Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e5/63b3de-8975-434c-96da-361786f17a05/1/c_7uOl8s8Kdh9CychkSYtAnQ7tY.roa
File:                     c_7uOl8s8Kdh9CychkSYtAnQ7tY.roa (raw, json)
Hash identifier:          Nr/ZIZGpAUJ7Gcwt3DrN0gnkpV9viza7zxUo/JxiEbY=
Subject key identifier:   73:FE:EE:3A:5F:2C:F0:A7:61:F4:2C:9C:86:44:98:B4:09:D0:EE:D6
Certificate issuer:       /CN=893a2a4019a28177cdf806599f1ab5d51d17b8dc
Certificate serial:       019421B21AC30B3F8C725CD3D2DF91D2EDE1
Authority key identifier: 89:3A:2A:40:19:A2:81:77:CD:F8:06:59:9F:1A:B5:D5:1D:17:B8:DC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iToqQBmigXfN-AZZnxq11R0XuNw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e5/63b3de-8975-434c-96da-361786f17a05/1/c_7uOl8s8Kdh9CychkSYtAnQ7tY.roa
Signing time:             Wed 01 Jan 2025 11:48:27 +0000
ROA not before:           Wed 01 Jan 2025 11:48:27 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     202625
IP address blocks:        185.158.196.0/22 maxlen: 22
                          2a07:af00::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e5/63b3de-8975-434c-96da-361786f17a05/1/iToqQBmigXfN-AZZnxq11R0XuNw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e5/63b3de-8975-434c-96da-361786f17a05/1/iToqQBmigXfN-AZZnxq11R0XuNw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iToqQBmigXfN-AZZnxq11R0XuNw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:b2:1a:c3:0b:3f:8c:72:5c:d3:d2:df:91:d2:ed:e1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=893a2a4019a28177cdf806599f1ab5d51d17b8dc
        Validity
            Not Before: Jan  1 11:48:27 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=73feee3a5f2cf0a761f42c9c864498b409d0eed6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:86:0e:46:ed:08:37:c7:cf:af:fe:1f:9c:7f:
                    4a:a5:ac:d0:28:e5:e6:19:77:09:5e:39:2c:3c:1d:
                    fa:db:cf:9e:11:0c:3f:49:6c:54:d3:31:fa:6a:e7:
                    81:76:8f:10:35:70:1a:b3:53:ce:43:ac:6d:10:97:
                    56:e8:63:18:a1:2d:0c:82:1a:7d:3a:8c:40:56:30:
                    63:2f:d9:bc:70:b4:b6:63:ad:62:29:87:30:65:74:
                    19:09:e8:1a:49:32:9e:f5:4b:aa:9d:62:70:86:d6:
                    1f:25:cf:e8:ad:2d:b5:68:97:ed:b3:7b:8f:ae:52:
                    26:58:ea:85:06:4f:32:11:c1:2e:28:f3:83:1d:0e:
                    fe:aa:27:86:d0:c2:a3:67:f8:5d:9e:06:57:8a:82:
                    8c:56:ad:2c:5e:c4:cc:fd:d6:dc:aa:dc:07:bc:d2:
                    a6:24:15:20:67:b6:14:49:b9:0c:31:1f:c9:dd:5a:
                    f3:27:79:14:9e:96:3e:62:36:32:c3:89:42:3f:77:
                    68:a5:8c:15:25:81:ea:5b:db:33:fd:b4:67:4f:b8:
                    fa:7f:8c:de:a7:fe:1e:ad:d1:c7:2e:b7:ac:4f:1e:
                    90:bd:5e:91:39:07:24:ae:74:17:0d:30:9d:40:09:
                    68:45:b1:d2:2d:ad:05:dc:15:6c:ab:c7:59:f3:43:
                    cd:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                73:FE:EE:3A:5F:2C:F0:A7:61:F4:2C:9C:86:44:98:B4:09:D0:EE:D6
            X509v3 Authority Key Identifier:
                keyid:89:3A:2A:40:19:A2:81:77:CD:F8:06:59:9F:1A:B5:D5:1D:17:B8:DC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iToqQBmigXfN-AZZnxq11R0XuNw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e5/63b3de-8975-434c-96da-361786f17a05/1/c_7uOl8s8Kdh9CychkSYtAnQ7tY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e5/63b3de-8975-434c-96da-361786f17a05/1/iToqQBmigXfN-AZZnxq11R0XuNw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.158.196.0/22
                IPv6:
                  2a07:af00::/29

    Signature Algorithm: sha256WithRSAEncryption
         5b:a9:30:85:d1:03:f1:d3:1e:81:27:64:64:1f:c0:93:fe:7c:
         26:c4:3c:44:83:af:a1:b4:7e:85:e6:b6:bc:1b:78:a2:e0:26:
         1f:84:ab:2b:e3:0f:52:b1:52:93:a2:88:c4:60:bb:20:82:b6:
         ad:d7:56:d4:62:86:92:d2:50:4c:49:6d:d1:3b:27:ea:ae:1d:
         34:e7:e5:cc:56:c4:77:7b:cc:61:eb:36:55:da:74:66:f0:6a:
         10:6d:e9:3c:2d:a9:74:45:c6:1a:e2:8e:cc:fb:6f:f2:9e:48:
         f8:b4:53:f3:93:b0:9a:ce:8d:2d:d2:57:ce:0d:5b:e0:3f:fe:
         d2:db:f6:ed:9c:45:34:b6:3f:b5:03:a9:bf:82:e2:5c:6f:fe:
         b3:ce:b7:5c:a3:93:72:2e:12:8c:48:3a:92:16:a7:43:da:ae:
         ff:c0:48:35:71:f0:39:2d:c9:91:38:4c:79:af:4b:a8:af:5e:
         e2:b6:c2:2f:c5:c1:b3:23:07:b8:9e:c1:ad:27:71:ea:05:27:
         76:f9:07:d1:e9:44:ce:65:fe:19:4d:84:97:dc:32:b6:23:0a:
         47:18:c2:9b:02:f8:f9:1c:26:f4:27:bb:df:09:38:18:20:65:
         b6:28:87:d6:bf:f0:c6:c1:6f:56:e3:15:64:07:a0:1e:bc:85:
         2b:01:1b:48
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQhshrDCz+MclzT0t+R0u3hMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg5M2EyYTQwMTlhMjgxNzdjZGY4MDY1OTlmMWFiNWQ1MWQx
N2I4ZGMwHhcNMjUwMTAxMTE0ODI3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3M2ZlZWUzYTVmMmNmMGE3NjFmNDJjOWM4NjQ0OThiNDA5ZDBlZWQ2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2oYORu0IN8fPr/4fnH9KpazQKOXm
GXcJXjksPB3628+eEQw/SWxU0zH6aueBdo8QNXAas1POQ6xtEJdW6GMYoS0Mghp9
OoxAVjBjL9m8cLS2Y61iKYcwZXQZCegaSTKe9UuqnWJwhtYfJc/orS21aJfts3uP
rlImWOqFBk8yEcEuKPODHQ7+qieG0MKjZ/hdngZXioKMVq0sXsTM/dbcqtwHvNKm
JBUgZ7YUSbkMMR/J3VrzJ3kUnpY+YjYyw4lCP3dopYwVJYHqW9sz/bRnT7j6f4ze
p/4erdHHLresTx6QvV6ROQckrnQXDTCdQAloRbHSLa0F3BVsq8dZ80PN2QIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFHP+7jpfLPCnYfQsnIZEmLQJ0O7WMB8GA1UdIwQY
MBaAFIk6KkAZooF3zfgGWZ8atdUdF7jcMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaVRvcVFCbWlnWGZOLUFaWm54cTExUjBYdU53LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNS82M2IzZGUtODk3NS00MzRjLTk2ZGEt
MzYxNzg2ZjE3YTA1LzEvY183dU9sOHM4S2RoOUN5Y2hrU1l0QW5RN3RZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNS82M2IzZGUtODk3NS00MzRjLTk2ZGEtMzYxNzg2ZjE3YTA1
LzEvaVRvcVFCbWlnWGZOLUFaWm54cTExUjBYdU53LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuZ7EMA0E
AgACMAcDBQMqB68AMA0GCSqGSIb3DQEBCwUAA4IBAQBbqTCF0QPx0x6BJ2RkH8CT
/nwmxDxEg6+htH6F5ra8G3ii4CYfhKsr4w9SsVKToojEYLsggrat11bUYoaS0lBM
SW3ROyfqrh005+XMVsR3e8xh6zZV2nRm8GoQbek8Lal0RcYa4o7M+2/ynkj4tFPz
k7Cazo0t0lfODVvgP/7S2/btnEU0tj+1A6m/guJcb/6zzrdco5NyLhKMSDqSFqdD
2q7/wEg1cfA5LcmROEx5r0uor17itsIvxcGzIwe4nsGtJ3HqBSd2+QfR6UTOZf4Z
TYSX3DK2IwpHGMKbAvj5HCb0J7vfCTgYIGW2KIfWv/DGwW9W4xVkB6AevIUrARtI
-----END CERTIFICATE-----