4cZyiOXTYjarmaEXnFsELG4c9
+3dmTZWDMvmMAI9ISUbtDbheyv4JYu3r7A1KM7MFd1vd7MEdVhiy+znOKdUnRNWz
/subBuGo6mJ1hIB71OsIKSGyAuz53KUNlQELj+bXaMe70jq+nYrbMrCAa1QTG1SH
jGV6fjRHCS7zsyniTOVf3rP+OaX27zT9b7sP+pyJxRS5CIFiY0jx8IXCIIngv6OZ
WKDGVffCJmwoEsonrr/D39XpsjAknZSG4v6RhG5MthPInk9TgMOD
-----END CERTIFICATE-----