Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/41/794f36-9d2a-41bd-928c-94d1b1d16b85/1/RJxr8FfYNXMH1JQVOwgGzONUVKU.roa
File:                     RJxr8FfYNXMH1JQVOwgGzONUVKU.roa (raw, json)
Hash identifier:          DR8gGJ69xVF1vRltrSd3W6LpV3g9f3689+1YFT6WiyI=
Subject key identifier:   44:9C:6B:F0:57:D8:35:73:07:D4:94:15:3B:08:06:CC:E3:54:54:A5
Certificate issuer:       /CN=51b2c401ce5c9e881cd9a3be8efec60022da0eb6
Certificate serial:       0197CAB6BB994EF90AA21B530DA75C1232E2
Authority key identifier: 51:B2:C4:01:CE:5C:9E:88:1C:D9:A3:BE:8E:FE:C6:00:22:DA:0E:B6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/UbLEAc5cnogc2aO-jv7GACLaDrY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/41/794f36-9d2a-41bd-928c-94d1b1d16b85/1/RJxr8FfYNXMH1JQVOwgGzONUVKU.roa
Signing time:             Wed 02 Jul 2025 10:37:42 +0000
ROA not before:           Wed 02 Jul 2025 10:37:42 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     16509
IP address blocks:        185.170.5.0/24 maxlen: 24
                          185.170.6.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/41/794f36-9d2a-41bd-928c-94d1b1d16b85/1/UbLEAc5cnogc2aO-jv7GACLaDrY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/41/794f36-9d2a-41bd-928c-94d1b1d16b85/1/UbLEAc5cnogc2aO-jv7GACLaDrY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/UbLEAc5cnogc2aO-jv7GACLaDrY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 21 Jul 2025 11:01:07 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:ca:b6:bb:99:4e:f9:0a:a2:1b:53:0d:a7:5c:12:32:e2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=51b2c401ce5c9e881cd9a3be8efec60022da0eb6
        Validity
            Not Before: Jul  2 10:37:42 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=449c6bf057d8357307d494153b0806cce35454a5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:b5:8b:dc:d6:f0:a0:14:b5:94:b8:1c:ee:71:
                    55:21:3e:20:dd:0d:24:69:dc:b2:30:fa:4c:ee:15:
                    f5:ac:7e:27:14:c3:d8:ad:cb:8b:e8:61:44:ba:f9:
                    a5:48:4e:27:98:a6:16:ad:f9:f6:2c:13:39:6e:57:
                    f0:e2:c0:14:48:2c:b0:e0:6f:52:98:c1:97:70:4a:
                    19:c1:e7:c9:cb:a7:4a:12:27:50:4f:75:a1:4c:51:
                    48:4d:da:4f:f2:71:b0:29:f1:63:f3:d4:23:6b:ba:
                    68:a5:0b:ce:c4:d1:de:4f:58:13:08:98:8d:77:51:
                    84:75:c5:97:dc:1f:f7:24:26:da:95:6c:56:07:4e:
                    69:b5:9f:29:2b:2b:00:92:18:f3:8c:2f:a1:25:68:
                    58:20:8f:3c:70:2d:ae:10:61:e1:b6:ed:c9:5d:0a:
                    1c:e9:76:f5:ee:7f:e1:e8:4e:ac:3e:54:46:2d:46:
                    7a:f4:28:23:41:79:e6:f6:d0:b4:db:15:fe:5e:67:
                    23:39:68:a7:0e:08:9a:8d:54:5a:71:54:6c:b8:9b:
                    47:37:7f:0f:4c:57:7f:4d:ab:f1:d0:1d:15:f6:64:
                    c7:27:69:dd:f5:04:7f:10:72:4d:ea:c7:21:d2:e5:
                    ad:46:e5:3d:8f:8c:c6:87:57:40:b9:87:5b:3f:f6:
                    aa:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                44:9C:6B:F0:57:D8:35:73:07:D4:94:15:3B:08:06:CC:E3:54:54:A5
            X509v3 Authority Key Identifier:
                keyid:51:B2:C4:01:CE:5C:9E:88:1C:D9:A3:BE:8E:FE:C6:00:22:DA:0E:B6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UbLEAc5cnogc2aO-jv7GACLaDrY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/41/794f36-9d2a-41bd-928c-94d1b1d16b85/1/RJxr8FfYNXMH1JQVOwgGzONUVKU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/41/794f36-9d2a-41bd-928c-94d1b1d16b85/1/UbLEAc5cnogc2aO-jv7GACLaDrY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.170.5.0-185.170.7.255

    Signature Algorithm: sha256WithRSAEncryption
         96:9d:23:e6:7a:e5:64:56:9b:ad:bc:c2:1b:1f:57:f3:e4:97:
         b3:b8:de:79:28:ce:03:d7:91:41:54:29:34:9c:2c:2a:6d:bf:
         f0:d4:44:19:72:ee:c9:cd:98:9d:5a:e7:69:44:fd:15:90:45:
         87:48:04:20:1f:b2:64:a9:54:6a:4d:e5:21:9c:f3:43:00:0a:
         19:91:bb:1f:81:3b:69:c2:cd:b2:89:09:f8:d8:c2:2c:9b:e8:
         f7:fc:37:5b:8a:60:f4:0c:77:c3:ec:bb:0a:d7:95:7f:0b:5f:
         30:4a:fc:3a:35:39:c7:97:e1:7e:ca:9f:39:70:51:c3:50:60:
         e4:a7:dd:a3:75:a1:f5:e1:d0:bd:63:a0:3c:b7:41:dd:9f:41:
         e3:f2:7b:4f:91:bd:2a:5c:ef:88:61:0a:44:05:01:7a:22:37:
         fd:80:35:cf:c7:3c:05:6b:19:e9:36:7f:6d:99:61:77:37:14:
         f1:40:f6:70:c0:09:95:54:6f:a5:aa:a2:7f:4d:00:8c:f5:56:
         06:11:6a:c3:53:86:8b:c2:1b:28:ce:77:d7:a0:21:5a:f9:a8:
         0c:b8:38:02:82:9f:58:c9:a7:a4:ab:ac:87:c4:31:65:22:97:
         01:51:3d:9d:63:ad:84:cb:42:b5:02:81:29:85:53:e8:59:90:
         38:a2:c0:6f
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZfKtruZTvkKohtTDadcEjLiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUxYjJjNDAxY2U1YzllODgxY2Q5YTNiZThlZmVjNjAwMjJk
YTBlYjYwHhcNMjUwNzAyMTAzNzQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NDljNmJmMDU3ZDgzNTczMDdkNDk0MTUzYjA4MDZjY2UzNTQ1NGE1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv7WL3NbwoBS1lLgc7nFVIT4g3Q0k
adyyMPpM7hX1rH4nFMPYrcuL6GFEuvmlSE4nmKYWrfn2LBM5blfw4sAUSCyw4G9S
mMGXcEoZwefJy6dKEidQT3WhTFFITdpP8nGwKfFj89Qja7popQvOxNHeT1gTCJiN
d1GEdcWX3B/3JCbalWxWB05ptZ8pKysAkhjzjC+hJWhYII88cC2uEGHhtu3JXQoc
6Xb17n/h6E6sPlRGLUZ69CgjQXnm9tC02xX+XmcjOWinDgiajVRacVRsuJtHN38P
TFd/Tavx0B0V9mTHJ2nd9QR/EHJN6sch0uWtRuU9j4zGh1dAuYdbP/aqswIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFESca/BX2DVzB9SUFTsIBszjVFSlMB8GA1UdIwQY
MBaAFFGyxAHOXJ6IHNmjvo7+xgAi2g62MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVWJMRUFjNWNub2djMmFPLWp2N0dBQ0xhRHJZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MS83OTRmMzYtOWQyYS00MWJkLTkyOGMt
OTRkMWIxZDE2Yjg1LzEvUkp4cjhGZllOWE1IMUpRVk93Z0d6T05VVktVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MS83OTRmMzYtOWQyYS00MWJkLTkyOGMtOTRkMWIxZDE2Yjg1
LzEvVWJMRUFjNWNub2djMmFPLWp2N0dBQ0xhRHJZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBAC5qgUD
BAO5qgAwDQYJKoZIhvcNAQELBQADggEBAJadI+Z65WRWm628whsfV/Pkl7O43nko
zgPXkUFUKTScLCptv/DURBly7snNmJ1a52lE/RWQRYdIBCAfsmSpVGpN5SGc80MA
ChmRux+BO2nCzbKJCfjYwiyb6Pf8N1uKYPQMd8PsuwrXlX8LXzBK/Do1OceX4X7K
nzlwUcNQYOSn3aN1ofXh0L1joDy3Qd2fQePye0+RvSpc74hhCkQFAXoiN/2ANc/H
PAVrGek2f22ZYXc3FPFA9nDACZVUb6Wqon9NAIz1VgYRasNThovCGyjOd9egIVr5
qAy4OAKCn1jJp6SrrIfEMWUilwFRPZ1jrYTLQrUCgSmFU+hZkDiiwG8=
-----END CERTIFICATE-----