Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f2/35d598-c32c-49a7-b1f6-8f913e2696e5/1/XtPvNkbtFvkSrn1XGkdkM55xfJ4.roa
File:                     XtPvNkbtFvkSrn1XGkdkM55xfJ4.roa (raw, json)
Hash identifier:          XvdvDvnaLffIXutFMAXtL47S87Pb9dwgFS/EYsDxu5Q=
Subject key identifier:   5E:D3:EF:36:46:ED:16:F9:12:AE:7D:57:1A:47:64:33:9E:71:7C:9E
Certificate issuer:       /CN=aac575cafa00bc41d57c494ac1f5dbcfee78332e
Certificate serial:       019423D6F1328B15A7B2988ABF21CADA5979
Authority key identifier: AA:C5:75:CA:FA:00:BC:41:D5:7C:49:4A:C1:F5:DB:CF:EE:78:33:2E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qsV1yvoAvEHVfElKwfXbz-54My4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f2/35d598-c32c-49a7-b1f6-8f913e2696e5/1/XtPvNkbtFvkSrn1XGkdkM55xfJ4.roa
Signing time:             Wed 01 Jan 2025 21:47:56 +0000
ROA not before:           Wed 01 Jan 2025 21:47:56 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     206478
IP address blocks:        185.174.32.0/22 maxlen: 22
                          195.225.200.0/22 maxlen: 22
                          2a10:4140::/29 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f2/35d598-c32c-49a7-b1f6-8f913e2696e5/1/qsV1yvoAvEHVfElKwfXbz-54My4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f2/35d598-c32c-49a7-b1f6-8f913e2696e5/1/qsV1yvoAvEHVfElKwfXbz-54My4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qsV1yvoAvEHVfElKwfXbz-54My4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 22 Feb 2025 03:00:21 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:d6:f1:32:8b:15:a7:b2:98:8a:bf:21:ca:da:59:79
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=aac575cafa00bc41d57c494ac1f5dbcfee78332e
        Validity
            Not Before: Jan  1 21:47:56 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5ed3ef3646ed16f912ae7d571a4764339e717c9e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:cf:33:e4:f3:5e:ec:ad:85:6e:f4:a3:ce:41:
                    38:9b:26:c9:af:f1:c4:d4:ec:15:38:03:55:06:3a:
                    08:21:2a:9a:f7:aa:93:2d:2f:25:4a:fe:87:36:5f:
                    6e:28:4b:e7:c1:4b:11:57:93:72:02:90:26:3e:56:
                    10:91:89:26:9d:47:2f:b8:3f:69:af:a6:b6:be:bf:
                    d6:94:8c:15:e5:62:d5:6e:a0:4a:70:62:39:9c:cf:
                    50:d3:e8:69:2f:84:ca:4d:5b:d2:56:0f:24:45:5d:
                    08:c2:f8:b7:e6:6e:da:f1:dc:69:cb:e0:59:f1:d1:
                    a4:46:f4:1a:e0:a0:80:67:fb:5a:83:5a:a6:5f:a2:
                    52:5a:88:71:8f:97:67:2d:16:6d:4c:88:08:f3:3a:
                    ca:07:77:a4:55:3c:8f:8b:8b:82:37:5d:39:10:1a:
                    20:69:b0:51:68:84:43:99:b8:f1:f4:dd:ba:01:5e:
                    7a:90:22:9e:81:b6:d9:8f:2a:55:91:89:82:9e:45:
                    9a:ab:92:df:8b:31:b2:87:6e:13:a5:81:78:7e:db:
                    d0:e3:e3:b7:76:80:77:07:5c:e6:18:72:eb:2e:48:
                    c6:f2:56:80:3c:7e:c6:11:77:e7:a3:0c:b9:b7:d9:
                    d9:1b:c6:3b:10:a2:cf:48:6a:f9:30:ad:90:bf:11:
                    fe:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5E:D3:EF:36:46:ED:16:F9:12:AE:7D:57:1A:47:64:33:9E:71:7C:9E
            X509v3 Authority Key Identifier:
                keyid:AA:C5:75:CA:FA:00:BC:41:D5:7C:49:4A:C1:F5:DB:CF:EE:78:33:2E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qsV1yvoAvEHVfElKwfXbz-54My4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f2/35d598-c32c-49a7-b1f6-8f913e2696e5/1/XtPvNkbtFvkSrn1XGkdkM55xfJ4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f2/35d598-c32c-49a7-b1f6-8f913e2696e5/1/qsV1yvoAvEHVfElKwfXbz-54My4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.174.32.0/22
                  195.225.200.0/22
                IPv6:
                  2a10:4140::/29

    Signature Algorithm: sha256WithRSAEncryption
         42:83:bf:be:ae:2e:91:3c:ff:bb:66:23:42:79:8a:66:44:f3:
         e7:96:66:11:5f:42:54:18:f2:f0:d6:6e:1c:bf:95:14:0d:c6:
         d5:ce:8c:58:dc:cd:e4:23:87:6a:43:6c:86:f4:d2:8e:9a:64:
         eb:44:34:dd:d6:2a:95:e2:fb:21:88:57:90:3b:fa:50:9f:3a:
         d7:88:7f:db:8e:1e:51:84:c2:48:a0:0d:7c:85:b2:e1:84:e7:
         5a:77:96:16:81:da:63:0e:85:18:19:4b:9d:c7:43:fd:fc:f5:
         f7:15:d7:4e:72:b9:67:13:3b:a5:88:9c:0a:d7:41:85:9f:d4:
         8f:63:64:97:91:a6:c1:5e:b3:81:81:60:b7:02:c0:85:e1:ad:
         f3:84:99:4a:b5:22:36:3b:89:fd:c1:ea:c0:0d:0f:c7:51:03:
         73:2d:9f:5f:a4:9d:30:9e:dd:d1:28:f3:12:9f:5a:41:a7:6b:
         4a:47:b1:65:3b:4e:6c:ac:19:72:73:f3:67:1f:30:0c:a7:dd:
         3e:fa:4d:20:61:f0:58:4b:4d:60:f5:bf:c2:2c:94:86:31:7d:
         f6:ef:ad:9d:1a:32:92:fa:c0:ae:68:6b:b7:b6:ff:a6:e0:7e:
         25:59:e1:ec:50:89:83:07:f4:39:7f:ea:55:a8:bf:4f:7d:a8:
         1c:41:00:22
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZQj1vEyixWnspiKvyHK2ll5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFhYzU3NWNhZmEwMGJjNDFkNTdjNDk0YWMxZjVkYmNmZWU3
ODMzMmUwHhcNMjUwMTAxMjE0NzU2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZWQzZWYzNjQ2ZWQxNmY5MTJhZTdkNTcxYTQ3NjQzMzllNzE3YzllMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnM8z5PNe7K2FbvSjzkE4mybJr/HE
1OwVOANVBjoIISqa96qTLS8lSv6HNl9uKEvnwUsRV5NyApAmPlYQkYkmnUcvuD9p
r6a2vr/WlIwV5WLVbqBKcGI5nM9Q0+hpL4TKTVvSVg8kRV0Iwvi35m7a8dxpy+BZ
8dGkRvQa4KCAZ/tag1qmX6JSWohxj5dnLRZtTIgI8zrKB3ekVTyPi4uCN105EBog
abBRaIRDmbjx9N26AV56kCKegbbZjypVkYmCnkWaq5LfizGyh24TpYF4ftvQ4+O3
doB3B1zmGHLrLkjG8laAPH7GEXfnowy5t9nZG8Y7EKLPSGr5MK2QvxH+dwIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFF7T7zZG7Rb5Eq59VxpHZDOecXyeMB8GA1UdIwQY
MBaAFKrFdcr6ALxB1XxJSsH128/ueDMuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcXNWMXl2b0F2RUhWZkVsS3dmWGJ6LTU0TXk0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMi8zNWQ1OTgtYzMyYy00OWE3LWIxZjYt
OGY5MTNlMjY5NmU1LzEvWHRQdk5rYnRGdmtTcm4xWEdrZGtNNTV4Zko0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMi8zNWQ1OTgtYzMyYy00OWE3LWIxZjYtOGY5MTNlMjY5NmU1
LzEvcXNWMXl2b0F2RUhWZkVsS3dmWGJ6LTU0TXk0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQCua4gAwQC
w+HIMA0EAgACMAcDBQMqEEFAMA0GCSqGSIb3DQEBCwUAA4IBAQBCg7++ri6RPP+7
ZiNCeYpmRPPnlmYRX0JUGPLw1m4cv5UUDcbVzoxY3M3kI4dqQ2yG9NKOmmTrRDTd
1iqV4vshiFeQO/pQnzrXiH/bjh5RhMJIoA18hbLhhOdad5YWgdpjDoUYGUudx0P9
/PX3FddOcrlnEzuliJwK10GFn9SPY2SXkabBXrOBgWC3AsCF4a3zhJlKtSI2O4n9
werADQ/HUQNzLZ9fpJ0wnt3RKPMSn1pBp2tKR7FlO05srBlyc/NnHzAMp90++k0g
YfBYS01g9b/CLJSGMX32762dGjKS+sCuaGu3tv+m4H4lWeHsUImDB/Q5f+pVqL9P
fagcQQAi
-----END CERTIFICATE-----