Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b2/e62879-2c69-40c3-b116-0e46875d45fd/1/AzSimOOUCBaH0nGWbesdL3p-c-Y.roa
File:                     AzSimOOUCBaH0nGWbesdL3p-c-Y.roa (raw, json)
Hash identifier:          tmnAHG5c86gcxksbrSaGyYNVU434mmJFa3fZgdZ+AZw=
Subject key identifier:   03:34:A2:98:E3:94:08:16:87:D2:71:96:6D:EB:1D:2F:7A:7E:73:E6
Certificate issuer:       /CN=06039e71cb715204a83cc253822dc29a62c799e6
Certificate serial:       0194214403CB3CE644B565A05D24DF16A255
Authority key identifier: 06:03:9E:71:CB:71:52:04:A8:3C:C2:53:82:2D:C2:9A:62:C7:99:E6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BgOecctxUgSoPMJTgi3CmmLHmeY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b2/e62879-2c69-40c3-b116-0e46875d45fd/1/AzSimOOUCBaH0nGWbesdL3p-c-Y.roa
Signing time:             Wed 01 Jan 2025 09:48:13 +0000
ROA not before:           Wed 01 Jan 2025 09:48:13 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     197120
IP address blocks:        193.160.228.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b2/e62879-2c69-40c3-b116-0e46875d45fd/1/BgOecctxUgSoPMJTgi3CmmLHmeY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b2/e62879-2c69-40c3-b116-0e46875d45fd/1/BgOecctxUgSoPMJTgi3CmmLHmeY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BgOecctxUgSoPMJTgi3CmmLHmeY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 21:00:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:44:03:cb:3c:e6:44:b5:65:a0:5d:24:df:16:a2:55
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=06039e71cb715204a83cc253822dc29a62c799e6
        Validity
            Not Before: Jan  1 09:48:13 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0334a298e394081687d271966deb1d2f7a7e73e6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:23:dd:ec:ff:08:35:d7:25:27:27:ba:b3:d1:
                    d1:e1:87:75:12:41:73:f0:75:1d:cb:e4:85:4b:96:
                    87:f0:f7:2c:99:ab:68:81:c8:7b:84:57:5c:8a:c4:
                    05:98:76:0c:87:4f:aa:86:9c:67:6e:3e:c7:9d:74:
                    24:94:66:e6:7c:00:12:9a:fa:38:07:c2:31:d4:38:
                    03:87:a5:06:ba:24:16:76:fd:3b:95:0a:15:1c:66:
                    e2:50:49:a8:24:84:56:ca:3b:02:21:58:e7:6f:21:
                    4d:32:5f:69:fd:14:39:bb:bc:fc:b5:90:e1:3b:41:
                    1a:e2:0a:3e:8c:7e:e9:0a:f4:5d:d9:aa:13:16:0c:
                    4c:c7:45:6a:6e:30:1a:6b:d6:a1:98:71:8b:18:47:
                    19:d0:df:a5:5c:f5:2e:8a:78:fc:95:9f:44:5d:3b:
                    e1:33:2c:2c:7d:b6:3a:3c:18:ca:d1:d2:5e:e9:28:
                    f4:a9:34:07:70:e0:b1:90:bf:04:4f:33:48:18:ba:
                    45:87:28:b0:e4:fa:06:e9:55:cd:16:7d:1e:07:0d:
                    d8:a7:7c:27:91:a3:fa:ac:48:cb:ae:4d:4e:b4:30:
                    ee:a6:b6:71:62:e5:3f:3b:4f:b9:2f:a5:f2:ec:7d:
                    d3:a9:bd:06:2b:cb:f8:25:87:38:ba:28:c1:65:2d:
                    8e:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                03:34:A2:98:E3:94:08:16:87:D2:71:96:6D:EB:1D:2F:7A:7E:73:E6
            X509v3 Authority Key Identifier:
