Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cd/b8058e-4eba-4cc4-8c1d-9c84f2fdd8f0/1/j-Ifej8p6sYfHH1KeQ_QH-keweY.roa
File:                     j-Ifej8p6sYfHH1KeQ_QH-keweY.roa (raw, json)
Hash identifier:          iVB6o7qwOuA1Lj9sG4cTIYUNVhckFRweng10RlAwHI4=
Subject key identifier:   8F:E2:1F:7A:3F:29:EA:C6:1F:1C:7D:4A:79:0F:D0:1F:E9:1E:C1:E6
Certificate issuer:       /CN=44c0f2a2a56007e4c45ccc71e7da092861305b20
Certificate serial:       01942824412B6FBAB713889E9734A358846F
Authority key identifier: 44:C0:F2:A2:A5:60:07:E4:C4:5C:CC:71:E7:DA:09:28:61:30:5B:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RMDyoqVgB-TEXMxx59oJKGEwWyA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cd/b8058e-4eba-4cc4-8c1d-9c84f2fdd8f0/1/j-Ifej8p6sYfHH1KeQ_QH-keweY.roa
Signing time:             Thu 02 Jan 2025 17:50:51 +0000
ROA not before:           Thu 02 Jan 2025 17:50:51 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     42525
IP address blocks:        185.19.232.0/22 maxlen: 22
                          213.146.64.0/19 maxlen: 19
                          2a00:4960::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cd/b8058e-4eba-4cc4-8c1d-9c84f2fdd8f0/1/RMDyoqVgB-TEXMxx59oJKGEwWyA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cd/b8058e-4eba-4cc4-8c1d-9c84f2fdd8f0/1/RMDyoqVgB-TEXMxx59oJKGEwWyA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RMDyoqVgB-TEXMxx59oJKGEwWyA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 14 Mar 2025 00:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:28:24:41:2b:6f:ba:b7:13:88:9e:97:34:a3:58:84:6f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=44c0f2a2a56007e4c45ccc71e7da092861305b20
        Validity
            Not Before: Jan  2 17:50:51 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8fe21f7a3f29eac61f1c7d4a790fd01fe91ec1e6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e1:57:c0:1b:2b:01:58:af:cd:47:dd:95:11:7a:
                    f1:81:c5:63:45:b0:88:df:70:0e:b9:fa:e1:76:45:
                    fb:76:50:3b:11:a5:c3:c5:5f:4c:c1:8b:ba:f9:39:
                    28:e9:29:99:9c:99:38:48:40:46:0e:68:f8:5f:9d:
                    67:53:d4:b7:ff:9c:e0:40:71:2f:33:72:6f:14:18:
                    3e:fb:62:c5:28:ba:4a:7e:b1:48:eb:54:20:82:21:
                    e5:56:07:6b:90:79:02:7a:de:78:27:6f:56:c5:71:
                    d8:6a:52:01:99:48:ec:c7:8c:c2:98:85:67:fe:99:
                    c9:53:7b:6b:9a:90:82:75:56:f2:2b:3f:fc:01:01:
                    56:b7:b9:fb:b8:af:55:94:38:27:c9:62:fa:fd:32:
                    5e:cf:ba:b2:c0:ce:18:bb:ca:2e:39:8f:ca:c4:ec:
                    0f:6d:9b:74:8f:24:1a:5d:3a:30:54:e7:8d:e3:28:
                    7e:40:fb:92:97:3b:43:3e:9f:8f:2b:6c:3b:40:15:
                    69:26:05:fe:f3:0b:5f:27:70:63:11:c3:8f:32:76:
                    c3:d7:c1:e0:22:4b:e9:5b:38:3f:ae:39:69:6d:d1:
                    cc:20:8d:00:2f:95:de:ea:5b:a9:03:69:fb:2f:81:
                    14:36:ed:38:be:28:0f:ae:10:26:e1:a3:56:b2:8e:
                    73:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8F:E2:1F:7A:3F:29:EA:C6:1F:1C:7D:4A:79:0F:D0:1F:E9:1E:C1:E6
            X509v3 Authority Key Identifier:
                keyid:44:C0:F2:A2:A5:60:07:E4:C4:5C:CC:71:E7:DA:09:28:61:30:5B:20

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RMDyoqVgB-TEXMxx59oJKGEwWyA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cd/b8058e-4eba-4cc4-8c1d-9c84f2fdd8f0/1/j-Ifej8p6sYfHH1KeQ_QH-keweY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cd/b8058e-4eba-4cc4-8c1d-9c84f2fdd8f0/1/RMDyoqVgB-TEXMxx59oJKGEwWyA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.19.232.0/22
                  213.146.64.0/19
                IPv6:
                  2a00:4960::/32

    Signature Algorithm: sha256WithRSAEncryption
         dc:a4:bd:dc:b7:99:5a:f0:fe:0a:e3:01:e8:30:ae:04:c9:2e:
         35:cc:c5:e0:c6:eb:9d:4e:45:15:56:e9:5c:b6:bd:12:99:82:
         21:0b:78:f9:30:10:8e:d8:80:8e:04:1c:06:a6:46:06:27:af:
         ce:d5:b3:13:e4:6f:25:92:3c:77:22:35:a5:e7:66:c5:55:48:
         54:ae:04:07:af:91:28:58:89:c2:b5:53:e5:08:6f:a6:56:06:
         93:72:e4:07:07:32:cb:a8:1b:67:63:6e:be:b6:a7:4b:02:73:
         48:b9:d2:32:4d:15:f6:1c:6d:14:f1:6c:36:8a:94:fc:34:ba:
         22:19:9b:68:26:5e:37:97:82:ff:d5:50:90:5f:57:1f:5f:01:
         c9:30:f9:9e:de:59:72:22:02:10:3a:96:09:f3:8f:34:8a:d8:
         c7:04:04:72:3d:66:2e:22:61:a3:b1:8b:2d:42:9f:31:61:27:
         fb:29:95:93:40:ec:aa:71:5b:af:4b:2d:49:0c:10:c1:41:3a:
         36:f4:04:90:b1:4f:31:ad:1f:b4:a0:a3:22:d1:a2:8a:81:ff:
         91:37:36:65:6a:81:19:b4:51:74:13:89:66:00:43:75:21:9c:
         8d:c4:55:50:a3:0d:2f:eb:d5:7a:05:af:f3:3c:c1:cb:11:b6:
         15:a7:5d:a0
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZQoJEErb7q3E4ielzSjWIRvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ0YzBmMmEyYTU2MDA3ZTRjNDVjY2M3MWU3ZGEwOTI4NjEz
MDViMjAwHhcNMjUwMTAyMTc1MDUxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZmUyMWY3YTNmMjllYWM2MWYxYzdkNGE3OTBmZDAxZmU5MWVjMWU2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4VfAGysBWK/NR92VEXrxgcVjRbCI
33AOufrhdkX7dlA7EaXDxV9MwYu6+Tko6SmZnJk4SEBGDmj4X51nU9S3/5zgQHEv
M3JvFBg++2LFKLpKfrFI61QggiHlVgdrkHkCet54J29WxXHYalIBmUjsx4zCmIVn
/pnJU3trmpCCdVbyKz/8AQFWt7n7uK9VlDgnyWL6/TJez7qywM4Yu8ouOY/KxOwP
bZt0jyQaXTowVOeN4yh+QPuSlztDPp+PK2w7QBVpJgX+8wtfJ3BjEcOPMnbD18Hg
IkvpWzg/rjlpbdHMII0AL5Xe6lupA2n7L4EUNu04vigPrhAm4aNWso5zdwIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFI/iH3o/KerGHxx9SnkP0B/pHsHmMB8GA1UdIwQY
MBaAFETA8qKlYAfkxFzMcefaCShhMFsgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUk1EeW9xVmdCLVRFWE14eDU5b0pLR0V3V3lBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZC9iODA1OGUtNGViYS00Y2M0LThjMWQt
OWM4NGYyZmRkOGYwLzEvai1JZmVqOHA2c1lmSEgxS2VRX1FILWtld2VZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZC9iODA1OGUtNGViYS00Y2M0LThjMWQtOWM4NGYyZmRkOGYw
LzEvUk1EeW9xVmdCLVRFWE14eDU5b0pLR0V3V3lBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQCuRPoAwQF
1ZJAMA0EAgACMAcDBQAqAElgMA0GCSqGSIb3DQEBCwUAA4IBAQDcpL3ct5la8P4K
4wHoMK4EyS41zMXgxuudTkUVVulctr0SmYIhC3j5MBCO2ICOBBwGpkYGJ6/O1bMT
5G8lkjx3IjWl52bFVUhUrgQHr5EoWInCtVPlCG+mVgaTcuQHBzLLqBtnY26+tqdL
AnNIudIyTRX2HG0U8Ww2ipT8NLoiGZtoJl43l4L/1VCQX1cfXwHJMPme3llyIgIQ
OpYJ8480itjHBARyPWYuImGjsYstQp8xYSf7KZWTQOyqcVuvSy1JDBDBQTo29ASQ
sU8xrR+0oKMi0aKKgf+RNzZlaoEZtFF0E4lmAEN1IZyNxFVQow0v69V6Ba/zPMHL
EbYVp12g
-----END CERTIFICATE-----