Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/Cq_toeQUWhDppWQevYSSZRMwBM4.roa
File:                     Cq_toeQUWhDppWQevYSSZRMwBM4.roa (raw, json)
Hash identifier:          dQlwlk3r/dD5EtwcR8DoddxkNdqobcDjNN30SWfIH1Y=
Subject key identifier:   0A:AF:ED:A1:E4:14:5A:10:E9:A5:64:1E:BD:84:92:65:13:30:04:CE
Certificate issuer:       /CN=6c8fd1a8ae5996c1e5692c1a8c42bfe9c3ba5745
Certificate serial:       0194236A46E1D9C7EB153692F720083FABA1
Authority key identifier: 6C:8F:D1:A8:AE:59:96:C1:E5:69:2C:1A:8C:42:BF:E9:C3:BA:57:45
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bI_RqK5ZlsHlaSwajEK_6cO6V0U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/Cq_toeQUWhDppWQevYSSZRMwBM4.roa
Signing time:             Wed 01 Jan 2025 19:49:15 +0000
ROA not before:           Wed 01 Jan 2025 19:49:15 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     62468
IP address blocks:        185.223.165.0/24 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/bI_RqK5ZlsHlaSwajEK_6cO6V0U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/bI_RqK5ZlsHlaSwajEK_6cO6V0U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bI_RqK5ZlsHlaSwajEK_6cO6V0U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 09 Apr 2025 22:00:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:6a:46:e1:d9:c7:eb:15:36:92:f7:20:08:3f:ab:a1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6c8fd1a8ae5996c1e5692c1a8c42bfe9c3ba5745
        Validity
            Not Before: Jan  1 19:49:15 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0aafeda1e4145a10e9a5641ebd849265133004ce
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:b4:c3:04:ba:88:c5:4f:32:56:72:a8:05:bd:
                    1b:71:5b:b7:4c:f6:f7:88:75:cb:9d:f7:cd:23:94:
                    2b:9e:9e:ca:17:5e:af:4c:b5:65:13:49:5f:81:e4:
                    b3:13:b4:35:3a:81:33:bd:cd:2e:47:b0:b4:d0:4d:
                    d1:59:4d:d1:db:36:09:5c:4f:37:24:57:83:22:7f:
                    0e:97:aa:d0:3f:f4:67:e4:f7:aa:b1:27:0a:5b:19:
                    35:3a:55:71:11:c5:dd:72:55:28:73:41:ff:ad:bf:
                    18:a5:3b:db:17:6e:0b:0f:3a:7b:fc:5d:50:61:01:
                    ab:c9:d6:5f:a2:44:07:7c:4e:ff:37:d8:f6:e8:2d:
                    aa:f7:c8:18:cc:9e:a0:89:f7:d6:11:b3:e5:7c:d3:
                    41:cf:62:3d:de:00:6f:4c:78:89:12:46:60:9a:c2:
                    dd:30:2d:8e:96:3b:8b:e6:be:9c:76:77:bb:ee:e6:
                    6a:8c:2f:9d:a2:58:f8:9d:1e:b3:41:d7:52:40:35:
                    73:c3:08:75:be:3e:bd:21:8c:70:cc:03:6f:82:5d:
                    ab:f5:d5:20:17:ab:f1:14:26:a2:5b:4c:bc:d4:68:
                    9e:3f:84:d8:df:0c:72:86:7e:ce:b2:88:77:54:c1:
                    2f:50:6e:a8:2f:aa:fd:68:f4:1b:e9:8b:76:06:fe:
                    c5:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0A:AF:ED:A1:E4:14:5A:10:E9:A5:64:1E:BD:84:92:65:13:30:04:CE
            X509v3 Authority Key Identifier:
                keyid:6C:8F:D1:A8:AE:59:96:C1:E5:69:2C:1A:8C:42:BF:E9:C3:BA:57:45

