Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a2/e3fb7d-dd4b-4d85-b08e-591caf536ecc/1/umrrdDgmKLn7ngVsQ1-cE9eWkLg.roa
File:                     umrrdDgmKLn7ngVsQ1-cE9eWkLg.roa (raw, json)
Hash identifier:          u0DGWapdVwki01vtckAF5EchE6aFKJ9HZWFWe6ptSyM=
Subject key identifier:   BA:6A:EB:74:38:26:28:B9:FB:9E:05:6C:43:5F:9C:13:D7:96:90:B8
Certificate issuer:       /CN=22a5d84053e2b0c313af1e3ba5102466a5f79678
Certificate serial:       018CC8713FB3662CD2EFA2F7724850086CDE
Authority key identifier: 22:A5:D8:40:53:E2:B0:C3:13:AF:1E:3B:A5:10:24:66:A5:F7:96:78
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IqXYQFPisMMTrx47pRAkZqX3lng.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a2/e3fb7d-dd4b-4d85-b08e-591caf536ecc/1/umrrdDgmKLn7ngVsQ1-cE9eWkLg.roa
Signing time:             Tue 02 Jan 2024 04:31:54 +0000
ROA not before:           Tue 02 Jan 2024 04:31:54 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     0
IP address blocks:        155.204.224.0/19 maxlen: 19
                          137.174.224.0/19 maxlen: 19

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a2/e3fb7d-dd4b-4d85-b08e-591caf536ecc/1/IqXYQFPisMMTrx47pRAkZqX3lng.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a2/e3fb7d-dd4b-4d85-b08e-591caf536ecc/1/IqXYQFPisMMTrx47pRAkZqX3lng.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IqXYQFPisMMTrx47pRAkZqX3lng.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 15:01:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:71:3f:b3:66:2c:d2:ef:a2:f7:72:48:50:08:6c:de
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22a5d84053e2b0c313af1e3ba5102466a5f79678
        Validity
            Not Before: Jan  2 04:31:54 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ba6aeb74382628b9fb9e056c435f9c13d79690b8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:69:c0:14:09:a4:fa:80:1a:d3:5b:85:03:a7:
                    0d:e8:ae:cd:89:cc:70:1e:15:dd:51:1a:59:b4:7a:
                    bc:1f:cc:39:89:f6:e2:ef:3c:21:bc:35:d8:9a:64:
                    12:6e:0e:61:9c:36:be:fc:25:ab:0d:a2:3c:ac:ef:
                    fa:f6:92:80:10:9a:0b:23:66:d8:7e:ec:b6:af:ac:
                    fc:85:c6:09:c5:11:85:e8:4c:2a:76:7d:a1:f7:57:
                    ed:f1:43:a0:42:56:9d:dc:bf:a5:f2:73:42:98:30:
                    7d:b2:1c:75:4e:c1:12:74:2e:73:53:f7:cf:6e:4f:
                    16:b1:8c:7e:da:f4:5f:46:a2:55:09:76:19:a4:c8:
                    c2:39:a3:e6:91:88:02:08:51:3e:b6:28:3c:9d:fb:
                    37:89:4a:e6:77:6c:00:4c:65:00:04:68:c0:0a:53:
                    2e:7c:23:0a:68:de:59:f4:49:b0:ce:a3:3b:a0:f2:
                    e1:8a:de:0e:98:33:ed:e4:4d:0f:22:f0:11:16:b9:
                    d5:ca:36:85:bb:f0:44:d3:12:fb:99:da:0d:38:b0:
                    93:ec:af:0d:0e:ef:81:19:8d:6c:9b:76:de:60:4a:
                    a3:8e:d4:ee:58:4f:fb:bf:45:12:3b:59:09:2b:00:
                    9f:b7:14:26:97:2e:31:2c:17:59:3c:09:36:bb:4a:
                    d0:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BA:6A:EB:74:38:26:28:B9:FB:9E:05:6C:43:5F:9C:13:D7:96:90:B8
            X509v3 Authority Key Identifier:
                keyid:22:A5:D8:40:53:E2:B0:C3:13:AF:1E:3B:A5:10:24:66:A5:F7:96:78

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IqXYQFPisMMTrx47pRAkZqX3lng.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/e3fb7d-dd4b-4d85-b08e-591caf536ecc/1/umrrdDgmKLn7ngVsQ1-cE9eWkLg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/e3fb7d-dd4b-4d85-b08e-591caf536ecc/1/IqXYQFPisMMTrx47pRAkZqX3lng.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  137.174.224.0/19
                  155.204.224.0/19

