Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/db/efe0e0-34f7-429e-9f38-4ea7a1ae98de/1/aXSOEWx3tVF7ynpp-Q3fBbDZg50.roa
File:                     aXSOEWx3tVF7ynpp-Q3fBbDZg50.roa (raw, json)
Hash identifier:          RSnTxORBukbARx6FRTZpYXAyjlGDaMBXkz61tBk9AhY=
Subject key identifier:   69:74:8E:11:6C:77:B5:51:7B:CA:7A:69:F9:0D:DF:05:B0:D9:83:9D
Certificate issuer:       /CN=b057f544f53f35d8d2e73cb2965b4f4d7d022959
Certificate serial:       019424455CDFA0889F99D376D3A7D5DA8B47
Authority key identifier: B0:57:F5:44:F5:3F:35:D8:D2:E7:3C:B2:96:5B:4F:4D:7D:02:29:59
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sFf1RPU_NdjS5zyylltPTX0CKVk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/db/efe0e0-34f7-429e-9f38-4ea7a1ae98de/1/aXSOEWx3tVF7ynpp-Q3fBbDZg50.roa
Signing time:             Wed 01 Jan 2025 23:48:33 +0000
ROA not before:           Wed 01 Jan 2025 23:48:33 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     680
IP address blocks:        149.222.0.0/16 maxlen: 16
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/db/efe0e0-34f7-429e-9f38-4ea7a1ae98de/1/sFf1RPU_NdjS5zyylltPTX0CKVk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/db/efe0e0-34f7-429e-9f38-4ea7a1ae98de/1/sFf1RPU_NdjS5zyylltPTX0CKVk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/sFf1RPU_NdjS5zyylltPTX0CKVk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 13 Apr 2025 05:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:45:5c:df:a0:88:9f:99:d3:76:d3:a7:d5:da:8b:47
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b057f544f53f35d8d2e73cb2965b4f4d7d022959
        Validity
            Not Before: Jan  1 23:48:33 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=69748e116c77b5517bca7a69f90ddf05b0d9839d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:31:b2:03:84:06:6a:b3:42:14:ac:1a:40:3c:
                    aa:54:46:a3:52:a3:a0:a1:a6:4c:d1:3a:34:7e:e7:
                    ad:71:cb:89:3b:76:ca:79:36:1b:b0:b3:ad:72:19:
                    ac:32:79:5c:dd:91:45:15:aa:a2:72:f2:3a:7a:86:
                    f7:53:32:47:6b:1d:30:ba:07:32:ac:16:e1:01:44:
                    a4:8d:4d:e1:5f:e2:f1:5a:77:ca:c9:84:01:59:61:
                    ed:40:91:fd:00:2f:52:fd:38:2e:63:40:b2:3d:fd:
                    86:e1:8f:85:d4:29:de:46:00:d4:06:60:29:ea:5d:
                    cc:6f:06:18:62:bb:45:dc:f4:8e:11:2c:70:dc:7c:
                    6f:97:36:b5:eb:d1:72:84:b0:27:65:23:da:74:52:
                    11:5a:52:80:89:e1:24:0e:b3:cc:fb:23:30:ab:a8:
                    16:30:1d:67:bb:89:56:9c:67:61:23:b4:d0:39:e1:
                    64:65:e0:c9:18:95:96:fd:1f:36:30:99:b1:11:0d:
                    09:61:9b:1c:ad:f8:02:d8:d8:91:e6:18:98:ce:1a:
                    b2:39:8a:b6:e7:ff:4e:07:2d:8b:1f:79:43:a6:90:
                    e3:e9:e1:7b:e9:9d:40:3b:f3:94:6f:8c:de:e5:44:
                    d9:4e:02:a3:f9:b5:39:ab:d7:a6:3e:a5:bb:da:0f:
                    00:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                69:74:8E:11:6C:77:B5:51:7B:CA:7A:69:F9:0D:DF:05:B0:D9:83:9D
            X509v3 Authority Key Identifier:
                keyid:B0:57:F5:44:F5:3F:35:D8:D2:E7:3C:B2:96:5B:4F:4D:7D:02:29:59

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sFf1RPU_NdjS5zyylltPTX0CKVk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/db/efe0e0-34f7-429e-9f38-4ea7a1ae98de/1/aXSOEWx3tVF7ynpp-Q3fBbDZg50.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/db/efe0e0-34f7-429e-9f38-4ea7a1ae98de/1/sFf1RPU_NdjS5zyylltPTX0CKVk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  149.222.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         07:ad:9f:9b:c3:48:cd:41:e7:e3:c8:3b:68:c3:b8:75:91:19:
         29:66:28:87:93:3a:b0:d6:4b:57:24:9a:9f:bf:da:dc:15:1e:
         ce:f0:b6:bb:3b:59:15:2e:f7:ad:9c:89:69:16:6e:c4:26:fb:
         bd:ef:67:96:99:a4:e5:5a:9e:f6:61:4f:72:10:63:39:cb:04:
         c0:a6:6a:94:a3:c2:e2:b2:9b:74:d8:49:06:f8:b4:b2:9a:fc:
         9b:15:54:ad:16:bf:77:44:18:58:bc:46:54:51:06:87:38:a9:
         00:ba:bd:d9:7f:6f:c6:86:6c:6d:a8:8b:f1:88:08:61:6e:68:
         2d:b1:83:ff:10:f5:9e:02:1e:10:2c:3d:ef:c2:21:ed:20:2c:
         24:3f:0b:8e:9b:63:87:fd:86:b1:71:55:d0:61:6e:3b:61:cf:
         d0:d8:5e:a5:f2:1e:5b:d4:e5:51:9c:5d:1c:ef:0c:60:3c:94:
         4e:04:a7:80:64:30:57:ee:3e:0a:cf:e3:a8:86:89:ed:e3:8a:
         5c:41:bf:63:d5:fe:e5:00:e3:eb:8c:5d:23:26:32:11:b6:10:
         fd:7d:b0:9f:db:01:ce:5d:0a:b9:26:f6:81:69:f0:b6:52:d8:
         63:b5:82:66:4b:66:a1:ec:0b:6b:92:64:ae:a6:f6:75:5b:b9:
         83:bf:31:1a
-----BEGIN CERTIFICATE-----
MIIE/DCCA+SgAwIBAgISAZQkRVzfoIifmdN206fV2otHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIwNTdmNTQ0ZjUzZjM1ZDhkMmU3M2NiMjk2NWI0ZjRkN2Qw
MjI5NTkwHhcNMjUwMTAxMjM0ODMzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2OTc0OGUxMTZjNzdiNTUxN2JjYTdhNjlmOTBkZGYwNWIwZDk4MzlkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAojGyA4QGarNCFKwaQDyqVEajUqOg
oaZM0To0fuetccuJO3bKeTYbsLOtchmsMnlc3ZFFFaqicvI6eob3UzJHax0wugcy
rBbhAUSkjU3hX+LxWnfKyYQBWWHtQJH9AC9S/TguY0CyPf2G4Y+F1CneRgDUBmAp
6l3MbwYYYrtF3PSOESxw3Hxvlza169FyhLAnZSPadFIRWlKAieEkDrPM+yMwq6gW
MB1nu4lWnGdhI7TQOeFkZeDJGJWW/R82MJmxEQ0JYZscrfgC2NiR5hiYzhqyOYq2
5/9OBy2LH3lDppDj6eF76Z1AO/OUb4ze5UTZTgKj+bU5q9emPqW72g8ASQIDAQAB
o4ICCDCCAgQwHQYDVR0OBBYEFGl0jhFsd7VRe8p6afkN3wWw2YOdMB8GA1UdIwQY
MBaAFLBX9UT1PzXY0uc8spZbT019AilZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc0ZmMVJQVV9OZGpTNXp5eWxsdFBUWDBDS1ZrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYi9lZmUwZTAtMzRmNy00MjllLTlmMzgt
NGVhN2ExYWU5OGRlLzEvYVhTT0VXeDN0VkY3eW5wcC1RM2ZCYkRaZzUwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYi9lZmUwZTAtMzRmNy00MjllLTlmMzgtNGVhN2ExYWU5OGRl
LzEvc0ZmMVJQVV9OZGpTNXp5eWxsdFBUWDBDS1ZrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMAld4wDQYJ
KoZIhvcNAQELBQADggEBAAetn5vDSM1B5+PIO2jDuHWRGSlmKIeTOrDWS1ckmp+/
2twVHs7wtrs7WRUu962ciWkWbsQm+73vZ5aZpOVanvZhT3IQYznLBMCmapSjwuKy
m3TYSQb4tLKa/JsVVK0Wv3dEGFi8RlRRBoc4qQC6vdl/b8aGbG2oi/GICGFuaC2x
g/8Q9Z4CHhAsPe/CIe0gLCQ/C46bY4f9hrFxVdBhbjthz9DYXqXyHlvU5VGcXRzv
DGA8lE4Ep4BkMFfuPgrP46iGie3jilxBv2PV/uUA4+uMXSMmMhG2EP19sJ/bAc5d
Crkm9oFp8LZS2GO1gmZLZqHsC2uSZK6m9nVbuYO/MRo=
-----END CERTIFICATE-----