Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/04/c4ccc3-65d6-485d-9be0-a7a5f478dd72/1/R-1q52axanYiR_uRw04t04Z8LDo.roa
File:                     R-1q52axanYiR_uRw04t04Z8LDo.roa (raw, json)
Hash identifier:          v5CC/At/0UFJJZBjnOeP3jsuRpec8w6C2aXVgu/IhIo=
Subject key identifier:   47:ED:6A:E7:66:B1:6A:76:22:47:FB:91:C3:4E:2D:D3:86:7C:2C:3A
Certificate issuer:       /CN=5a94c4bc4d2563e252ebfcc0fbc2ac199cce608a
Certificate serial:       019427481B6C38005AD497EBC1D24A7D61A6
Authority key identifier: 5A:94:C4:BC:4D:25:63:E2:52:EB:FC:C0:FB:C2:AC:19:9C:CE:60:8A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WpTEvE0lY-JS6_zA-8KsGZzOYIo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/04/c4ccc3-65d6-485d-9be0-a7a5f478dd72/1/R-1q52axanYiR_uRw04t04Z8LDo.roa
Signing time:             Thu 02 Jan 2025 13:50:24 +0000
ROA not before:           Thu 02 Jan 2025 13:50:24 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     43242
IP address blocks:        185.171.92.0/22 maxlen: 22
                          185.171.92.0/24 maxlen: 24
                          185.171.94.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/04/c4ccc3-65d6-485d-9be0-a7a5f478dd72/1/WpTEvE0lY-JS6_zA-8KsGZzOYIo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/04/c4ccc3-65d6-485d-9be0-a7a5f478dd72/1/WpTEvE0lY-JS6_zA-8KsGZzOYIo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WpTEvE0lY-JS6_zA-8KsGZzOYIo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 17 Apr 2025 13:16:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:48:1b:6c:38:00:5a:d4:97:eb:c1:d2:4a:7d:61:a6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5a94c4bc4d2563e252ebfcc0fbc2ac199cce608a
        Validity
            Not Before: Jan  2 13:50:24 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=47ed6ae766b16a762247fb91c34e2dd3867c2c3a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:73:cf:f6:0a:03:b6:d2:91:4f:c9:3e:e7:b6:
                    64:e8:98:02:99:7b:ad:ef:8d:e6:d4:b1:7b:5f:21:
                    27:ee:11:61:35:f6:c4:eb:5f:fb:1a:47:9e:f9:d4:
                    4b:e4:48:31:0d:50:59:1e:03:e5:5b:a8:18:84:f9:
                    64:06:cf:5e:0c:ba:22:cd:c5:13:4e:5e:10:ce:f9:
                    d4:4f:a3:8f:e3:ba:99:7e:00:92:fb:2d:a5:63:e9:
                    e4:3b:57:c9:cd:83:44:18:30:44:6b:7f:94:01:94:
                    8a:37:8f:44:3e:8e:79:3b:80:52:eb:dc:34:7d:c7:
                    1e:d1:4a:f1:ef:8e:15:0b:33:70:07:f6:4b:79:c6:
                    0e:50:48:b6:91:21:77:6d:bc:88:e4:f2:7f:45:a2:
                    84:04:58:83:ee:1d:77:54:6c:86:e0:cd:c2:3e:de:
                    6d:94:09:08:2e:f1:8a:86:de:74:03:aa:56:ab:6d:
                    0c:ef:eb:f7:27:03:71:12:53:1f:6d:57:a2:2c:de:
                    e9:29:17:ae:8f:ad:cb:c8:75:c0:99:0b:fb:02:90:
                    02:4e:44:06:94:19:77:9c:c8:37:d2:5c:e3:0d:24:
                    41:2d:62:90:64:e4:fd:91:8f:79:72:0a:32:cc:59:
                    39:aa:ba:a0:ad:65:f3:be:fa:ef:eb:09:05:ec:e2:
                    c0:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                47:ED:6A:E7:66:B1:6A:76:22:47:FB:91:C3:4E:2D:D3:86:7C:2C:3A
