Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4e/2cc419-8e34-41a9-b243-855418ffed41/1/DeUyFhT69cmh4NiULPAn4CjWtio.roa
File:                     DeUyFhT69cmh4NiULPAn4CjWtio.roa (raw, json)
Hash identifier:          KtQr4HwbIcKaH6QV6BUHrNqnnouynbKOf6xAaROVTgA=
Subject key identifier:   0D:E5:32:16:14:FA:F5:C9:A1:E0:D8:94:2C:F0:27:E0:28:D6:B6:2A
Certificate issuer:       /CN=54f87b5a62c1ff0f522812e9add1756bc73384c5
Certificate serial:       019420686B854293B66FA5ACC69770232E57
Authority key identifier: 54:F8:7B:5A:62:C1:FF:0F:52:28:12:E9:AD:D1:75:6B:C7:33:84:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VPh7WmLB_w9SKBLprdF1a8czhMU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4e/2cc419-8e34-41a9-b243-855418ffed41/1/DeUyFhT69cmh4NiULPAn4CjWtio.roa
Signing time:             Wed 01 Jan 2025 05:48:21 +0000
ROA not before:           Wed 01 Jan 2025 05:48:21 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     208444
IP address blocks:        185.192.170.0/23 maxlen: 32
                          2a06:5d07::/32 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4e/2cc419-8e34-41a9-b243-855418ffed41/1/VPh7WmLB_w9SKBLprdF1a8czhMU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4e/2cc419-8e34-41a9-b243-855418ffed41/1/VPh7WmLB_w9SKBLprdF1a8czhMU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VPh7WmLB_w9SKBLprdF1a8czhMU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 15 Apr 2025 23:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:68:6b:85:42:93:b6:6f:a5:ac:c6:97:70:23:2e:57
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=54f87b5a62c1ff0f522812e9add1756bc73384c5
        Validity
            Not Before: Jan  1 05:48:21 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0de5321614faf5c9a1e0d8942cf027e028d6b62a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e3:d3:f9:55:7e:4a:09:86:b0:7b:68:66:53:c7:
                    1d:2a:8b:b5:6e:63:eb:98:6d:2f:30:02:56:cc:24:
                    1c:c5:8a:5c:f4:fa:07:a6:f3:b9:d0:fc:8a:49:35:
                    7d:7f:17:33:87:fb:2b:c2:03:15:cf:36:56:ab:59:
                    b7:25:cd:55:24:96:09:c6:51:ce:ef:ee:84:80:49:
                    73:c8:44:56:75:4b:dc:7f:65:61:50:cf:d9:a2:42:
                    65:e9:c3:1c:68:44:50:a6:75:2b:8a:f6:e7:b6:b7:
                    81:cf:cb:a8:67:22:54:3d:67:13:39:66:c8:a5:d8:
                    8f:d6:7a:78:0e:84:6a:c5:66:2a:83:71:87:8d:b0:
                    9c:e7:1f:0c:80:76:94:c3:bf:1a:2d:d0:05:92:99:
                    f3:78:3b:cc:e7:07:63:90:4c:26:f4:2e:83:f9:fa:
                    53:76:e4:d3:b5:c3:d8:fe:7e:39:1d:78:43:c4:c6:
                    2c:3e:00:f3:ec:72:7a:24:94:7e:75:92:06:2f:ae:
                    55:f7:3f:97:7b:ba:a9:1d:33:f3:f2:66:cd:5c:85:
                    d8:3c:1e:d3:d9:36:00:fa:cb:00:8c:79:9a:0e:08:
                    78:e4:3d:e4:41:55:c3:b4:60:dd:26:28:b6:0f:df:
                    df:a3:40:f4:14:a1:cc:d0:0b:c1:2d:47:3d:fe:8b:
                    dd:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0D:E5:32:16:14:FA:F5:C9:A1:E0:D8:94:2C:F0:27:E0:28:D6:B6:2A
            X509v3 Authority Key Identifier:
                keyid:54:F8:7B:5A:62:C1:FF:0F:52:28:12:E9:AD:D1:75:6B:C7:33:84:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VPh7WmLB_w9SKBLprdF1a8czhMU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/2cc419-8e34-41a9-b243-855418ffed41/1/DeUyFhT69cmh4NiULPAn4CjWtio.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/2cc419-8e34-41a9-b243-855418ffed41/1/VPh7WmLB_w9SKBLprdF1a8czhMU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.192.170.0/23
                IPv6:
                  2a06:5d07::/32

    Signature Algorithm: sha256WithRSAEncryption
         0f:d6:c3:92:ba:44:b5:d7:b1:f6:dc:8f:2a:95:87:b1:b0:a4:
         7c:23:65:d8:e3:1c:a1:d9:f0:97:22:47:e5:0a:b9:c8:8b:41:
         53:81:21:bf:23:79:93:6c:a2:62:94:1a:3f:d1:45:9f:c4:d7:
         4e:52:25:d6:65:93:b2:ba:4a:f1:fc:06:dc:29:a0:cc:06:93:
         4c:4e:7e:72:23:4c:28:fa:23:5f:57:6b:2a:7a:9f:79:a8:19:
         ee:2b:39:3e:44:2f:ad:07:06:61:f2:da:d8:b0:0c:23:4d:89:
         29:51:16:7a:14:bf:a1:18:17:e6:ef:3e:9f:8d:d6:c1:4a:fb:
         6f:1f:93:1d:45:c2:2e:0a:ac:e3:21:78:bc:6a:30:d1:29:92:
         ee:43:8a:99:d8:bc:c8:1a:09:73:a1:b2:86:0c:a3:62:4f:99:
         1c:6b:9a:46:c5:12:f2:bf:ce:bc:d1:ac:aa:9d:5e:c0:fe:02:
         14:f5:6a:54:a6:41:e8:79:5b:c1:aa:74:9b:ad:af:b9:6b:48:
         75:76:e8:7d:4f:5e:8f:eb:be:35:85:e6:5d:cd:ed:32:da:9d:
         3a:f8:9f:3b:54:7d:a1:21:6c:bc:4d:39:fa:c3:b0:55:38:89:
         6c:f6:51:96:54:5c:c3:93:f4:18:7c:5e:19:92:28:e0:3b:79:
         39:fd:fc:7e
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQgaGuFQpO2b6WsxpdwIy5XMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU0Zjg3YjVhNjJjMWZmMGY1MjI4MTJlOWFkZDE3NTZiYzcz
Mzg0YzUwHhcNMjUwMTAxMDU0ODIxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZGU1MzIxNjE0ZmFmNWM5YTFlMGQ4OTQyY2YwMjdlMDI4ZDZiNjJhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA49P5VX5KCYawe2hmU8cdKou1bmPr
mG0vMAJWzCQcxYpc9PoHpvO50PyKSTV9fxczh/srwgMVzzZWq1m3Jc1VJJYJxlHO
7+6EgElzyERWdUvcf2VhUM/ZokJl6cMcaERQpnUrivbntreBz8uoZyJUPWcTOWbI
pdiP1np4DoRqxWYqg3GHjbCc5x8MgHaUw78aLdAFkpnzeDvM5wdjkEwm9C6D+fpT
duTTtcPY/n45HXhDxMYsPgDz7HJ6JJR+dZIGL65V9z+Xe7qpHTPz8mbNXIXYPB7T
2TYA+ssAjHmaDgh45D3kQVXDtGDdJii2D9/fo0D0FKHM0AvBLUc9/ovdSQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFA3lMhYU+vXJoeDYlCzwJ+Ao1rYqMB8GA1UdIwQY
MBaAFFT4e1piwf8PUigS6a3RdWvHM4TFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVlBoN1dtTEJfdzlTS0JMcHJkRjFhOGN6aE1VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZS8yY2M0MTktOGUzNC00MWE5LWIyNDMt
ODU1NDE4ZmZlZDQxLzEvRGVVeUZoVDY5Y21oNE5pVUxQQW40Q2pXdGlvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZS8yY2M0MTktOGUzNC00MWE5LWIyNDMtODU1NDE4ZmZlZDQx
LzEvVlBoN1dtTEJfdzlTS0JMcHJkRjFhOGN6aE1VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQBucCqMA0E
AgACMAcDBQAqBl0HMA0GCSqGSIb3DQEBCwUAA4IBAQAP1sOSukS117H23I8qlYex
sKR8I2XY4xyh2fCXIkflCrnIi0FTgSG/I3mTbKJilBo/0UWfxNdOUiXWZZOyukrx
/AbcKaDMBpNMTn5yI0wo+iNfV2sqep95qBnuKzk+RC+tBwZh8trYsAwjTYkpURZ6
FL+hGBfm7z6fjdbBSvtvH5MdRcIuCqzjIXi8ajDRKZLuQ4qZ2LzIGglzobKGDKNi
T5kca5pGxRLyv8680ayqnV7A/gIU9WpUpkHoeVvBqnSbra+5a0h1duh9T16P6741
heZdze0y2p06+J87VH2hIWy8TTn6w7BVOIls9lGWVFzDk/QYfF4ZkijgO3k5/fx+
-----END CERTIFICATE-----