Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/af/2223ca-ce38-49bb-b125-cca37606bf18/1/cbgxDriMd1w8Ezk1j_uW9c-uk8k.roa
File:                     cbgxDriMd1w8Ezk1j_uW9c-uk8k.roa (raw, json)
Hash identifier:          RA/kZIx4fzU+RCbQ8O1BxIKCZRJDjC4JRLSNt3ovrQ8=
Subject key identifier:   71:B8:31:0E:B8:8C:77:5C:3C:13:39:35:8F:FB:96:F5:CF:AE:93:C9
Certificate issuer:       /CN=52cd9a6512dbf25a5f19b827d7a2c7e22a2ee8dd
Certificate serial:       0195B37EDA236F69ED98D44A4F29294E965A
Authority key identifier: 52:CD:9A:65:12:DB:F2:5A:5F:19:B8:27:D7:A2:C7:E2:2A:2E:E8:DD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Us2aZRLb8lpfGbgn16LH4iou6N0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/af/2223ca-ce38-49bb-b125-cca37606bf18/1/cbgxDriMd1w8Ezk1j_uW9c-uk8k.roa
Signing time:             Thu 20 Mar 2025 12:19:49 +0000
ROA not before:           Thu 20 Mar 2025 12:19:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     204800
IP address blocks:        192.250.228.0/24 maxlen: 24
                          192.250.235.0/24 maxlen: 24
                          198.38.91.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/af/2223ca-ce38-49bb-b125-cca37606bf18/1/Us2aZRLb8lpfGbgn16LH4iou6N0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/af/2223ca-ce38-49bb-b125-cca37606bf18/1/Us2aZRLb8lpfGbgn16LH4iou6N0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Us2aZRLb8lpfGbgn16LH4iou6N0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 07:00:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:b3:7e:da:23:6f:69:ed:98:d4:4a:4f:29:29:4e:96:5a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=52cd9a6512dbf25a5f19b827d7a2c7e22a2ee8dd
        Validity
            Not Before: Mar 20 12:19:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=71b8310eb88c775c3c1339358ffb96f5cfae93c9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:18:dc:20:74:bf:32:d1:10:3e:dc:fc:8a:76:
                    7f:84:da:2f:30:d3:c1:51:ad:30:14:78:24:f7:89:
                    8a:44:ce:0a:7f:83:a4:0b:e8:f0:6d:96:9f:bc:c6:
                    f5:2c:a6:7c:99:b0:b0:fe:33:d1:fb:9e:3b:c3:3f:
                    44:cd:3a:d7:bf:a4:a3:e5:10:f4:1f:f0:21:32:48:
                    57:82:11:5d:85:12:0b:07:2d:1b:dd:99:73:e4:ce:
                    55:90:dc:35:cb:63:fa:82:07:64:46:f1:51:f6:26:
                    23:67:f6:80:ac:2c:82:5a:32:08:7e:50:e0:95:f0:
                    97:09:be:c7:ac:98:dc:e0:f0:ce:5f:6e:57:74:1e:
                    ae:24:74:77:5a:7b:b7:9d:e0:cd:96:7d:2a:25:97:
                    ca:6b:2d:20:b4:32:cf:a7:86:e4:f2:07:76:14:45:
                    e1:03:1c:33:61:05:52:19:50:bb:fd:87:0a:b7:f7:
                    7b:8b:f9:ad:f1:e3:0c:a3:83:bd:ed:b8:37:be:2e:
                    93:a8:ae:a5:2d:e6:04:01:ac:90:54:b9:88:0e:7d:
                    72:9c:aa:87:34:ab:c5:94:1f:b4:2c:fc:a1:75:1a:
                    e7:04:1e:10:19:6c:bf:7f:b2:69:e0:b5:1b:81:cf:
                    af:2f:4b:d1:54:1d:7e:9f:7f:f9:db:a5:e7:81:b8:
                    c6:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                71:B8:31:0E:B8:8C:77:5C:3C:13:39:35:8F:FB:96:F5:CF:AE:93:C9
            X509v3 Authority Key Identifier:
                keyid:52:CD:9A:65:12:DB:F2:5A:5F:19:B8:27:D7:A2:C7:E2:2A:2E:E8:DD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Us2aZRLb8lpfGbgn16LH4iou6N0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/af/2223ca-ce38-49bb-b125-cca37606bf18/1/cbgxDriMd1w8Ezk1j_uW9c-uk8k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/af/2223ca-ce38-49bb-b125-cca37606bf18/1/Us2aZRLb8lpfGbgn16LH4iou6N0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.250.228.0/24
                  192.250.235.0/24
                  198.38.91.0/24

    Signature Algorithm: sha256WithRSAEncryption
         11:5b:26:fc:6f:71:43:7e:45:8f:3f:26:93:91:46:6b:11:39:
         91:c2:8f:70:28:71:65:a9:c1:72:44:d0:0f:a1:04:b2:77:75:
         85:b0:dc:35:c6:ad:03:0c:56:a9:95:24:48:08:f1:e6:da:3a:
         87:bc:03:f6:4a:f1:f7:af:43:30:c9:12:18:cd:b2:64:97:81:
         2f:4c:0e:fd:d1:15:db:60:b9:6b:ed:3f:90:75:6c:89:ed:c1:
         22:64:94:a9:45:65:8c:1b:5b:35:90:58:99:8e:dd:19:3a:eb:
         21:53:78:54:c8:67:6c:de:4b:23:1f:3d:73:09:6d:61:33:43:
         2a:3a:22:ac:5c:21:e9:a3:0c:9c:89:be:b7:56:d8:84:e6:fb:
         ab:c6:67:24:b2:4c:a5:ef:fc:11:56:84:83:71:b2:39:d9:da:
         28:8c:0c:d5:b6:a8:c0:96:54:0f:4a:51:f5:84:4a:07:52:61:
         69:a8:fc:3e:58:d1:54:bf:9f:29:72:c6:af:ff:00:26:59:6c:
         d5:9f:8a:f4:32:8b:f4:73:1e:94:5e:d4:33:66:ce:9e:c9:0e:
         29:b0:87:d9:ed:99:f2:3d:d8:ee:d2:96:fe:ec:66:4a:6e:fc:
         ba:e7:b9:8a:b6:02:e5:1c:0b:f7:e1:ab:65:0a:99:c0:96:a7:
         8a:ca:e4:44
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZWzftojb2ntmNRKTykpTpZaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUyY2Q5YTY1MTJkYmYyNWE1ZjE5YjgyN2Q3YTJjN2UyMmEy
ZWU4ZGQwHhcNMjUwMzIwMTIxOTQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MWI4MzEwZWI4OGM3NzVjM2MxMzM5MzU4ZmZiOTZmNWNmYWU5M2M5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnhjcIHS/MtEQPtz8inZ/hNovMNPB
Ua0wFHgk94mKRM4Kf4OkC+jwbZafvMb1LKZ8mbCw/jPR+547wz9EzTrXv6Sj5RD0
H/AhMkhXghFdhRILBy0b3Zlz5M5VkNw1y2P6ggdkRvFR9iYjZ/aArCyCWjIIflDg
lfCXCb7HrJjc4PDOX25XdB6uJHR3Wnu3neDNln0qJZfKay0gtDLPp4bk8gd2FEXh
AxwzYQVSGVC7/YcKt/d7i/mt8eMMo4O97bg3vi6TqK6lLeYEAayQVLmIDn1ynKqH
NKvFlB+0LPyhdRrnBB4QGWy/f7Jp4LUbgc+vL0vRVB1+n3/526XngbjGXQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFHG4MQ64jHdcPBM5NY/7lvXPrpPJMB8GA1UdIwQY
MBaAFFLNmmUS2/JaXxm4J9eix+IqLujdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVXMyYVpSTGI4bHBmR2JnbjE2TEg0aW91Nk4wLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZi8yMjIzY2EtY2UzOC00OWJiLWIxMjUt
Y2NhMzc2MDZiZjE4LzEvY2JneERyaU1kMXc4RXprMWpfdVc5Yy11azhrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZi8yMjIzY2EtY2UzOC00OWJiLWIxMjUtY2NhMzc2MDZiZjE4
LzEvVXMyYVpSTGI4bHBmR2JnbjE2TEg0aW91Nk4wLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAwPrkAwQA
wPrrAwQAxiZbMA0GCSqGSIb3DQEBCwUAA4IBAQARWyb8b3FDfkWPPyaTkUZrETmR
wo9wKHFlqcFyRNAPoQSyd3WFsNw1xq0DDFaplSRICPHm2jqHvAP2SvH3r0MwyRIY
zbJkl4EvTA790RXbYLlr7T+QdWyJ7cEiZJSpRWWMG1s1kFiZjt0ZOushU3hUyGds
3ksjHz1zCW1hM0MqOiKsXCHpowycib63VtiE5vurxmckskyl7/wRVoSDcbI52doo
jAzVtqjAllQPSlH1hEoHUmFpqPw+WNFUv58pcsav/wAmWWzVn4r0Mov0cx6UXtQz
Zs6eyQ4psIfZ7ZnyPdju0pb+7GZKbvy657mKtgLlHAv34atlCpnAlqeKyuRE
-----END CERTIFICATE-----