Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/34/db1b48-1cc5-4833-93d9-b9464718ba37/1/JFyb9vOEShiklCUE-xhXQcKys24.roa
File:                     JFyb9vOEShiklCUE-xhXQcKys24.roa (raw, json)
Hash identifier:          yRt2GvdxkvGMHkQaqbdXsuANeN2IU6ZvnsT36x7jpNo=
Subject key identifier:   24:5C:9B:F6:F3:84:4A:18:A4:94:25:04:FB:18:57:41:C2:B2:B3:6E
Certificate issuer:       /CN=73f210f1299a1e0aee71dc1d79e5fb12092d30a9
Certificate serial:       01955BAE891D43CACEE48FC3F680C94A7594
Authority key identifier: 73:F2:10:F1:29:9A:1E:0A:EE:71:DC:1D:79:E5:FB:12:09:2D:30:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/c_IQ8SmaHgrucdwdeeX7EgktMKk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/34/db1b48-1cc5-4833-93d9-b9464718ba37/1/JFyb9vOEShiklCUE-xhXQcKys24.roa
Signing time:             Mon 03 Mar 2025 11:05:19 +0000
ROA not before:           Mon 03 Mar 2025 11:05:19 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     174
IP address blocks:        5.22.204.0/22 maxlen: 22
                          188.191.48.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/34/db1b48-1cc5-4833-93d9-b9464718ba37/1/c_IQ8SmaHgrucdwdeeX7EgktMKk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/34/db1b48-1cc5-4833-93d9-b9464718ba37/1/c_IQ8SmaHgrucdwdeeX7EgktMKk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/c_IQ8SmaHgrucdwdeeX7EgktMKk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 13 Apr 2025 05:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:5b:ae:89:1d:43:ca:ce:e4:8f:c3:f6:80:c9:4a:75:94
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=73f210f1299a1e0aee71dc1d79e5fb12092d30a9
        Validity
            Not Before: Mar  3 11:05:19 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=245c9bf6f3844a18a4942504fb185741c2b2b36e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:0a:5e:6a:b7:c4:d4:50:37:d8:15:0a:fa:1c:
                    a6:e1:b2:3a:f4:02:db:e0:23:45:ac:df:9a:f5:20:
                    ab:be:13:28:1b:e7:65:df:f8:81:cf:bd:d2:52:bc:
                    6a:6f:ef:97:79:1e:7b:bb:a3:77:b0:d2:9e:f5:75:
                    62:49:3c:72:e8:91:03:69:d6:a4:69:b9:68:37:da:
                    1f:3d:fc:c1:a0:a4:e2:4b:65:ce:35:75:15:f5:3b:
                    20:f4:6e:f2:b8:68:80:0b:de:50:ab:90:45:e8:68:
                    be:36:ee:d0:c4:f9:55:b6:91:67:f0:30:6f:2a:9b:
                    fc:02:6b:df:82:e7:e8:46:7d:2a:f4:7f:0c:b7:f1:
                    e6:9b:22:14:c1:f6:93:0f:d1:c6:47:f8:d8:9d:a6:
                    8b:74:df:d3:00:bd:ea:60:42:24:d3:98:a0:b9:91:
                    52:cb:93:89:e4:6b:f5:d6:7c:df:50:96:c0:d3:64:
                    d4:e1:fe:cd:3c:a8:75:03:14:86:e1:5c:c5:b0:b2:
                    50:b2:d6:aa:b7:b3:41:60:35:f0:54:36:df:97:46:
                    64:8e:fc:72:2b:27:bb:82:3f:58:74:5a:0c:ae:f8:
                    51:28:f8:cf:de:ed:7c:5c:6c:b8:51:67:b2:7c:30:
                    7c:d7:f4:b5:67:e4:ba:b5:c3:c5:49:ff:03:a2:25:
                    a4:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                24:5C:9B:F6:F3:84:4A:18:A4:94:25:04:FB:18:57:41:C2:B2:B3:6E
            X509v3 Authority Key Identifier:
                keyid:73:F2:10:F1:29:9A:1E:0A:EE:71:DC:1D:79:E5:FB:12:09:2D:30:A9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/c_IQ8SmaHgrucdwdeeX7EgktMKk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/34/db1b48-1cc5-4833-93d9-b9464718ba37/1/JFyb9vOEShiklCUE-xhXQcKys24.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/34/db1b48-1cc5-4833-93d9-b9464718ba37/1/c_IQ8SmaHgrucdwdeeX7EgktMKk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.22.204.0/22
                  188.191.48.0/22

    Signature Algorithm: sha256WithRSAEncryption
         4d:6b:81:87:21:af:cd:aa:b7:79:a6:55:b4:39:34:18:39:12:
         e8:f5:84:87:60:91:36:12:7a:2a:a0:0e:a2:77:d4:e5:a4:7e:
         69:5b:c9:0e:20:69:fe:b0:83:83:d2:25:28:09:e5:e8:07:62:
         44:a4:23:5b:de:21:5c:3f:72:72:21:94:ce:01:4a:ee:f7:7b:
         83:be:2c:06:51:da:65:dc:97:20:a0:c7:83:90:73:3e:66:e2:
         b3:0e:4d:a6:41:88:0c:77:34:3b:7b:48:85:5e:ea:ee:9a:13:
         52:ca:47:09:5e:33:21:9d:d7:f3:24:23:e2:be:79:92:de:b3:
         6a:a8:c9:c5:ad:fe:85:a2:ff:e8:5e:7d:8e:02:c1:90:f1:e7:
         5b:f7:79:15:5a:6e:a2:70:d1:96:4b:87:92:a0:e1:15:ff:28:
         20:56:c5:89:3c:b2:fa:7e:b2:d0:fb:76:ef:5e:dc:d2:7f:4f:
         3c:74:db:a4:15:c1:35:92:ff:8f:4f:19:60:5b:95:da:06:d0:
         05:c7:2f:9f:7f:f3:a9:cb:87:d4:9d:c4:a6:82:d2:ba:b0:55:
         d4:4a:d9:8f:55:07:75:5e:3b:64:97:cd:08:a6:4b:ce:f5:44:
         55:57:6e:ae:a1:3c:af:39:69:97:a1:7d:03:7d:2d:41:9c:e5:
         6e:ff:f4:f9
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZVbrokdQ8rO5I/D9oDJSnWUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDczZjIxMGYxMjk5YTFlMGFlZTcxZGMxZDc5ZTVmYjEyMDky
ZDMwYTkwHhcNMjUwMzAzMTEwNTE5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNDVjOWJmNmYzODQ0YTE4YTQ5NDI1MDRmYjE4NTc0MWMyYjJiMzZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArApearfE1FA32BUK+hym4bI69ALb
4CNFrN+a9SCrvhMoG+dl3/iBz73SUrxqb++XeR57u6N3sNKe9XViSTxy6JEDadak
abloN9ofPfzBoKTiS2XONXUV9Tsg9G7yuGiAC95Qq5BF6Gi+Nu7QxPlVtpFn8DBv
Kpv8AmvfgufoRn0q9H8Mt/HmmyIUwfaTD9HGR/jYnaaLdN/TAL3qYEIk05iguZFS
y5OJ5Gv11nzfUJbA02TU4f7NPKh1AxSG4VzFsLJQstaqt7NBYDXwVDbfl0Zkjvxy
Kye7gj9YdFoMrvhRKPjP3u18XGy4UWeyfDB81/S1Z+S6tcPFSf8DoiWkXwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFCRcm/bzhEoYpJQlBPsYV0HCsrNuMB8GA1UdIwQY
MBaAFHPyEPEpmh4K7nHcHXnl+xIJLTCpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY19JUThTbWFIZ3J1Y2R3ZGVlWDdFZ2t0TUtrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNC9kYjFiNDgtMWNjNS00ODMzLTkzZDkt
Yjk0NjQ3MThiYTM3LzEvSkZ5Yjl2T0VTaGlrbENVRS14aFhRY0t5czI0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNC9kYjFiNDgtMWNjNS00ODMzLTkzZDktYjk0NjQ3MThiYTM3
LzEvY19JUThTbWFIZ3J1Y2R3ZGVlWDdFZ2t0TUtrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCBRbMAwQC
vL8wMA0GCSqGSIb3DQEBCwUAA4IBAQBNa4GHIa/Nqrd5plW0OTQYORLo9YSHYJE2
EnoqoA6id9TlpH5pW8kOIGn+sIOD0iUoCeXoB2JEpCNb3iFcP3JyIZTOAUru93uD
viwGUdpl3JcgoMeDkHM+ZuKzDk2mQYgMdzQ7e0iFXurumhNSykcJXjMhndfzJCPi
vnmS3rNqqMnFrf6Fov/oXn2OAsGQ8edb93kVWm6icNGWS4eSoOEV/yggVsWJPLL6
frLQ+3bvXtzSf088dNukFcE1kv+PTxlgW5XaBtAFxy+ff/Opy4fUncSmgtK6sFXU
StmPVQd1Xjtkl80IpkvO9URVV26uoTyvOWmXoX0DfS1BnOVu//T5
-----END CERTIFICATE-----