Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9b/b73bd2-ab94-4ac3-93c4-6cbcb7e3d8d2/1/Et82Ox-YoPWswPFqxd1JmT5HiVY.roa
File:                     Et82Ox-YoPWswPFqxd1JmT5HiVY.roa (raw, json)
Hash identifier:          dKjp2M/qEJfQktMuqf3U3untvmBMHbGfy5ZX8hyRWlU=
Subject key identifier:   12:DF:36:3B:1F:98:A0:F5:AC:C0:F1:6A:C5:DD:49:99:3E:47:89:56
Certificate issuer:       /CN=2ace126fa5830911083e45f583cadb08a63ec6f9
Certificate serial:       0194228E19370DED319DCDE55E22CE9D9BED
Authority key identifier: 2A:CE:12:6F:A5:83:09:11:08:3E:45:F5:83:CA:DB:08:A6:3E:C6:F9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Ks4Sb6WDCREIPkX1g8rbCKY-xvk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9b/b73bd2-ab94-4ac3-93c4-6cbcb7e3d8d2/1/Et82Ox-YoPWswPFqxd1JmT5HiVY.roa
Signing time:             Wed 01 Jan 2025 15:48:45 +0000
ROA not before:           Wed 01 Jan 2025 15:48:45 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     206984
IP address blocks:        185.169.244.0/22 maxlen: 22
                          2a0a:7700::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9b/b73bd2-ab94-4ac3-93c4-6cbcb7e3d8d2/1/Ks4Sb6WDCREIPkX1g8rbCKY-xvk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9b/b73bd2-ab94-4ac3-93c4-6cbcb7e3d8d2/1/Ks4Sb6WDCREIPkX1g8rbCKY-xvk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Ks4Sb6WDCREIPkX1g8rbCKY-xvk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 23 Apr 2025 04:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:8e:19:37:0d:ed:31:9d:cd:e5:5e:22:ce:9d:9b:ed
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2ace126fa5830911083e45f583cadb08a63ec6f9
        Validity
            Not Before: Jan  1 15:48:45 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=12df363b1f98a0f5acc0f16ac5dd49993e478956
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:5e:2c:bb:07:e7:f2:c4:06:c4:c7:34:76:c5:
                    b9:30:8b:95:11:be:00:37:50:75:c3:b7:77:e7:81:
                    8d:0f:82:1a:9b:9c:99:c7:fe:4a:55:50:23:47:a7:
                    47:2b:6d:f5:71:8b:bf:44:c6:32:da:7f:d0:e0:46:
                    82:a8:a2:93:79:df:16:2c:ff:d1:c7:08:1e:d2:0e:
                    46:04:3c:b7:31:67:1a:48:08:f1:fe:fa:d1:0a:a7:
                    04:98:01:b6:b5:b6:8d:bf:f1:8f:bb:37:ad:ed:46:
                    f7:41:52:8f:b0:b1:6a:64:0e:6e:3f:f9:3f:f0:44:
                    c1:d6:bb:01:1a:97:14:db:33:f8:a5:5d:a2:b8:37:
                    9c:c2:9a:b0:eb:5a:34:69:84:8c:4f:cf:03:c5:9d:
                    b8:c2:f2:af:8f:e4:d9:57:f6:9b:60:8f:b1:21:48:
                    f3:84:e4:14:81:54:27:83:3c:3f:06:f3:4c:52:08:
                    28:37:d8:d0:55:5e:66:0e:7d:14:b9:0c:c5:e2:9d:
                    c7:94:de:b7:90:f3:97:26:4d:90:1a:6e:f9:9f:06:
                    44:ec:98:f2:94:7a:e8:6c:53:50:67:cf:39:2d:14:
                    f5:53:26:1c:f7:e3:7b:f6:e0:91:c1:47:73:c5:52:
                    83:2e:26:f5:ef:a0:18:41:b0:15:81:07:60:5a:b2:
                    ba:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                12:DF:36:3B:1F:98:A0:F5:AC:C0:F1:6A:C5:DD:49:99:3E:47:89:56
            X509v3 Authority Key Identifier:
