Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bd/e20c95-0f92-4598-96df-cbc2797c1d0a/1/XmFs6QZFMPRdJzopVIFXmV--Vrs.roa
File:                     XmFs6QZFMPRdJzopVIFXmV--Vrs.roa (raw, json)
Hash identifier:          btfm0oGigPJzbc1bJybbkI9gWRtDv9TpTBsAYkeB30s=
Subject key identifier:   5E:61:6C:E9:06:45:30:F4:5D:27:3A:29:54:81:57:99:5F:BE:56:BB
Certificate issuer:       /CN=98901c7cffd19a4fea78f79b1004999266dcc224
Certificate serial:       0194266BC59170B8BF2C23CFC91AC95E03BF
Authority key identifier: 98:90:1C:7C:FF:D1:9A:4F:EA:78:F7:9B:10:04:99:92:66:DC:C2:24
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mJAcfP_Rmk_qePebEASZkmbcwiQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bd/e20c95-0f92-4598-96df-cbc2797c1d0a/1/XmFs6QZFMPRdJzopVIFXmV--Vrs.roa
Signing time:             Thu 02 Jan 2025 09:49:44 +0000
ROA not before:           Thu 02 Jan 2025 09:49:44 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     29550
IP address blocks:        185.43.232.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bd/e20c95-0f92-4598-96df-cbc2797c1d0a/1/mJAcfP_Rmk_qePebEASZkmbcwiQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bd/e20c95-0f92-4598-96df-cbc2797c1d0a/1/mJAcfP_Rmk_qePebEASZkmbcwiQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/mJAcfP_Rmk_qePebEASZkmbcwiQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 14:28:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:6b:c5:91:70:b8:bf:2c:23:cf:c9:1a:c9:5e:03:bf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=98901c7cffd19a4fea78f79b1004999266dcc224
        Validity
            Not Before: Jan  2 09:49:44 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5e616ce9064530f45d273a29548157995fbe56bb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e4:3a:d9:a4:34:ae:35:9d:82:31:ed:30:e7:b9:
                    23:4d:07:a6:24:9c:41:8b:71:4b:84:0d:ce:08:44:
                    71:93:a4:8b:43:e7:31:7d:36:89:b5:8c:e6:f9:1f:
                    fe:89:2d:b4:0c:8d:9d:78:0a:f5:f5:ac:ae:b2:5a:
                    8f:1e:fa:6a:74:de:fc:91:c4:b7:fd:2a:0c:bd:50:
                    cc:b7:47:c0:2b:9c:9d:d6:5e:ee:13:02:89:f6:e4:
                    e7:b4:e3:90:2a:b8:ad:f3:2a:1b:fd:41:34:8c:63:
                    58:14:ae:8a:27:c3:ce:0a:a2:9f:fd:cb:25:a5:04:
                    1a:bd:7b:25:c2:b9:9d:66:f2:31:65:b7:d7:8a:60:
                    04:51:95:34:63:c8:fc:b3:1a:0d:7c:cc:dc:77:7a:
                    e7:02:1f:d3:0a:27:cf:f6:c1:28:9b:c7:4a:06:54:
                    cb:9d:28:e0:13:65:d1:45:ca:08:5e:a2:e8:28:af:
                    6c:56:66:50:18:36:89:34:09:f7:46:8e:42:69:b2:
                    84:11:f0:f8:a6:21:4f:70:78:15:3d:f8:5f:e0:c9:
                    19:90:97:83:16:08:8e:27:88:ca:e9:d0:b4:20:76:
                    7a:2b:ae:cb:12:55:14:11:5d:67:76:26:ab:04:9c:
                    3b:26:95:71:0f:14:4b:30:c9:6e:34:74:98:39:f1:
                    4c:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5E:61:6C:E9:06:45:30:F4:5D:27:3A:29:54:81:57:99:5F:BE:56:BB
            X509v3 Authority Key Identifier:
                keyid:98:90:1C:7C:FF:D1:9A:4F:EA:78:F7:9B:10:04:99:92:66:DC:C2:24

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mJAcfP_Rmk_qePebEASZkmbcwiQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bd/e20c95-0f92-4598-96df-cbc2797c1d0a/1/XmFs6QZFMPRdJzopVIFXmV--Vrs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bd/e20c95-0f92-4598-96df-cbc2797c1d0a/1/mJAcfP_Rmk_qePebEASZkmbcwiQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.43.232.0/22

    Signature Algorithm: sha256WithRSAEncryption
         2b:9b:05:3d:5f:a0:96:2a:61:a3:a7:ad:e4:c3:6a:7f:67:68:
         97:38:b0:2a:11:ee:cb:79:0a:48:8c:28:4f:47:64:d2:23:d2:
         0f:94:fc:1a:38:a1:93:96:e7:65:63:91:b2:c3:bd:1f:f4:49:
         4a:1b:82:b6:a7:0b:be:5c:c2:58:04:ee:01:fc:17:a2:ab:16:
         75:e7:e2:37:ed:d2:06:fe:cf:8e:f7:af:b4:ec:6e:f8:a5:97:
         c2:8f:b6:db:a0:2d:2d:52:5d:e4:95:2a:5b:63:48:8d:93:5d:
         51:f2:44:dc:e3:fb:70:a2:94:81:02:8e:08:fd:16:7d:2c:63:
         57:e5:a6:8b:c9:aa:98:6a:18:1d:fa:34:99:7f:92:65:63:58:
         34:6f:61:05:05:6f:fd:99:22:e6:a0:dd:0b:8f:b9:0c:03:45:
         26:a6:78:44:45:9f:d1:37:65:5e:7f:5e:34:93:58:4b:34:c8:
         cd:53:f4:11:31:79:8a:06:c1:3a:74:df:c8:ae:8c:7a:e8:18:
         74:7a:b6:03:26:e2:14:50:bf:e6:4f:0b:44:00:fd:ac:fa:81:
         b8:2d:99:eb:7e:1e:df:aa:13:f1:fc:e6:c5:cb:be:32:b8:dd:
         c4:0b:9e:c6:2b:97:d3:a0:14:52:dd:41:39:a4:f1:53:00:af:
         f8:1a:9b:f4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQma8WRcLi/LCPPyRrJXgO/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk4OTAxYzdjZmZkMTlhNGZlYTc4Zjc5YjEwMDQ5OTkyNjZk
Y2MyMjQwHhcNMjUwMTAyMDk0OTQ0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZTYxNmNlOTA2NDUzMGY0NWQyNzNhMjk1NDgxNTc5OTVmYmU1NmJiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5DrZpDSuNZ2CMe0w57kjTQemJJxB
i3FLhA3OCERxk6SLQ+cxfTaJtYzm+R/+iS20DI2deAr19ayuslqPHvpqdN78kcS3
/SoMvVDMt0fAK5yd1l7uEwKJ9uTntOOQKrit8yob/UE0jGNYFK6KJ8POCqKf/csl
pQQavXslwrmdZvIxZbfXimAEUZU0Y8j8sxoNfMzcd3rnAh/TCifP9sEom8dKBlTL
nSjgE2XRRcoIXqLoKK9sVmZQGDaJNAn3Ro5CabKEEfD4piFPcHgVPfhf4MkZkJeD
FgiOJ4jK6dC0IHZ6K67LElUUEV1ndiarBJw7JpVxDxRLMMluNHSYOfFMtQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFF5hbOkGRTD0XSc6KVSBV5lfvla7MB8GA1UdIwQY
MBaAFJiQHHz/0ZpP6nj3mxAEmZJm3MIkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbUpBY2ZQX1Jta19xZVBlYkVBU1prbWJjd2lRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZC9lMjBjOTUtMGY5Mi00NTk4LTk2ZGYt
Y2JjMjc5N2MxZDBhLzEvWG1GczZRWkZNUFJkSnpvcFZJRlhtVi0tVnJzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZC9lMjBjOTUtMGY5Mi00NTk4LTk2ZGYtY2JjMjc5N2MxZDBh
LzEvbUpBY2ZQX1Jta19xZVBlYkVBU1prbWJjd2lRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuSvoMA0G
CSqGSIb3DQEBCwUAA4IBAQArmwU9X6CWKmGjp63kw2p/Z2iXOLAqEe7LeQpIjChP
R2TSI9IPlPwaOKGTludlY5Gyw70f9ElKG4K2pwu+XMJYBO4B/BeiqxZ15+I37dIG
/s+O96+07G74pZfCj7bboC0tUl3klSpbY0iNk11R8kTc4/twopSBAo4I/RZ9LGNX
5aaLyaqYahgd+jSZf5JlY1g0b2EFBW/9mSLmoN0Lj7kMA0UmpnhERZ/RN2Vef140
k1hLNMjNU/QRMXmKBsE6dN/Irox66Bh0erYDJuIUUL/mTwtEAP2s+oG4LZnrfh7f
qhPx/ObFy74yuN3EC57GK5fToBRS3UE5pPFTAK/4Gpv0
-----END CERTIFICATE-----