Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cf/ba0579-a1e7-4b24-8033-6b3e0aa2cbb2/1/E7w56iH6n62Qtx76-l21Wicx0tI.roa
File:                     E7w56iH6n62Qtx76-l21Wicx0tI.roa (raw, json)
Hash identifier:          mYbpZ2jovxydBfbzCm7J8lBecdgedCJGDSbz9EY1aRY=
Subject key identifier:   13:BC:39:EA:21:FA:9F:AD:90:B7:1E:FA:FA:5D:B5:5A:27:31:D2:D2
Certificate issuer:       /CN=8621b0b7dfa0a7888f75eff20f32145a0b3f0dd5
Certificate serial:       019424B3C8E2104685E12BD37543883293C4
Authority key identifier: 86:21:B0:B7:DF:A0:A7:88:8F:75:EF:F2:0F:32:14:5A:0B:3F:0D:D5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hiGwt9-gp4iPde_yDzIUWgs_DdU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cf/ba0579-a1e7-4b24-8033-6b3e0aa2cbb2/1/E7w56iH6n62Qtx76-l21Wicx0tI.roa
Signing time:             Thu 02 Jan 2025 01:49:09 +0000
ROA not before:           Thu 02 Jan 2025 01:49:09 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     60111
IP address blocks:        185.125.220.0/22 maxlen: 22
                          2a02:5c20::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cf/ba0579-a1e7-4b24-8033-6b3e0aa2cbb2/1/hiGwt9-gp4iPde_yDzIUWgs_DdU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cf/ba0579-a1e7-4b24-8033-6b3e0aa2cbb2/1/hiGwt9-gp4iPde_yDzIUWgs_DdU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hiGwt9-gp4iPde_yDzIUWgs_DdU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 17 Apr 2025 13:16:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:b3:c8:e2:10:46:85:e1:2b:d3:75:43:88:32:93:c4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8621b0b7dfa0a7888f75eff20f32145a0b3f0dd5
        Validity
            Not Before: Jan  2 01:49:09 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=13bc39ea21fa9fad90b71efafa5db55a2731d2d2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:ef:d7:2f:61:18:ab:8e:9b:7a:1d:dd:9e:98:
                    e1:7f:ad:b6:6d:32:52:fb:2c:ce:5a:50:d3:19:5c:
                    0a:be:bd:d7:7d:8e:97:dd:57:33:88:02:1c:b8:e6:
                    df:c6:07:ce:38:0b:8f:e9:f3:21:37:4c:52:b4:f5:
                    85:64:c1:0b:ea:96:a9:93:1d:e1:b4:c6:75:04:84:
                    5b:a6:e4:5f:7a:3b:44:db:94:df:0b:e1:22:13:5e:
                    3e:8a:9d:57:72:9e:81:91:1c:42:5d:9e:ff:83:a4:
                    f4:9d:66:27:0f:3d:6c:f7:d8:b0:71:09:91:fe:11:
                    af:31:6c:5a:a3:83:f5:cc:34:57:ae:1c:ae:bf:e7:
                    36:90:26:b8:cf:41:c4:fc:97:b1:26:c3:ed:2f:8a:
                    70:8d:58:cc:34:71:bb:c8:4c:ef:b6:08:83:02:18:
                    18:44:d0:a8:a6:1b:7f:0c:f7:5e:9b:be:5c:1e:92:
                    a5:24:a7:01:99:7f:c1:9d:71:41:ba:ba:1c:1c:ad:
                    17:ae:db:bc:8c:f6:8d:f1:72:a9:6e:77:eb:e4:2a:
                    b1:fa:a1:64:78:0e:bd:db:ed:44:38:a2:05:91:57:
                    13:70:7e:50:f8:65:ee:27:0a:da:dd:cb:a6:c7:94:
                    f9:01:3d:c3:a5:71:f0:c2:80:83:aa:0d:46:4c:42:
                    bd:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                13:BC:39:EA:21:FA:9F:AD:90:B7:1E:FA:FA:5D:B5:5A:27:31:D2:D2
            X509v3 Authority Key Identifier:
