Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f2/1bcb8b-a3f8-48cc-8db9-3df9e21f4bcc/1/ciNzVE1_d0-QMInDSswN3EHLVNg.roa
File:                     ciNzVE1_d0-QMInDSswN3EHLVNg.roa (raw, json)
Hash identifier:          Wmjyk4Nl2dmeXznw2MTEjEcjFaiybhooG5LGrJ1VKM8=
Subject key identifier:   72:23:73:54:4D:7F:77:4F:90:30:89:C3:4A:CC:0D:DC:41:CB:54:D8
Certificate issuer:       /CN=becec531e5c37756b828663f9cc20ad6217713ac
Certificate serial:       0194266AB4DD94A33784A06F53F4822DE202
Authority key identifier: BE:CE:C5:31:E5:C3:77:56:B8:28:66:3F:9C:C2:0A:D6:21:77:13:AC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vs7FMeXDd1a4KGY_nMIK1iF3E6w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f2/1bcb8b-a3f8-48cc-8db9-3df9e21f4bcc/1/ciNzVE1_d0-QMInDSswN3EHLVNg.roa
Signing time:             Thu 02 Jan 2025 09:48:34 +0000
ROA not before:           Thu 02 Jan 2025 09:48:34 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213283
IP address blocks:        164.133.22.0/24 maxlen: 24
                          164.133.23.0/24 maxlen: 24
                          164.133.24.0/24 maxlen: 24
                          164.133.25.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f2/1bcb8b-a3f8-48cc-8db9-3df9e21f4bcc/1/vs7FMeXDd1a4KGY_nMIK1iF3E6w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f2/1bcb8b-a3f8-48cc-8db9-3df9e21f4bcc/1/vs7FMeXDd1a4KGY_nMIK1iF3E6w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vs7FMeXDd1a4KGY_nMIK1iF3E6w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 16 Apr 2025 15:22:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:6a:b4:dd:94:a3:37:84:a0:6f:53:f4:82:2d:e2:02
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=becec531e5c37756b828663f9cc20ad6217713ac
        Validity
            Not Before: Jan  2 09:48:34 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=722373544d7f774f903089c34acc0ddc41cb54d8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:e3:b2:ae:ef:8f:17:9a:1b:58:43:87:2c:94:
                    2b:db:52:4f:52:27:e2:f5:97:00:4d:21:1c:d6:d8:
                    53:e1:aa:6b:78:51:0d:af:29:33:00:ab:a1:91:a6:
                    bc:48:35:92:1c:3f:fb:61:f3:84:32:93:b4:07:d1:
                    6e:ff:49:86:82:f3:cf:a5:ae:15:1a:34:50:ca:4f:
                    2a:8b:c5:1c:c3:8c:23:d1:aa:8c:7e:16:6a:3e:79:
                    36:bf:cd:41:b5:75:01:95:e5:d4:fe:9b:27:71:d3:
                    f0:b8:8a:81:38:2e:ba:29:56:6f:7a:a1:c7:10:dd:
                    55:ef:17:7d:fb:60:2e:af:e7:be:20:8e:ee:25:fe:
                    1f:b0:29:2f:bb:be:c2:98:fb:11:10:02:85:40:7b:
                    48:f8:b4:f1:3a:74:fe:0f:93:ee:ce:4c:c1:cd:63:
                    eb:9a:a8:16:1a:8a:b7:7a:f5:46:9a:94:6a:0b:17:
                    fd:29:b6:b2:0a:88:ef:27:61:76:e9:76:31:ed:43:
                    84:16:8f:f5:0b:c3:25:9f:f0:6a:57:4a:ee:e4:9a:
                    17:73:06:fe:78:bb:00:8a:dd:af:02:df:45:f6:0d:
                    33:ff:df:0e:bf:10:99:25:3e:88:cc:b6:61:82:13:
                    c7:0f:3f:cb:24:1a:b6:d5:d1:a6:0a:8d:f9:01:c2:
                    e7:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                72:23:73:54:4D:7F:77:4F:90:30:89:C3:4A:CC:0D:DC:41:CB:54:D8
