Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/931927-9f38-41b6-87fa-254acd92b4e1/1/Si-2Rm53XPJkvdQuUoleCfCr75U.roa
File:                     Si-2Rm53XPJkvdQuUoleCfCr75U.roa (raw, json)
Hash identifier:          mKUv/zHwdRwnRlZWHKL3xuXK8iQ2ai/vToQa+9rK3+I=
Subject key identifier:   4A:2F:B6:46:6E:77:5C:F2:64:BD:D4:2E:52:89:5E:09:F0:AB:EF:95
Certificate issuer:       /CN=a576eb2cc462e6e4bf0de69b9f634875debbaae2
Certificate serial:       019424449099744F224ED914F4B33F1C7F20
Authority key identifier: A5:76:EB:2C:C4:62:E6:E4:BF:0D:E6:9B:9F:63:48:75:DE:BB:AA:E2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pXbrLMRi5uS_Deabn2NIdd67quI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/87/931927-9f38-41b6-87fa-254acd92b4e1/1/Si-2Rm53XPJkvdQuUoleCfCr75U.roa
Signing time:             Wed 01 Jan 2025 23:47:40 +0000
ROA not before:           Wed 01 Jan 2025 23:47:40 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     50629
IP address blocks:        185.222.217.0/24 maxlen: 24
                          2a09:0:14::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/87/931927-9f38-41b6-87fa-254acd92b4e1/1/pXbrLMRi5uS_Deabn2NIdd67quI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/87/931927-9f38-41b6-87fa-254acd92b4e1/1/pXbrLMRi5uS_Deabn2NIdd67quI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/pXbrLMRi5uS_Deabn2NIdd67quI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 07:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:44:90:99:74:4f:22:4e:d9:14:f4:b3:3f:1c:7f:20
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a576eb2cc462e6e4bf0de69b9f634875debbaae2
        Validity
            Not Before: Jan  1 23:47:40 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4a2fb6466e775cf264bdd42e52895e09f0abef95
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:cc:79:bb:cd:23:3c:2b:9e:34:ab:8a:2e:1d:
                    45:1b:00:fe:e4:b0:85:80:50:80:d6:a7:cf:a9:8b:
                    68:9c:00:5d:45:5e:4d:35:d1:87:d1:c3:d0:5b:d1:
                    c8:ce:57:84:50:e1:fe:ee:93:39:b1:c1:d5:1c:96:
                    fc:a0:5c:10:25:84:5e:f4:8f:7c:3b:c9:e4:85:b1:
                    cb:09:00:57:80:cf:6b:23:99:65:33:3a:8d:a2:fa:
                    f0:06:79:d8:61:a1:24:41:bd:f8:c2:69:59:96:8b:
                    97:e0:cf:02:d1:c2:a7:0c:aa:a6:ff:69:72:48:43:
                    04:6c:e4:a6:88:31:4c:40:12:b4:a8:a2:b8:46:8e:
                    11:a1:0b:5d:96:6d:ee:3e:c3:d1:a7:22:aa:c2:82:
                    9c:a6:5b:61:af:0c:79:13:d4:0f:db:73:c3:fc:0b:
                    dd:8b:42:4b:b7:99:d4:39:74:b9:ce:f4:ab:95:f2:
                    57:d9:e6:d5:66:55:c0:c6:59:a1:a3:b8:27:88:45:
                    f4:c3:fa:3c:5b:d3:00:2b:60:d2:4d:28:2c:4a:48:
                    24:25:3a:70:8d:d5:86:fa:5b:06:ba:a1:3b:bd:f1:
                    8a:f7:24:bb:ec:ad:33:8e:7c:f9:7b:ef:91:c8:51:
                    76:78:50:b1:fc:c8:7d:e8:02:b8:50:b6:77:83:9a:
                    d8:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4A:2F:B6:46:6E:77:5C:F2:64:BD:D4:2E:52:89:5E:09:F0:AB:EF:95
            X509v3 Authority Key Identifier:
                keyid:A5:76:EB:2C:C4:62:E6:E4:BF:0D:E6:9B:9F:63:48:75:DE:BB:AA:E2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pXbrLMRi5uS_Deabn2NIdd67quI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/931927-9f38-41b6-87fa-254acd92b4e1/1/Si-2Rm53XPJkvdQuUoleCfCr75U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/87/931927-9f38-41b6-87fa-254acd92b4e1/1/pXbrLMRi5uS_Deabn2NIdd67quI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.222.217.0/24
                IPv6:
                  2a09:0:14::/48

    Signature Algorithm: sha256WithRSAEncryption
         1b:10:73:ae:b0:bf:41:52:e7:fe:4a:c3:01:ea:ff:1a:94:60:
         1d:c2:64:44:e6:1b:b9:00:bd:3c:ea:7c:d9:40:dd:93:2d:86:
         4a:27:27:90:73:49:a3:6a:0c:e6:16:82:1a:06:ee:e5:bb:ed:
         63:00:cb:c2:3d:72:47:63:25:9f:cb:ce:75:87:e1:81:85:70:
         82:c3:b9:ef:54:a3:3a:78:b3:9d:32:fa:3b:7d:d1:1b:ee:6c:
         a4:50:3a:3c:7e:be:9a:27:14:ae:9e:ff:46:e3:01:d1:0c:2d:
         05:7a:32:61:00:35:8d:56:9b:9c:1a:3f:08:d3:8b:21:a6:07:
         a4:d7:5d:c8:f2:f4:60:97:ef:26:32:24:8f:25:5e:14:82:1a:
         3a:72:3c:ca:e0:a9:46:be:4b:98:b0:eb:29:78:e3:c3:17:98:
         42:11:3e:9c:d4:bb:ad:34:16:8f:30:08:c3:54:d7:2e:2f:db:
         4a:65:a9:43:dd:bc:71:4d:9f:24:fc:74:fd:01:75:bc:9c:68:
         87:76:ea:c8:28:34:04:03:d8:64:2a:be:88:7f:2c:4e:23:de:
         f2:94:85:0c:1b:f4:3b:83:23:f8:d7:70:75:5e:ff:b2:a6:db:
         20:96:06:a3:3d:8a:5e:34:60:2c:b9:6f:92:9b:34:13:ca:65:
         6d:05:bb:eb
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZQkRJCZdE8iTtkU9LM/HH8gMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE1NzZlYjJjYzQ2MmU2ZTRiZjBkZTY5YjlmNjM0ODc1ZGVi
YmFhZTIwHhcNMjUwMTAxMjM0NzQwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YTJmYjY0NjZlNzc1Y2YyNjRiZGQ0MmU1Mjg5NWUwOWYwYWJlZjk1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2Mx5u80jPCueNKuKLh1FGwD+5LCF
gFCA1qfPqYtonABdRV5NNdGH0cPQW9HIzleEUOH+7pM5scHVHJb8oFwQJYRe9I98
O8nkhbHLCQBXgM9rI5llMzqNovrwBnnYYaEkQb34wmlZlouX4M8C0cKnDKqm/2ly
SEMEbOSmiDFMQBK0qKK4Ro4RoQtdlm3uPsPRpyKqwoKcplthrwx5E9QP23PD/Avd
i0JLt5nUOXS5zvSrlfJX2ebVZlXAxlmho7gniEX0w/o8W9MAK2DSTSgsSkgkJTpw
jdWG+lsGuqE7vfGK9yS77K0zjnz5e++RyFF2eFCx/Mh96AK4ULZ3g5rY0QIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFEovtkZud1zyZL3ULlKJXgnwq++VMB8GA1UdIwQY
MBaAFKV26yzEYubkvw3mm59jSHXeu6riMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcFhickxNUmk1dVNfRGVhYm4yTklkZDY3cXVJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny85MzE5MjctOWYzOC00MWI2LTg3ZmEt
MjU0YWNkOTJiNGUxLzEvU2ktMlJtNTNYUEprdmRRdVVvbGVDZkNyNzVVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ny85MzE5MjctOWYzOC00MWI2LTg3ZmEtMjU0YWNkOTJiNGUx
LzEvcFhickxNUmk1dVNfRGVhYm4yTklkZDY3cXVJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAud7ZMA8E
AgACMAkDBwAqCQAAABQwDQYJKoZIhvcNAQELBQADggEBABsQc66wv0FS5/5KwwHq
/xqUYB3CZETmG7kAvTzqfNlA3ZMthkonJ5BzSaNqDOYWghoG7uW77WMAy8I9ckdj
JZ/LznWH4YGFcILDue9Uozp4s50y+jt90RvubKRQOjx+vponFK6e/0bjAdEMLQV6
MmEANY1Wm5waPwjTiyGmB6TXXcjy9GCX7yYyJI8lXhSCGjpyPMrgqUa+S5iw6yl4
48MXmEIRPpzUu600Fo8wCMNU1y4v20plqUPdvHFNnyT8dP0BdbycaId26sgoNAQD
2GQqvoh/LE4j3vKUhQwb9DuDI/jXcHVe/7Km2yCWBqM9il40YCy5b5KbNBPKZW0F
u+s=
-----END CERTIFICATE-----