            X509v3 Authority Key Identifier:
                keyid:5A:94:C4:BC:4D:25:63:E2:52:EB:FC:C0:FB:C2:AC:19:9C:CE:60:8A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WpTEvE0lY-JS6_zA-8KsGZzOYIo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/04/c4ccc3-65d6-485d-9be0-a7a5f478dd72/1/R-1q52axanYiR_uRw04t04Z8LDo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/04/c4ccc3-65d6-485d-9be0-a7a5f478dd72/1/WpTEvE0lY-JS6_zA-8KsGZzOYIo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.171.92.0/22

    Signature Algorithm: sha256WithRSAEncryption
         cc:a1:6c:14:47:55:61:13:a1:af:91:89:86:a6:1f:29:b5:5a:
         21:c5:05:fa:1b:1a:02:3a:d9:89:25:fc:d8:c3:40:4a:53:d9:
         13:76:9f:29:81:5c:02:9c:f0:f1:66:b5:eb:c7:13:64:c1:1c:
         03:51:5c:33:0a:99:93:4c:8f:79:f4:58:29:ec:15:28:fb:5c:
         6a:9f:57:21:c1:5a:bd:b4:ef:39:77:63:2a:20:c4:ca:d8:f1:
         ea:85:45:57:7e:0b:72:c0:a2:35:e2:ac:b4:62:8a:22:55:8a:
         ad:1b:d8:ef:69:1e:db:e2:e8:be:12:bc:a0:27:64:31:01:f5:
         24:6e:fa:dc:0c:d7:df:cb:9d:b4:da:9c:ae:5d:97:aa:3e:b0:
         21:f5:d5:98:4a:0a:ce:7d:da:fa:30:e4:82:88:58:b8:ec:8b:
         f1:46:30:d7:33:6f:b2:32:13:e5:33:66:dd:89:8d:be:eb:b0:
         74:28:4c:82:0d:ba:61:25:84:c2:20:fd:e4:e6:8b:fb:a1:c6:
         66:87:bf:70:81:56:ec:06:dd:01:55:d8:a4:41:d9:20:cf:e5:
         36:a6:2e:6b:1c:ba:36:30:24:0c:40:7b:05:fe:86:0e:56:f8:
         e1:5b:6e:1c:e6:b7:c3:39:c2:d2:52:f5:24:00:1b:41:19:79:
         97:a1:76:4f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQnSBtsOABa1JfrwdJKfWGmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVhOTRjNGJjNGQyNTYzZTI1MmViZmNjMGZiYzJhYzE5OWNj
ZTYwOGEwHhcNMjUwMTAyMTM1MDI0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0N2VkNmFlNzY2YjE2YTc2MjI0N2ZiOTFjMzRlMmRkMzg2N2MyYzNhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp3PP9goDttKRT8k+57Zk6JgCmXut
743m1LF7XyEn7hFhNfbE61/7Gkee+dRL5EgxDVBZHgPlW6gYhPlkBs9eDLoizcUT
Tl4QzvnUT6OP47qZfgCS+y2lY+nkO1fJzYNEGDBEa3+UAZSKN49EPo55O4BS69w0
fcce0Urx744VCzNwB/ZLecYOUEi2kSF3bbyI5PJ/RaKEBFiD7h13VGyG4M3CPt5t
lAkILvGKht50A6pWq20M7+v3JwNxElMfbVeiLN7pKReuj63LyHXAmQv7ApACTkQG
lBl3nMg30lzjDSRBLWKQZOT9kY95cgoyzFk5qrqgrWXzvvrv6wkF7OLA9wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEftaudmsWp2Ikf7kcNOLdOGfCw6MB8GA1UdIwQY
MBaAFFqUxLxNJWPiUuv8wPvCrBmczmCKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV3BURXZFMGxZLUpTNl96QS04S3NHWnpPWUlvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNC9jNGNjYzMtNjVkNi00ODVkLTliZTAt
YTdhNWY0NzhkZDcyLzEvUi0xcTUyYXhhbllpUl91UncwNHQwNFo4TERvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNC9jNGNjYzMtNjVkNi00ODVkLTliZTAtYTdhNWY0NzhkZDcy
LzEvV3BURXZFMGxZLUpTNl96QS04S3NHWnpPWUlvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuatcMA0G
CSqGSIb3DQEBCwUAA4IBAQDMoWwUR1VhE6GvkYmGph8ptVohxQX6GxoCOtmJJfzY
w0BKU9kTdp8pgVwCnPDxZrXrxxNkwRwDUVwzCpmTTI959Fgp7BUo+1xqn1chwVq9
tO85d2MqIMTK2PHqhUVXfgtywKI14qy0YooiVYqtG9jvaR7b4ui+ErygJ2QxAfUk
bvrcDNffy5202pyuXZeqPrAh9dWYSgrOfdr6MOSCiFi47IvxRjDXM2+yMhPlM2bd
iY2+67B0KEyCDbphJYTCIP3k5ov7ocZmh79wgVbsBt0BVdikQdkgz+U2pi5rHLo2
MCQMQHsF/oYOVvjhW24c5rfDOcLSUvUkABtBGXmXoXZP
-----END CERTIFICATE-----