Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/35/5ecfc2-da70-4333-8f96-5b87825c07ee/1/rSBf7m4QN8B8IdOa1QZkuz2yGzo.roa
File:                     rSBf7m4QN8B8IdOa1QZkuz2yGzo.roa (raw, json)
Hash identifier:          HK04u30OvyiqU+SoQ1bUDIZ6GpYsXVoMPcjWlJuPm+o=
Subject key identifier:   AD:20:5F:EE:6E:10:37:C0:7C:21:D3:9A:D5:06:64:BB:3D:B2:1B:3A
Certificate issuer:       /CN=4456c14cd8724f9a909627b94e006cf69d12307b
Certificate serial:       0194228DC8FE20D2FFC19BB9DA71E3E43327
Authority key identifier: 44:56:C1:4C:D8:72:4F:9A:90:96:27:B9:4E:00:6C:F6:9D:12:30:7B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RFbBTNhyT5qQlie5TgBs9p0SMHs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/35/5ecfc2-da70-4333-8f96-5b87825c07ee/1/rSBf7m4QN8B8IdOa1QZkuz2yGzo.roa
Signing time:             Wed 01 Jan 2025 15:48:24 +0000
ROA not before:           Wed 01 Jan 2025 15:48:24 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     200239
IP address blocks:        185.36.127.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/35/5ecfc2-da70-4333-8f96-5b87825c07ee/1/RFbBTNhyT5qQlie5TgBs9p0SMHs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/35/5ecfc2-da70-4333-8f96-5b87825c07ee/1/RFbBTNhyT5qQlie5TgBs9p0SMHs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RFbBTNhyT5qQlie5TgBs9p0SMHs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 16:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:8d:c8:fe:20:d2:ff:c1:9b:b9:da:71:e3:e4:33:27
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4456c14cd8724f9a909627b94e006cf69d12307b
        Validity
            Not Before: Jan  1 15:48:24 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ad205fee6e1037c07c21d39ad50664bb3db21b3a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:59:ff:7a:89:12:f2:0f:de:59:be:ee:86:78:
                    af:19:ae:35:0d:ac:c5:25:59:ae:2f:0f:51:d4:0c:
                    af:0a:5c:03:f1:c4:4e:3f:07:28:44:0b:09:97:8d:
                    b1:97:18:f0:23:ae:1f:86:c1:a2:6b:20:5b:bc:43:
                    c5:18:54:ca:b9:3e:5e:b8:ff:16:41:d8:14:d0:f1:
                    14:d2:1e:af:ac:02:25:08:8c:65:2b:58:f3:f2:65:
                    fb:88:fe:59:9c:be:96:20:8e:20:b7:dc:6d:d3:a7:
                    7f:9a:ea:be:ed:94:2c:ed:6d:46:61:b4:41:1b:fe:
                    ce:74:11:f1:b8:b2:72:02:36:6a:f6:d7:2d:6e:e3:
                    a1:89:99:03:58:59:40:01:97:3c:4f:7d:49:2e:12:
                    ee:df:b7:fa:77:10:6e:9b:2b:9f:3b:06:da:6c:fb:
                    9a:e5:70:c5:7e:32:ce:c8:bd:75:aa:cb:f8:a9:f5:
                    a2:13:c7:78:d4:bc:9d:da:42:3d:0e:f6:a3:c6:c4:
                    ab:7a:05:72:b4:3c:64:3c:32:d6:0b:eb:80:94:97:
                    f1:8c:18:5a:8b:f4:a4:76:89:8d:25:fc:55:0f:8c:
                    2e:ff:01:39:d9:e5:ba:c9:bc:28:da:f6:b6:ed:e0:
                    35:9c:0d:38:b6:e4:7c:d1:0b:4c:cb:e9:04:4a:8e:
                    36:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AD:20:5F:EE:6E:10:37:C0:7C:21:D3:9A:D5:06:64:BB:3D:B2:1B:3A
            X509v3 Authority Key Identifier:
                keyid:44:56:C1:4C:D8:72:4F:9A:90:96:27:B9:4E:00:6C:F6:9D:12:30:7B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RFbBTNhyT5qQlie5TgBs9p0SMHs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/35/5ecfc2-da70-4333-8f96-5b87825c07ee/1/rSBf7m4QN8B8IdOa1QZkuz2yGzo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/35/5ecfc2-da70-4333-8f96-5b87825c07ee/1/RFbBTNhyT5qQlie5TgBs9p0SMHs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.36.127.0/24

    Signature Algorithm: sha256WithRSAEncryption
         56:17:e6:58:40:54:e8:6d:e4:7d:c1:2a:2e:a8:62:8c:01:7b:
         8e:ea:70:4a:f5:9e:5b:58:ce:aa:8c:0c:5a:37:77:15:22:33:
         9f:62:ca:2c:c2:0c:de:4a:ef:9f:69:32:d9:fe:7b:d0:7a:22:
         97:9f:0a:a6:be:db:69:a7:d0:03:58:81:b6:fa:ae:fc:de:7a:
         59:8f:60:aa:9d:db:14:03:bd:48:b1:5f:9d:97:46:92:b6:f1:
         4b:f1:45:ef:4e:f1:58:0e:01:29:bc:95:7d:c3:e3:54:c5:c6:
         21:52:ba:96:32:cb:98:12:80:15:10:8e:cd:bb:03:13:51:95:
         18:42:4f:75:d2:80:8d:19:99:2c:08:a5:1d:13:99:ae:0b:50:
         08:d5:cd:5a:37:51:6d:c5:6d:75:ad:28:73:d4:4a:18:50:ca:
         58:a7:cf:30:30:8e:95:cc:12:e9:e3:c2:60:89:79:12:55:b3:
         4a:91:00:2c:13:ba:31:b8:57:ce:2b:ab:66:7a:41:e9:dd:49:
         15:57:b9:26:b6:cc:36:96:4f:f4:fd:57:03:a4:4b:cb:de:96:
         e1:41:1b:d6:e9:c9:cd:4d:3a:ba:31:97:3f:20:91:6c:6d:ec:
         8e:26:37:bc:1d:1a:a1:e9:9c:4f:e5:15:79:21:e3:40:c8:60:
         11:b7:95:aa
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQijcj+INL/wZu52nHj5DMnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ0NTZjMTRjZDg3MjRmOWE5MDk2MjdiOTRlMDA2Y2Y2OWQx
MjMwN2IwHhcNMjUwMTAxMTU0ODI0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZDIwNWZlZTZlMTAzN2MwN2MyMWQzOWFkNTA2NjRiYjNkYjIxYjNhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvVn/eokS8g/eWb7uhnivGa41DazF
JVmuLw9R1AyvClwD8cROPwcoRAsJl42xlxjwI64fhsGiayBbvEPFGFTKuT5euP8W
QdgU0PEU0h6vrAIlCIxlK1jz8mX7iP5ZnL6WII4gt9xt06d/muq+7ZQs7W1GYbRB
G/7OdBHxuLJyAjZq9tctbuOhiZkDWFlAAZc8T31JLhLu37f6dxBumyufOwbabPua
5XDFfjLOyL11qsv4qfWiE8d41Lyd2kI9DvajxsSregVytDxkPDLWC+uAlJfxjBha
i/SkdomNJfxVD4wu/wE52eW6ybwo2va27eA1nA04tuR80QtMy+kESo42WwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFK0gX+5uEDfAfCHTmtUGZLs9shs6MB8GA1UdIwQY
MBaAFERWwUzYck+akJYnuU4AbPadEjB7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUkZiQlROaHlUNXFRbGllNVRnQnM5cDBTTUhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNS81ZWNmYzItZGE3MC00MzMzLThmOTYt
NWI4NzgyNWMwN2VlLzEvclNCZjdtNFFOOEI4SWRPYTFRWmt1ejJ5R3pvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNS81ZWNmYzItZGE3MC00MzMzLThmOTYtNWI4NzgyNWMwN2Vl
LzEvUkZiQlROaHlUNXFRbGllNVRnQnM5cDBTTUhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuSR/MA0G
CSqGSIb3DQEBCwUAA4IBAQBWF+ZYQFTobeR9wSouqGKMAXuO6nBK9Z5bWM6qjAxa
N3cVIjOfYsoswgzeSu+faTLZ/nvQeiKXnwqmvttpp9ADWIG2+q783npZj2CqndsU
A71IsV+dl0aStvFL8UXvTvFYDgEpvJV9w+NUxcYhUrqWMsuYEoAVEI7NuwMTUZUY
Qk910oCNGZksCKUdE5muC1AI1c1aN1FtxW11rShz1EoYUMpYp88wMI6VzBLp48Jg
iXkSVbNKkQAsE7oxuFfOK6tmekHp3UkVV7kmtsw2lk/0/VcDpEvL3pbhQRvW6cnN
TTq6MZc/IJFsbeyOJje8HRqh6ZxP5RV5IeNAyGARt5Wq
-----END CERTIFICATE-----