Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/86/ebd49f-f569-4152-b0b8-5e53c23b55b0/1/52J0BX8GyMgXNdNkq4VTfUaee1I.roa
File:                     52J0BX8GyMgXNdNkq4VTfUaee1I.roa (raw, json)
Hash identifier:          LxSMbtmqO4+rlUteg1TptU78C+skPNBOYr9gFEq1vgs=
Subject key identifier:   E7:62:74:05:7F:06:C8:C8:17:35:D3:64:AB:85:53:7D:46:9E:7B:52
Certificate issuer:       /CN=ecf42776be532bd0575332855d8c42c4952ed931
Certificate serial:       019424B289FF440C0425F5A779D7CE032F53
Authority key identifier: EC:F4:27:76:BE:53:2B:D0:57:53:32:85:5D:8C:42:C4:95:2E:D9:31
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7PQndr5TK9BXUzKFXYxCxJUu2TE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/86/ebd49f-f569-4152-b0b8-5e53c23b55b0/1/52J0BX8GyMgXNdNkq4VTfUaee1I.roa
Signing time:             Thu 02 Jan 2025 01:47:48 +0000
ROA not before:           Thu 02 Jan 2025 01:47:48 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     19905
IP address blocks:        146.109.0.0/16 maxlen: 24
                          185.210.32.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/86/ebd49f-f569-4152-b0b8-5e53c23b55b0/1/7PQndr5TK9BXUzKFXYxCxJUu2TE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/86/ebd49f-f569-4152-b0b8-5e53c23b55b0/1/7PQndr5TK9BXUzKFXYxCxJUu2TE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7PQndr5TK9BXUzKFXYxCxJUu2TE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 13 Apr 2025 08:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:b2:89:ff:44:0c:04:25:f5:a7:79:d7:ce:03:2f:53
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ecf42776be532bd0575332855d8c42c4952ed931
        Validity
            Not Before: Jan  2 01:47:48 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e76274057f06c8c81735d364ab85537d469e7b52
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:d0:5c:35:25:a4:f1:45:ae:b7:de:db:d8:d8:
                    15:bf:53:44:97:6b:4d:9e:58:96:6e:50:fa:fb:89:
                    ad:03:d8:16:3f:c2:38:f2:af:49:8a:b5:01:e3:d5:
                    e0:c2:44:6b:af:4b:5a:0f:43:2e:d6:70:58:f8:3e:
                    f6:84:83:69:93:c5:09:dd:da:dd:ba:ef:d7:b1:58:
                    32:ec:17:bd:94:2e:a2:00:f7:2d:5a:bf:a3:25:7c:
                    ac:41:46:73:2c:81:66:d5:60:5c:d8:78:28:f2:ad:
                    17:23:43:9b:40:8b:8f:cd:e6:2e:27:3e:41:a8:a1:
                    2a:30:d7:01:6b:81:31:6f:58:a2:6e:33:75:ef:b3:
                    d0:b0:3f:b5:e7:03:70:d6:1e:d9:39:62:a7:23:51:
                    73:9e:52:2b:7f:f7:da:72:89:2c:f0:4a:62:c4:80:
                    fa:d9:7d:44:e0:ba:2b:75:81:e9:86:94:d4:54:4a:
                    0c:6c:20:39:42:98:ee:33:c2:58:25:d3:1b:6c:50:
                    ae:75:6a:9f:65:a5:80:4b:61:6a:c8:e1:a0:bb:f5:
                    70:f0:66:89:a7:b0:a0:dd:2b:6e:da:e8:d9:75:8c:
                    e9:36:42:ba:6d:9a:1f:3a:0b:f3:17:8c:0c:24:77:
                    27:e7:7a:29:67:5a:50:ec:1d:1f:3e:8a:b1:57:c7:
                    7a:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E7:62:74:05:7F:06:C8:C8:17:35:D3:64:AB:85:53:7D:46:9E:7B:52
            X509v3 Authority Key Identifier:
                keyid:EC:F4:27:76:BE:53:2B:D0:57:53:32:85:5D:8C:42:C4:95:2E:D9:31

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7PQndr5TK9BXUzKFXYxCxJUu2TE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/86/ebd49f-f569-4152-b0b8-5e53c23b55b0/1/52J0BX8GyMgXNdNkq4VTfUaee1I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/86/ebd49f-f569-4152-b0b8-5e53c23b55b0/1/7PQndr5TK9BXUzKFXYxCxJUu2TE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  146.109.0.0/16
                  185.210.32.0/22

    Signature Algorithm: sha256WithRSAEncryption
         73:53:b0:61:59:17:a8:12:7a:e7:99:dd:16:63:e7:d5:21:6f:
         27:01:9d:3e:bf:b4:70:29:d1:ae:18:e1:f6:51:8a:bd:98:9d:
         d0:9f:d8:c6:d0:d7:b8:e0:a7:41:31:9b:c1:0f:e5:05:2f:89:
         c7:e2:28:f8:31:f7:28:62:19:47:06:2d:04:26:2a:06:b6:b8:
         23:b6:b2:b9:d3:3a:1c:ec:2e:b1:12:e8:05:00:e3:ab:44:f1:
         20:e2:9b:03:60:5d:8a:eb:80:94:2b:03:86:95:b9:b0:08:2d:
         27:07:33:27:f2:d3:18:10:3c:b8:c2:05:ac:18:8c:00:ea:25:
         17:ce:b9:ff:46:32:25:19:60:3f:dc:34:52:ef:03:a5:25:f9:
         f9:b0:51:7d:e6:33:40:41:33:91:57:49:e4:ab:51:39:ab:be:
         4e:19:ab:e7:7a:bd:99:5b:f6:af:4d:39:ac:89:65:e6:b8:15:
         d8:cb:27:ff:f8:b0:be:08:6d:8c:7b:4a:23:19:d7:ad:31:04:
         b8:d1:93:e9:37:43:d3:5b:3f:c2:3f:a0:10:37:77:fa:a1:4f:
         57:3e:eb:c4:eb:5f:c4:84:a8:10:bd:e0:f7:5d:c3:b6:89:5c:
         3c:4c:0f:09:52:05:a6:44:e4:19:a2:16:ba:e5:5c:4b:a0:aa:
         0e:3c:73:30
-----BEGIN CERTIFICATE-----
MIIFAjCCA+qgAwIBAgISAZQkson/RAwEJfWnedfOAy9TMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVjZjQyNzc2YmU1MzJiZDA1NzUzMzI4NTVkOGM0MmM0OTUy
ZWQ5MzEwHhcNMjUwMTAyMDE0NzQ4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNzYyNzQwNTdmMDZjOGM4MTczNWQzNjRhYjg1NTM3ZDQ2OWU3YjUyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0dBcNSWk8UWut97b2NgVv1NEl2tN
nliWblD6+4mtA9gWP8I48q9JirUB49XgwkRrr0taD0Mu1nBY+D72hINpk8UJ3drd
uu/XsVgy7Be9lC6iAPctWr+jJXysQUZzLIFm1WBc2Hgo8q0XI0ObQIuPzeYuJz5B
qKEqMNcBa4Exb1iibjN177PQsD+15wNw1h7ZOWKnI1FznlIrf/facoks8EpixID6
2X1E4LordYHphpTUVEoMbCA5QpjuM8JYJdMbbFCudWqfZaWAS2FqyOGgu/Vw8GaJ
p7Cg3Stu2ujZdYzpNkK6bZofOgvzF4wMJHcn53opZ1pQ7B0fPoqxV8d6PQIDAQAB
o4ICDjCCAgowHQYDVR0OBBYEFOdidAV/BsjIFzXTZKuFU31GnntSMB8GA1UdIwQY
MBaAFOz0J3a+UyvQV1MyhV2MQsSVLtkxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN1BRbmRyNVRLOUJYVXpLRlhZeEN4SlV1MlRFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ni9lYmQ0OWYtZjU2OS00MTUyLWIwYjgt
NWU1M2MyM2I1NWIwLzEvNTJKMEJYOEd5TWdYTmROa3E0VlRmVWFlZTFJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ni9lYmQ0OWYtZjU2OS00MTUyLWIwYjgtNWU1M2MyM2I1NWIw
LzEvN1BRbmRyNVRLOUJYVXpLRlhZeEN4SlV1MlRFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCQGCCsGAQUFBwEHAQH/BBUwEzARBAIAATALAwMAkm0DBAK5
0iAwDQYJKoZIhvcNAQELBQADggEBAHNTsGFZF6gSeueZ3RZj59UhbycBnT6/tHAp
0a4Y4fZRir2YndCf2MbQ17jgp0Exm8EP5QUvicfiKPgx9yhiGUcGLQQmKga2uCO2
srnTOhzsLrES6AUA46tE8SDimwNgXYrrgJQrA4aVubAILScHMyfy0xgQPLjCBawY
jADqJRfOuf9GMiUZYD/cNFLvA6Ul+fmwUX3mM0BBM5FXSeSrUTmrvk4Zq+d6vZlb
9q9NOayJZea4FdjLJ//4sL4IbYx7SiMZ160xBLjRk+k3Q9NbP8I/oBA3d/qhT1c+
68TrX8SEqBC94Pddw7aJXDxMDwlSBaZE5BmiFrrlXEugqg48czA=
-----END CERTIFICATE-----