Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/17/41b72a-0fc0-4a0f-acbf-efc31e08e7cd/1/aKrvV8xBl8sCHisqRYKu_FgNh7A.roa
File:                     aKrvV8xBl8sCHisqRYKu_FgNh7A.roa (raw, json)
Hash identifier:          VWMQXxpmmku9lvmyl+DypVcQSIrG+GnuaLnSwfYRfGo=
Subject key identifier:   68:AA:EF:57:CC:41:97:CB:02:1E:2B:2A:45:82:AE:FC:58:0D:87:B0
Certificate issuer:       /CN=5a0ad4655aed07c47416e7a945604794eba897ac
Certificate serial:       0194221FF42C70F028565454EAF00BCDB4ED
Authority key identifier: 5A:0A:D4:65:5A:ED:07:C4:74:16:E7:A9:45:60:47:94:EB:A8:97:AC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WgrUZVrtB8R0FuepRWBHlOuol6w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/17/41b72a-0fc0-4a0f-acbf-efc31e08e7cd/1/aKrvV8xBl8sCHisqRYKu_FgNh7A.roa
Signing time:             Wed 01 Jan 2025 13:48:26 +0000
ROA not before:           Wed 01 Jan 2025 13:48:26 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212238
IP address blocks:        185.244.226.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/17/41b72a-0fc0-4a0f-acbf-efc31e08e7cd/1/WgrUZVrtB8R0FuepRWBHlOuol6w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/17/41b72a-0fc0-4a0f-acbf-efc31e08e7cd/1/WgrUZVrtB8R0FuepRWBHlOuol6w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WgrUZVrtB8R0FuepRWBHlOuol6w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 12 Apr 2025 23:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:1f:f4:2c:70:f0:28:56:54:54:ea:f0:0b:cd:b4:ed
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5a0ad4655aed07c47416e7a945604794eba897ac
        Validity
            Not Before: Jan  1 13:48:26 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=68aaef57cc4197cb021e2b2a4582aefc580d87b0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e2:00:b8:3f:d7:8e:c6:cc:b9:91:2c:bd:28:e1:
                    3f:cb:92:ab:eb:18:c6:a8:0f:de:cd:77:e1:0b:e0:
                    9c:23:ca:f1:b3:cb:6d:ad:4d:b7:4f:dd:a4:6b:7c:
                    99:46:d9:00:db:ce:93:56:62:63:37:e1:3b:a2:15:
                    06:49:8a:f1:bf:dc:3d:74:5f:5f:6e:91:c0:71:3a:
                    54:87:f6:b8:41:70:2b:60:1a:2b:6e:be:1f:b6:b9:
                    52:5f:90:fb:cb:e6:b7:86:0c:8c:ad:58:06:e9:39:
                    b9:36:3b:7f:47:bc:05:db:db:07:96:73:c1:66:81:
                    1b:69:98:6a:9d:17:e6:70:61:28:61:eb:52:d1:9e:
                    bd:40:28:25:8b:69:70:06:58:8f:54:0c:05:b8:79:
                    86:26:d1:0f:06:51:b0:20:d4:2f:8f:cd:8d:f3:a7:
                    1d:d1:b2:f0:14:9b:9e:aa:9c:ef:22:2a:ea:8e:90:
                    c9:ff:c9:86:d8:12:18:be:85:76:a6:c2:e2:8d:52:
                    67:84:d2:9e:b5:b1:1f:85:34:c6:93:ab:b7:0c:0d:
                    5e:2e:cb:3c:ff:58:87:0a:87:fc:06:fc:6c:08:ac:
                    05:53:98:99:7d:1b:0d:52:3d:ce:b1:de:c5:f9:0f:
                    39:d9:85:db:d6:6c:24:34:ee:cd:76:02:bd:ac:b7:
                    04:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                68:AA:EF:57:CC:41:97:CB:02:1E:2B:2A:45:82:AE:FC:58:0D:87:B0
            X509v3 Authority Key Identifier:
                keyid:5A:0A:D4:65:5A:ED:07:C4:74:16:E7:A9:45:60:47:94:EB:A8:97:AC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WgrUZVrtB8R0FuepRWBHlOuol6w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/17/41b72a-0fc0-4a0f-acbf-efc31e08e7cd/1/aKrvV8xBl8sCHisqRYKu_FgNh7A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/17/41b72a-0fc0-4a0f-acbf-efc31e08e7cd/1/WgrUZVrtB8R0FuepRWBHlOuol6w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.244.226.0/24

    Signature Algorithm: sha256WithRSAEncryption
         68:95:99:e0:b4:ee:eb:c2:19:94:da:53:73:a1:5c:1e:6b:09:
         16:78:5e:c3:df:de:6d:9c:3d:d7:cd:43:70:f9:30:9a:03:64:
         e9:8b:c2:66:b0:b0:12:23:f8:a8:72:b7:81:10:56:92:1b:59:
         fc:47:8d:70:18:99:18:8c:3f:26:58:01:0c:e8:ee:9a:95:8f:
         30:cb:b2:6d:8b:77:91:94:e4:88:98:8a:78:ae:bf:4b:cc:b1:
         5f:b9:64:e7:1e:23:6f:e6:e7:f1:75:72:59:74:b1:17:f2:1b:
         39:6a:95:01:5b:f0:2d:5c:4b:84:a8:02:c2:71:c6:a0:d8:e2:
         7e:a3:d1:78:cb:af:3b:06:5b:23:e9:90:d7:8b:1a:00:b9:73:
         c2:f9:0b:31:ad:34:2b:b8:19:ca:ec:2b:70:aa:3c:4c:41:2e:
         d4:0f:d7:7f:b6:01:31:30:fd:db:db:05:9a:6a:a9:dd:18:55:
         a9:7b:c6:37:c8:50:5b:92:af:07:50:8f:01:95:d0:e1:25:22:
         80:f5:dc:9a:e0:9a:3a:62:50:68:7b:a0:fe:8c:40:27:52:fb:
         e8:c8:4f:15:22:17:31:e4:e4:aa:ea:37:dd:91:cb:b6:99:81:
         da:33:27:44:df:10:3e:17:d5:12:39:d0:30:b8:e4:39:a8:3b:
         03:74:ee:60
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQiH/QscPAoVlRU6vALzbTtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVhMGFkNDY1NWFlZDA3YzQ3NDE2ZTdhOTQ1NjA0Nzk0ZWJh
ODk3YWMwHhcNMjUwMTAxMTM0ODI2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2OGFhZWY1N2NjNDE5N2NiMDIxZTJiMmE0NTgyYWVmYzU4MGQ4N2IwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4gC4P9eOxsy5kSy9KOE/y5Kr6xjG
qA/ezXfhC+CcI8rxs8ttrU23T92ka3yZRtkA286TVmJjN+E7ohUGSYrxv9w9dF9f
bpHAcTpUh/a4QXArYBorbr4ftrlSX5D7y+a3hgyMrVgG6Tm5Njt/R7wF29sHlnPB
ZoEbaZhqnRfmcGEoYetS0Z69QCgli2lwBliPVAwFuHmGJtEPBlGwINQvj82N86cd
0bLwFJueqpzvIirqjpDJ/8mG2BIYvoV2psLijVJnhNKetbEfhTTGk6u3DA1eLss8
/1iHCof8BvxsCKwFU5iZfRsNUj3Osd7F+Q852YXb1mwkNO7NdgK9rLcEMQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGiq71fMQZfLAh4rKkWCrvxYDYewMB8GA1UdIwQY
MBaAFFoK1GVa7QfEdBbnqUVgR5TrqJesMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV2dyVVpWcnRCOFIwRnVlcFJXQkhsT3VvbDZ3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNy80MWI3MmEtMGZjMC00YTBmLWFjYmYt
ZWZjMzFlMDhlN2NkLzEvYUtydlY4eEJsOHNDSGlzcVJZS3VfRmdOaDdBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNy80MWI3MmEtMGZjMC00YTBmLWFjYmYtZWZjMzFlMDhlN2Nk
LzEvV2dyVVpWcnRCOFIwRnVlcFJXQkhsT3VvbDZ3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAufTiMA0G
CSqGSIb3DQEBCwUAA4IBAQBolZngtO7rwhmU2lNzoVweawkWeF7D395tnD3XzUNw
+TCaA2Tpi8JmsLASI/iocreBEFaSG1n8R41wGJkYjD8mWAEM6O6alY8wy7Jti3eR
lOSImIp4rr9LzLFfuWTnHiNv5ufxdXJZdLEX8hs5apUBW/AtXEuEqALCccag2OJ+
o9F4y687Blsj6ZDXixoAuXPC+QsxrTQruBnK7CtwqjxMQS7UD9d/tgExMP3b2wWa
aqndGFWpe8Y3yFBbkq8HUI8BldDhJSKA9dya4Jo6YlBoe6D+jEAnUvvoyE8VIhcx
5OSq6jfdkcu2mYHaMydE3xA+F9USOdAwuOQ5qDsDdO5g
-----END CERTIFICATE-----