                keyid:06:03:9E:71:CB:71:52:04:A8:3C:C2:53:82:2D:C2:9A:62:C7:99:E6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BgOecctxUgSoPMJTgi3CmmLHmeY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/e62879-2c69-40c3-b116-0e46875d45fd/1/AzSimOOUCBaH0nGWbesdL3p-c-Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/e62879-2c69-40c3-b116-0e46875d45fd/1/BgOecctxUgSoPMJTgi3CmmLHmeY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.160.228.0/22

    Signature Algorithm: sha256WithRSAEncryption
         62:f8:6b:05:e5:59:40:77:4b:ec:e3:85:bd:c4:16:0a:bd:09:
         e0:d8:06:d2:68:66:19:e8:30:d1:38:0d:5b:f0:32:f2:33:6a:
         12:89:80:e3:7c:93:a9:cf:85:4a:8e:c3:64:44:c2:45:6b:bf:
         1b:12:54:a1:db:b4:6e:1b:dc:77:46:6a:d7:cb:80:f4:c8:4a:
         ed:8b:f8:0e:60:f9:95:ed:a8:bd:78:5a:b7:24:c4:cf:fc:e4:
         88:42:cf:a5:d1:dd:1f:81:2f:49:64:f4:9d:41:29:7b:01:12:
         83:f3:8b:2e:dd:fc:13:9a:87:51:2b:b8:af:47:b9:7a:a6:32:
         cf:fd:21:e8:43:5f:4a:90:2d:aa:e1:2b:b0:da:79:76:5d:9b:
         8a:e6:74:d8:d6:50:2b:24:d5:64:65:7c:45:38:11:11:cf:53:
         34:62:e7:a8:71:ae:e0:ef:a7:bb:fe:aa:e9:a6:07:68:39:34:
         6a:0f:d0:d7:02:26:a1:15:d5:dd:4c:b6:f2:e0:5d:74:b7:3e:
         40:e1:08:94:d8:89:b7:de:b3:97:7b:ce:d6:d0:71:a3:5a:d0:
         47:b6:2d:f7:59:a6:a2:88:86:d3:f1:fe:df:41:3f:fc:f2:f5:
         0b:87:3b:f7:84:41:dd:5d:4b:d6:fd:e6:c3:d6:33:69:1d:81:
         2d:b7:f9:9e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhRAPLPOZEtWWgXSTfFqJVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA2MDM5ZTcxY2I3MTUyMDRhODNjYzI1MzgyMmRjMjlhNjJj
Nzk5ZTYwHhcNMjUwMTAxMDk0ODEzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMzM0YTI5OGUzOTQwODE2ODdkMjcxOTY2ZGViMWQyZjdhN2U3M2U2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxCPd7P8INdclJye6s9HR4Yd1EkFz
8HUdy+SFS5aH8Pcsmatogch7hFdcisQFmHYMh0+qhpxnbj7HnXQklGbmfAASmvo4
B8Ix1DgDh6UGuiQWdv07lQoVHGbiUEmoJIRWyjsCIVjnbyFNMl9p/RQ5u7z8tZDh
O0Ea4go+jH7pCvRd2aoTFgxMx0VqbjAaa9ahmHGLGEcZ0N+lXPUuinj8lZ9EXTvh
MywsfbY6PBjK0dJe6Sj0qTQHcOCxkL8ETzNIGLpFhyiw5PoG6VXNFn0eBw3Yp3wn
kaP6rEjLrk1OtDDuprZxYuU/O0+5L6Xy7H3Tqb0GK8v4JYc4uijBZS2OPQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAM0opjjlAgWh9Jxlm3rHS96fnPmMB8GA1UdIwQY
MBaAFAYDnnHLcVIEqDzCU4Itwppix5nmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQmdPZWNjdHhVZ1NvUE1KVGdpM0NtbUxIbWVZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMi9lNjI4NzktMmM2OS00MGMzLWIxMTYt
MGU0Njg3NWQ0NWZkLzEvQXpTaW1PT1VDQmFIMG5HV2Jlc2RMM3AtYy1ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMi9lNjI4NzktMmM2OS00MGMzLWIxMTYtMGU0Njg3NWQ0NWZk
LzEvQmdPZWNjdHhVZ1NvUE1KVGdpM0NtbUxIbWVZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCwaDkMA0G
CSqGSIb3DQEBCwUAA4IBAQBi+GsF5VlAd0vs44W9xBYKvQng2AbSaGYZ6DDROA1b
8DLyM2oSiYDjfJOpz4VKjsNkRMJFa78bElSh27RuG9x3RmrXy4D0yErti/gOYPmV
7ai9eFq3JMTP/OSIQs+l0d0fgS9JZPSdQSl7ARKD84su3fwTmodRK7ivR7l6pjLP
/SHoQ19KkC2q4Suw2nl2XZuK5nTY1lArJNVkZXxFOBERz1M0Yueoca7g76e7/qrp
pgdoOTRqD9DXAiahFdXdTLby4F10tz5A4QiU2Im33rOXe87W0HGjWtBHti33Waai
iIbT8f7fQT/88vULhzv3hEHdXUvW/ebD1jNpHYEtt/me
-----END CERTIFICATE-----