                keyid:86:21:B0:B7:DF:A0:A7:88:8F:75:EF:F2:0F:32:14:5A:0B:3F:0D:D5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hiGwt9-gp4iPde_yDzIUWgs_DdU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cf/ba0579-a1e7-4b24-8033-6b3e0aa2cbb2/1/E7w56iH6n62Qtx76-l21Wicx0tI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cf/ba0579-a1e7-4b24-8033-6b3e0aa2cbb2/1/hiGwt9-gp4iPde_yDzIUWgs_DdU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.125.220.0/22
                IPv6:
                  2a02:5c20::/29

    Signature Algorithm: sha256WithRSAEncryption
         31:2c:d2:af:47:17:ec:e8:e9:76:75:80:7e:12:77:83:c6:f3:
         15:a8:6e:b1:66:f9:2c:f3:6e:ec:56:8d:df:7d:f2:cf:e7:e4:
         1d:b4:05:50:18:df:b7:ed:a2:f6:c4:59:e7:e5:01:b3:af:9d:
         50:a2:76:d4:18:54:09:89:24:11:9f:0e:b1:58:be:0e:61:da:
         a6:0d:f4:8d:36:6d:ff:3d:bf:20:b4:57:52:09:aa:20:41:34:
         bc:a8:d9:48:c6:63:e5:87:a2:a4:4d:d9:16:ff:0a:10:f1:65:
         16:78:c8:bd:cf:5d:87:37:16:95:dc:2a:1d:2c:98:2e:18:2f:
         e0:69:0f:a5:80:51:64:07:6c:cc:c5:15:d9:a9:fb:3b:9e:93:
         cd:f4:36:82:94:77:4b:2d:6c:0f:61:d1:c5:fa:f4:c9:4b:44:
         8b:39:cf:26:3f:7a:52:9d:14:e2:87:08:88:98:5e:62:93:90:
         84:52:e6:96:fa:19:1a:4a:18:3f:bb:c0:e8:05:2c:88:3c:7b:
         8b:f7:4a:75:6f:26:84:78:46:38:fb:a3:e1:1c:ac:56:48:b1:
         71:2e:8c:2d:b1:d7:5b:b7:26:2e:ad:32:33:98:de:d6:3f:39:
         88:07:95:28:19:87:fd:e0:e1:93:b9:3e:e9:20:e5:c2:ab:3e:
         40:17:b0:cc
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQks8jiEEaF4SvTdUOIMpPEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg2MjFiMGI3ZGZhMGE3ODg4Zjc1ZWZmMjBmMzIxNDVhMGIz
ZjBkZDUwHhcNMjUwMTAyMDE0OTA5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxM2JjMzllYTIxZmE5ZmFkOTBiNzFlZmFmYTVkYjU1YTI3MzFkMmQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsu/XL2EYq46beh3dnpjhf622bTJS
+yzOWlDTGVwKvr3XfY6X3VcziAIcuObfxgfOOAuP6fMhN0xStPWFZMEL6papkx3h
tMZ1BIRbpuRfejtE25TfC+EiE14+ip1Xcp6BkRxCXZ7/g6T0nWYnDz1s99iwcQmR
/hGvMWxao4P1zDRXrhyuv+c2kCa4z0HE/JexJsPtL4pwjVjMNHG7yEzvtgiDAhgY
RNCopht/DPdem75cHpKlJKcBmX/BnXFBurocHK0Xrtu8jPaN8XKpbnfr5Cqx+qFk
eA692+1EOKIFkVcTcH5Q+GXuJwra3cumx5T5AT3DpXHwwoCDqg1GTEK96QIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFBO8Oeoh+p+tkLce+vpdtVonMdLSMB8GA1UdIwQY
MBaAFIYhsLffoKeIj3Xv8g8yFFoLPw3VMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaGlHd3Q5LWdwNGlQZGVfeUR6SVVXZ3NfRGRVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZi9iYTA1NzktYTFlNy00YjI0LTgwMzMt
NmIzZTBhYTJjYmIyLzEvRTd3NTZpSDZuNjJRdHg3Ni1sMjFXaWN4MHRJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZi9iYTA1NzktYTFlNy00YjI0LTgwMzMtNmIzZTBhYTJjYmIy
LzEvaGlHd3Q5LWdwNGlQZGVfeUR6SVVXZ3NfRGRVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuX3cMA0E
AgACMAcDBQMqAlwgMA0GCSqGSIb3DQEBCwUAA4IBAQAxLNKvRxfs6Ol2dYB+EneD
xvMVqG6xZvks827sVo3fffLP5+QdtAVQGN+37aL2xFnn5QGzr51QonbUGFQJiSQR
nw6xWL4OYdqmDfSNNm3/Pb8gtFdSCaogQTS8qNlIxmPlh6KkTdkW/woQ8WUWeMi9
z12HNxaV3CodLJguGC/gaQ+lgFFkB2zMxRXZqfs7npPN9DaClHdLLWwPYdHF+vTJ
S0SLOc8mP3pSnRTihwiImF5ik5CEUuaW+hkaShg/u8DoBSyIPHuL90p1byaEeEY4
+6PhHKxWSLFxLowtsddbtyYurTIzmN7WPzmIB5UoGYf94OGTuT7pIOXCqz5AF7DM
-----END CERTIFICATE-----