Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/5abb3a-b1b6-4d70-b098-8aea1f68b79b/1/0bWQKA9zOtioaMzmn9TsZ_m-_Ak.roa
File:                     0bWQKA9zOtioaMzmn9TsZ_m-_Ak.roa (raw, json)
Hash identifier:          XVs6Vl4wE42XJXEmtUVk+/HVBTJz/D0t8xUAsepjFh4=
Subject key identifier:   D1:B5:90:28:0F:73:3A:D8:A8:68:CC:E6:9F:D4:EC:67:F9:BE:FC:09
Certificate issuer:       /CN=f57331288d908dd762e4b56f003b448f01881d24
Certificate serial:       0194258EEE075330CCC85D0942C9C40314D8
Authority key identifier: F5:73:31:28:8D:90:8D:D7:62:E4:B5:6F:00:3B:44:8F:01:88:1D:24
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/9XMxKI2Qjddi5LVvADtEjwGIHSQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/5abb3a-b1b6-4d70-b098-8aea1f68b79b/1/0bWQKA9zOtioaMzmn9TsZ_m-_Ak.roa
Signing time:             Thu 02 Jan 2025 05:48:31 +0000
ROA not before:           Thu 02 Jan 2025 05:48:31 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     42244
IP address blocks:        185.191.196.0/22 maxlen: 22
                          2a0a:2540::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/03/5abb3a-b1b6-4d70-b098-8aea1f68b79b/1/9XMxKI2Qjddi5LVvADtEjwGIHSQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/03/5abb3a-b1b6-4d70-b098-8aea1f68b79b/1/9XMxKI2Qjddi5LVvADtEjwGIHSQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/9XMxKI2Qjddi5LVvADtEjwGIHSQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 15 Apr 2025 23:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:8e:ee:07:53:30:cc:c8:5d:09:42:c9:c4:03:14:d8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f57331288d908dd762e4b56f003b448f01881d24
        Validity
            Not Before: Jan  2 05:48:31 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d1b590280f733ad8a868cce69fd4ec67f9befc09
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:ca:99:ac:80:a0:40:aa:2e:83:0b:bc:21:37:
                    c1:65:0f:52:97:db:ec:ad:6a:78:68:56:1a:88:95:
                    ac:63:45:c3:e9:a6:e8:22:0e:0e:ca:11:7f:18:c2:
                    f3:d1:0a:d1:94:b0:09:47:25:73:11:77:c1:3b:c3:
                    b7:09:de:be:e6:00:a2:6f:bc:13:8e:0b:73:fd:bc:
                    85:df:8e:0a:2c:d5:75:98:48:4b:d7:e1:61:fc:4f:
                    ef:f8:1d:f3:e7:db:3c:f4:0a:99:3c:92:de:34:46:
                    ca:22:8f:8e:5a:bb:d2:2a:4a:cc:98:66:fb:7c:a5:
                    fe:bb:dc:a9:c0:51:6f:1f:6b:43:80:71:95:41:b0:
                    c4:99:84:fd:bf:ce:0a:ae:be:98:29:58:87:6d:7d:
                    14:fc:f2:b1:7a:20:f6:81:37:7b:ff:90:db:5a:56:
                    7c:9a:44:9f:1f:35:12:c3:cd:98:e9:e9:33:bf:d9:
                    c3:78:01:db:1e:51:ac:48:6e:a9:7b:02:04:f6:85:
                    e3:e4:3d:1a:15:9e:5b:60:5f:cc:91:36:c8:b4:40:
                    00:46:24:f2:50:8a:dd:53:0f:c1:d6:7e:4e:05:0b:
                    3f:82:92:db:13:7a:7b:37:16:1d:b5:f8:4e:84:0b:
                    70:2d:a2:4f:27:e4:aa:9f:1f:c6:3a:54:4e:e8:3d:
                    c3:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D1:B5:90:28:0F:73:3A:D8:A8:68:CC:E6:9F:D4:EC:67:F9:BE:FC:09
            X509v3 Authority Key Identifier:
