Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e2/2b4934-4ea2-45c1-ae07-d45ab7df2de1/1/rsxSpj9moP8LtPzNvFBSE3jnhTY.roa
File:                     rsxSpj9moP8LtPzNvFBSE3jnhTY.roa (raw, json)
Hash identifier:          EI5toUib0yn2k83FMVjkqamZ8A/+xIBPYiOu2bZVLHc=
Subject key identifier:   AE:CC:52:A6:3F:66:A0:FF:0B:B4:FC:CD:BC:50:52:13:78:E7:85:36
Certificate issuer:       /CN=75e05bc21b2a6f1033711ffca6491c6c30ce5a4a
Certificate serial:       0194258F953ABE8DA318A00C2ECF472C01EE
Authority key identifier: 75:E0:5B:C2:1B:2A:6F:10:33:71:1F:FC:A6:49:1C:6C:30:CE:5A:4A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/deBbwhsqbxAzcR_8pkkcbDDOWko.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e2/2b4934-4ea2-45c1-ae07-d45ab7df2de1/1/rsxSpj9moP8LtPzNvFBSE3jnhTY.roa
Signing time:             Thu 02 Jan 2025 05:49:14 +0000
ROA not before:           Thu 02 Jan 2025 05:49:14 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     36947
IP address blocks:        213.140.56.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e2/2b4934-4ea2-45c1-ae07-d45ab7df2de1/1/deBbwhsqbxAzcR_8pkkcbDDOWko.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e2/2b4934-4ea2-45c1-ae07-d45ab7df2de1/1/deBbwhsqbxAzcR_8pkkcbDDOWko.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/deBbwhsqbxAzcR_8pkkcbDDOWko.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 16:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:8f:95:3a:be:8d:a3:18:a0:0c:2e:cf:47:2c:01:ee
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=75e05bc21b2a6f1033711ffca6491c6c30ce5a4a
        Validity
            Not Before: Jan  2 05:49:14 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=aecc52a63f66a0ff0bb4fccdbc50521378e78536
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:09:d2:62:b1:35:07:6d:c9:14:42:07:23:df:
                    5c:79:c9:95:e0:3c:49:63:23:08:1f:2b:c2:d4:e1:
                    56:ca:01:fb:ec:03:25:29:6d:b9:ca:17:54:72:1f:
                    ab:81:f2:51:5f:1b:d7:18:3b:35:44:ca:bc:f0:7f:
                    49:17:34:6d:92:22:52:05:20:06:3d:f7:7c:5d:62:
                    55:6c:20:61:58:c1:09:e0:da:04:22:f0:af:84:a5:
                    9d:09:eb:cb:1c:41:79:82:60:25:4e:eb:95:71:2f:
                    79:14:49:da:7e:01:07:aa:b9:e9:01:33:ac:ac:aa:
                    d3:51:6f:99:40:c5:3c:c3:2a:d4:22:c7:0c:72:bb:
                    44:3e:d3:ce:b5:2c:99:01:aa:33:91:6c:9d:e3:29:
                    31:8a:19:89:ab:64:ce:32:48:c3:89:e8:74:86:30:
                    a7:27:6e:e9:76:ab:a4:48:2e:09:b6:fd:ca:12:1e:
                    25:8d:b7:f8:0f:83:b3:b0:02:54:93:e8:75:f2:04:
                    c7:f6:ed:d3:b6:70:97:22:6d:0e:82:41:c1:2f:8c:
                    8a:de:82:77:15:dd:9d:97:64:8b:35:28:a8:01:a3:
                    5d:6d:b5:8c:99:1e:7d:5c:32:c6:01:4a:25:2b:df:
                    74:8c:52:13:48:95:8b:3c:9f:c6:5d:87:52:0e:92:
                    5a:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AE:CC:52:A6:3F:66:A0:FF:0B:B4:FC:CD:BC:50:52:13:78:E7:85:36
            X509v3 Authority Key Identifier:
                keyid:75:E0:5B:C2:1B:2A:6F:10:33:71:1F:FC:A6:49:1C:6C:30:CE:5A:4A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/deBbwhsqbxAzcR_8pkkcbDDOWko.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/2b4934-4ea2-45c1-ae07-d45ab7df2de1/1/rsxSpj9moP8LtPzNvFBSE3jnhTY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/2b4934-4ea2-45c1-ae07-d45ab7df2de1/1/deBbwhsqbxAzcR_8pkkcbDDOWko.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.140.56.0/22

    Signature Algorithm: sha256WithRSAEncryption
         34:3a:bd:11:42:af:1d:0f:40:f4:4e:9e:15:97:2b:d6:cb:f0:
         da:76:4c:87:ed:82:62:75:6d:94:c1:da:7f:fe:6e:bb:4c:c0:
         15:36:8e:fc:c2:9e:4a:e1:bd:f0:af:1e:59:22:f7:c0:8e:72:
         a1:33:42:e8:55:b1:5c:b6:77:5d:8d:6a:ed:63:39:73:8b:b9:
         f8:74:d8:92:a2:26:ab:69:81:f9:e7:6c:b5:4b:c6:36:af:25:
         d9:15:ac:fe:d4:f6:62:d2:3f:47:2c:13:43:8a:cf:0f:0e:4e:
         b2:a7:bd:ad:da:21:05:a7:db:5d:51:a3:71:0f:69:ef:5e:46:
         05:63:40:9e:f6:d2:58:bc:14:e3:8e:64:96:69:b8:08:66:a1:
         34:50:4a:6e:b0:33:f3:36:47:31:df:a5:7f:8b:ce:ab:c2:54:
         de:f0:a7:32:dc:e5:d7:20:79:ad:4f:9c:a3:c8:be:ce:b7:61:
         23:7a:5f:1a:7d:e6:78:a5:55:6a:4b:66:59:95:ce:0c:87:45:
         b7:d8:2c:03:40:c3:4d:35:d0:20:cd:d0:66:70:96:33:bb:88:
         b0:9c:21:6d:91:69:85:12:1e:c7:bc:7d:60:2a:ab:73:a1:fa:
         80:8c:23:d8:68:2b:34:e8:f8:3f:31:d6:13:32:0e:6f:81:fd:
         51:e3:82:2a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQlj5U6vo2jGKAMLs9HLAHuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc1ZTA1YmMyMWIyYTZmMTAzMzcxMWZmY2E2NDkxYzZjMzBj
ZTVhNGEwHhcNMjUwMTAyMDU0OTE0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZWNjNTJhNjNmNjZhMGZmMGJiNGZjY2RiYzUwNTIxMzc4ZTc4NTM2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyQnSYrE1B23JFEIHI99cecmV4DxJ
YyMIHyvC1OFWygH77AMlKW25yhdUch+rgfJRXxvXGDs1RMq88H9JFzRtkiJSBSAG
Pfd8XWJVbCBhWMEJ4NoEIvCvhKWdCevLHEF5gmAlTuuVcS95FEnafgEHqrnpATOs
rKrTUW+ZQMU8wyrUIscMcrtEPtPOtSyZAaozkWyd4ykxihmJq2TOMkjDieh0hjCn
J27pdqukSC4Jtv3KEh4ljbf4D4OzsAJUk+h18gTH9u3TtnCXIm0OgkHBL4yK3oJ3
Fd2dl2SLNSioAaNdbbWMmR59XDLGAUolK990jFITSJWLPJ/GXYdSDpJajQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFK7MUqY/ZqD/C7T8zbxQUhN454U2MB8GA1UdIwQY
MBaAFHXgW8IbKm8QM3Ef/KZJHGwwzlpKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZGVCYndoc3FieEF6Y1JfOHBra2NiRERPV2tvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMi8yYjQ5MzQtNGVhMi00NWMxLWFlMDct
ZDQ1YWI3ZGYyZGUxLzEvcnN4U3BqOW1vUDhMdFB6TnZGQlNFM2puaFRZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMi8yYjQ5MzQtNGVhMi00NWMxLWFlMDctZDQ1YWI3ZGYyZGUx
LzEvZGVCYndoc3FieEF6Y1JfOHBra2NiRERPV2tvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQC1Yw4MA0G
CSqGSIb3DQEBCwUAA4IBAQA0Or0RQq8dD0D0Tp4VlyvWy/DadkyH7YJidW2Uwdp/
/m67TMAVNo78wp5K4b3wrx5ZIvfAjnKhM0LoVbFctnddjWrtYzlzi7n4dNiSoiar
aYH552y1S8Y2ryXZFaz+1PZi0j9HLBNDis8PDk6yp72t2iEFp9tdUaNxD2nvXkYF
Y0Ce9tJYvBTjjmSWabgIZqE0UEpusDPzNkcx36V/i86rwlTe8Kcy3OXXIHmtT5yj
yL7Ot2Ejel8afeZ4pVVqS2ZZlc4Mh0W32CwDQMNNNdAgzdBmcJYzu4iwnCFtkWmF
Eh7HvH1gKqtzofqAjCPYaCs06Pg/MdYTMg5vgf1R44Iq
-----END CERTIFICATE-----