Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c7/8349e4-69cc-4140-a744-abed74415b8f/1/SX3vKCIesg7brXNXKPon4jGBLVQ.roa
File:                     SX3vKCIesg7brXNXKPon4jGBLVQ.roa (raw, json)
Hash identifier:          QbCrUZtkCCzMgLc9gxL+FBpDYE7YV20lMwm2mk5wzSk=
Subject key identifier:   49:7D:EF:28:22:1E:B2:0E:DB:AD:73:57:28:FA:27:E2:31:81:2D:54
Certificate issuer:       /CN=914b7d1e6e72d55c8d1c4a3e8241d71dcf8e3bf1
Certificate serial:       0194282442D27461AAD2AA2F6B8BB3E43EE0
Authority key identifier: 91:4B:7D:1E:6E:72:D5:5C:8D:1C:4A:3E:82:41:D7:1D:CF:8E:3B:F1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/kUt9Hm5y1VyNHEo-gkHXHc-OO_E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c7/8349e4-69cc-4140-a744-abed74415b8f/1/SX3vKCIesg7brXNXKPon4jGBLVQ.roa
Signing time:             Thu 02 Jan 2025 17:50:52 +0000
ROA not before:           Thu 02 Jan 2025 17:50:52 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     62058
IP address blocks:        185.153.40.0/22 maxlen: 22
                          185.153.40.0/23 maxlen: 23
                          185.153.42.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c7/8349e4-69cc-4140-a744-abed74415b8f/1/kUt9Hm5y1VyNHEo-gkHXHc-OO_E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c7/8349e4-69cc-4140-a744-abed74415b8f/1/kUt9Hm5y1VyNHEo-gkHXHc-OO_E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/kUt9Hm5y1VyNHEo-gkHXHc-OO_E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 15 Mar 2025 03:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:28:24:42:d2:74:61:aa:d2:aa:2f:6b:8b:b3:e4:3e:e0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=914b7d1e6e72d55c8d1c4a3e8241d71dcf8e3bf1
        Validity
            Not Before: Jan  2 17:50:52 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=497def28221eb20edbad735728fa27e231812d54
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:2a:7f:e8:cc:0a:68:04:09:ff:8e:9e:2a:f2:
                    19:c4:7f:43:9b:0b:49:f7:1a:53:1a:03:54:1c:f5:
                    64:73:ae:34:3a:1d:4e:76:9b:52:34:f5:43:7c:35:
                    89:ef:79:88:d9:b8:dd:6a:80:36:7d:0a:ab:fb:50:
                    55:cd:e7:96:78:3e:a3:36:66:9d:13:68:78:e6:ce:
                    ee:d4:dc:41:6f:7f:99:8e:b0:0b:90:47:95:94:0f:
                    ba:af:64:01:d4:7c:5f:f3:7f:80:de:b2:26:21:ee:
                    90:b5:a3:f3:c7:50:4e:20:da:79:16:c0:f7:23:ad:
                    2a:16:5a:8d:a4:22:17:78:6f:5e:6d:28:4b:22:09:
                    7c:f4:71:01:1d:ee:5a:b0:f0:11:a1:3b:13:7a:c2:
                    5e:18:21:a1:b9:2d:17:81:00:c5:f6:61:cd:e4:af:
                    9d:b7:88:04:d3:6c:13:fc:15:dd:7d:4b:d5:69:be:
                    02:d3:b9:4e:0e:4a:50:9f:26:65:f5:5f:d3:38:95:
                    ba:64:1c:76:5e:e7:94:3f:f5:8d:e9:58:d5:89:29:
                    5e:64:c6:43:ff:e5:3e:56:93:1a:2b:8d:46:b5:fb:
                    fe:d4:ac:57:07:de:7b:7a:55:16:d3:f1:76:9b:d5:
                    76:ce:d7:4d:73:23:25:67:8e:d1:cf:a0:f4:c1:6b:
                    22:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                49:7D:EF:28:22:1E:B2:0E:DB:AD:73:57:28:FA:27:E2:31:81:2D:54