            X509v3 Authority Key Identifier:
                keyid:BE:CE:C5:31:E5:C3:77:56:B8:28:66:3F:9C:C2:0A:D6:21:77:13:AC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vs7FMeXDd1a4KGY_nMIK1iF3E6w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f2/1bcb8b-a3f8-48cc-8db9-3df9e21f4bcc/1/ciNzVE1_d0-QMInDSswN3EHLVNg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f2/1bcb8b-a3f8-48cc-8db9-3df9e21f4bcc/1/vs7FMeXDd1a4KGY_nMIK1iF3E6w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  164.133.22.0-164.133.25.255

    Signature Algorithm: sha256WithRSAEncryption
         13:ee:b7:f8:24:72:00:fe:81:3c:b7:f9:53:4c:31:8f:a8:f0:
         8a:c6:b1:ce:95:6f:a5:ca:09:9b:9e:05:1e:fe:6d:14:66:3d:
         b1:d5:5f:4d:4c:9a:50:7e:a9:89:91:3a:b4:a2:27:2a:da:e3:
         40:b6:4c:bb:0e:1c:fb:c2:0c:f6:63:f1:80:e0:27:2f:24:a0:
         6e:67:cc:ed:df:69:56:26:e3:d6:1e:e1:39:ab:bc:29:7e:06:
         22:ba:65:11:00:67:9f:0b:7d:bc:30:e2:1a:30:97:67:be:1b:
         9c:fc:07:c3:56:ad:e0:4d:6f:e6:66:4e:f8:7d:a2:1a:96:91:
         d3:51:cf:fc:df:61:38:6f:c8:58:8d:e8:5e:72:62:67:fd:bc:
         d1:6f:8c:ac:7e:52:19:95:84:3a:3d:6c:90:b7:d2:f8:0a:08:
         bf:90:cc:36:1c:92:ad:4c:08:46:ea:f1:99:e8:29:d5:18:06:
         9b:ce:f7:da:c5:a4:16:23:58:77:9b:e9:c6:5b:a8:6f:5e:25:
         98:62:0c:94:2e:86:96:57:84:08:2f:1a:20:62:67:d1:dd:93:
         a1:b5:7c:76:e8:b7:e7:78:95:fb:53:6d:c1:c9:ef:40:71:b1:
         d1:8d:3e:24:56:1a:85:90:40:e3:49:4e:65:3d:d8:ed:3a:2e:
         61:97:57:75
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZQmarTdlKM3hKBvU/SCLeICMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJlY2VjNTMxZTVjMzc3NTZiODI4NjYzZjljYzIwYWQ2MjE3
NzEzYWMwHhcNMjUwMTAyMDk0ODM0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MjIzNzM1NDRkN2Y3NzRmOTAzMDg5YzM0YWNjMGRkYzQxY2I1NGQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApeOyru+PF5obWEOHLJQr21JPUifi
9ZcATSEc1thT4apreFENrykzAKuhkaa8SDWSHD/7YfOEMpO0B9Fu/0mGgvPPpa4V
GjRQyk8qi8Ucw4wj0aqMfhZqPnk2v81BtXUBleXU/psncdPwuIqBOC66KVZveqHH
EN1V7xd9+2Aur+e+II7uJf4fsCkvu77CmPsREAKFQHtI+LTxOnT+D5PuzkzBzWPr
mqgWGoq3evVGmpRqCxf9KbayCojvJ2F26XYx7UOEFo/1C8Mln/BqV0ru5JoXcwb+
eLsAit2vAt9F9g0z/98OvxCZJT6IzLZhghPHDz/LJBq21dGmCo35AcLnwQIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFHIjc1RNf3dPkDCJw0rMDdxBy1TYMB8GA1UdIwQY
MBaAFL7OxTHlw3dWuChmP5zCCtYhdxOsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdnM3Rk1lWERkMWE0S0dZX25NSUsxaUYzRTZ3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMi8xYmNiOGItYTNmOC00OGNjLThkYjkt
M2RmOWUyMWY0YmNjLzEvY2lOelZFMV9kMC1RTUluRFNzd04zRUhMVk5nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMi8xYmNiOGItYTNmOC00OGNjLThkYjktM2RmOWUyMWY0YmNj
LzEvdnM3Rk1lWERkMWE0S0dZX25NSUsxaUYzRTZ3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBAGkhRYD
BAGkhRgwDQYJKoZIhvcNAQELBQADggEBABPut/gkcgD+gTy3+VNMMY+o8IrGsc6V
b6XKCZueBR7+bRRmPbHVX01MmlB+qYmROrSiJyra40C2TLsOHPvCDPZj8YDgJy8k
oG5nzO3faVYm49Ye4TmrvCl+BiK6ZREAZ58Lfbww4howl2e+G5z8B8NWreBNb+Zm
Tvh9ohqWkdNRz/zfYThvyFiN6F5yYmf9vNFvjKx+UhmVhDo9bJC30vgKCL+QzDYc
kq1MCEbq8ZnoKdUYBpvO99rFpBYjWHeb6cZbqG9eJZhiDJQuhpZXhAgvGiBiZ9Hd
k6G1fHbot+d4lftTbcHJ70BxsdGNPiRWGoWQQONJTmU92O06LmGXV3U=
-----END CERTIFICATE-----