Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fd/185a42-cb7f-4058-86f5-41ae5f4a5055/1/Ej6AGqgrDcCEmdxGQ51_3en2bK0.roa
File:                     Ej6AGqgrDcCEmdxGQ51_3en2bK0.roa (raw, json)
Hash identifier:          iJ7FETE7qwjnaLdIl0yVteeRiSysQ9U3gczbrqrkwXU=
Subject key identifier:   12:3E:80:1A:A8:2B:0D:C0:84:99:DC:46:43:9D:7F:DD:E9:F6:6C:AD
Certificate issuer:       /CN=4cabf33b0b380888fe1e3b80eda48b1781bb7709
Certificate serial:       01942521A0F53FF4AE6A64EF847BAEF068A9
Authority key identifier: 4C:AB:F3:3B:0B:38:08:88:FE:1E:3B:80:ED:A4:8B:17:81:BB:77:09
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TKvzOws4CIj-HjuA7aSLF4G7dwk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fd/185a42-cb7f-4058-86f5-41ae5f4a5055/1/Ej6AGqgrDcCEmdxGQ51_3en2bK0.roa
Signing time:             Thu 02 Jan 2025 03:49:08 +0000
ROA not before:           Thu 02 Jan 2025 03:49:08 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     209400
IP address blocks:        37.228.140.0/22 maxlen: 22
                          94.199.208.0/22 maxlen: 22
                          185.38.40.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fd/185a42-cb7f-4058-86f5-41ae5f4a5055/1/TKvzOws4CIj-HjuA7aSLF4G7dwk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fd/185a42-cb7f-4058-86f5-41ae5f4a5055/1/TKvzOws4CIj-HjuA7aSLF4G7dwk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TKvzOws4CIj-HjuA7aSLF4G7dwk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:21:a0:f5:3f:f4:ae:6a:64:ef:84:7b:ae:f0:68:a9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4cabf33b0b380888fe1e3b80eda48b1781bb7709
        Validity
            Not Before: Jan  2 03:49:08 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=123e801aa82b0dc08499dc46439d7fdde9f66cad
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:6e:ee:b7:c5:f7:5f:4c:99:7d:0d:92:54:d5:
                    23:13:07:ee:2b:53:0c:45:55:ad:07:c3:6f:6b:ce:
                    c9:f5:43:1c:55:6c:c0:df:5d:59:c1:4e:2e:17:1e:
                    e2:95:a7:ea:8b:e5:ff:c9:fc:4e:30:6d:bf:90:3b:
                    67:b0:b6:f0:d2:76:13:fd:82:07:75:93:19:b3:30:
                    5f:c1:b8:47:3e:4e:42:96:2f:17:a3:4f:88:14:d4:
                    73:a4:f7:0f:ff:ac:45:84:5c:b7:de:7a:ad:5a:9e:
                    23:a8:66:52:84:7e:59:65:fd:9f:8c:97:e2:51:7f:
                    9f:db:d8:2e:2e:f3:2e:3d:b7:de:5c:71:93:46:bb:
                    8b:61:39:64:db:27:10:32:9d:bb:e9:59:90:11:3c:
                    30:7f:9c:3b:0b:b4:f3:c5:70:a7:38:12:c4:81:df:
                    44:8d:db:d5:05:38:c7:7d:a0:19:dd:ae:6a:04:93:
                    42:01:39:0e:fa:d7:a3:06:ca:c1:27:5b:b1:e0:f3:
                    fd:f1:c4:e9:17:b9:13:ff:ec:94:09:49:4b:dc:8f:
                    72:3a:0d:78:ba:94:1d:a9:ca:c0:93:5b:c2:05:5a:
                    3e:df:8a:50:23:21:01:e6:d6:1c:25:86:69:e6:cf:
                    9e:fa:13:92:04:dc:54:3f:84:b9:75:02:89:ce:14:
                    52:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                12:3E:80:1A:A8:2B:0D:C0:84:99:DC:46:43:9D:7F:DD:E9:F6:6C:AD
            X509v3 Authority Key Identifier:
                keyid:4C:AB:F3:3B:0B:38:08:88:FE:1E:3B:80:ED:A4:8B:17:81:BB:77:09

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TKvzOws4CIj-HjuA7aSLF4G7dwk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/185a42-cb7f-4058-86f5-41ae5f4a5055/1/Ej6AGqgrDcCEmdxGQ51_3en2bK0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/185a42-cb7f-4058-86f5-41ae5f4a5055/1/TKvzOws4CIj-HjuA7aSLF4G7dwk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.228.140.0/22
                  94.199.208.0/22
                  185.38.40.0/22

    Signature Algorithm: sha256WithRSAEncryption
         0d:67:21:e8:d2:67:bb:59:56:f3:47:44:97:9d:3d:dc:87:c5:
         67:a1:d8:d6:d1:a1:1f:83:3d:ae:cd:e8:ab:22:05:c5:14:4d:
         42:97:bf:ef:ce:6a:51:3d:0a:70:06:30:0c:95:0d:7b:8f:eb:
         23:00:5e:d3:fe:db:7f:9d:ab:90:e8:cf:1c:65:1f:dd:91:8b:
         c8:d5:bb:24:aa:8a:24:0f:46:b2:e2:39:80:18:3b:45:36:e1:
         1f:40:3d:78:aa:8b:d1:66:cd:d5:3f:0f:16:55:b7:49:01:fa:
         b4:3e:b7:94:3e:7a:63:6c:6d:e7:3e:60:fe:f5:1c:54:12:0a:
         8c:c4:f2:8f:41:d8:c3:29:38:df:08:e0:81:eb:5e:e4:80:32:
         f9:04:29:2e:1c:c1:41:bb:4c:dd:41:97:d4:8c:9a:3e:4c:df:
         64:58:e6:d0:4f:77:14:f3:68:2a:c4:e3:77:a1:a1:00:d3:a2:
         28:a6:a2:c7:1b:52:bc:e0:ed:62:07:ba:73:55:8f:6d:a4:eb:
         72:03:2e:23:e8:58:bd:b1:b3:2e:e5:f8:a0:be:91:c7:9d:12:
         2a:28:d6:ca:51:cd:36:b0:f0:80:06:8a:61:49:71:fc:2d:2e:
         d7:28:de:ea:aa:83:18:a4:d4:5f:51:46:8e:57:e4:fe:7e:37:
         78:3c:43:7a
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZQlIaD1P/SuamTvhHuu8GipMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRjYWJmMzNiMGIzODA4ODhmZTFlM2I4MGVkYTQ4YjE3ODFi
Yjc3MDkwHhcNMjUwMTAyMDM0OTA4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMjNlODAxYWE4MmIwZGMwODQ5OWRjNDY0MzlkN2ZkZGU5ZjY2Y2FkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlG7ut8X3X0yZfQ2SVNUjEwfuK1MM
RVWtB8Nva87J9UMcVWzA311ZwU4uFx7ilafqi+X/yfxOMG2/kDtnsLbw0nYT/YIH
dZMZszBfwbhHPk5Cli8Xo0+IFNRzpPcP/6xFhFy33nqtWp4jqGZShH5ZZf2fjJfi
UX+f29guLvMuPbfeXHGTRruLYTlk2ycQMp276VmQETwwf5w7C7TzxXCnOBLEgd9E
jdvVBTjHfaAZ3a5qBJNCATkO+tejBsrBJ1ux4PP98cTpF7kT/+yUCUlL3I9yOg14
upQdqcrAk1vCBVo+34pQIyEB5tYcJYZp5s+e+hOSBNxUP4S5dQKJzhRSwQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFBI+gBqoKw3AhJncRkOdf93p9mytMB8GA1UdIwQY
MBaAFEyr8zsLOAiI/h47gO2kixeBu3cJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVEt2ek93czRDSWotSGp1QTdhU0xGNEc3ZHdrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZC8xODVhNDItY2I3Zi00MDU4LTg2ZjUt
NDFhZTVmNGE1MDU1LzEvRWo2QUdxZ3JEY0NFbWR4R1E1MV8zZW4yYkswLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZC8xODVhNDItY2I3Zi00MDU4LTg2ZjUtNDFhZTVmNGE1MDU1
LzEvVEt2ek93czRDSWotSGp1QTdhU0xGNEc3ZHdrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQCJeSMAwQC
XsfQAwQCuSYoMA0GCSqGSIb3DQEBCwUAA4IBAQANZyHo0me7WVbzR0SXnT3ch8Vn
odjW0aEfgz2uzeirIgXFFE1Cl7/vzmpRPQpwBjAMlQ17j+sjAF7T/tt/nauQ6M8c
ZR/dkYvI1bskqookD0ay4jmAGDtFNuEfQD14qovRZs3VPw8WVbdJAfq0PreUPnpj
bG3nPmD+9RxUEgqMxPKPQdjDKTjfCOCB617kgDL5BCkuHMFBu0zdQZfUjJo+TN9k
WObQT3cU82gqxON3oaEA06IopqLHG1K84O1iB7pzVY9tpOtyAy4j6Fi9sbMu5fig
vpHHnRIqKNbKUc02sPCABophSXH8LS7XKN7qqoMYpNRfUUaOV+T+fjd4PEN6
-----END CERTIFICATE-----