Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/85/5719cc-e83e-433d-80d5-ff26a9883314/1/kXpu7lVaQ9ZKyQqNGsFeLghZlmk.roa
File:                     kXpu7lVaQ9ZKyQqNGsFeLghZlmk.roa (raw, json)
Hash identifier:          5AG9No2Gmu6sX+Z3CUtVryFAua3rZfXlsvQoqxyaRko=
Subject key identifier:   91:7A:6E:EE:55:5A:43:D6:4A:C9:0A:8D:1A:C1:5E:2E:08:59:96:69
Certificate issuer:       /CN=cd3cd7c4dc95cb3e0d4e8703ef01404fe0a70780
Certificate serial:       01942143FCC31C09E4AAAE2019E688BBBCA4
Authority key identifier: CD:3C:D7:C4:DC:95:CB:3E:0D:4E:87:03:EF:01:40:4F:E0:A7:07:80
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zTzXxNyVyz4NTocD7wFAT-CnB4A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/85/5719cc-e83e-433d-80d5-ff26a9883314/1/kXpu7lVaQ9ZKyQqNGsFeLghZlmk.roa
Signing time:             Wed 01 Jan 2025 09:48:11 +0000
ROA not before:           Wed 01 Jan 2025 09:48:11 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     49223
IP address blocks:        185.146.120.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/85/5719cc-e83e-433d-80d5-ff26a9883314/1/zTzXxNyVyz4NTocD7wFAT-CnB4A.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/85/5719cc-e83e-433d-80d5-ff26a9883314/1/zTzXxNyVyz4NTocD7wFAT-CnB4A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zTzXxNyVyz4NTocD7wFAT-CnB4A.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 14:28:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:43:fc:c3:1c:09:e4:aa:ae:20:19:e6:88:bb:bc:a4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cd3cd7c4dc95cb3e0d4e8703ef01404fe0a70780
        Validity
            Not Before: Jan  1 09:48:11 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=917a6eee555a43d64ac90a8d1ac15e2e08599669
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:a7:03:43:9c:22:19:37:c9:4a:b8:25:73:3f:
                    9a:53:1b:6d:6e:ec:d9:e4:86:0d:5b:ae:bc:93:fb:
                    35:53:89:35:a5:1d:fa:51:2a:6e:96:5f:aa:fb:17:
                    2d:ca:96:6c:31:00:a7:62:63:26:93:67:85:e8:4f:
                    4b:c5:ed:b9:0d:68:45:2e:df:84:b2:a5:25:a2:34:
                    c2:53:ba:f6:04:c6:10:2c:14:47:e3:4d:5b:20:94:
                    dc:1b:de:db:33:3b:21:47:7c:c6:6e:13:7c:00:70:
                    1c:c5:27:a7:75:b2:fa:5a:ba:f3:5f:56:fb:14:d9:
                    39:66:da:c9:02:e6:73:70:ff:f1:41:7d:98:fa:c0:
                    e8:33:4d:68:54:10:fe:97:89:19:96:96:bf:e7:d1:
                    e9:1d:f4:58:aa:78:a1:e7:23:79:49:21:c6:02:6c:
                    95:d2:2a:b1:a2:2a:3d:a7:ef:c1:3a:be:76:cd:91:
                    0d:cf:9e:5d:8c:d5:9d:39:26:44:1d:3d:54:f0:0c:
                    1e:d3:70:42:59:3b:61:54:f5:41:ce:86:20:64:ed:
                    cc:6c:5f:7d:42:32:90:ac:6a:a0:51:b5:6e:a3:33:
                    23:8f:fa:47:fe:85:8f:e3:5e:0e:d7:cd:04:7e:d5:
                    a1:a3:85:55:5c:5d:22:fa:67:18:f7:4e:76:ef:33:
                    8f:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                91:7A:6E:EE:55:5A:43:D6:4A:C9:0A:8D:1A:C1:5E:2E:08:59:96:69
            X509v3 Authority Key Identifier:
                keyid:CD:3C:D7:C4:DC:95:CB:3E:0D:4E:87:03:EF:01:40:4F:E0:A7:07:80

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zTzXxNyVyz4NTocD7wFAT-CnB4A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/85/5719cc-e83e-433d-80d5-ff26a9883314/1/kXpu7lVaQ9ZKyQqNGsFeLghZlmk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/85/5719cc-e83e-433d-80d5-ff26a9883314/1/zTzXxNyVyz4NTocD7wFAT-CnB4A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.146.120.0/22

    Signature Algorithm: sha256WithRSAEncryption
         bc:ca:d9:ac:d4:a0:ba:dc:91:6b:c0:87:1c:02:f7:3b:01:db:
         1d:86:47:69:37:25:81:cd:85:68:54:12:73:a6:2f:6e:b7:30:
         6a:4f:1b:24:bc:60:a5:08:97:4a:ed:84:73:60:ca:6e:9d:3b:
         9a:1f:e8:ae:bc:73:00:16:37:7e:e5:c5:05:2d:21:a3:6b:24:
         3f:b0:6c:d5:e3:7e:4a:17:1f:5f:59:bf:b3:cb:21:bb:3b:a5:
         0f:f4:7f:b2:f3:56:97:2d:58:85:64:db:be:8e:04:8c:2c:0c:
         33:5a:c4:56:52:c5:96:f3:5e:37:55:40:51:ce:7b:23:b6:cb:
         25:a1:22:eb:b4:e7:0f:00:69:2a:ea:6a:0e:93:7e:d6:c5:e4:
         df:e4:4d:f9:ed:33:05:89:5a:73:0c:d5:00:8f:b3:45:83:7c:
         4e:11:ba:2e:72:49:5d:b8:3c:ab:d8:fd:37:30:24:35:a4:d6:
         c9:db:6a:cc:c4:a9:73:00:27:6c:40:fa:a9:fa:72:37:6b:ce:
         7e:3c:7c:81:4a:96:a7:ab:83:a0:6e:d5:60:b3:4f:5c:b8:8d:
         3c:87:f5:d5:38:4e:2c:0b:27:6a:9b:0c:38:d5:ae:d9:8f:85:
         36:20:35:55:f3:a2:82:f2:d6:61:01:c5:76:bf:59:02:e6:be:
         cf:3a:e3:34
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhQ/zDHAnkqq4gGeaIu7ykMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkM2NkN2M0ZGM5NWNiM2UwZDRlODcwM2VmMDE0MDRmZTBh
NzA3ODAwHhcNMjUwMTAxMDk0ODExWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MTdhNmVlZTU1NWE0M2Q2NGFjOTBhOGQxYWMxNWUyZTA4NTk5NjY5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp6cDQ5wiGTfJSrglcz+aUxttbuzZ
5IYNW668k/s1U4k1pR36USpull+q+xctypZsMQCnYmMmk2eF6E9Lxe25DWhFLt+E
sqUlojTCU7r2BMYQLBRH401bIJTcG97bMzshR3zGbhN8AHAcxSendbL6WrrzX1b7
FNk5ZtrJAuZzcP/xQX2Y+sDoM01oVBD+l4kZlpa/59HpHfRYqnih5yN5SSHGAmyV
0iqxoio9p+/BOr52zZENz55djNWdOSZEHT1U8Awe03BCWTthVPVBzoYgZO3MbF99
QjKQrGqgUbVuozMjj/pH/oWP414O180EftWho4VVXF0i+mcY90527zOPMQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJF6bu5VWkPWSskKjRrBXi4IWZZpMB8GA1UdIwQY
MBaAFM0818Tclcs+DU6HA+8BQE/gpweAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvelR6WHhOeVZ5ejROVG9jRDd3RkFULUNuQjRBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84NS81NzE5Y2MtZTgzZS00MzNkLTgwZDUt
ZmYyNmE5ODgzMzE0LzEva1hwdTdsVmFROVpLeVFxTkdzRmVMZ2habG1rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84NS81NzE5Y2MtZTgzZS00MzNkLTgwZDUtZmYyNmE5ODgzMzE0
LzEvelR6WHhOeVZ5ejROVG9jRDd3RkFULUNuQjRBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuZJ4MA0G
CSqGSIb3DQEBCwUAA4IBAQC8ytms1KC63JFrwIccAvc7AdsdhkdpNyWBzYVoVBJz
pi9utzBqTxskvGClCJdK7YRzYMpunTuaH+iuvHMAFjd+5cUFLSGjayQ/sGzV435K
Fx9fWb+zyyG7O6UP9H+y81aXLViFZNu+jgSMLAwzWsRWUsWW8143VUBRznsjtssl
oSLrtOcPAGkq6moOk37WxeTf5E357TMFiVpzDNUAj7NFg3xOEboucklduDyr2P03
MCQ1pNbJ22rMxKlzACdsQPqp+nI3a85+PHyBSpanq4OgbtVgs09cuI08h/XVOE4s
Cydqmww41a7Zj4U2IDVV86KC8tZhAcV2v1kC5r7POuM0
-----END CERTIFICATE-----