            X509v3 Authority Key Identifier:
                keyid:91:4B:7D:1E:6E:72:D5:5C:8D:1C:4A:3E:82:41:D7:1D:CF:8E:3B:F1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/kUt9Hm5y1VyNHEo-gkHXHc-OO_E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/8349e4-69cc-4140-a744-abed74415b8f/1/SX3vKCIesg7brXNXKPon4jGBLVQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/8349e4-69cc-4140-a744-abed74415b8f/1/kUt9Hm5y1VyNHEo-gkHXHc-OO_E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.153.40.0/22

    Signature Algorithm: sha256WithRSAEncryption
         b5:d7:09:fd:e6:1b:a1:5f:72:44:7e:02:d1:f3:99:2c:87:4f:
         28:6b:b9:56:5f:c1:ae:66:1a:2c:4b:66:c4:67:89:22:94:fc:
         90:c0:be:a0:ac:ee:b7:4a:26:d6:04:38:8f:10:fd:d1:77:a4:
         21:8e:ad:3a:d5:a7:4d:bd:0c:fa:3a:ea:84:39:ea:b1:94:fb:
         15:d2:60:6a:c8:68:ee:39:cc:f2:18:c6:98:f6:eb:ec:1c:65:
         21:2e:cd:5f:24:9b:ef:1d:db:f4:47:fb:7c:63:c4:b2:d1:81:
         7b:19:e3:c5:08:21:0c:dc:e4:da:a5:67:48:a5:1a:61:19:b4:
         3c:de:ba:72:f9:15:48:1f:2e:96:c2:55:c9:d7:bd:03:0e:f3:
         fe:f5:3c:7c:9b:f3:ed:a2:13:9b:bc:c2:c0:83:d1:e5:57:a8:
         15:35:d7:1c:47:af:e1:65:db:e5:05:fd:d0:2a:16:cd:b3:c2:
         4d:b9:30:61:2f:c3:f9:cb:01:83:fd:7f:aa:e4:5a:05:4f:f0:
         c5:0a:45:c2:54:ce:d8:b7:76:17:c5:1e:fc:7c:de:8f:f7:a8:
         e9:62:68:77:73:dc:56:6d:5d:fc:67:4a:2e:16:db:87:4e:e8:
         c1:60:d0:1e:30:d3:88:99:a5:2e:db:57:39:ed:04:2c:b3:e9:
         64:b7:2f:ad
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQoJELSdGGq0qova4uz5D7gMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkxNGI3ZDFlNmU3MmQ1NWM4ZDFjNGEzZTgyNDFkNzFkY2Y4
ZTNiZjEwHhcNMjUwMTAyMTc1MDUyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0OTdkZWYyODIyMWViMjBlZGJhZDczNTcyOGZhMjdlMjMxODEyZDU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoSp/6MwKaAQJ/46eKvIZxH9DmwtJ
9xpTGgNUHPVkc640Oh1OdptSNPVDfDWJ73mI2bjdaoA2fQqr+1BVzeeWeD6jNmad
E2h45s7u1NxBb3+ZjrALkEeVlA+6r2QB1Hxf83+A3rImIe6QtaPzx1BOINp5FsD3
I60qFlqNpCIXeG9ebShLIgl89HEBHe5asPARoTsTesJeGCGhuS0XgQDF9mHN5K+d
t4gE02wT/BXdfUvVab4C07lODkpQnyZl9V/TOJW6ZBx2XueUP/WN6VjViSleZMZD
/+U+VpMaK41Gtfv+1KxXB957elUW0/F2m9V2ztdNcyMlZ47Rz6D0wWsidwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEl97ygiHrIO261zVyj6J+IxgS1UMB8GA1UdIwQY
MBaAFJFLfR5uctVcjRxKPoJB1x3PjjvxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva1V0OUhtNXkxVnlOSEVvLWdrSFhIYy1PT19FLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNy84MzQ5ZTQtNjljYy00MTQwLWE3NDQt
YWJlZDc0NDE1YjhmLzEvU1gzdktDSWVzZzdiclhOWEtQb240akdCTFZRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNy84MzQ5ZTQtNjljYy00MTQwLWE3NDQtYWJlZDc0NDE1Yjhm
LzEva1V0OUhtNXkxVnlOSEVvLWdrSFhIYy1PT19FLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuZkoMA0G
CSqGSIb3DQEBCwUAA4IBAQC11wn95huhX3JEfgLR85ksh08oa7lWX8GuZhosS2bE
Z4kilPyQwL6grO63SibWBDiPEP3Rd6Qhjq061adNvQz6OuqEOeqxlPsV0mBqyGju
OczyGMaY9uvsHGUhLs1fJJvvHdv0R/t8Y8Sy0YF7GePFCCEM3OTapWdIpRphGbQ8
3rpy+RVIHy6WwlXJ170DDvP+9Tx8m/PtohObvMLAg9HlV6gVNdccR6/hZdvlBf3Q
KhbNs8JNuTBhL8P5ywGD/X+q5FoFT/DFCkXCVM7Yt3YXxR78fN6P96jpYmh3c9xW
bV38Z0ouFtuHTujBYNAeMNOImaUu21c57QQss+lkty+t
-----END CERTIFICATE-----