Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e7/b41ab6-b9f3-4b4a-9b7b-1ed10954bd96/1/1-2ze8RFqsfXiBAT11ime5104BjY.roa
File:                     1-2ze8RFqsfXiBAT11ime5104BjY.roa (raw, json)
Hash identifier:          1G/91kNwXr6Euhuawe1vb8XkKyyCivckcaN+MUB7G0c=
Subject key identifier:   FB:6C:DE:F1:11:6A:B1:F5:E2:04:04:F5:D6:29:9E:E7:5D:38:06:36
Certificate issuer:       /CN=5753c06290a371994d7577318685f5bc4a538d47
Certificate serial:       0194266B2F4018E51884EDFC817F90BE4545
Authority key identifier: 57:53:C0:62:90:A3:71:99:4D:75:77:31:86:85:F5:BC:4A:53:8D:47
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/V1PAYpCjcZlNdXcxhoX1vEpTjUc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e7/b41ab6-b9f3-4b4a-9b7b-1ed10954bd96/1/1-2ze8RFqsfXiBAT11ime5104BjY.roa
Signing time:             Thu 02 Jan 2025 09:49:06 +0000
ROA not before:           Thu 02 Jan 2025 09:49:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     29119
IP address blocks:        158.172.144.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e7/b41ab6-b9f3-4b4a-9b7b-1ed10954bd96/1/V1PAYpCjcZlNdXcxhoX1vEpTjUc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e7/b41ab6-b9f3-4b4a-9b7b-1ed10954bd96/1/V1PAYpCjcZlNdXcxhoX1vEpTjUc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/V1PAYpCjcZlNdXcxhoX1vEpTjUc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 13:01:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:6b:2f:40:18:e5:18:84:ed:fc:81:7f:90:be:45:45
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5753c06290a371994d7577318685f5bc4a538d47
        Validity
            Not Before: Jan  2 09:49:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=fb6cdef1116ab1f5e20404f5d6299ee75d380636
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:d4:eb:c2:e2:86:d2:70:cd:98:b1:6b:66:26:
                    2d:71:dc:c9:c1:c3:b4:9f:09:88:03:6a:a7:c2:f4:
                    78:ea:07:ea:d9:d9:df:6c:b4:a3:af:ff:7e:8f:1c:
                    dd:6a:a5:75:7f:e9:5e:8a:36:0f:50:fe:f5:cb:c2:
                    2e:dc:8c:47:a0:f5:91:e8:53:9a:f7:24:12:e3:0e:
                    6d:d2:e7:1e:5f:81:16:01:ed:95:fa:a9:ab:d4:3d:
                    af:7d:0c:3a:9e:a7:08:41:ef:a9:e3:b9:0e:60:0b:
                    2b:2b:1b:b5:0b:00:d9:15:b3:1f:d6:1a:a1:38:67:
                    39:5f:f0:b6:20:13:6b:df:73:ff:26:a6:5f:d6:39:
                    21:6e:96:1e:30:95:5f:1f:cc:99:22:92:44:95:7d:
                    9f:f9:b2:b1:15:65:3e:a1:a3:07:12:3b:64:cc:31:
                    7c:71:b7:7b:57:50:8b:49:8c:5a:84:1e:28:02:a4:
                    3c:51:c0:98:64:0b:2d:a7:47:86:58:d5:71:80:38:
                    c9:42:af:dd:08:2a:78:6c:ba:dc:f1:a4:cb:93:74:
                    bf:e5:2a:6b:f5:49:c2:3d:3a:28:1f:52:82:f0:94:
                    4f:9d:9e:38:4f:25:fa:97:95:8d:4b:13:20:38:fa:
                    18:f6:08:21:ac:24:31:32:6a:fa:5a:82:bd:1c:db:
                    f0:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FB:6C:DE:F1:11:6A:B1:F5:E2:04:04:F5:D6:29:9E:E7:5D:38:06:36
            X509v3 Authority Key Identifier:
                keyid:57:53:C0:62:90:A3:71:99:4D:75:77:31:86:85:F5:BC:4A:53:8D:47

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/V1PAYpCjcZlNdXcxhoX1vEpTjUc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/b41ab6-b9f3-4b4a-9b7b-1ed10954bd96/1/1-2ze8RFqsfXiBAT11ime5104BjY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/b41ab6-b9f3-4b4a-9b7b-1ed10954bd96/1/V1PAYpCjcZlNdXcxhoX1vEpTjUc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  158.172.144.0/22

    Signature Algorithm: sha256WithRSAEncryption
         aa:0b:b5:aa:1a:78:68:ad:96:b9:bd:f6:d3:f1:8b:0c:c4:d6:
         1a:50:fd:80:2a:df:3c:3e:7f:48:ab:5c:77:bb:15:34:62:b1:
         e7:92:32:78:9b:a4:c8:f0:27:84:26:c0:c7:ce:c4:f7:e6:86:
         51:ee:01:10:44:d7:1d:49:6d:0f:44:02:e5:95:7c:e6:f8:89:
         73:2d:e1:94:94:3c:f9:72:12:03:00:42:f4:1d:b2:04:59:06:
         95:06:87:74:85:b4:8a:91:c6:ff:90:4d:c5:5a:f5:d0:e3:11:
         bc:4d:56:c7:bd:60:4b:cf:3c:d5:2e:f9:f7:9b:92:3f:cb:4b:
         2a:5b:51:e2:5d:e8:27:af:45:77:96:7a:f4:21:6e:6b:8d:2c:
         b2:25:32:3f:74:6e:f4:0f:0d:d1:df:a9:d9:54:06:b2:99:f6:
         35:d2:4e:43:98:21:5d:10:22:eb:8f:32:e4:e1:1a:05:86:a3:
         49:6d:41:29:a4:b8:cc:7d:ca:17:d2:70:0c:b6:0e:d0:00:e4:
         7b:36:d6:12:8d:bb:d6:9b:cd:0c:2a:34:c7:9c:06:8e:12:e7:
         bb:82:cc:77:fb:e8:8b:7e:d1:5a:9c:9c:02:b2:fb:4e:fe:84:
         00:7d:24:9c:a0:a0:51:87:39:59:d8:ca:60:7d:30:59:eb:3d:
         4a:0a:6e:d4
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZQmay9AGOUYhO38gX+QvkVFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU3NTNjMDYyOTBhMzcxOTk0ZDc1NzczMTg2ODVmNWJjNGE1
MzhkNDcwHhcNMjUwMTAyMDk0OTA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYjZjZGVmMTExNmFiMWY1ZTIwNDA0ZjVkNjI5OWVlNzVkMzgwNjM2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAudTrwuKG0nDNmLFrZiYtcdzJwcO0
nwmIA2qnwvR46gfq2dnfbLSjr/9+jxzdaqV1f+leijYPUP71y8Iu3IxHoPWR6FOa
9yQS4w5t0uceX4EWAe2V+qmr1D2vfQw6nqcIQe+p47kOYAsrKxu1CwDZFbMf1hqh
OGc5X/C2IBNr33P/JqZf1jkhbpYeMJVfH8yZIpJElX2f+bKxFWU+oaMHEjtkzDF8
cbd7V1CLSYxahB4oAqQ8UcCYZAstp0eGWNVxgDjJQq/dCCp4bLrc8aTLk3S/5Spr
9UnCPTooH1KC8JRPnZ44TyX6l5WNSxMgOPoY9gghrCQxMmr6WoK9HNvwnwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFPts3vERarH14gQE9dYpnuddOAY2MB8GA1UdIwQY
MBaAFFdTwGKQo3GZTXV3MYaF9bxKU41HMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVjFQQVlwQ2pjWmxOZFhjeGhvWDF2RXBUalVjLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNy9iNDFhYjYtYjlmMy00YjRhLTliN2It
MWVkMTA5NTRiZDk2LzEvMS0yemU4UkZxc2ZYaUJBVDExaW1lNTEwNEJqWS5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvZTcvYjQxYWI2LWI5ZjMtNGI0YS05YjdiLTFlZDEwOTU0YmQ5
Ni8xL1YxUEFZcENqY1psTmRYY3hob1gxdkVwVGpVYy5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAp6skDAN
BgkqhkiG9w0BAQsFAAOCAQEAqgu1qhp4aK2Wub320/GLDMTWGlD9gCrfPD5/SKtc
d7sVNGKx55IyeJukyPAnhCbAx87E9+aGUe4BEETXHUltD0QC5ZV85viJcy3hlJQ8
+XISAwBC9B2yBFkGlQaHdIW0ipHG/5BNxVr10OMRvE1Wx71gS8881S7595uSP8tL
KltR4l3oJ69Fd5Z69CFua40ssiUyP3Ru9A8N0d+p2VQGspn2NdJOQ5ghXRAi648y
5OEaBYajSW1BKaS4zH3KF9JwDLYO0ADkezbWEo271pvNDCo0x5wGjhLnu4LMd/vo
i37RWpycArL7Tv6EAH0knKCgUYc5WdjKYH0wWes9Sgpu1A==
-----END CERTIFICATE-----