Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b1/4de598-6b03-4bef-ab14-33894913dcb7/1/Anmto90Z9g3pcSYFUNggSKUfX38.roa
File:                     Anmto90Z9g3pcSYFUNggSKUfX38.roa (raw, json)
Hash identifier:          3ls1WfKkLLzWNGOmnZTjqfHi7SxgoXvBGgCXTO5fmJg=
Subject key identifier:   02:79:AD:A3:DD:19:F6:0D:E9:71:26:05:50:D8:20:48:A5:1F:5F:7F
Certificate issuer:       /CN=fe779e56238b6f2ea068ede4e20aef00c904132b
Certificate serial:       0194221F5DB6BC3DA672B945151B0C660536
Authority key identifier: FE:77:9E:56:23:8B:6F:2E:A0:68:ED:E4:E2:0A:EF:00:C9:04:13:2B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_neeViOLby6gaO3k4grvAMkEEys.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b1/4de598-6b03-4bef-ab14-33894913dcb7/1/Anmto90Z9g3pcSYFUNggSKUfX38.roa
Signing time:             Wed 01 Jan 2025 13:47:48 +0000
ROA not before:           Wed 01 Jan 2025 13:47:48 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     44667
IP address blocks:        158.41.0.0/20 maxlen: 20
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b1/4de598-6b03-4bef-ab14-33894913dcb7/1/_neeViOLby6gaO3k4grvAMkEEys.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b1/4de598-6b03-4bef-ab14-33894913dcb7/1/_neeViOLby6gaO3k4grvAMkEEys.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_neeViOLby6gaO3k4grvAMkEEys.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 13 Apr 2025 05:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:1f:5d:b6:bc:3d:a6:72:b9:45:15:1b:0c:66:05:36
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fe779e56238b6f2ea068ede4e20aef00c904132b
        Validity
            Not Before: Jan  1 13:47:48 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0279ada3dd19f60de971260550d82048a51f5f7f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:9f:c5:e2:63:ff:ca:a0:0f:82:23:78:1d:e8:
                    3e:19:1d:53:f9:a3:d6:87:33:61:a6:56:fb:fc:53:
                    ff:bf:39:53:6c:5d:6f:ab:1e:17:6b:bb:36:e9:59:
                    06:ca:bc:81:96:bf:77:f7:9d:a5:a0:ed:d1:e8:ec:
                    46:a1:6b:0f:14:ff:50:40:11:2e:66:ce:a5:0b:b2:
                    c3:09:99:86:a6:0a:57:09:8d:44:f3:57:6f:89:0b:
                    0f:f1:b9:5a:f7:e8:62:98:6d:e7:e5:1d:a1:ec:09:
                    75:c8:fe:36:55:c7:a1:bf:92:ae:6f:40:91:8d:78:
                    9b:00:b0:d6:bd:2a:7e:96:be:c6:82:82:d9:52:5f:
                    86:6f:c2:77:aa:32:97:d6:62:0d:1c:38:b7:8d:e1:
                    cf:f2:6c:f9:1e:e7:e9:39:c9:eb:b8:a6:c4:d1:81:
                    7a:06:33:99:70:03:40:ea:e7:ac:8e:f8:ce:52:63:
                    bb:d7:4e:d8:61:b9:19:ec:fa:74:b7:9f:03:b3:03:
                    00:c7:b1:96:7a:27:62:ab:86:55:52:95:81:a1:58:
                    90:84:d4:71:96:8a:87:66:98:cf:38:1a:1b:a5:59:
                    42:c1:c2:53:21:b0:22:c8:8a:d4:11:fd:b9:98:e8:
                    00:c9:fc:be:39:d2:2e:4a:9c:ae:57:a0:79:73:e4:
                    26:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                02:79:AD:A3:DD:19:F6:0D:E9:71:26:05:50:D8:20:48:A5:1F:5F:7F
            X509v3 Authority Key Identifier:
