Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1a/1a5a96-d36e-4f3a-9b34-0548d3895a55/1/54AIlsCbzgy0XCYwE0wdAC4kiqw.roa
File:                     54AIlsCbzgy0XCYwE0wdAC4kiqw.roa (raw, json)
Hash identifier:          yJyuDkNiVUNUnxXEpeacfSUjn5at6QtcOaws+zppt2w=
Subject key identifier:   E7:80:08:96:C0:9B:CE:0C:B4:5C:26:30:13:4C:1D:00:2E:24:8A:AC
Certificate issuer:       /CN=0b1e72f3d0957f5a6e3bd1b844a12a6147449027
Certificate serial:       01942B2538141935C750A4A7A519F10E2870
Authority key identifier: 0B:1E:72:F3:D0:95:7F:5A:6E:3B:D1:B8:44:A1:2A:61:47:44:90:27
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Cx5y89CVf1puO9G4RKEqYUdEkCc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1a/1a5a96-d36e-4f3a-9b34-0548d3895a55/1/54AIlsCbzgy0XCYwE0wdAC4kiqw.roa
Signing time:             Fri 03 Jan 2025 07:50:46 +0000
ROA not before:           Fri 03 Jan 2025 07:50:46 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     29119
IP address blocks:        185.223.178.0/24 maxlen: 24
                          185.237.215.0/24 maxlen: 24
                          2a0d:c240::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1a/1a5a96-d36e-4f3a-9b34-0548d3895a55/1/Cx5y89CVf1puO9G4RKEqYUdEkCc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1a/1a5a96-d36e-4f3a-9b34-0548d3895a55/1/Cx5y89CVf1puO9G4RKEqYUdEkCc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Cx5y89CVf1puO9G4RKEqYUdEkCc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 07:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:2b:25:38:14:19:35:c7:50:a4:a7:a5:19:f1:0e:28:70
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0b1e72f3d0957f5a6e3bd1b844a12a6147449027
        Validity
            Not Before: Jan  3 07:50:46 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e7800896c09bce0cb45c2630134c1d002e248aac
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:e0:c1:89:61:c7:9d:a3:69:73:3d:2b:d2:0d:
                    f4:23:31:78:89:8e:8d:04:26:d9:67:0a:d6:36:74:
                    3b:df:d1:81:cc:a3:cb:fb:b6:32:90:df:9a:79:8b:
                    68:27:64:c0:1d:dc:39:ae:4b:d6:47:2b:ce:bc:34:
                    e9:c6:ed:f4:2d:1d:86:b5:6d:da:0c:10:b7:be:08:
                    ea:a0:b8:37:a6:dc:3f:e5:83:71:f2:4a:21:b0:80:
                    63:9f:44:7f:75:0d:5a:66:c1:aa:99:cd:61:99:98:
                    d3:74:fe:2c:e0:a7:db:72:c3:c1:8d:7c:b6:8c:bc:
                    6b:9f:9e:1e:68:ae:95:47:cf:03:40:72:f0:63:26:
                    84:65:02:8f:4b:96:8f:b2:6d:50:91:a3:4d:a4:21:
                    ff:34:8a:5a:cf:a3:6a:bc:98:73:ee:ce:98:92:30:
                    b8:89:c7:3e:c5:71:57:c5:b3:51:c2:33:e8:82:ad:
                    8b:11:37:ab:15:65:aa:9a:73:5a:7b:8f:dd:88:b1:
                    7e:dc:3f:49:c3:a6:58:cf:e2:ec:ba:6d:68:e6:7c:
                    88:ae:14:06:ff:20:1f:a6:bc:8d:5d:47:a4:68:2a:
                    95:0f:44:b5:93:62:be:df:e1:42:ea:45:01:b0:33:
                    bb:74:f7:18:d0:36:6e:44:a5:cd:f0:94:90:a6:f8:
                    61:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E7:80:08:96:C0:9B:CE:0C:B4:5C:26:30:13:4C:1D:00:2E:24:8A:AC
            X509v3 Authority Key Identifier:
                keyid:0B:1E:72:F3:D0:95:7F:5A:6E:3B:D1:B8:44:A1:2A:61:47:44:90:27

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Cx5y89CVf1puO9G4RKEqYUdEkCc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1a/1a5a96-d36e-4f3a-9b34-0548d3895a55/1/54AIlsCbzgy0XCYwE0wdAC4kiqw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1a/1a5a96-d36e-4f3a-9b34-0548d3895a55/1/Cx5y89CVf1puO9G4RKEqYUdEkCc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.223.178.0/24
                  185.237.215.0/24
                IPv6:
                  2a0d:c240::/29

    Signature Algorithm: sha256WithRSAEncryption
         50:ce:c8:77:6b:a6:80:54:14:33:ef:11:a0:c8:2a:8e:48:9f:
         72:5b:f0:90:e2:34:38:63:8b:00:95:64:87:9e:bf:82:b4:c3:
         a1:27:0c:68:f9:e4:ee:0c:79:6f:00:58:15:77:99:ef:ef:e2:
         f2:22:b5:a3:a3:f6:44:57:3e:46:71:51:70:d1:29:f4:e3:d3:
         2e:fe:b9:3a:e9:98:50:c6:8b:6b:e9:a1:97:57:49:60:9e:b3:
         be:7e:7f:eb:31:55:b8:a0:2e:b3:2c:0f:95:95:fc:4f:8e:45:
         b8:fb:b2:40:40:6a:9d:bf:fa:d6:3f:5e:7b:00:4e:64:f7:2a:
         cb:f7:18:8e:3e:40:f6:27:43:3d:6e:f0:cf:2c:0c:a7:bc:1f:
         79:65:ef:33:1c:da:62:d2:5d:49:f0:dd:a3:fb:69:b6:4b:42:
         96:52:e7:39:36:5c:76:8b:64:8b:f1:68:71:7b:3b:5d:46:9b:
         eb:cc:3d:06:83:cc:7e:7d:bc:39:7d:fe:8e:30:3c:d2:c3:4b:
         9b:41:22:3b:d1:41:15:15:d1:4f:6c:45:98:6b:16:9c:bd:e0:
         6e:8c:a3:6b:6b:26:a1:29:be:06:8b:26:8b:43:b3:aa:9a:90:
         b9:5d:fa:d6:98:b4:39:4b:2f:76:be:7b:0f:86:1d:fe:3b:60:
         42:bf:41:53
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZQrJTgUGTXHUKSnpRnxDihwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBiMWU3MmYzZDA5NTdmNWE2ZTNiZDFiODQ0YTEyYTYxNDc0
NDkwMjcwHhcNMjUwMTAzMDc1MDQ2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNzgwMDg5NmMwOWJjZTBjYjQ1YzI2MzAxMzRjMWQwMDJlMjQ4YWFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwuDBiWHHnaNpcz0r0g30IzF4iY6N
BCbZZwrWNnQ739GBzKPL+7YykN+aeYtoJ2TAHdw5rkvWRyvOvDTpxu30LR2GtW3a
DBC3vgjqoLg3ptw/5YNx8kohsIBjn0R/dQ1aZsGqmc1hmZjTdP4s4KfbcsPBjXy2
jLxrn54eaK6VR88DQHLwYyaEZQKPS5aPsm1QkaNNpCH/NIpaz6NqvJhz7s6YkjC4
icc+xXFXxbNRwjPogq2LETerFWWqmnNae4/diLF+3D9Jw6ZYz+Lsum1o5nyIrhQG
/yAfpryNXUekaCqVD0S1k2K+3+FC6kUBsDO7dPcY0DZuRKXN8JSQpvhhUQIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFOeACJbAm84MtFwmMBNMHQAuJIqsMB8GA1UdIwQY
MBaAFAsecvPQlX9abjvRuEShKmFHRJAnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ3g1eTg5Q1ZmMXB1TzlHNFJLRXFZVWRFa0NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYS8xYTVhOTYtZDM2ZS00ZjNhLTliMzQt
MDU0OGQzODk1YTU1LzEvNTRBSWxzQ2J6Z3kwWENZd0Uwd2RBQzRraXF3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYS8xYTVhOTYtZDM2ZS00ZjNhLTliMzQtMDU0OGQzODk1YTU1
LzEvQ3g1eTg5Q1ZmMXB1TzlHNFJLRXFZVWRFa0NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQAud+yAwQA
ue3XMA0EAgACMAcDBQMqDcJAMA0GCSqGSIb3DQEBCwUAA4IBAQBQzsh3a6aAVBQz
7xGgyCqOSJ9yW/CQ4jQ4Y4sAlWSHnr+CtMOhJwxo+eTuDHlvAFgVd5nv7+LyIrWj
o/ZEVz5GcVFw0Sn049Mu/rk66ZhQxotr6aGXV0lgnrO+fn/rMVW4oC6zLA+VlfxP
jkW4+7JAQGqdv/rWP157AE5k9yrL9xiOPkD2J0M9bvDPLAynvB95Ze8zHNpi0l1J
8N2j+2m2S0KWUuc5Nlx2i2SL8WhxeztdRpvrzD0Gg8x+fbw5ff6OMDzSw0ubQSI7
0UEVFdFPbEWYaxacveBujKNrayahKb4GiyaLQ7OqmpC5XfrWmLQ5Sy92vnsPhh3+
O2BCv0FT
-----END CERTIFICATE-----