Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/10/8c8524-7f85-4313-8ed2-bf866da747af/1/1prUVz0HPmxrICK89MLWQGvd_os.roa
File:                     1prUVz0HPmxrICK89MLWQGvd_os.roa (raw, json)
Hash identifier:          nYOxG6xI/OF/g1onNafntFHFC9rtfVRgZj8b/z6tXRg=
Subject key identifier:   D6:9A:D4:57:3D:07:3E:6C:6B:20:22:BC:F4:C2:D6:40:6B:DD:FE:8B
Certificate issuer:       /CN=e5ce31aa205d74101447effd6c3135186146453a
Certificate serial:       0194244555DFE869CD929B9C99FBE870F947
Authority key identifier: E5:CE:31:AA:20:5D:74:10:14:47:EF:FD:6C:31:35:18:61:46:45:3A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5c4xqiBddBAUR-_9bDE1GGFGRTo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/10/8c8524-7f85-4313-8ed2-bf866da747af/1/1prUVz0HPmxrICK89MLWQGvd_os.roa
Signing time:             Wed 01 Jan 2025 23:48:31 +0000
ROA not before:           Wed 01 Jan 2025 23:48:31 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     203292
IP address blocks:        185.73.176.0/22 maxlen: 22
                          185.73.176.0/24 maxlen: 24
                          185.73.177.0/24 maxlen: 24
                          185.73.178.0/24 maxlen: 24
                          185.73.179.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/10/8c8524-7f85-4313-8ed2-bf866da747af/1/5c4xqiBddBAUR-_9bDE1GGFGRTo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/10/8c8524-7f85-4313-8ed2-bf866da747af/1/5c4xqiBddBAUR-_9bDE1GGFGRTo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/5c4xqiBddBAUR-_9bDE1GGFGRTo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 18 Apr 2025 16:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:45:55:df:e8:69:cd:92:9b:9c:99:fb:e8:70:f9:47
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e5ce31aa205d74101447effd6c3135186146453a
        Validity
            Not Before: Jan  1 23:48:31 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d69ad4573d073e6c6b2022bcf4c2d6406bddfe8b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:ce:c4:ff:db:b1:c9:50:e9:b0:c1:ab:09:29:
                    3f:95:42:5d:71:c1:06:34:69:cf:52:91:1d:d0:85:
                    78:22:c4:68:db:5e:29:ad:d0:ef:83:1f:62:88:19:
                    de:76:1b:7d:3f:47:b6:b3:ae:c3:c5:aa:0c:41:ce:
                    77:5b:6b:32:2b:db:e2:09:8e:4b:74:04:39:5c:6d:
                    22:a2:46:60:98:51:0a:cf:59:92:d5:e3:cd:59:a4:
                    ec:ff:19:d7:4d:9b:ab:4e:6f:29:8b:75:bd:8a:5a:
                    5d:74:13:c3:b4:fd:99:58:df:e8:28:f5:84:14:a8:
                    7d:5f:d3:26:83:11:fa:a7:60:03:ca:58:49:44:b0:
                    b0:67:78:61:57:a1:70:52:83:1d:ef:4c:fa:ad:75:
                    f8:d4:c9:eb:3a:55:50:f0:9b:f2:d8:a4:71:b0:33:
                    fc:86:6b:be:8d:ae:da:a3:e8:c1:59:97:78:3a:b6:
                    24:a6:73:30:5d:4a:fc:b3:7c:36:6e:d8:b4:07:b8:
                    31:2a:d9:b9:c3:71:2a:09:ac:63:d4:c8:57:43:64:
                    d3:b7:2e:96:67:16:31:d4:70:c5:98:99:ea:6e:7c:
                    18:aa:57:47:d8:00:86:e4:d8:f0:07:19:a9:05:ff:
                    9b:27:b0:df:73:d6:2b:da:c9:77:8b:c4:36:53:78:
                    ac:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D6:9A:D4:57:3D:07:3E:6C:6B:20:22:BC:F4:C2:D6:40:6B:DD:FE:8B
