Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/be/1f6458-dc75-4add-ae72-91e3184bb0ab/1/RMWscc-5TvpBiv8d6fCAuPUGv94.roa
File:                     RMWscc-5TvpBiv8d6fCAuPUGv94.roa (raw, json)
Hash identifier:          t8rgoMdwyyhbjSG6dnKBunLSzsCNXhN+ZdaePWLA4Oo=
Subject key identifier:   44:C5:AC:71:CF:B9:4E:FA:41:8A:FF:1D:E9:F0:80:B8:F5:06:BF:DE
Certificate issuer:       /CN=1aca63df248b7adf3ddd07e8c2d3eedd02cef933
Certificate serial:       0194221FCFC6042AE6B7F418C357390C393B
Authority key identifier: 1A:CA:63:DF:24:8B:7A:DF:3D:DD:07:E8:C2:D3:EE:DD:02:CE:F9:33
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Gspj3ySLet893QfowtPu3QLO-TM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/be/1f6458-dc75-4add-ae72-91e3184bb0ab/1/RMWscc-5TvpBiv8d6fCAuPUGv94.roa
Signing time:             Wed 01 Jan 2025 13:48:17 +0000
ROA not before:           Wed 01 Jan 2025 13:48:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     204009
IP address blocks:        85.219.229.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/be/1f6458-dc75-4add-ae72-91e3184bb0ab/1/Gspj3ySLet893QfowtPu3QLO-TM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/be/1f6458-dc75-4add-ae72-91e3184bb0ab/1/Gspj3ySLet893QfowtPu3QLO-TM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Gspj3ySLet893QfowtPu3QLO-TM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 23:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:1f:cf:c6:04:2a:e6:b7:f4:18:c3:57:39:0c:39:3b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1aca63df248b7adf3ddd07e8c2d3eedd02cef933
        Validity
            Not Before: Jan  1 13:48:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=44c5ac71cfb94efa418aff1de9f080b8f506bfde
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:40:73:ec:b5:31:7c:30:27:05:5a:cd:48:b3:
                    92:24:e1:54:08:f3:b1:85:9e:80:51:d6:12:81:12:
                    82:e4:a2:0c:6e:7d:12:f5:37:4e:77:2a:62:ed:d7:
                    99:92:d6:66:6d:6c:b6:72:e4:be:5a:79:98:c0:d6:
                    8c:84:dd:12:0b:16:bf:3f:a8:32:12:94:75:6c:d0:
                    be:5f:a8:63:b8:68:fe:43:bf:65:6b:da:6f:40:d6:
                    9f:cc:9f:28:3e:71:23:a3:5a:1c:0d:8f:79:86:86:
                    43:db:86:06:84:2d:35:2b:fc:58:6b:16:d2:79:c5:
                    f2:b7:57:45:13:0c:86:36:58:a9:ad:c9:1a:3b:a2:
                    25:78:b7:f9:e0:87:c7:6e:ef:ab:5b:6d:d5:68:5d:
                    c8:cc:9d:9c:17:2e:af:a0:e0:81:77:6c:64:ca:7f:
                    df:08:ad:a4:6c:d3:3b:40:a6:df:0d:b4:98:15:30:
                    f8:b7:50:28:ab:d1:b2:e8:39:fa:6a:20:f9:90:f4:
                    1e:a7:4e:c3:14:ed:6d:94:69:fe:cf:7d:96:6e:6f:
                    18:57:48:b8:66:fe:05:a0:bb:af:b4:29:ca:f6:cf:
                    c6:8f:67:e0:f9:d1:83:77:4e:eb:64:37:2e:53:db:
                    3d:17:07:16:42:a6:eb:f8:f2:be:25:14:1d:e2:e6:
                    a2:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                44:C5:AC:71:CF:B9:4E:FA:41:8A:FF:1D:E9:F0:80:B8:F5:06:BF:DE
            X509v3 Authority Key Identifier:
                keyid:1A:CA:63:DF:24:8B:7A:DF:3D:DD:07:E8:C2:D3:EE:DD:02:CE:F9:33

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Gspj3ySLet893QfowtPu3QLO-TM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/be/1f6458-dc75-4add-ae72-91e3184bb0ab/1/RMWscc-5TvpBiv8d6fCAuPUGv94.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/be/1f6458-dc75-4add-ae72-91e3184bb0ab/1/Gspj3ySLet893QfowtPu3QLO-TM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.219.229.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2a:85:dd:ca:5f:4c:6b:3b:d7:24:ea:5a:36:e9:88:d6:40:68:
         ac:12:25:11:60:d1:b5:6c:41:64:b0:f0:f3:e3:79:b3:22:81:
         87:5a:d4:0a:49:c9:f6:ad:91:2b:b6:62:da:2e:a3:09:fa:49:
         75:1a:56:4a:34:2f:d4:5f:99:3c:94:e6:65:88:50:8b:fa:9a:
         11:a3:9d:b6:90:8b:64:24:0a:78:4a:de:93:eb:5b:d6:50:69:
         91:1c:8d:42:cb:8d:3b:53:9b:77:c6:6a:06:e5:98:00:de:01:
         e8:fc:1a:3e:12:75:da:6c:c3:b5:83:00:4b:38:44:61:c3:17:
         5d:f4:70:c6:b5:5a:62:23:d9:42:19:0f:94:f9:5b:ba:9b:68:
         8a:de:b6:c6:6c:26:dd:84:30:f7:78:f3:4a:1e:72:f9:63:46:
         8b:95:77:b3:2a:28:9c:a8:b6:d4:3a:2e:2a:c6:c8:e5:8b:18:
         54:0a:1f:57:b4:e0:4f:01:03:44:57:e2:37:e4:8a:4d:92:4e:
         a6:39:80:ab:75:fb:71:a0:35:09:f7:04:d7:6c:06:f6:50:95:
         8c:ce:25:aa:2a:5b:e0:ab:7b:22:24:4a:c8:d6:49:53:4b:ed:
         75:4c:81:ba:20:d3:61:c0:0e:53:1d:da:50:73:a1:9e:52:3e:
         7b:f5:95:1d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQiH8/GBCrmt/QYw1c5DDk7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFhY2E2M2RmMjQ4YjdhZGYzZGRkMDdlOGMyZDNlZWRkMDJj
ZWY5MzMwHhcNMjUwMTAxMTM0ODE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NGM1YWM3MWNmYjk0ZWZhNDE4YWZmMWRlOWYwODBiOGY1MDZiZmRlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr0Bz7LUxfDAnBVrNSLOSJOFUCPOx
hZ6AUdYSgRKC5KIMbn0S9TdOdypi7deZktZmbWy2cuS+WnmYwNaMhN0SCxa/P6gy
EpR1bNC+X6hjuGj+Q79la9pvQNafzJ8oPnEjo1ocDY95hoZD24YGhC01K/xYaxbS
ecXyt1dFEwyGNliprckaO6IleLf54IfHbu+rW23VaF3IzJ2cFy6voOCBd2xkyn/f
CK2kbNM7QKbfDbSYFTD4t1Aoq9Gy6Dn6aiD5kPQep07DFO1tlGn+z32Wbm8YV0i4
Zv4FoLuvtCnK9s/Gj2fg+dGDd07rZDcuU9s9FwcWQqbr+PK+JRQd4uaicwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFETFrHHPuU76QYr/HenwgLj1Br/eMB8GA1UdIwQY
MBaAFBrKY98ki3rfPd0H6MLT7t0CzvkzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR3NwajN5U0xldDg5M1Fmb3d0UHUzUUxPLVRNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZS8xZjY0NTgtZGM3NS00YWRkLWFlNzIt
OTFlMzE4NGJiMGFiLzEvUk1Xc2NjLTVUdnBCaXY4ZDZmQ0F1UFVHdjk0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZS8xZjY0NTgtZGM3NS00YWRkLWFlNzItOTFlMzE4NGJiMGFi
LzEvR3NwajN5U0xldDg5M1Fmb3d0UHUzUUxPLVRNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVdvlMA0G
CSqGSIb3DQEBCwUAA4IBAQAqhd3KX0xrO9ck6lo26YjWQGisEiURYNG1bEFksPDz
43mzIoGHWtQKScn2rZErtmLaLqMJ+kl1GlZKNC/UX5k8lOZliFCL+poRo522kItk
JAp4St6T61vWUGmRHI1Cy407U5t3xmoG5ZgA3gHo/Bo+EnXabMO1gwBLOERhwxdd
9HDGtVpiI9lCGQ+U+Vu6m2iK3rbGbCbdhDD3ePNKHnL5Y0aLlXezKiicqLbUOi4q
xsjlixhUCh9XtOBPAQNEV+I35IpNkk6mOYCrdftxoDUJ9wTXbAb2UJWMziWqKlvg
q3siJErI1klTS+11TIG6INNhwA5THdpQc6GeUj579ZUd
-----END CERTIFICATE-----