Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3a/2575fe-a526-4195-9745-fa96bdd2ffa3/1/5iUoguj_iK1nNW8vHsVzOldAdSU.roa
File:                     5iUoguj_iK1nNW8vHsVzOldAdSU.roa (raw, json)
Hash identifier:          pKY+cX83EfJeSDoR6xrNZru3sgyhL3gHqEm0luVXgrc=
Subject key identifier:   E6:25:28:82:E8:FF:88:AD:67:35:6F:2F:1E:C5:73:3A:57:40:75:25
Certificate issuer:       /CN=4f4dc5d4c076fd84263ab72e6f17b5ff4acb8448
Certificate serial:       019424B27BBECBBA48503EFC9CFAB27443B5
Authority key identifier: 4F:4D:C5:D4:C0:76:FD:84:26:3A:B7:2E:6F:17:B5:FF:4A:CB:84:48
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T03F1MB2_YQmOrcubxe1_0rLhEg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3a/2575fe-a526-4195-9745-fa96bdd2ffa3/1/5iUoguj_iK1nNW8vHsVzOldAdSU.roa
Signing time:             Thu 02 Jan 2025 01:47:44 +0000
ROA not before:           Thu 02 Jan 2025 01:47:44 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     43800
IP address blocks:        185.54.4.0/23 maxlen: 23
                          185.54.6.0/24 maxlen: 24
                          193.34.136.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3a/2575fe-a526-4195-9745-fa96bdd2ffa3/1/T03F1MB2_YQmOrcubxe1_0rLhEg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3a/2575fe-a526-4195-9745-fa96bdd2ffa3/1/T03F1MB2_YQmOrcubxe1_0rLhEg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T03F1MB2_YQmOrcubxe1_0rLhEg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:b2:7b:be:cb:ba:48:50:3e:fc:9c:fa:b2:74:43:b5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f4dc5d4c076fd84263ab72e6f17b5ff4acb8448
        Validity
            Not Before: Jan  2 01:47:44 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e6252882e8ff88ad67356f2f1ec5733a57407525
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:b8:62:89:5c:a6:59:b5:e7:a2:92:c4:73:8b:
                    11:58:48:f9:06:66:c6:ec:68:84:bc:b6:18:ef:55:
                    de:83:30:79:99:be:d0:43:21:6f:c8:be:cd:8e:d6:
                    e5:c4:06:72:d3:79:68:a3:88:59:f7:a5:e0:5e:5a:
                    74:be:e1:3e:93:7c:59:40:5a:82:7c:8d:17:bb:5d:
                    d9:4b:69:41:0c:02:e6:53:dc:31:04:62:9b:dd:c3:
                    48:6f:4e:bd:b4:71:59:7a:d4:bc:4e:da:77:b4:c0:
                    77:dc:76:f8:11:80:af:e4:0d:88:17:dd:24:db:0b:
                    ff:db:ef:bb:36:e6:1a:75:96:0e:c0:94:d6:0a:10:
                    4c:7e:7d:4b:0b:cf:fb:a2:dd:f6:4e:05:d0:0b:d0:
                    4c:f2:c3:d7:b8:cb:64:2d:fb:f5:89:3a:c5:e2:a9:
                    48:ab:a9:e9:06:6d:3c:bf:48:19:99:95:49:4f:eb:
                    81:ea:66:34:93:99:53:26:09:cc:7c:83:0c:e5:2c:
                    55:78:84:69:19:8f:9a:05:2f:b9:37:92:e8:65:e7:
                    02:58:b6:52:53:54:08:66:54:2c:a4:c8:e0:9a:5c:
                    87:a2:cc:14:ac:e6:dd:da:c5:6e:76:ac:ac:6c:91:
                    42:82:1c:dd:8f:bf:5b:2c:d8:3c:e9:31:85:10:6e:
                    f6:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E6:25:28:82:E8:FF:88:AD:67:35:6F:2F:1E:C5:73:3A:57:40:75:25
            X509v3 Authority Key Identifier:
                keyid:4F:4D:C5:D4:C0:76:FD:84:26:3A:B7:2E:6F:17:B5:FF:4A:CB:84:48

