Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fc/e16ee7-efef-4809-89ff-8bdccce5dfe8/1/H9WDvc0OfXB44k8OyrV2kgiLuzs.roa
File:                     H9WDvc0OfXB44k8OyrV2kgiLuzs.roa (raw, json)
Hash identifier:          ECy836T53R0CEG1VyCTCAvl+zi+aWOuz45OEcMa+89w=
Subject key identifier:   1F:D5:83:BD:CD:0E:7D:70:78:E2:4F:0E:CA:B5:76:92:08:8B:BB:3B
Certificate issuer:       /CN=137e1103775785d012fc8ddab4c02ac03791b9d4
Certificate serial:       0194228DF028616E4F0DD29C90EDF57C43D0
Authority key identifier: 13:7E:11:03:77:57:85:D0:12:FC:8D:DA:B4:C0:2A:C0:37:91:B9:D4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/E34RA3dXhdAS_I3atMAqwDeRudQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fc/e16ee7-efef-4809-89ff-8bdccce5dfe8/1/H9WDvc0OfXB44k8OyrV2kgiLuzs.roa
Signing time:             Wed 01 Jan 2025 15:48:34 +0000
ROA not before:           Wed 01 Jan 2025 15:48:34 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     203715
IP address blocks:        185.126.60.0/22 maxlen: 23
                          2a06:bf00::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fc/e16ee7-efef-4809-89ff-8bdccce5dfe8/1/E34RA3dXhdAS_I3atMAqwDeRudQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fc/e16ee7-efef-4809-89ff-8bdccce5dfe8/1/E34RA3dXhdAS_I3atMAqwDeRudQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/E34RA3dXhdAS_I3atMAqwDeRudQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 18:00:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:8d:f0:28:61:6e:4f:0d:d2:9c:90:ed:f5:7c:43:d0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=137e1103775785d012fc8ddab4c02ac03791b9d4
        Validity
            Not Before: Jan  1 15:48:34 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1fd583bdcd0e7d7078e24f0ecab57692088bbb3b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f5:1e:d1:ff:68:58:04:d8:12:31:da:72:3a:37:
                    d9:92:68:90:02:cf:37:bd:9b:56:4b:23:f0:a6:ce:
                    5c:69:9a:0c:7c:79:69:3a:6a:8b:87:90:41:97:7c:
                    42:e1:5c:cf:2e:f1:b3:d4:91:83:4c:3a:5b:cd:95:
                    9f:78:84:f4:f4:ea:0a:2d:10:5d:7d:3c:39:23:28:
                    4d:d1:9e:db:47:c7:4b:be:d2:69:b2:75:68:10:a9:
                    68:ba:d9:cb:cb:00:65:a6:1c:8b:be:92:9e:69:2e:
                    dd:8e:d2:a9:4c:c0:83:e6:51:1d:83:e7:c9:3a:aa:
                    a4:d7:8d:38:d0:f0:68:68:3d:99:47:e7:8d:a2:a0:
                    e5:dc:f0:bd:9a:b0:bb:07:57:84:40:43:d1:42:1a:
                    35:21:b1:bd:c0:d7:b9:3d:ce:d2:ad:e7:99:66:e0:
                    7f:f0:cf:78:ef:b0:ed:cf:c6:cd:4e:be:b9:11:17:
                    49:ca:c5:c4:7f:07:f5:78:42:93:a6:1f:f3:03:ac:
                    85:88:dd:84:ec:ac:bd:8c:ae:76:3c:2f:19:e5:9b:
                    f9:03:2a:4f:95:36:e9:2c:59:1e:cb:d8:7c:77:02:
                    23:7f:8a:a5:c1:ea:91:91:92:fa:bd:87:a1:71:34:
                    2f:2a:67:a3:79:94:f0:9b:bd:54:50:32:7b:5b:7a:
                    b3:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1F:D5:83:BD:CD:0E:7D:70:78:E2:4F:0E:CA:B5:76:92:08:8B:BB:3B
            X509v3 Authority Key Identifier:
                keyid:13:7E:11:03:77:57:85:D0:12:FC:8D:DA:B4:C0:2A:C0:37:91:B9:D4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/E34RA3dXhdAS_I3atMAqwDeRudQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fc/e16ee7-efef-4809-89ff-8bdccce5dfe8/1/H9WDvc0OfXB44k8OyrV2kgiLuzs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fc/e16ee7-efef-4809-89ff-8bdccce5dfe8/1/E34RA3dXhdAS_I3atMAqwDeRudQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.126.60.0/22
                IPv6:
                  2a06:bf00::/29

    Signature Algorithm: sha256WithRSAEncryption
         5c:2e:25:a9:7e:b6:2e:b1:2b:04:1b:8b:d5:41:6d:a9:b4:34:
         26:ea:9d:95:b2:69:e2:7c:4e:ad:7c:9e:0e:6b:91:11:44:66:
         1a:f0:0b:51:79:bf:66:70:50:c8:df:b1:41:6e:22:76:88:69:
         f0:74:7b:d0:2c:f2:b3:b3:67:8e:30:0c:44:93:38:92:b6:fa:
         70:6e:c0:be:71:94:98:f9:86:9f:ae:f8:4c:12:2a:33:20:94:
         61:84:70:a9:5e:3b:ac:a3:26:37:67:0d:0c:47:8c:c7:a6:4f:
         1a:95:3f:52:6f:49:1e:46:a2:26:b2:e1:9b:96:9e:a5:f3:65:
         3c:e5:62:ca:29:4c:ec:f9:57:e0:3e:98:87:3d:4d:af:f4:a1:
         0c:41:d3:c0:6b:d5:16:19:8d:8f:9e:19:da:b5:50:1e:9e:d0:
         98:eb:f5:55:b4:33:83:10:03:4d:7f:90:a7:44:1d:5e:16:e3:
         0b:f5:04:d4:28:64:44:05:a5:74:79:31:38:06:42:d3:2f:88:
         8a:bf:8d:34:71:e6:97:f0:d7:f1:2c:f4:63:be:f4:d3:6b:d6:
         da:6f:61:61:9f:e8:3c:06:5e:5c:0c:68:c3:0f:81:83:00:0d:
         3f:1d:19:8d:5b:f5:5f:6d:bb:0d:3b:3f:2f:24:d8:66:b1:a7:
         1a:09:5f:26
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQijfAoYW5PDdKckO31fEPQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEzN2UxMTAzNzc1Nzg1ZDAxMmZjOGRkYWI0YzAyYWMwMzc5
MWI5ZDQwHhcNMjUwMTAxMTU0ODM0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZmQ1ODNiZGNkMGU3ZDcwNzhlMjRmMGVjYWI1NzY5MjA4OGJiYjNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA9R7R/2hYBNgSMdpyOjfZkmiQAs83
vZtWSyPwps5caZoMfHlpOmqLh5BBl3xC4VzPLvGz1JGDTDpbzZWfeIT09OoKLRBd
fTw5IyhN0Z7bR8dLvtJpsnVoEKloutnLywBlphyLvpKeaS7djtKpTMCD5lEdg+fJ
Oqqk14040PBoaD2ZR+eNoqDl3PC9mrC7B1eEQEPRQho1IbG9wNe5Pc7SreeZZuB/
8M9477Dtz8bNTr65ERdJysXEfwf1eEKTph/zA6yFiN2E7Ky9jK52PC8Z5Zv5AypP
lTbpLFkey9h8dwIjf4qlweqRkZL6vYehcTQvKmejeZTwm71UUDJ7W3qzmwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFB/Vg73NDn1weOJPDsq1dpIIi7s7MB8GA1UdIwQY
MBaAFBN+EQN3V4XQEvyN2rTAKsA3kbnUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRTM0UkEzZFhoZEFTX0kzYXRNQXF3RGVSdWRRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYy9lMTZlZTctZWZlZi00ODA5LTg5ZmYt
OGJkY2NjZTVkZmU4LzEvSDlXRHZjME9mWEI0NGs4T3lyVjJrZ2lMdXpzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYy9lMTZlZTctZWZlZi00ODA5LTg5ZmYtOGJkY2NjZTVkZmU4
LzEvRTM0UkEzZFhoZEFTX0kzYXRNQXF3RGVSdWRRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuX48MA0E
AgACMAcDBQMqBr8AMA0GCSqGSIb3DQEBCwUAA4IBAQBcLiWpfrYusSsEG4vVQW2p
tDQm6p2VsmnifE6tfJ4Oa5ERRGYa8AtReb9mcFDI37FBbiJ2iGnwdHvQLPKzs2eO
MAxEkziStvpwbsC+cZSY+YafrvhMEiozIJRhhHCpXjusoyY3Zw0MR4zHpk8alT9S
b0keRqImsuGblp6l82U85WLKKUzs+VfgPpiHPU2v9KEMQdPAa9UWGY2PnhnatVAe
ntCY6/VVtDODEANNf5CnRB1eFuML9QTUKGREBaV0eTE4BkLTL4iKv400ceaX8Nfx
LPRjvvTTa9bab2Fhn+g8Bl5cDGjDD4GDAA0/HRmNW/VfbbsNOz8vJNhmsacaCV8m
-----END CERTIFICATE-----