                keyid:2A:CE:12:6F:A5:83:09:11:08:3E:45:F5:83:CA:DB:08:A6:3E:C6:F9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ks4Sb6WDCREIPkX1g8rbCKY-xvk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/b73bd2-ab94-4ac3-93c4-6cbcb7e3d8d2/1/Et82Ox-YoPWswPFqxd1JmT5HiVY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/b73bd2-ab94-4ac3-93c4-6cbcb7e3d8d2/1/Ks4Sb6WDCREIPkX1g8rbCKY-xvk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.169.244.0/22
                IPv6:
                  2a0a:7700::/29

    Signature Algorithm: sha256WithRSAEncryption
         5b:84:24:85:b5:8c:cf:33:b3:c8:92:c7:a4:61:90:f3:95:91:
         22:f8:27:d3:41:a1:77:a1:6a:f0:5c:8b:7e:32:6b:4d:85:70:
         6e:5e:e6:92:cf:9f:79:26:8c:09:c0:1c:10:4a:bb:28:b7:af:
         f0:2d:46:66:b3:42:85:f5:52:05:9d:25:3f:a1:9e:cc:bc:3b:
         7a:32:d6:58:94:dc:bc:f1:ff:97:db:56:80:de:ca:ca:d3:6d:
         90:6b:b4:aa:01:9e:fe:42:f3:e7:b5:9b:84:e8:46:30:ff:e9:
         e8:50:e2:98:1a:c8:47:79:34:bf:53:30:f5:cb:b7:69:69:16:
         82:69:41:8c:e6:5c:2c:86:4d:f3:27:09:e9:f2:82:96:7c:b9:
         c7:fc:c1:d0:91:05:61:30:88:49:cb:06:74:e8:a2:94:59:4a:
         f8:7d:11:45:3d:e9:14:10:c8:8e:ab:cd:6a:0f:28:84:f4:b9:
         2b:b2:29:23:05:e7:22:1e:b4:e3:a7:f4:0e:99:bd:b4:62:4e:
         84:c2:47:3e:86:68:2d:f4:80:ad:32:20:7c:8c:a5:ef:3b:6e:
         a1:51:3d:99:77:86:f7:f3:38:40:31:02:71:7b:d5:ff:20:fa:
         0b:ee:51:0b:1c:47:fa:b1:6d:a9:cc:0d:bb:f3:0e:1a:e8:6c:
         dd:6f:0a:e8
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQijhk3De0xnc3lXiLOnZvtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhY2UxMjZmYTU4MzA5MTEwODNlNDVmNTgzY2FkYjA4YTYz
ZWM2ZjkwHhcNMjUwMTAxMTU0ODQ1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMmRmMzYzYjFmOThhMGY1YWNjMGYxNmFjNWRkNDk5OTNlNDc4OTU2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv14suwfn8sQGxMc0dsW5MIuVEb4A
N1B1w7d354GND4Iam5yZx/5KVVAjR6dHK231cYu/RMYy2n/Q4EaCqKKTed8WLP/R
xwge0g5GBDy3MWcaSAjx/vrRCqcEmAG2tbaNv/GPuzet7Ub3QVKPsLFqZA5uP/k/
8ETB1rsBGpcU2zP4pV2iuDecwpqw61o0aYSMT88DxZ24wvKvj+TZV/abYI+xIUjz
hOQUgVQngzw/BvNMUggoN9jQVV5mDn0UuQzF4p3HlN63kPOXJk2QGm75nwZE7Jjy
lHrobFNQZ885LRT1UyYc9+N79uCRwUdzxVKDLib176AYQbAVgQdgWrK6EwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFBLfNjsfmKD1rMDxasXdSZk+R4lWMB8GA1UdIwQY
MBaAFCrOEm+lgwkRCD5F9YPK2wimPsb5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS3M0U2I2V0RDUkVJUGtYMWc4cmJDS1kteHZrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Yi9iNzNiZDItYWI5NC00YWMzLTkzYzQt
NmNiY2I3ZTNkOGQyLzEvRXQ4Mk94LVlvUFdzd1BGcXhkMUptVDVIaVZZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Yi9iNzNiZDItYWI5NC00YWMzLTkzYzQtNmNiY2I3ZTNkOGQy
LzEvS3M0U2I2V0RDUkVJUGtYMWc4cmJDS1kteHZrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuan0MA0E
AgACMAcDBQMqCncAMA0GCSqGSIb3DQEBCwUAA4IBAQBbhCSFtYzPM7PIksekYZDz
lZEi+CfTQaF3oWrwXIt+MmtNhXBuXuaSz595JowJwBwQSrsot6/wLUZms0KF9VIF
nSU/oZ7MvDt6MtZYlNy88f+X21aA3srK022Qa7SqAZ7+QvPntZuE6EYw/+noUOKY
GshHeTS/UzD1y7dpaRaCaUGM5lwshk3zJwnp8oKWfLnH/MHQkQVhMIhJywZ06KKU
WUr4fRFFPekUEMiOq81qDyiE9LkrsikjBeciHrTjp/QOmb20Yk6Ewkc+hmgt9ICt
MiB8jKXvO26hUT2Zd4b38zhAMQJxe9X/IPoL7lELHEf6sW2pzA278w4a6Gzdbwro
-----END CERTIFICATE-----