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T03F1MB2_YQmOrcubxe1_0rLhEg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/2575fe-a526-4195-9745-fa96bdd2ffa3/1/5iUoguj_iK1nNW8vHsVzOldAdSU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/2575fe-a526-4195-9745-fa96bdd2ffa3/1/T03F1MB2_YQmOrcubxe1_0rLhEg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.54.4.0-185.54.6.255
                  193.34.136.0/23

    Signature Algorithm: sha256WithRSAEncryption
         e2:01:21:55:07:2e:df:f7:96:64:6c:8d:e3:f2:44:05:2a:aa:
         23:8a:57:9b:25:ab:3d:73:5f:46:0e:46:b8:37:5b:cc:8e:da:
         dc:3b:5d:98:3c:73:8e:5e:60:b3:4b:c5:36:3d:6e:0e:8b:b8:
         12:e9:ac:c9:49:de:da:76:af:0b:ee:a1:ae:23:2e:e1:82:60:
         02:e1:3c:cb:db:1e:ff:78:46:26:28:65:3d:87:34:3f:c4:1d:
         87:65:5f:3f:ce:96:90:b1:63:5a:3f:73:34:d5:0f:89:f2:59:
         16:ed:ac:d7:46:48:f7:55:f2:6a:e3:01:40:f4:7e:2d:e3:3c:
         bd:e0:53:c0:ba:ab:c6:9e:7f:4d:1c:1c:03:3a:11:7b:be:b8:
         a4:1b:30:26:52:61:6c:fd:c6:1d:a4:38:ce:d6:ed:9d:42:d5:
         2f:64:43:d5:c5:1a:47:5b:66:7f:e3:9d:f9:77:71:03:82:68:
         50:dc:43:2a:39:88:70:4a:b9:2d:ca:68:06:45:08:8d:a5:19:
         44:8b:e8:b1:f2:c2:69:f6:d3:63:56:53:37:e5:c2:ee:80:0a:
         3c:d0:33:bf:bd:16:a1:fd:c5:72:47:28:58:ea:4b:bd:60:82:
         0e:2a:fb:62:e5:71:4e:79:83:9b:82:e4:0d:70:15:67:f1:c1:
         4c:54:9d:36
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAZQksnu+y7pIUD78nPqydEO1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmNGRjNWQ0YzA3NmZkODQyNjNhYjcyZTZmMTdiNWZmNGFj
Yjg0NDgwHhcNMjUwMTAyMDE0NzQ0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNjI1Mjg4MmU4ZmY4OGFkNjczNTZmMmYxZWM1NzMzYTU3NDA3NTI1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl7hiiVymWbXnopLEc4sRWEj5BmbG
7GiEvLYY71XegzB5mb7QQyFvyL7NjtblxAZy03loo4hZ96XgXlp0vuE+k3xZQFqC
fI0Xu13ZS2lBDALmU9wxBGKb3cNIb069tHFZetS8Ttp3tMB33Hb4EYCv5A2IF90k
2wv/2++7NuYadZYOwJTWChBMfn1LC8/7ot32TgXQC9BM8sPXuMtkLfv1iTrF4qlI
q6npBm08v0gZmZVJT+uB6mY0k5lTJgnMfIMM5SxVeIRpGY+aBS+5N5LoZecCWLZS
U1QIZlQspMjgmlyHoswUrObd2sVudqysbJFCghzdj79bLNg86TGFEG72aQIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFOYlKILo/4itZzVvLx7FczpXQHUlMB8GA1UdIwQY
MBaAFE9NxdTAdv2EJjq3Lm8Xtf9Ky4RIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVDAzRjFNQjJfWVFtT3JjdWJ4ZTFfMHJMaEVnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYS8yNTc1ZmUtYTUyNi00MTk1LTk3NDUt
ZmE5NmJkZDJmZmEzLzEvNWlVb2d1al9pSzFuTlc4dkhzVnpPbGRBZFNVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYS8yNTc1ZmUtYTUyNi00MTk1LTk3NDUtZmE5NmJkZDJmZmEz
LzEvVDAzRjFNQjJfWVFtT3JjdWJ4ZTFfMHJMaEVnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAATAUMAwDBAK5NgQD
BAC5NgYDBAHBIogwDQYJKoZIhvcNAQELBQADggEBAOIBIVUHLt/3lmRsjePyRAUq
qiOKV5slqz1zX0YORrg3W8yO2tw7XZg8c45eYLNLxTY9bg6LuBLprMlJ3tp2rwvu
oa4jLuGCYALhPMvbHv94RiYoZT2HND/EHYdlXz/OlpCxY1o/czTVD4nyWRbtrNdG
SPdV8mrjAUD0fi3jPL3gU8C6q8aef00cHAM6EXu+uKQbMCZSYWz9xh2kOM7W7Z1C
1S9kQ9XFGkdbZn/jnfl3cQOCaFDcQyo5iHBKuS3KaAZFCI2lGUSL6LHywmn202NW
Uzflwu6ACjzQM7+9FqH9xXJHKFjqS71ggg4q+2LlcU55g5uC5A1wFWfxwUxUnTY=
-----END CERTIFICATE-----