Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fc/5cb454-7bee-4e5d-b295-942482f8d2ea/1/j6WIbMvfpSuER9TZDV1ZY6J-TKg.roa
File:                     j6WIbMvfpSuER9TZDV1ZY6J-TKg.roa (raw, json)
Hash identifier:          ObBYTSyTFGBKG+ev+DE2prDLFfsdLKDktKAoj4ncZrw=
Subject key identifier:   8F:A5:88:6C:CB:DF:A5:2B:84:47:D4:D9:0D:5D:59:63:A2:7E:4C:A8
Certificate issuer:       /CN=54296d23def4c8521c647dc68acb3c123f611d89
Certificate serial:       01942444E0A3B36CF9D6013AA09F2FCD7758
Authority key identifier: 54:29:6D:23:DE:F4:C8:52:1C:64:7D:C6:8A:CB:3C:12:3F:61:1D:89
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VCltI970yFIcZH3Giss8Ej9hHYk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fc/5cb454-7bee-4e5d-b295-942482f8d2ea/1/j6WIbMvfpSuER9TZDV1ZY6J-TKg.roa
Signing time:             Wed 01 Jan 2025 23:48:01 +0000
ROA not before:           Wed 01 Jan 2025 23:48:01 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     8708
IP address blocks:        185.133.64.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fc/5cb454-7bee-4e5d-b295-942482f8d2ea/1/VCltI970yFIcZH3Giss8Ej9hHYk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fc/5cb454-7bee-4e5d-b295-942482f8d2ea/1/VCltI970yFIcZH3Giss8Ej9hHYk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VCltI970yFIcZH3Giss8Ej9hHYk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 13:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:44:e0:a3:b3:6c:f9:d6:01:3a:a0:9f:2f:cd:77:58
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=54296d23def4c8521c647dc68acb3c123f611d89
        Validity
            Not Before: Jan  1 23:48:01 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8fa5886ccbdfa52b8447d4d90d5d5963a27e4ca8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:2d:eb:5d:84:e3:2e:ae:52:30:71:82:4e:fa:
                    dc:be:e0:25:b6:34:df:08:b0:93:5d:55:e8:63:fa:
                    0e:ce:f7:fa:fd:a5:fd:99:4c:d4:21:d5:ee:2f:f1:
                    b6:93:a0:0e:bc:7d:b1:9e:7a:dd:a4:da:03:06:32:
                    1f:52:37:38:74:6a:91:03:8c:a3:17:84:d8:d6:61:
                    38:62:db:4c:16:05:6e:3f:13:bc:a1:9d:a4:a8:2d:
                    59:e4:a3:d2:ed:5a:ce:1a:0c:45:88:a2:94:39:64:
                    a1:d9:e9:76:d3:1c:f5:49:ed:2d:8e:22:e6:47:d9:
                    93:f3:d8:b3:9e:b3:76:d3:73:74:e1:7e:3a:fb:69:
                    1b:35:2c:02:e9:cc:6a:f5:b2:94:a1:32:a2:af:05:
                    36:f0:76:a1:1f:31:b3:04:4a:76:1d:13:3c:9c:2a:
                    3b:ea:d7:5f:60:19:b9:24:f2:53:bc:1a:65:9a:ca:
                    d7:82:42:11:db:4c:41:e1:4f:2c:5a:74:f0:bf:3a:
                    9e:3d:30:4f:0b:e0:af:27:74:76:40:b3:21:4d:15:
                    7e:a9:bd:c7:3f:11:24:2b:96:a8:16:0d:be:d8:10:
                    1e:f5:42:ca:c2:b2:3b:be:d6:9f:e4:1f:c2:60:61:
                    cf:73:ec:07:58:00:f2:65:9c:ce:2e:66:36:9b:2f:
                    63:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8F:A5:88:6C:CB:DF:A5:2B:84:47:D4:D9:0D:5D:59:63:A2:7E:4C:A8
            X509v3 Authority Key Identifier:
                keyid:54:29:6D:23:DE:F4:C8:52:1C:64:7D:C6:8A:CB:3C:12:3F:61:1D:89

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VCltI970yFIcZH3Giss8Ej9hHYk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fc/5cb454-7bee-4e5d-b295-942482f8d2ea/1/j6WIbMvfpSuER9TZDV1ZY6J-TKg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fc/5cb454-7bee-4e5d-b295-942482f8d2ea/1/VCltI970yFIcZH3Giss8Ej9hHYk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.133.64.0/24

    Signature Algorithm: sha256WithRSAEncryption
         41:0c:39:34:9b:68:d6:45:16:9d:75:6e:1e:b0:ae:42:16:d0:
         63:37:0b:ac:c9:60:14:3a:f8:4c:f6:00:44:f7:41:65:79:4c:
         d9:b4:b4:b3:01:0d:a3:ac:15:3e:4f:f6:ab:7d:70:cc:57:e5:
         2c:17:8f:51:67:d9:db:9f:82:ae:3e:36:63:18:71:42:69:d5:
         e0:e2:0c:2f:c7:d8:68:0e:83:ca:53:52:72:0c:05:0d:98:21:
         41:dc:96:d6:e0:84:80:db:53:d2:a5:99:fb:f6:79:f4:09:63:
         a9:cf:72:bc:06:7f:7a:a8:e5:51:df:84:8b:f1:a9:10:e0:4c:
         65:05:fe:c5:88:06:c5:2f:61:fe:fd:ab:eb:91:a1:38:4d:e7:
         85:fc:5c:9d:54:ea:fd:0c:de:0c:4f:1f:cd:d3:64:01:17:74:
         0a:d4:8f:a2:aa:64:f5:5b:a9:e6:f7:78:f2:0a:2e:24:52:82:
         d6:40:ad:8c:fd:db:0a:70:45:cf:dc:f4:33:a6:cb:62:df:90:
         c5:16:41:f2:ba:63:e7:41:45:1b:a3:c3:37:40:83:19:4d:17:
         b4:47:f3:99:cf:8c:07:43:ca:ce:d3:45:d1:d7:a7:3b:9f:f3:
         2b:b9:06:78:b6:3e:ec:e9:4c:2e:d6:29:37:59:91:d7:18:b6:
         04:86:73:fb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQkROCjs2z51gE6oJ8vzXdYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU0Mjk2ZDIzZGVmNGM4NTIxYzY0N2RjNjhhY2IzYzEyM2Y2
MTFkODkwHhcNMjUwMTAxMjM0ODAxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZmE1ODg2Y2NiZGZhNTJiODQ0N2Q0ZDkwZDVkNTk2M2EyN2U0Y2E4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlC3rXYTjLq5SMHGCTvrcvuAltjTf
CLCTXVXoY/oOzvf6/aX9mUzUIdXuL/G2k6AOvH2xnnrdpNoDBjIfUjc4dGqRA4yj
F4TY1mE4YttMFgVuPxO8oZ2kqC1Z5KPS7VrOGgxFiKKUOWSh2el20xz1Se0tjiLm
R9mT89iznrN203N04X46+2kbNSwC6cxq9bKUoTKirwU28HahHzGzBEp2HRM8nCo7
6tdfYBm5JPJTvBplmsrXgkIR20xB4U8sWnTwvzqePTBPC+CvJ3R2QLMhTRV+qb3H
PxEkK5aoFg2+2BAe9ULKwrI7vtaf5B/CYGHPc+wHWADyZZzOLmY2my9jYwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFI+liGzL36UrhEfU2Q1dWWOifkyoMB8GA1UdIwQY
MBaAFFQpbSPe9MhSHGR9xorLPBI/YR2JMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVkNsdEk5NzB5RkljWkgzR2lzczhFajloSFlrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYy81Y2I0NTQtN2JlZS00ZTVkLWIyOTUt
OTQyNDgyZjhkMmVhLzEvajZXSWJNdmZwU3VFUjlUWkRWMVpZNkotVEtnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYy81Y2I0NTQtN2JlZS00ZTVkLWIyOTUtOTQyNDgyZjhkMmVh
LzEvVkNsdEk5NzB5RkljWkgzR2lzczhFajloSFlrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuYVAMA0G
CSqGSIb3DQEBCwUAA4IBAQBBDDk0m2jWRRaddW4esK5CFtBjNwusyWAUOvhM9gBE
90FleUzZtLSzAQ2jrBU+T/arfXDMV+UsF49RZ9nbn4KuPjZjGHFCadXg4gwvx9ho
DoPKU1JyDAUNmCFB3JbW4ISA21PSpZn79nn0CWOpz3K8Bn96qOVR34SL8akQ4Exl
Bf7FiAbFL2H+/avrkaE4TeeF/FydVOr9DN4MTx/N02QBF3QK1I+iqmT1W6nm93jy
Ci4kUoLWQK2M/dsKcEXP3PQzpsti35DFFkHyumPnQUUbo8M3QIMZTRe0R/OZz4wH
Q8rO00XR16c7n/MruQZ4tj7s6Uwu1ik3WZHXGLYEhnP7
-----END CERTIFICATE-----