Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/94/a5fc11-72b4-4f9d-aa45-a2a5a8d99db8/1/_M8jdVXBLepBqO_3Zez_e6x2zw4.roa
File:                     _M8jdVXBLepBqO_3Zez_e6x2zw4.roa (raw, json)
Hash identifier:          eZyfLyYE2Xw4ZTr06KMTpykro4FTlkDr9TejnMS2e4E=
Subject key identifier:   FC:CF:23:75:55:C1:2D:EA:41:A8:EF:F7:65:EC:FF:7B:AC:76:CF:0E
Certificate issuer:       /CN=baf79127ee34a3aee9079c8e9799c40f0dc8dca2
Certificate serial:       019421B223A4CFB1DE51E4A66FAAA9AC5EE2
Authority key identifier: BA:F7:91:27:EE:34:A3:AE:E9:07:9C:8E:97:99:C4:0F:0D:C8:DC:A2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uveRJ-40o67pB5yOl5nEDw3I3KI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/94/a5fc11-72b4-4f9d-aa45-a2a5a8d99db8/1/_M8jdVXBLepBqO_3Zez_e6x2zw4.roa
Signing time:             Wed 01 Jan 2025 11:48:29 +0000
ROA not before:           Wed 01 Jan 2025 11:48:29 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     30873
IP address blocks:        185.71.132.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/94/a5fc11-72b4-4f9d-aa45-a2a5a8d99db8/1/uveRJ-40o67pB5yOl5nEDw3I3KI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/94/a5fc11-72b4-4f9d-aa45-a2a5a8d99db8/1/uveRJ-40o67pB5yOl5nEDw3I3KI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/uveRJ-40o67pB5yOl5nEDw3I3KI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 23:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:b2:23:a4:cf:b1:de:51:e4:a6:6f:aa:a9:ac:5e:e2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=baf79127ee34a3aee9079c8e9799c40f0dc8dca2
        Validity
            Not Before: Jan  1 11:48:29 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=fccf237555c12dea41a8eff765ecff7bac76cf0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:67:4d:de:70:22:3f:68:83:7e:93:41:0c:00:
                    68:39:91:fe:be:2f:17:dd:cf:be:25:b1:bc:b6:28:
                    1f:84:41:f1:6c:08:9a:55:01:5a:53:4c:8b:f7:bb:
                    ff:3a:96:e2:e1:11:6c:db:0b:ba:66:b1:39:8b:fd:
                    34:38:f1:75:11:4b:de:41:03:b5:21:1b:a3:7f:cd:
                    48:ef:f3:3f:fa:44:10:48:60:8b:52:29:a3:30:1d:
                    6d:c0:f0:11:bd:50:43:d6:cb:6b:ec:a8:0d:e2:1d:
                    74:65:69:c1:59:e7:56:57:d8:3c:55:ec:f1:8d:e8:
                    a5:3d:34:ec:c2:32:5d:47:2a:59:14:e6:a7:38:05:
                    bc:fd:ab:fd:17:75:85:88:cb:8e:60:8f:6f:b2:03:
                    b5:26:9b:be:7a:f3:b2:8b:b8:4d:74:1c:d5:fc:c2:
                    d0:6c:b8:37:03:15:9d:a2:12:a5:59:dc:68:ba:a6:
                    55:20:bd:e5:28:46:67:3d:e2:31:2a:e9:4a:2f:a3:
                    ef:7c:32:d9:96:d7:b0:bf:20:0d:0c:b5:c1:81:be:
                    98:bf:de:a8:ba:2e:17:c4:ee:cd:4b:cc:ec:7d:a9:
                    69:5c:a1:a6:4b:d4:92:df:4f:68:14:73:3c:c4:74:
                    80:f1:4e:6f:cf:72:9e:f7:e1:7f:ef:c7:83:b2:8f:
                    62:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FC:CF:23:75:55:C1:2D:EA:41:A8:EF:F7:65:EC:FF:7B:AC:76:CF:0E
            X509v3 Authority Key Identifier:
                keyid:BA:F7:91:27:EE:34:A3:AE:E9:07:9C:8E:97:99:C4:0F:0D:C8:DC:A2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uveRJ-40o67pB5yOl5nEDw3I3KI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/94/a5fc11-72b4-4f9d-aa45-a2a5a8d99db8/1/_M8jdVXBLepBqO_3Zez_e6x2zw4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/94/a5fc11-72b4-4f9d-aa45-a2a5a8d99db8/1/uveRJ-40o67pB5yOl5nEDw3I3KI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.71.132.0/22

    Signature Algorithm: sha256WithRSAEncryption
         66:5c:01:f3:09:fd:e5:c8:e3:89:31:a4:fd:d7:99:8a:10:61:
         a5:dd:52:7d:71:b0:29:f0:22:fd:ef:a3:01:ad:9b:00:c4:a4:
         b2:19:a9:e5:0d:80:67:11:dc:d5:ad:dc:17:19:c2:a4:d9:c0:
         52:40:56:a8:71:00:d2:ae:bb:b2:da:fe:b2:b5:68:2e:5f:6e:
         58:a3:e1:f0:29:d7:8e:3b:01:2a:2c:a5:2e:93:99:69:3b:54:
         ef:bc:47:f2:f6:f4:6c:a0:22:4c:6f:30:4c:15:d9:b8:3f:4c:
         35:0a:c5:af:23:1f:02:73:1d:fe:b9:2e:b5:33:6a:f4:17:b6:
         99:35:6b:04:2f:c4:4b:dc:28:c5:9e:f5:04:8c:3a:2a:16:98:
         fe:07:1d:ed:d2:54:8e:dc:e9:ec:3a:38:b5:8e:56:cb:42:d2:
         c0:f0:2b:ac:97:0c:45:fc:5f:6c:c7:0e:bd:93:03:68:20:a6:
         98:14:97:48:88:00:54:7c:8c:12:47:0b:6b:7a:2e:75:13:41:
         d7:1d:94:47:30:d2:d6:54:a5:c1:e3:69:c6:09:04:d9:95:da:
         27:a8:ca:66:f5:16:dd:a3:13:21:ef:75:fe:ca:5e:8e:ab:14:
         57:f7:ff:64:78:6e:d9:2a:cf:cd:82:c2:47:6c:31:dc:6a:69:
         3e:e4:58:29
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhsiOkz7HeUeSmb6qprF7iMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJhZjc5MTI3ZWUzNGEzYWVlOTA3OWM4ZTk3OTljNDBmMGRj
OGRjYTIwHhcNMjUwMTAxMTE0ODI5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmY2NmMjM3NTU1YzEyZGVhNDFhOGVmZjc2NWVjZmY3YmFjNzZjZjBlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2GdN3nAiP2iDfpNBDABoOZH+vi8X
3c++JbG8tigfhEHxbAiaVQFaU0yL97v/Opbi4RFs2wu6ZrE5i/00OPF1EUveQQO1
IRujf81I7/M/+kQQSGCLUimjMB1twPARvVBD1str7KgN4h10ZWnBWedWV9g8Vezx
jeilPTTswjJdRypZFOanOAW8/av9F3WFiMuOYI9vsgO1Jpu+evOyi7hNdBzV/MLQ
bLg3AxWdohKlWdxouqZVIL3lKEZnPeIxKulKL6PvfDLZltewvyANDLXBgb6Yv96o
ui4XxO7NS8zsfalpXKGmS9SS309oFHM8xHSA8U5vz3Ke9+F/78eDso9i8wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPzPI3VVwS3qQajv92Xs/3usds8OMB8GA1UdIwQY
MBaAFLr3kSfuNKOu6QecjpeZxA8NyNyiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdXZlUkotNDBvNjdwQjV5T2w1bkVEdzNJM0tJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85NC9hNWZjMTEtNzJiNC00ZjlkLWFhNDUt
YTJhNWE4ZDk5ZGI4LzEvX004amRWWEJMZXBCcU9fM1plel9lNngyenc0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85NC9hNWZjMTEtNzJiNC00ZjlkLWFhNDUtYTJhNWE4ZDk5ZGI4
LzEvdXZlUkotNDBvNjdwQjV5T2w1bkVEdzNJM0tJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuUeEMA0G
CSqGSIb3DQEBCwUAA4IBAQBmXAHzCf3lyOOJMaT915mKEGGl3VJ9cbAp8CL976MB
rZsAxKSyGanlDYBnEdzVrdwXGcKk2cBSQFaocQDSrruy2v6ytWguX25Yo+HwKdeO
OwEqLKUuk5lpO1TvvEfy9vRsoCJMbzBMFdm4P0w1CsWvIx8Ccx3+uS61M2r0F7aZ
NWsEL8RL3CjFnvUEjDoqFpj+Bx3t0lSO3OnsOji1jlbLQtLA8CuslwxF/F9sxw69
kwNoIKaYFJdIiABUfIwSRwtrei51E0HXHZRHMNLWVKXB42nGCQTZldonqMpm9Rbd
oxMh73X+yl6OqxRX9/9keG7ZKs/NgsJHbDHcamk+5Fgp
-----END CERTIFICATE-----