Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bd/a3a311-3784-4818-abf9-e5fd6e9842ab/1/lXE36GImgEjcIvll3Tsmm36DobI.roa
File:                     lXE36GImgEjcIvll3Tsmm36DobI.roa (raw, json)
Hash identifier:          1XMrxaMNY7arjhfdTsQdkEwlFczG7UA5ws+6pLEfvQI=
Subject key identifier:   95:71:37:E8:62:26:80:48:DC:22:F9:65:DD:3B:26:9B:7E:83:A1:B2
Certificate issuer:       /CN=ebfabfa628063f6b8e9888566f5f3fcfa798c621
Certificate serial:       0194228D4432F6EF1C98DC4CA8A47F666232
Authority key identifier: EB:FA:BF:A6:28:06:3F:6B:8E:98:88:56:6F:5F:3F:CF:A7:98:C6:21
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6_q_pigGP2uOmIhWb18_z6eYxiE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bd/a3a311-3784-4818-abf9-e5fd6e9842ab/1/lXE36GImgEjcIvll3Tsmm36DobI.roa
Signing time:             Wed 01 Jan 2025 15:47:50 +0000
ROA not before:           Wed 01 Jan 2025 15:47:50 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     24634
IP address blocks:        80.79.144.0/20 maxlen: 24
                          185.125.156.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bd/a3a311-3784-4818-abf9-e5fd6e9842ab/1/6_q_pigGP2uOmIhWb18_z6eYxiE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bd/a3a311-3784-4818-abf9-e5fd6e9842ab/1/6_q_pigGP2uOmIhWb18_z6eYxiE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6_q_pigGP2uOmIhWb18_z6eYxiE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 14:28:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:8d:44:32:f6:ef:1c:98:dc:4c:a8:a4:7f:66:62:32
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ebfabfa628063f6b8e9888566f5f3fcfa798c621
        Validity
            Not Before: Jan  1 15:47:50 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=957137e862268048dc22f965dd3b269b7e83a1b2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:c1:8b:2b:88:db:d6:21:1e:c9:11:d4:b4:45:
                    cc:ea:d5:4d:2d:ed:6a:84:6d:03:37:ce:db:d4:ea:
                    69:01:3e:cb:1e:21:ea:24:61:22:d5:06:a4:ca:74:
                    2d:0e:c6:13:79:9e:4d:b6:c2:40:d0:4a:95:12:90:
                    76:10:af:7d:40:29:bc:af:2e:89:8a:4c:f3:30:5f:
                    49:0b:43:3c:38:86:4c:29:aa:bd:55:94:b4:d8:f7:
                    69:b5:4b:6a:3a:0d:5e:3c:67:ff:bb:45:88:09:de:
                    58:cc:2c:58:02:4a:21:9f:90:f2:70:78:65:68:61:
                    d9:23:98:15:6d:7d:e7:ae:d2:dc:97:b7:78:76:73:
                    67:bf:fd:7f:26:b7:cd:d8:78:cc:f7:c6:d1:75:13:
                    8b:0f:6e:fb:45:81:c9:76:fc:10:55:42:85:94:17:
                    ed:14:55:33:2c:51:92:4c:d9:ad:74:50:b3:38:93:
                    b0:28:d1:6a:6a:b5:05:84:67:ae:d4:e7:b2:1e:c7:
                    3e:87:ab:d2:10:c0:dd:d8:06:cc:01:65:6d:1a:7f:
                    3b:53:28:b5:44:6e:b8:93:7c:0e:68:f7:f6:d8:c7:
                    c7:7c:39:f8:4c:76:35:c3:49:c0:57:d8:4c:2e:61:
                    85:9a:0b:74:30:1c:5b:ff:27:7b:43:13:f4:aa:46:
                    c0:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                95:71:37:E8:62:26:80:48:DC:22:F9:65:DD:3B:26:9B:7E:83:A1:B2
            X509v3 Authority Key Identifier:
                keyid:EB:FA:BF:A6:28:06:3F:6B:8E:98:88:56:6F:5F:3F:CF:A7:98:C6:21

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6_q_pigGP2uOmIhWb18_z6eYxiE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bd/a3a311-3784-4818-abf9-e5fd6e9842ab/1/lXE36GImgEjcIvll3Tsmm36DobI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bd/a3a311-3784-4818-abf9-e5fd6e9842ab/1/6_q_pigGP2uOmIhWb18_z6eYxiE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.79.144.0/20
                  185.125.156.0/22

    Signature Algorithm: sha256WithRSAEncryption
         08:1f:53:04:e0:7d:94:29:d6:a7:c5:12:5f:fc:8a:0f:9b:be:
         01:38:5f:59:74:4d:f5:ae:74:5d:ab:1f:21:7e:29:7e:cf:37:
         42:99:81:9f:86:ee:0e:12:e1:ed:fd:25:5f:c1:d3:96:e8:05:
         d6:1c:4d:ba:4a:14:88:fc:c4:30:cc:1e:b7:a4:b8:15:c5:6e:
         52:d8:32:60:a6:60:3c:96:21:0a:cd:9e:86:c1:c3:88:43:4a:
         f6:f3:56:4a:1f:c6:7b:d7:ef:fe:73:57:a6:4c:9f:91:2d:0d:
         3f:94:8f:75:ef:34:83:5e:bd:cd:db:6b:73:ee:f3:46:e0:c6:
         af:59:b8:7c:6a:08:ba:d2:f1:84:a3:8b:27:28:c3:23:b5:bf:
         d7:5a:0d:6c:12:4f:09:dc:35:c0:7e:cc:d9:2b:ae:83:36:da:
         19:9a:53:d5:f6:ec:bb:15:11:f2:11:b3:b6:f5:7b:b2:e1:c3:
         21:49:96:a7:20:2a:b9:36:8a:70:cc:3d:20:99:8f:2b:5a:4e:
         45:c2:6a:e6:1b:f0:04:64:50:93:6e:12:3c:57:88:b2:39:cc:
         cf:62:15:de:f6:fb:a1:8b:9f:be:8b:2c:64:f3:64:8c:29:5d:
         30:35:84:8c:c6:9e:22:28:45:d2:1f:5d:7d:ed:cf:a0:46:fb:
         8b:6a:0d:e6
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQijUQy9u8cmNxMqKR/ZmIyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGViZmFiZmE2MjgwNjNmNmI4ZTk4ODg1NjZmNWYzZmNmYTc5
OGM2MjEwHhcNMjUwMTAxMTU0NzUwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NTcxMzdlODYyMjY4MDQ4ZGMyMmY5NjVkZDNiMjY5YjdlODNhMWIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApcGLK4jb1iEeyRHUtEXM6tVNLe1q
hG0DN87b1OppAT7LHiHqJGEi1QakynQtDsYTeZ5NtsJA0EqVEpB2EK99QCm8ry6J
ikzzMF9JC0M8OIZMKaq9VZS02PdptUtqOg1ePGf/u0WICd5YzCxYAkohn5DycHhl
aGHZI5gVbX3nrtLcl7d4dnNnv/1/JrfN2HjM98bRdROLD277RYHJdvwQVUKFlBft
FFUzLFGSTNmtdFCzOJOwKNFqarUFhGeu1OeyHsc+h6vSEMDd2AbMAWVtGn87Uyi1
RG64k3wOaPf22MfHfDn4THY1w0nAV9hMLmGFmgt0MBxb/yd7QxP0qkbAhQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFJVxN+hiJoBI3CL5Zd07Jpt+g6GyMB8GA1UdIwQY
MBaAFOv6v6YoBj9rjpiIVm9fP8+nmMYhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNl9xX3BpZ0dQMnVPbUloV2IxOF96NmVZeGlFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZC9hM2EzMTEtMzc4NC00ODE4LWFiZjkt
ZTVmZDZlOTg0MmFiLzEvbFhFMzZHSW1nRWpjSXZsbDNUc21tMzZEb2JJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZC9hM2EzMTEtMzc4NC00ODE4LWFiZjktZTVmZDZlOTg0MmFi
LzEvNl9xX3BpZ0dQMnVPbUloV2IxOF96NmVZeGlFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQEUE+QAwQC
uX2cMA0GCSqGSIb3DQEBCwUAA4IBAQAIH1ME4H2UKdanxRJf/IoPm74BOF9ZdE31
rnRdqx8hfil+zzdCmYGfhu4OEuHt/SVfwdOW6AXWHE26ShSI/MQwzB63pLgVxW5S
2DJgpmA8liEKzZ6GwcOIQ0r281ZKH8Z71+/+c1emTJ+RLQ0/lI917zSDXr3N22tz
7vNG4MavWbh8agi60vGEo4snKMMjtb/XWg1sEk8J3DXAfszZK66DNtoZmlPV9uy7
FRHyEbO29Xuy4cMhSZanICq5NopwzD0gmY8rWk5FwmrmG/AEZFCTbhI8V4iyOczP
YhXe9vuhi5++iyxk82SMKV0wNYSMxp4iKEXSH1197c+gRvuLag3m
-----END CERTIFICATE-----