                keyid:F5:73:31:28:8D:90:8D:D7:62:E4:B5:6F:00:3B:44:8F:01:88:1D:24

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9XMxKI2Qjddi5LVvADtEjwGIHSQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/5abb3a-b1b6-4d70-b098-8aea1f68b79b/1/0bWQKA9zOtioaMzmn9TsZ_m-_Ak.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/5abb3a-b1b6-4d70-b098-8aea1f68b79b/1/9XMxKI2Qjddi5LVvADtEjwGIHSQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.191.196.0/22
                IPv6:
                  2a0a:2540::/29

    Signature Algorithm: sha256WithRSAEncryption
         5a:0e:fd:84:03:fb:db:a4:29:90:9a:1c:ba:66:c6:fb:30:2b:
         df:70:bc:78:06:a5:67:df:d9:c4:85:3b:f8:2f:9e:db:a3:ce:
         b6:20:3a:9e:e0:90:59:e2:9e:9c:17:09:9d:60:9d:a1:a3:01:
         a3:65:b4:ca:8d:d4:29:ca:43:9f:b3:ce:2f:f4:52:79:c4:f1:
         4c:7d:4b:1f:d7:25:68:c5:e5:79:c6:3c:2e:a1:14:13:a7:7f:
         7f:19:31:3f:3d:ca:f2:cf:47:24:2e:1d:d1:9b:15:02:21:d9:
         dd:be:07:ae:40:86:b6:47:fa:3e:ab:40:49:be:2d:df:6d:a1:
         9d:00:fe:60:74:87:cf:9c:4b:de:bc:eb:e9:0c:e7:de:00:9e:
         b6:c9:44:ad:37:15:9b:51:8e:e3:8d:21:b5:c9:91:a3:75:0c:
         81:19:cb:54:ce:b3:84:9d:63:92:e0:d0:39:92:7b:92:58:2c:
         db:94:97:67:37:9f:13:a1:b3:ad:78:c8:28:91:01:7e:fb:73:
         9f:2b:c3:2b:2a:10:ab:5f:fc:12:67:52:f9:f4:1e:d9:03:98:
         c8:1c:60:b3:6d:29:1c:1b:8e:48:56:cc:c2:ff:d2:80:a3:bf:
         36:18:6d:7c:68:a6:4b:f9:5a:39:8e:ea:b1:91:b9:8e:17:34:
         a8:38:3c:23
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQlju4HUzDMyF0JQsnEAxTYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY1NzMzMTI4OGQ5MDhkZDc2MmU0YjU2ZjAwM2I0NDhmMDE4
ODFkMjQwHhcNMjUwMTAyMDU0ODMxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMWI1OTAyODBmNzMzYWQ4YTg2OGNjZTY5ZmQ0ZWM2N2Y5YmVmYzA5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq8qZrICgQKougwu8ITfBZQ9Sl9vs
rWp4aFYaiJWsY0XD6aboIg4OyhF/GMLz0QrRlLAJRyVzEXfBO8O3Cd6+5gCib7wT
jgtz/byF344KLNV1mEhL1+Fh/E/v+B3z59s89AqZPJLeNEbKIo+OWrvSKkrMmGb7
fKX+u9ypwFFvH2tDgHGVQbDEmYT9v84Krr6YKViHbX0U/PKxeiD2gTd7/5DbWlZ8
mkSfHzUSw82Y6ekzv9nDeAHbHlGsSG6pewIE9oXj5D0aFZ5bYF/MkTbItEAARiTy
UIrdUw/B1n5OBQs/gpLbE3p7NxYdtfhOhAtwLaJPJ+Sqnx/GOlRO6D3DtQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFNG1kCgPczrYqGjM5p/U7Gf5vvwJMB8GA1UdIwQY
MBaAFPVzMSiNkI3XYuS1bwA7RI8BiB0kMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOVhNeEtJMlFqZGRpNUxWdkFEdEVqd0dJSFNRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy81YWJiM2EtYjFiNi00ZDcwLWIwOTgt
OGFlYTFmNjhiNzliLzEvMGJXUUtBOXpPdGlvYU16bW45VHNaX20tX0FrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy81YWJiM2EtYjFiNi00ZDcwLWIwOTgtOGFlYTFmNjhiNzli
LzEvOVhNeEtJMlFqZGRpNUxWdkFEdEVqd0dJSFNRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCub/EMA0E
AgACMAcDBQMqCiVAMA0GCSqGSIb3DQEBCwUAA4IBAQBaDv2EA/vbpCmQmhy6Zsb7
MCvfcLx4BqVn39nEhTv4L57bo862IDqe4JBZ4p6cFwmdYJ2howGjZbTKjdQpykOf
s84v9FJ5xPFMfUsf1yVoxeV5xjwuoRQTp39/GTE/Pcryz0ckLh3RmxUCIdndvgeu
QIa2R/o+q0BJvi3fbaGdAP5gdIfPnEvevOvpDOfeAJ62yUStNxWbUY7jjSG1yZGj
dQyBGctUzrOEnWOS4NA5knuSWCzblJdnN58TobOteMgokQF++3OfK8MrKhCrX/wS
Z1L59B7ZA5jIHGCzbSkcG45IVszC/9KAo782GG18aKZL+Vo5juqxkbmOFzSoODwj
-----END CERTIFICATE-----