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bI_RqK5ZlsHlaSwajEK_6cO6V0U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/Cq_toeQUWhDppWQevYSSZRMwBM4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/bI_RqK5ZlsHlaSwajEK_6cO6V0U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.223.165.0/24

    Signature Algorithm: sha256WithRSAEncryption
         87:42:24:45:56:bf:99:77:ee:a9:5d:69:64:eb:d3:4a:31:43:
         3a:4b:54:f5:54:3a:71:02:51:4d:5a:62:09:11:1e:4c:27:00:
         92:ef:25:97:aa:6c:be:27:89:ad:7a:c4:ca:75:1d:71:f2:d8:
         3e:f9:15:0b:37:58:d2:b1:23:f3:64:77:c5:da:f4:01:f1:13:
         e5:0a:7e:96:d5:ef:7f:81:b1:a0:48:b0:b5:ad:c1:9e:5b:c6:
         1c:8a:6c:a5:eb:a6:ac:4a:54:a8:70:33:82:da:6f:53:d5:d0:
         5a:61:3d:5a:d3:0f:ee:bf:d6:64:60:e7:6e:e9:09:5d:3c:35:
         3f:78:dc:23:64:47:86:7f:ce:7c:b4:bb:02:78:67:4f:78:c5:
         8f:56:83:e6:06:81:2c:89:de:80:a4:65:4f:02:ac:25:9c:e2:
         29:61:24:4f:c6:bf:4d:09:1e:bd:3f:8d:97:15:b6:05:7b:1e:
         9e:68:7f:e4:23:24:ce:27:66:21:a1:f1:2a:f9:78:d8:b5:5d:
         43:ad:50:b9:15:33:3f:77:54:8b:33:3e:65:7b:82:e6:5e:8e:
         4b:85:0f:6c:50:33:a1:dd:74:18:0e:13:c4:83:6a:ab:c8:3a:
         c3:aa:0d:a9:28:87:e8:d8:a4:c1:17:05:32:0c:f3:1f:eb:f7:
         9a:1f:4f:e0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQjakbh2cfrFTaS9yAIP6uhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZjOGZkMWE4YWU1OTk2YzFlNTY5MmMxYThjNDJiZmU5YzNi
YTU3NDUwHhcNMjUwMTAxMTk0OTE1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYWFmZWRhMWU0MTQ1YTEwZTlhNTY0MWViZDg0OTI2NTEzMzAwNGNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArbTDBLqIxU8yVnKoBb0bcVu3TPb3
iHXLnffNI5Qrnp7KF16vTLVlE0lfgeSzE7Q1OoEzvc0uR7C00E3RWU3R2zYJXE83
JFeDIn8Ol6rQP/Rn5PeqsScKWxk1OlVxEcXdclUoc0H/rb8YpTvbF24LDzp7/F1Q
YQGrydZfokQHfE7/N9j26C2q98gYzJ6giffWEbPlfNNBz2I93gBvTHiJEkZgmsLd
MC2OljuL5r6cdne77uZqjC+dolj4nR6zQddSQDVzwwh1vj69IYxwzANvgl2r9dUg
F6vxFCaiW0y81GieP4TY3wxyhn7Osoh3VMEvUG6oL6r9aPQb6Yt2Bv7FVwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAqv7aHkFFoQ6aVkHr2EkmUTMATOMB8GA1UdIwQY
MBaAFGyP0aiuWZbB5WksGoxCv+nDuldFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYklfUnFLNVpsc0hsYVN3YWpFS182Y082VjBVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC80OTI1OTAtYTAyZi00NDNlLWFhYTMt
ZmVhYzI2ZWFlY2MyLzEvQ3FfdG9lUVVXaERwcFdRZXZZU1NaUk13Qk00LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC80OTI1OTAtYTAyZi00NDNlLWFhYTMtZmVhYzI2ZWFlY2My
LzEvYklfUnFLNVpsc0hsYVN3YWpFS182Y082VjBVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAud+lMA0G
CSqGSIb3DQEBCwUAA4IBAQCHQiRFVr+Zd+6pXWlk69NKMUM6S1T1VDpxAlFNWmIJ
ER5MJwCS7yWXqmy+J4mtesTKdR1x8tg++RULN1jSsSPzZHfF2vQB8RPlCn6W1e9/
gbGgSLC1rcGeW8Ycimyl66asSlSocDOC2m9T1dBaYT1a0w/uv9ZkYOdu6QldPDU/
eNwjZEeGf858tLsCeGdPeMWPVoPmBoEsid6ApGVPAqwlnOIpYSRPxr9NCR69P42X
FbYFex6eaH/kIyTOJ2YhofEq+XjYtV1DrVC5FTM/d1SLMz5le4LmXo5LhQ9sUDOh
3XQYDhPEg2qryDrDqg2pKIfo2KTBFwUyDPMf6/eaH0/g
-----END CERTIFICATE-----