                keyid:FE:77:9E:56:23:8B:6F:2E:A0:68:ED:E4:E2:0A:EF:00:C9:04:13:2B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_neeViOLby6gaO3k4grvAMkEEys.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/4de598-6b03-4bef-ab14-33894913dcb7/1/Anmto90Z9g3pcSYFUNggSKUfX38.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/4de598-6b03-4bef-ab14-33894913dcb7/1/_neeViOLby6gaO3k4grvAMkEEys.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  158.41.0.0/20

    Signature Algorithm: sha256WithRSAEncryption
         44:6e:b0:2e:45:f8:78:2d:31:90:32:18:2b:96:00:2a:48:7d:
         ec:27:5a:02:9f:9c:ec:75:ec:48:a1:13:44:56:02:32:be:18:
         44:c9:ad:a1:12:70:92:5d:8d:ff:7d:72:44:f4:c2:37:bb:5f:
         a4:53:fe:a6:ff:0a:10:f5:73:ed:24:09:04:4a:6c:13:0f:da:
         39:38:72:03:e8:7c:a9:2e:e6:90:39:7e:f4:5b:e3:83:e5:b0:
         2f:c7:7e:ed:cf:9e:90:21:18:6c:20:31:10:d2:b0:fb:2e:88:
         68:71:f5:b3:b6:20:f8:60:32:35:22:3e:2e:3e:01:66:57:ab:
         10:f3:67:70:66:ab:74:50:07:0a:19:35:1d:a4:af:ee:b0:e5:
         58:ec:a1:f0:a2:2c:dc:53:64:a9:46:61:bd:3c:e1:40:6b:d7:
         a7:4b:03:ee:c4:18:06:78:2c:79:54:5a:4b:75:c0:87:ef:1f:
         f6:24:7c:56:62:e7:0d:cd:42:bb:a3:40:03:ac:63:33:cf:d9:
         ed:32:1a:7c:31:57:37:f6:7f:77:06:08:3a:bf:31:4a:53:fe:
         df:f1:5d:cd:da:9f:cb:0c:94:e1:a3:31:d4:06:44:e2:42:d1:
         e0:43:22:0a:88:65:95:78:bc:a2:c8:3a:b0:99:11:c3:7e:2b:
         96:ab:44:f2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQiH122vD2mcrlFFRsMZgU2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZlNzc5ZTU2MjM4YjZmMmVhMDY4ZWRlNGUyMGFlZjAwYzkw
NDEzMmIwHhcNMjUwMTAxMTM0NzQ4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMjc5YWRhM2RkMTlmNjBkZTk3MTI2MDU1MGQ4MjA0OGE1MWY1ZjdmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvJ/F4mP/yqAPgiN4Heg+GR1T+aPW
hzNhplb7/FP/vzlTbF1vqx4Xa7s26VkGyryBlr93952loO3R6OxGoWsPFP9QQBEu
Zs6lC7LDCZmGpgpXCY1E81dviQsP8bla9+himG3n5R2h7Al1yP42Vcehv5Kub0CR
jXibALDWvSp+lr7GgoLZUl+Gb8J3qjKX1mINHDi3jeHP8mz5HufpOcnruKbE0YF6
BjOZcANA6uesjvjOUmO7107YYbkZ7Pp0t58DswMAx7GWeidiq4ZVUpWBoViQhNRx
loqHZpjPOBobpVlCwcJTIbAiyIrUEf25mOgAyfy+OdIuSpyuV6B5c+QmKwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAJ5raPdGfYN6XEmBVDYIEilH19/MB8GA1UdIwQY
MBaAFP53nlYji28uoGjt5OIK7wDJBBMrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX25lZVZpT0xieTZnYU8zazRncnZBTWtFRXlzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMS80ZGU1OTgtNmIwMy00YmVmLWFiMTQt
MzM4OTQ5MTNkY2I3LzEvQW5tdG85MFo5ZzNwY1NZRlVOZ2dTS1VmWDM4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMS80ZGU1OTgtNmIwMy00YmVmLWFiMTQtMzM4OTQ5MTNkY2I3
LzEvX25lZVZpT0xieTZnYU8zazRncnZBTWtFRXlzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQEnikAMA0G
CSqGSIb3DQEBCwUAA4IBAQBEbrAuRfh4LTGQMhgrlgAqSH3sJ1oCn5zsdexIoRNE
VgIyvhhEya2hEnCSXY3/fXJE9MI3u1+kU/6m/woQ9XPtJAkESmwTD9o5OHID6Hyp
LuaQOX70W+OD5bAvx37tz56QIRhsIDEQ0rD7LohocfWztiD4YDI1Ij4uPgFmV6sQ
82dwZqt0UAcKGTUdpK/usOVY7KHwoizcU2SpRmG9POFAa9enSwPuxBgGeCx5VFpL
dcCH7x/2JHxWYucNzUK7o0ADrGMzz9ntMhp8MVc39n93Bgg6vzFKU/7f8V3N2p/L
DJThozHUBkTiQtHgQyIKiGWVeLyiyDqwmRHDfiuWq0Ty
-----END CERTIFICATE-----