            X509v3 Authority Key Identifier:
                keyid:E5:CE:31:AA:20:5D:74:10:14:47:EF:FD:6C:31:35:18:61:46:45:3A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5c4xqiBddBAUR-_9bDE1GGFGRTo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/8c8524-7f85-4313-8ed2-bf866da747af/1/1prUVz0HPmxrICK89MLWQGvd_os.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/10/8c8524-7f85-4313-8ed2-bf866da747af/1/5c4xqiBddBAUR-_9bDE1GGFGRTo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.73.176.0/22

    Signature Algorithm: sha256WithRSAEncryption
         39:d2:c6:b9:66:e1:32:ca:60:96:f1:08:13:d0:19:74:16:f4:
         ad:3e:f2:f0:e4:37:12:56:a0:1f:01:b5:c6:10:b5:69:e4:bb:
         8e:2a:08:d1:29:70:6a:79:93:b2:64:8d:4d:f8:42:05:84:d8:
         12:8f:e6:8d:44:42:43:da:76:67:e0:36:c2:87:df:3b:2b:82:
         a1:71:5e:a4:64:65:55:60:50:d6:25:c5:18:2f:f9:ff:26:92:
         d1:bf:34:a2:59:a3:b1:72:25:4e:99:90:9c:cd:aa:0e:8f:53:
         95:63:8d:9d:d7:91:81:82:90:b5:12:3b:63:50:08:c1:4c:8a:
         22:1f:7d:6e:07:27:b8:84:71:87:98:fc:03:15:5d:65:5d:88:
         8e:e5:01:f7:91:24:c3:76:7e:cb:87:d1:18:2a:0b:b0:27:4f:
         47:ff:10:5e:0c:48:4e:72:aa:b4:1e:c9:cd:77:6c:6d:bc:f0:
         14:15:c0:3a:ef:34:d1:06:89:0d:dc:46:72:51:08:16:b9:f4:
         3b:90:f2:4c:7e:78:9f:72:a0:cb:f8:06:83:b8:62:bf:f6:af:
         53:47:58:fb:c7:d9:a1:ec:49:04:83:96:31:d6:27:0f:64:37:
         a7:db:8b:10:a5:f6:b6:ea:d1:14:c5:33:ce:6d:31:96:43:46:
         20:2e:70:68
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQkRVXf6GnNkpucmfvocPlHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU1Y2UzMWFhMjA1ZDc0MTAxNDQ3ZWZmZDZjMzEzNTE4NjE0
NjQ1M2EwHhcNMjUwMTAxMjM0ODMxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNjlhZDQ1NzNkMDczZTZjNmIyMDIyYmNmNGMyZDY0MDZiZGRmZThiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1c7E/9uxyVDpsMGrCSk/lUJdccEG
NGnPUpEd0IV4IsRo214prdDvgx9iiBnedht9P0e2s67DxaoMQc53W2syK9viCY5L
dAQ5XG0iokZgmFEKz1mS1ePNWaTs/xnXTZurTm8pi3W9ilpddBPDtP2ZWN/oKPWE
FKh9X9MmgxH6p2ADylhJRLCwZ3hhV6FwUoMd70z6rXX41MnrOlVQ8Jvy2KRxsDP8
hmu+ja7ao+jBWZd4OrYkpnMwXUr8s3w2bti0B7gxKtm5w3EqCaxj1MhXQ2TTty6W
ZxYx1HDFmJnqbnwYqldH2ACG5NjwBxmpBf+bJ7Dfc9Yr2sl3i8Q2U3isXwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNaa1Fc9Bz5sayAivPTC1kBr3f6LMB8GA1UdIwQY
MBaAFOXOMaogXXQQFEfv/WwxNRhhRkU6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNWM0eHFpQmRkQkFVUi1fOWJERTFHR0ZHUlRvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMC84Yzg1MjQtN2Y4NS00MzEzLThlZDIt
YmY4NjZkYTc0N2FmLzEvMXByVVZ6MEhQbXhySUNLODlNTFdRR3ZkX29zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMC84Yzg1MjQtN2Y4NS00MzEzLThlZDItYmY4NjZkYTc0N2Fm
LzEvNWM0eHFpQmRkQkFVUi1fOWJERTFHR0ZHUlRvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuUmwMA0G
CSqGSIb3DQEBCwUAA4IBAQA50sa5ZuEyymCW8QgT0Bl0FvStPvLw5DcSVqAfAbXG
ELVp5LuOKgjRKXBqeZOyZI1N+EIFhNgSj+aNREJD2nZn4DbCh987K4KhcV6kZGVV
YFDWJcUYL/n/JpLRvzSiWaOxciVOmZCczaoOj1OVY42d15GBgpC1EjtjUAjBTIoi
H31uBye4hHGHmPwDFV1lXYiO5QH3kSTDdn7Lh9EYKguwJ09H/xBeDEhOcqq0HsnN
d2xtvPAUFcA67zTRBokN3EZyUQgWufQ7kPJMfnifcqDL+AaDuGK/9q9TR1j7x9mh
7EkEg5Yx1icPZDen24sQpfa26tEUxTPObTGWQ0YgLnBo
-----END CERTIFICATE-----