Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f3/00849e-d8e6-4bb1-ad30-ad8bc8bc7967/1/VDUmlbPbD_0WCZyFWWLJS1vBgsg.roa
File:                     VDUmlbPbD_0WCZyFWWLJS1vBgsg.roa (raw, json)
Hash identifier:          8y2x4Go8M4U5DXG37YksmddS/xw5uNEZkeofCD3CA58=
Subject key identifier:   54:35:26:95:B3:DB:0F:FD:16:09:9C:85:59:62:C9:4B:5B:C1:82:C8
Certificate issuer:       /CN=7a17259a863c3d637d457e119b750df95e003fd6
Certificate serial:       018CC493316B18CDF49009AB37F122FDCF75
Authority key identifier: 7A:17:25:9A:86:3C:3D:63:7D:45:7E:11:9B:75:0D:F9:5E:00:3F:D6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ehclmoY8PWN9RX4Rm3UN-V4AP9Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f3/00849e-d8e6-4bb1-ad30-ad8bc8bc7967/1/VDUmlbPbD_0WCZyFWWLJS1vBgsg.roa
Signing time:             Mon 01 Jan 2024 10:30:29 +0000
ROA not before:           Mon 01 Jan 2024 10:30:29 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     33915
IP address blocks:        185.222.228.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f3/00849e-d8e6-4bb1-ad30-ad8bc8bc7967/1/ehclmoY8PWN9RX4Rm3UN-V4AP9Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f3/00849e-d8e6-4bb1-ad30-ad8bc8bc7967/1/ehclmoY8PWN9RX4Rm3UN-V4AP9Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ehclmoY8PWN9RX4Rm3UN-V4AP9Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 16:01:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:31:6b:18:cd:f4:90:09:ab:37:f1:22:fd:cf:75
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7a17259a863c3d637d457e119b750df95e003fd6
        Validity
            Not Before: Jan  1 10:30:29 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=54352695b3db0ffd16099c855962c94b5bc182c8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:10:38:0e:7c:82:c7:41:67:b0:52:4a:b2:53:
                    d2:89:6c:cf:29:70:03:ec:a5:66:f0:3c:d3:2f:69:
                    e1:ea:bb:b0:a9:15:38:3a:df:84:61:a5:f9:17:8c:
                    c2:88:9c:0d:b4:a5:c1:54:6d:79:36:41:e5:3e:b0:
                    76:fe:fe:e8:3b:5f:fc:65:0e:11:2a:5b:d8:e1:38:
                    d0:3c:13:95:b4:2e:fe:1f:a0:36:8c:94:68:37:d6:
                    01:7c:a1:ca:78:ed:bc:a8:23:08:eb:e8:9e:79:ea:
                    5e:4f:c5:65:1b:f2:76:1f:a6:07:7b:d5:19:93:ba:
                    e1:6f:90:24:44:c1:57:35:70:6a:2a:16:6a:13:36:
                    84:23:58:04:e6:f0:0c:32:b1:ee:18:15:80:ac:84:
                    81:5b:6e:10:5c:d8:b1:5b:b3:64:b3:97:f5:c1:81:
                    25:f2:1e:4d:9f:16:78:c7:f2:19:f7:05:b2:f8:c9:
                    4b:31:20:18:9a:cc:32:bf:5e:a7:ea:17:37:08:21:
                    dc:79:16:b6:38:22:00:e8:d1:ff:e7:4c:60:f1:01:
                    36:1a:f2:1e:5a:d2:e3:f0:9f:0e:21:2f:62:cd:01:
                    b3:61:c7:de:6e:d5:7f:94:dc:b7:85:21:5b:7c:28:
                    31:b0:18:b6:ef:b0:91:76:f4:7d:63:7c:c6:d6:df:
                    83:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                54:35:26:95:B3:DB:0F:FD:16:09:9C:85:59:62:C9:4B:5B:C1:82:C8
            X509v3 Authority Key Identifier:
                keyid:7A:17:25:9A:86:3C:3D:63:7D:45:7E:11:9B:75:0D:F9:5E:00:3F:D6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ehclmoY8PWN9RX4Rm3UN-V4AP9Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/00849e-d8e6-4bb1-ad30-ad8bc8bc7967/1/VDUmlbPbD_0WCZyFWWLJS1vBgsg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/00849e-d8e6-4bb1-ad30-ad8bc8bc7967/1/ehclmoY8PWN9RX4Rm3UN-V4AP9Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.222.228.0/22

    Signature Algorithm: sha256WithRSAEncryption
         2e:5a:16:c9:67:bc:b8:03:ed:a5:0d:82:5d:df:e7:39:1f:19:
         0c:57:37:e6:e2:f2:ce:ca:17:52:d9:d3:58:5d:16:3d:f7:8a:
         5f:a3:af:64:1d:ab:bd:74:f0:07:40:fd:4f:0f:ec:0a:ec:1c:
         0a:bc:11:4b:2d:e9:c5:7f:ef:a9:c2:21:c5:4d:18:a8:cd:91:
         15:53:d2:52:0d:70:8c:53:ba:b2:ca:9c:a0:2b:2b:97:ce:3f:
         98:34:c0:35:35:5e:a1:38:11:48:6d:34:6a:5b:d5:07:f6:00:
         b6:14:59:df:e5:9d:60:39:88:e4:65:e6:46:b5:91:33:0f:f9:
         46:92:92:49:73:0e:66:02:fe:66:e5:d8:b9:08:0e:87:88:91:
         a3:9f:1f:c0:f6:31:e1:df:cb:a0:cd:cb:c8:b4:90:53:d8:98:
         98:0d:10:37:06:5e:ea:e6:df:29:05:41:07:95:d5:81:fb:95:
         94:a7:37:4e:09:b8:b1:22:62:a2:5c:c2:de:6d:ff:36:4f:48:
         5f:9e:26:12:ed:e4:ab:6d:79:45:17:8b:db:13:80:5c:1f:cd:
         38:5b:2a:66:23:cb:ee:ea:ff:2c:cc:fd:3c:21:4d:06:c0:43:
         0f:da:27:0d:b4:63:c7:78:52:bf:fa:26:eb:60:ae:c6:e0:65:
         eb:5d:ff:8b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEkzFrGM30kAmrN/Ei/c91MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdhMTcyNTlhODYzYzNkNjM3ZDQ1N2UxMTliNzUwZGY5NWUw
MDNmZDYwHhcNMjQwMTAxMTAzMDI5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NDM1MjY5NWIzZGIwZmZkMTYwOTljODU1OTYyYzk0YjViYzE4MmM4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnBA4DnyCx0FnsFJKslPSiWzPKXAD
7KVm8DzTL2nh6ruwqRU4Ot+EYaX5F4zCiJwNtKXBVG15NkHlPrB2/v7oO1/8ZQ4R
KlvY4TjQPBOVtC7+H6A2jJRoN9YBfKHKeO28qCMI6+ieeepeT8VlG/J2H6YHe9UZ
k7rhb5AkRMFXNXBqKhZqEzaEI1gE5vAMMrHuGBWArISBW24QXNixW7Nks5f1wYEl
8h5NnxZ4x/IZ9wWy+MlLMSAYmswyv16n6hc3CCHceRa2OCIA6NH/50xg8QE2GvIe
WtLj8J8OIS9izQGzYcfebtV/lNy3hSFbfCgxsBi277CRdvR9Y3zG1t+DiwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFQ1JpWz2w/9FgmchVliyUtbwYLIMB8GA1UdIwQY
MBaAFHoXJZqGPD1jfUV+EZt1DfleAD/WMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZWhjbG1vWThQV045Ulg0Um0zVU4tVjRBUDlZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMy8wMDg0OWUtZDhlNi00YmIxLWFkMzAt
YWQ4YmM4YmM3OTY3LzEvVkRVbWxiUGJEXzBXQ1p5RldXTEpTMXZCZ3NnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMy8wMDg0OWUtZDhlNi00YmIxLWFkMzAtYWQ4YmM4YmM3OTY3
LzEvZWhjbG1vWThQV045Ulg0Um0zVU4tVjRBUDlZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCud7kMA0G
CSqGSIb3DQEBCwUAA4IBAQAuWhbJZ7y4A+2lDYJd3+c5HxkMVzfm4vLOyhdS2dNY
XRY994pfo69kHau9dPAHQP1PD+wK7BwKvBFLLenFf++pwiHFTRiozZEVU9JSDXCM
U7qyypygKyuXzj+YNMA1NV6hOBFIbTRqW9UH9gC2FFnf5Z1gOYjkZeZGtZEzD/lG
kpJJcw5mAv5m5di5CA6HiJGjnx/A9jHh38ugzcvItJBT2JiYDRA3Bl7q5t8pBUEH
ldWB+5WUpzdOCbixImKiXMLebf82T0hfniYS7eSrbXlFF4vbE4BcH804WypmI8vu
6v8szP08IU0GwEMP2icNtGPHeFK/+ibrYK7G4GXrXf+L
-----END CERTIFICATE-----