Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ae/0be551-d60d-49bb-8cad-675e07235657/1/xmi3fJrgJjbuIQRSW7_29egRqxw.roa
File:                     xmi3fJrgJjbuIQRSW7_29egRqxw.roa (raw, json)
Hash identifier:          ls6p+3WnPBbAThIcDQa0gnCwKorxkU+YFEDzxCOD1ho=
Subject key identifier:   C6:68:B7:7C:9A:E0:26:36:EE:21:04:52:5B:BF:F6:F5:E8:11:AB:1C
Certificate issuer:       /CN=a2b62371ec62efd0f4385fa0473056f08818de73
Certificate serial:       019426D91DEB9F5A426522345479CB2F9CF6
Authority key identifier: A2:B6:23:71:EC:62:EF:D0:F4:38:5F:A0:47:30:56:F0:88:18:DE:73
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/orYjcexi79D0OF-gRzBW8IgY3nM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ae/0be551-d60d-49bb-8cad-675e07235657/1/xmi3fJrgJjbuIQRSW7_29egRqxw.roa
Signing time:             Thu 02 Jan 2025 11:49:10 +0000
ROA not before:           Thu 02 Jan 2025 11:49:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     559
IP address blocks:        185.133.44.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ae/0be551-d60d-49bb-8cad-675e07235657/1/orYjcexi79D0OF-gRzBW8IgY3nM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ae/0be551-d60d-49bb-8cad-675e07235657/1/orYjcexi79D0OF-gRzBW8IgY3nM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/orYjcexi79D0OF-gRzBW8IgY3nM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 11 Apr 2025 21:50:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:d9:1d:eb:9f:5a:42:65:22:34:54:79:cb:2f:9c:f6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a2b62371ec62efd0f4385fa0473056f08818de73
        Validity
            Not Before: Jan  2 11:49:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c668b77c9ae02636ee2104525bbff6f5e811ab1c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:38:fd:9b:0a:2c:b2:9b:92:69:a9:f2:40:38:
                    2d:57:85:5c:13:e6:a8:a7:48:5e:75:bd:b5:17:b7:
                    90:d5:fd:b1:2d:ed:40:7f:e7:15:87:41:15:3c:bf:
                    de:6f:c1:cf:40:33:9c:8c:57:74:f8:b8:99:8c:04:
                    db:d8:75:40:34:58:63:d4:89:cc:0d:86:dc:d7:79:
                    35:4d:8d:8c:81:60:41:c5:f3:4f:4f:e3:ef:d2:34:
                    cc:a2:74:97:33:ab:ce:4a:a4:d2:3d:1c:fb:b0:03:
                    02:47:fb:da:6a:d9:63:22:72:18:4c:d4:37:fd:79:
                    17:93:47:3a:57:7f:30:28:6d:e1:7c:5d:2a:01:c7:
                    93:dc:b8:d8:aa:5f:89:98:6d:bc:a2:c6:93:44:08:
                    ac:48:78:bc:f7:a8:62:45:43:3a:c4:4b:30:94:10:
                    ba:4c:8e:00:f0:80:f5:b6:53:b6:48:8d:cd:01:e3:
                    39:83:85:14:ca:ec:cd:43:61:03:bb:aa:80:a8:f1:
                    54:8d:a8:8f:42:04:bd:f0:2d:88:93:42:07:ef:d8:
                    38:b0:43:26:5a:ad:d6:85:00:85:a1:fd:30:d0:b5:
                    f9:de:44:c7:9b:49:ff:13:8f:47:93:e0:11:de:0e:
                    67:cd:82:7a:e6:d1:f9:83:79:89:88:84:1f:0c:8d:
                    4b:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C6:68:B7:7C:9A:E0:26:36:EE:21:04:52:5B:BF:F6:F5:E8:11:AB:1C
            X509v3 Authority Key Identifier:
                keyid:A2:B6:23:71:EC:62:EF:D0:F4:38:5F:A0:47:30:56:F0:88:18:DE:73

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/orYjcexi79D0OF-gRzBW8IgY3nM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ae/0be551-d60d-49bb-8cad-675e07235657/1/xmi3fJrgJjbuIQRSW7_29egRqxw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ae/0be551-d60d-49bb-8cad-675e07235657/1/orYjcexi79D0OF-gRzBW8IgY3nM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.133.44.0/22

    Signature Algorithm: sha256WithRSAEncryption
         6b:e7:1c:37:bc:5e:bd:45:88:ea:41:d5:fd:d4:da:87:eb:85:
         23:a7:cf:48:6b:19:12:ea:be:0e:3a:1b:01:dd:ab:6d:b9:91:
         ba:49:ae:e9:15:c9:71:62:1f:c8:7e:10:af:70:f1:ba:9a:b5:
         08:1b:93:a1:de:d0:3e:14:c4:21:af:5b:57:d2:77:32:ed:c4:
         fd:ec:ae:56:f6:0a:90:c1:b8:d7:05:32:d8:c0:44:b8:ef:9d:
         5d:fd:e1:cc:c8:84:c8:9a:4f:ba:42:08:ec:d9:93:ec:bd:90:
         e8:53:d2:64:e4:c8:3a:9e:f4:3e:4c:cc:dd:17:a2:21:27:d9:
         74:48:af:01:7f:09:89:72:3b:75:52:c2:65:9f:00:33:31:40:
         92:c4:b6:2a:96:56:e6:87:32:7f:69:b6:7f:e1:59:47:36:29:
         00:a1:c9:60:94:de:a5:e5:ee:b7:c5:ad:ae:82:d3:10:60:1a:
         8b:1c:51:63:96:67:9a:82:f4:26:31:74:3f:ed:60:a7:50:98:
         38:64:d4:00:4c:af:d7:f5:71:67:f0:c0:55:c7:0c:5e:17:c1:
         5f:7b:ea:f8:3b:93:50:99:e2:ef:a7:ba:ec:39:97:2d:90:4d:
         cf:bc:11:e1:51:8a:2c:c1:41:e4:fe:40:0d:85:e6:43:71:47:
         a0:d9:0f:26
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQm2R3rn1pCZSI0VHnLL5z2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEyYjYyMzcxZWM2MmVmZDBmNDM4NWZhMDQ3MzA1NmYwODgx
OGRlNzMwHhcNMjUwMTAyMTE0OTEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNjY4Yjc3YzlhZTAyNjM2ZWUyMTA0NTI1YmJmZjZmNWU4MTFhYjFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzDj9mwosspuSaanyQDgtV4VcE+ao
p0hedb21F7eQ1f2xLe1Af+cVh0EVPL/eb8HPQDOcjFd0+LiZjATb2HVANFhj1InM
DYbc13k1TY2MgWBBxfNPT+Pv0jTMonSXM6vOSqTSPRz7sAMCR/vaatljInIYTNQ3
/XkXk0c6V38wKG3hfF0qAceT3LjYql+JmG28osaTRAisSHi896hiRUM6xEswlBC6
TI4A8ID1tlO2SI3NAeM5g4UUyuzNQ2EDu6qAqPFUjaiPQgS98C2Ik0IH79g4sEMm
Wq3WhQCFof0w0LX53kTHm0n/E49Hk+AR3g5nzYJ65tH5g3mJiIQfDI1LXwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMZot3ya4CY27iEEUlu/9vXoEascMB8GA1UdIwQY
MBaAFKK2I3HsYu/Q9DhfoEcwVvCIGN5zMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb3JZamNleGk3OUQwT0YtZ1J6Qlc4SWdZM25NLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZS8wYmU1NTEtZDYwZC00OWJiLThjYWQt
Njc1ZTA3MjM1NjU3LzEveG1pM2ZKcmdKamJ1SVFSU1c3XzI5ZWdScXh3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZS8wYmU1NTEtZDYwZC00OWJiLThjYWQtNjc1ZTA3MjM1NjU3
LzEvb3JZamNleGk3OUQwT0YtZ1J6Qlc4SWdZM25NLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuYUsMA0G
CSqGSIb3DQEBCwUAA4IBAQBr5xw3vF69RYjqQdX91NqH64Ujp89IaxkS6r4OOhsB
3attuZG6Sa7pFclxYh/IfhCvcPG6mrUIG5Oh3tA+FMQhr1tX0ncy7cT97K5W9gqQ
wbjXBTLYwES4751d/eHMyITImk+6Qgjs2ZPsvZDoU9Jk5Mg6nvQ+TMzdF6IhJ9l0
SK8BfwmJcjt1UsJlnwAzMUCSxLYqllbmhzJ/abZ/4VlHNikAoclglN6l5e63xa2u
gtMQYBqLHFFjlmeagvQmMXQ/7WCnUJg4ZNQATK/X9XFn8MBVxwxeF8Ffe+r4O5NQ
meLvp7rsOZctkE3PvBHhUYoswUHk/kANheZDcUeg2Q8m
-----END CERTIFICATE-----