    Signature Algorithm: sha256WithRSAEncryption
         9a:d5:45:1f:b3:e6:60:29:08:05:54:69:ca:5d:82:10:fb:03:
         ef:e0:e8:06:84:e5:5c:e0:72:4e:27:a4:2d:e7:82:41:b8:1b:
         64:1f:73:97:3f:1d:7a:c6:59:66:9e:50:a3:32:03:12:12:ae:
         08:0e:c5:b4:b1:1b:49:0e:30:04:33:c2:66:f8:ba:ac:9f:b2:
         21:14:2d:6e:1b:68:af:c1:b6:eb:9e:b0:de:d7:34:2e:73:a5:
         93:a3:b7:a5:cf:0d:28:21:7b:f5:3c:ce:00:ac:72:be:c6:9c:
         e0:df:d3:74:80:74:16:52:6e:eb:46:c5:38:3d:9f:fc:f6:07:
         b8:a1:90:2b:70:44:d1:9f:db:22:7d:78:70:22:e0:7e:21:e8:
         68:84:eb:82:18:13:7c:e9:cf:fc:58:7c:f6:48:2d:f4:f1:21:
         54:ad:37:5c:f2:c4:d2:d1:ec:96:86:b9:0e:c1:81:b4:d5:01:
         0c:f7:84:7d:de:c7:6d:86:43:83:32:98:dc:1d:e4:62:30:4d:
         c5:ba:3b:e8:2e:a2:62:b4:76:5c:6f:9b:07:da:0e:59:52:87:
         6f:b3:14:30:4c:32:bc:e9:b9:31:28:e5:60:b3:8f:55:19:fc:
         14:a0:24:66:ef:75:3e:b5:58:b7:84:f4:a6:47:5a:b1:cc:40:
         93:d0:fc:50
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzIcT+zZizS76L3ckhQCGzeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYTVkODQwNTNlMmIwYzMxM2FmMWUzYmE1MTAyNDY2YTVm
Nzk2NzgwHhcNMjQwMTAyMDQzMTU0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYTZhZWI3NDM4MjYyOGI5ZmI5ZTA1NmM0MzVmOWMxM2Q3OTY5MGI4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0mnAFAmk+oAa01uFA6cN6K7Nicxw
HhXdURpZtHq8H8w5ifbi7zwhvDXYmmQSbg5hnDa+/CWrDaI8rO/69pKAEJoLI2bY
fuy2r6z8hcYJxRGF6Ewqdn2h91ft8UOgQlad3L+l8nNCmDB9shx1TsESdC5zU/fP
bk8WsYx+2vRfRqJVCXYZpMjCOaPmkYgCCFE+tig8nfs3iUrmd2wATGUABGjAClMu
fCMKaN5Z9EmwzqM7oPLhit4OmDPt5E0PIvARFrnVyjaFu/BE0xL7mdoNOLCT7K8N
Du+BGY1sm3beYEqjjtTuWE/7v0USO1kJKwCftxQmly4xLBdZPAk2u0rQDQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFLpq63Q4Jii5+54FbENfnBPXlpC4MB8GA1UdIwQY
MBaAFCKl2EBT4rDDE68eO6UQJGal95Z4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXFYWVFGUGlzTU1Ucng0N3BSQWtacVgzbG5nLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMi9lM2ZiN2QtZGQ0Yi00ZDg1LWIwOGUt
NTkxY2FmNTM2ZWNjLzEvdW1ycmREZ21LTG43bmdWc1ExLWNFOWVXa0xnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMi9lM2ZiN2QtZGQ0Yi00ZDg1LWIwOGUtNTkxY2FmNTM2ZWNj
LzEvSXFYWVFGUGlzTU1Ucng0N3BSQWtacVgzbG5nLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQFia7gAwQF
m8zgMA0GCSqGSIb3DQEBCwUAA4IBAQCa1UUfs+ZgKQgFVGnKXYIQ+wPv4OgGhOVc
4HJOJ6Qt54JBuBtkH3OXPx16xllmnlCjMgMSEq4IDsW0sRtJDjAEM8Jm+Lqsn7Ih
FC1uG2ivwbbrnrDe1zQuc6WTo7elzw0oIXv1PM4ArHK+xpzg39N0gHQWUm7rRsU4
PZ/89ge4oZArcETRn9sifXhwIuB+IehohOuCGBN86c/8WHz2SC308SFUrTdc8sTS
0eyWhrkOwYG01QEM94R93sdthkODMpjcHeRiME3FujvoLqJitHZcb5sH2g5ZUodv
sxQwTDK86bkxKOVgs49VGfwUoCRm73U+tVi3hPSmR1qxzECT0PxQ
-----END CERTIFICATE-----