Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/32/5d842f-6324-4122-b850-2c6a2c69212b/1/UrDZwQUlz8oM-YZBJZCko8DzwV4.roa
File:                     UrDZwQUlz8oM-YZBJZCko8DzwV4.roa (raw, json)
Hash identifier:          R8F+9yAyW9iHTTMQt2jYkPuGAbrbM2b50inI73XP78c=
Subject key identifier:   52:B0:D9:C1:05:25:CF:CA:0C:F9:86:41:25:90:A4:A3:C0:F3:C1:5E
Certificate issuer:       /CN=75b5abb35fca3070d48122a339ec5cbeff0be97a
Certificate serial:       019639FF3BBB04800B3EBFC7FDE56EC65217
Authority key identifier: 75:B5:AB:B3:5F:CA:30:70:D4:81:22:A3:39:EC:5C:BE:FF:0B:E9:7A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dbWrs1_KMHDUgSKjOexcvv8L6Xo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/32/5d842f-6324-4122-b850-2c6a2c69212b/1/UrDZwQUlz8oM-YZBJZCko8DzwV4.roa
Signing time:             Tue 15 Apr 2025 15:09:10 +0000
ROA not before:           Tue 15 Apr 2025 15:09:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     60016
IP address blocks:        185.244.252.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/32/5d842f-6324-4122-b850-2c6a2c69212b/1/dbWrs1_KMHDUgSKjOexcvv8L6Xo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/32/5d842f-6324-4122-b850-2c6a2c69212b/1/dbWrs1_KMHDUgSKjOexcvv8L6Xo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dbWrs1_KMHDUgSKjOexcvv8L6Xo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 19 Apr 2025 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:39:ff:3b:bb:04:80:0b:3e:bf:c7:fd:e5:6e:c6:52:17
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=75b5abb35fca3070d48122a339ec5cbeff0be97a
        Validity
            Not Before: Apr 15 15:09:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=52b0d9c10525cfca0cf986412590a4a3c0f3c15e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:7e:46:86:6f:03:02:be:11:aa:e6:ad:ca:8b:
                    0a:66:d4:c7:ff:f7:19:ea:f5:0f:c3:a1:60:f4:39:
                    f5:4e:cd:91:4c:c0:dd:fb:92:70:76:7e:d6:08:ce:
                    3c:2b:d0:ca:88:4f:82:f2:67:02:2b:3d:80:15:0c:
                    83:71:b4:c5:cc:dd:94:3a:66:60:48:77:fe:c5:d7:
                    4e:42:4c:fd:65:37:a6:f8:14:a9:7b:c1:14:98:4e:
                    42:77:3a:1c:4a:a8:bd:89:ec:1e:9f:51:2e:86:af:
                    15:98:ba:f9:f2:e8:ae:dd:95:85:31:ac:db:98:8f:
                    3e:de:29:88:93:04:7d:b6:27:aa:ae:a0:34:7d:8b:
                    41:d4:b1:7d:4f:f3:f6:f4:51:4a:2a:7a:7b:4f:4a:
                    de:fe:c8:cf:7c:37:00:43:c0:a2:bb:52:4b:87:1c:
                    9d:ac:f5:f0:e1:28:8b:60:f7:7e:f0:a4:d3:44:d0:
                    43:0d:60:12:d4:45:c1:cf:50:c8:74:fa:b8:ad:f3:
                    20:8a:4f:9d:aa:66:85:1a:6e:3e:93:89:29:e6:a2:
                    b5:83:c1:3a:64:2f:43:ae:74:e6:be:33:20:94:77:
                    b8:e1:f1:d2:4a:37:29:d5:08:2a:fc:22:5c:0d:eb:
                    95:d3:e5:8b:14:ec:f8:83:94:59:dd:ac:c4:8c:39:
                    98:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                52:B0:D9:C1:05:25:CF:CA:0C:F9:86:41:25:90:A4:A3:C0:F3:C1:5E
            X509v3 Authority Key Identifier:
                keyid:75:B5:AB:B3:5F:CA:30:70:D4:81:22:A3:39:EC:5C:BE:FF:0B:E9:7A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dbWrs1_KMHDUgSKjOexcvv8L6Xo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/32/5d842f-6324-4122-b850-2c6a2c69212b/1/UrDZwQUlz8oM-YZBJZCko8DzwV4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/32/5d842f-6324-4122-b850-2c6a2c69212b/1/dbWrs1_KMHDUgSKjOexcvv8L6Xo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.244.252.0/22

    Signature Algorithm: sha256WithRSAEncryption
         75:c9:d9:6c:c3:a1:e0:96:41:ad:c7:cb:ec:54:41:09:d1:48:
         10:6d:d0:43:b9:47:23:7a:93:b5:81:b0:e3:e8:1a:39:66:48:
         c1:6b:ca:64:cd:b8:ab:7f:d2:60:01:af:76:14:3a:f4:22:de:
         16:ef:8f:01:d3:5b:a1:8f:c3:a3:8d:1e:7d:96:6f:9d:d6:7f:
         15:1d:3a:f4:fe:ef:e5:5a:09:39:d7:03:b1:2b:3b:b4:1c:0a:
         98:d8:65:db:6e:59:0d:4c:6f:7e:a5:55:35:ac:3f:30:8e:fa:
         63:c3:4d:c5:1d:f2:e3:6e:30:8f:4a:21:78:e9:55:d5:33:d7:
         0c:d8:be:38:f5:1d:04:ca:0b:58:fc:85:39:fe:15:9c:8e:c8:
         46:ee:49:65:12:bd:a8:f1:59:c9:3d:af:49:f8:8f:00:e4:ef:
         ec:d4:84:7f:59:3b:de:64:39:1e:ba:e0:b7:a5:25:b7:59:7b:
         4e:8f:b5:e6:ca:55:58:97:fe:88:3b:15:96:ed:b4:e8:12:b8:
         3f:f3:80:e6:98:32:d5:c4:0b:c1:04:42:d7:48:0e:6f:12:28:
         26:97:ec:ba:66:93:b8:80:94:9d:4c:46:5f:7b:7f:60:63:4f:
         e0:e3:77:9b:12:03:30:ca:34:a2:10:55:d1:17:6a:8c:c7:11:
         07:28:01:07
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZY5/zu7BIALPr/H/eVuxlIXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc1YjVhYmIzNWZjYTMwNzBkNDgxMjJhMzM5ZWM1Y2JlZmYw
YmU5N2EwHhcNMjUwNDE1MTUwOTEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MmIwZDljMTA1MjVjZmNhMGNmOTg2NDEyNTkwYTRhM2MwZjNjMTVlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg35Ghm8DAr4RquatyosKZtTH//cZ
6vUPw6Fg9Dn1Ts2RTMDd+5Jwdn7WCM48K9DKiE+C8mcCKz2AFQyDcbTFzN2UOmZg
SHf+xddOQkz9ZTem+BSpe8EUmE5CdzocSqi9iewen1Euhq8VmLr58uiu3ZWFMazb
mI8+3imIkwR9tieqrqA0fYtB1LF9T/P29FFKKnp7T0re/sjPfDcAQ8Ciu1JLhxyd
rPXw4SiLYPd+8KTTRNBDDWAS1EXBz1DIdPq4rfMgik+dqmaFGm4+k4kp5qK1g8E6
ZC9DrnTmvjMglHe44fHSSjcp1Qgq/CJcDeuV0+WLFOz4g5RZ3azEjDmYPwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFKw2cEFJc/KDPmGQSWQpKPA88FeMB8GA1UdIwQY
MBaAFHW1q7NfyjBw1IEioznsXL7/C+l6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZGJXcnMxX0tNSERVZ1NLak9leGN2djhMNlhvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMi81ZDg0MmYtNjMyNC00MTIyLWI4NTAt
MmM2YTJjNjkyMTJiLzEvVXJEWndRVWx6OG9NLVlaQkpaQ2tvOER6d1Y0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMi81ZDg0MmYtNjMyNC00MTIyLWI4NTAtMmM2YTJjNjkyMTJi
LzEvZGJXcnMxX0tNSERVZ1NLak9leGN2djhMNlhvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCufT8MA0G
CSqGSIb3DQEBCwUAA4IBAQB1ydlsw6HglkGtx8vsVEEJ0UgQbdBDuUcjepO1gbDj
6Bo5ZkjBa8pkzbirf9JgAa92FDr0It4W748B01uhj8OjjR59lm+d1n8VHTr0/u/l
Wgk51wOxKzu0HAqY2GXbblkNTG9+pVU1rD8wjvpjw03FHfLjbjCPSiF46VXVM9cM
2L449R0EygtY/IU5/hWcjshG7kllEr2o8VnJPa9J+I8A5O/s1IR/WTveZDkeuuC3
pSW3WXtOj7XmylVYl/6IOxWW7bToErg/84DmmDLVxAvBBELXSA5vEigml+y6ZpO4
gJSdTEZfe39gY0/g43ebEgMwyjSiEFXRF2qMxxEHKAEH
-----END CERTIFICATE-----