Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3a/bec756-1dfe-4374-8607-9d8f0ef5c503/1/5Be38N82i-kj4EuiNkalcK2iR3Q.roa
File:                     5Be38N82i-kj4EuiNkalcK2iR3Q.roa (raw, json)
Hash identifier:          J33WflhWlfLpbIfuokDfwd3Gd2ZFgGd5EDrdDXG7Eqc=
Subject key identifier:   E4:17:B7:F0:DF:36:8B:E9:23:E0:4B:A2:36:46:A5:70:AD:A2:47:74
Certificate issuer:       /CN=9d5ecce8c87c4f0a75ba21e5c84f624121e08e32
Certificate serial:       01961FB93009019417BE7615FCF9C2E53299
Authority key identifier: 9D:5E:CC:E8:C8:7C:4F:0A:75:BA:21:E5:C8:4F:62:41:21:E0:8E:32
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nV7M6Mh8Twp1uiHlyE9iQSHgjjI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3a/bec756-1dfe-4374-8607-9d8f0ef5c503/1/5Be38N82i-kj4EuiNkalcK2iR3Q.roa
Signing time:             Thu 10 Apr 2025 12:42:32 +0000
ROA not before:           Thu 10 Apr 2025 12:42:32 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     203925
IP address blocks:        185.118.194.0/24 maxlen: 24
                          185.118.195.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3a/bec756-1dfe-4374-8607-9d8f0ef5c503/1/nV7M6Mh8Twp1uiHlyE9iQSHgjjI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3a/bec756-1dfe-4374-8607-9d8f0ef5c503/1/nV7M6Mh8Twp1uiHlyE9iQSHgjjI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nV7M6Mh8Twp1uiHlyE9iQSHgjjI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 24 Apr 2025 07:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:1f:b9:30:09:01:94:17:be:76:15:fc:f9:c2:e5:32:99
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9d5ecce8c87c4f0a75ba21e5c84f624121e08e32
        Validity
            Not Before: Apr 10 12:42:32 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e417b7f0df368be923e04ba23646a570ada24774
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:72:81:a5:f3:cf:9e:54:3a:90:18:2a:f5:9a:
                    bd:35:7c:90:c4:cb:73:77:d8:47:da:1c:7a:d6:67:
                    38:4a:45:45:e4:2d:f5:51:47:2d:e6:eb:25:93:34:
                    cf:14:ed:ca:7b:68:9f:f4:d1:19:ce:ce:7d:ba:9a:
                    48:c2:a9:3d:d0:70:eb:e5:69:28:78:3b:53:72:85:
                    e1:fc:18:2c:e3:65:1b:2d:2b:ad:d7:ce:8a:69:8f:
                    22:8e:f8:5b:9c:09:68:08:7c:a7:cf:24:1e:20:42:
                    0e:41:95:23:68:91:8a:90:c8:4f:82:86:76:5f:b6:
                    b2:4e:96:00:26:6b:1f:e8:15:9f:48:8a:d7:8a:48:
                    90:d9:8b:12:81:1d:a8:e5:e9:af:34:57:9c:ba:90:
                    89:9f:1f:ae:0a:84:e4:d9:f5:bf:55:c9:c9:db:af:
                    14:25:71:92:45:11:84:c9:8c:5c:a3:fc:53:e7:74:
                    ff:a4:39:a9:ae:d3:b8:80:da:43:a1:e7:6e:ae:65:
                    22:0c:34:7a:d4:6a:91:36:9f:5d:e8:fe:be:b5:5f:
                    55:8d:30:86:65:35:ed:6e:d5:a6:8a:27:59:62:5c:
                    d6:06:22:09:a5:c9:bd:96:83:78:9e:cd:d1:94:7c:
                    75:a4:f5:fc:21:f0:da:c8:fa:71:ab:66:14:06:4f:
                    a1:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E4:17:B7:F0:DF:36:8B:E9:23:E0:4B:A2:36:46:A5:70:AD:A2:47:74
            X509v3 Authority Key Identifier:
                keyid:9D:5E:CC:E8:C8:7C:4F:0A:75:BA:21:E5:C8:4F:62:41:21:E0:8E:32

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nV7M6Mh8Twp1uiHlyE9iQSHgjjI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/bec756-1dfe-4374-8607-9d8f0ef5c503/1/5Be38N82i-kj4EuiNkalcK2iR3Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/bec756-1dfe-4374-8607-9d8f0ef5c503/1/nV7M6Mh8Twp1uiHlyE9iQSHgjjI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.118.194.0/23

    Signature Algorithm: sha256WithRSAEncryption
         82:6a:07:4a:3a:e4:7e:88:18:dc:4a:37:21:ea:66:36:43:da:
         bf:3f:95:87:80:b8:03:52:4e:b9:51:3f:97:83:a4:86:0b:67:
         fb:3b:c3:53:f9:be:0d:c8:f7:e2:34:ff:7c:c0:e3:21:47:eb:
         35:de:13:10:3e:24:57:f6:0e:6c:34:ae:e3:f6:a9:fd:77:ef:
         15:aa:ab:e9:b8:ad:52:de:a8:ed:b4:bd:33:1d:4b:d4:e7:73:
         f8:68:ff:3c:ac:ad:f3:27:0f:7a:10:78:f3:6a:83:e2:f3:4d:
         d6:9a:51:26:d2:21:07:f4:16:b8:97:95:7a:86:79:91:74:af:
         ff:84:53:33:d9:7f:a0:d9:61:2f:be:87:53:25:69:46:43:82:
         f7:14:d3:f8:0a:13:4b:17:4c:2e:e9:ce:27:23:3c:56:2a:48:
         aa:53:60:86:9c:a5:99:e0:15:99:26:4f:c9:a4:13:21:2e:22:
         28:99:5a:d4:b5:b1:e5:48:b9:b4:5e:d1:30:7b:28:23:af:76:
         52:91:85:18:0d:82:43:76:d5:96:26:c3:17:6d:43:6e:98:81:
         4e:e8:8c:3b:65:63:ea:37:9e:ee:db:7a:2e:3e:7d:28:19:6f:
         a5:7c:cf:0e:3b:56:17:99:1f:2a:f2:82:5b:41:39:06:7f:61:
         bb:4d:5a:c5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZYfuTAJAZQXvnYV/PnC5TKZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlkNWVjY2U4Yzg3YzRmMGE3NWJhMjFlNWM4NGY2MjQxMjFl
MDhlMzIwHhcNMjUwNDEwMTI0MjMyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNDE3YjdmMGRmMzY4YmU5MjNlMDRiYTIzNjQ2YTU3MGFkYTI0Nzc0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsXKBpfPPnlQ6kBgq9Zq9NXyQxMtz
d9hH2hx61mc4SkVF5C31UUct5uslkzTPFO3Ke2if9NEZzs59uppIwqk90HDr5Wko
eDtTcoXh/Bgs42UbLSut186KaY8ijvhbnAloCHynzyQeIEIOQZUjaJGKkMhPgoZ2
X7ayTpYAJmsf6BWfSIrXikiQ2YsSgR2o5emvNFecupCJnx+uCoTk2fW/VcnJ268U
JXGSRRGEyYxco/xT53T/pDmprtO4gNpDoedurmUiDDR61GqRNp9d6P6+tV9VjTCG
ZTXtbtWmiidZYlzWBiIJpcm9loN4ns3RlHx1pPX8IfDayPpxq2YUBk+hSwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOQXt/DfNovpI+BLojZGpXCtokd0MB8GA1UdIwQY
MBaAFJ1ezOjIfE8Kdboh5chPYkEh4I4yMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvblY3TTZNaDhUd3AxdWlIbHlFOWlRU0hnampJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYS9iZWM3NTYtMWRmZS00Mzc0LTg2MDct
OWQ4ZjBlZjVjNTAzLzEvNUJlMzhOODJpLWtqNEV1aU5rYWxjSzJpUjNRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYS9iZWM3NTYtMWRmZS00Mzc0LTg2MDctOWQ4ZjBlZjVjNTAz
LzEvblY3TTZNaDhUd3AxdWlIbHlFOWlRU0hnampJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBuXbCMA0G
CSqGSIb3DQEBCwUAA4IBAQCCagdKOuR+iBjcSjch6mY2Q9q/P5WHgLgDUk65UT+X
g6SGC2f7O8NT+b4NyPfiNP98wOMhR+s13hMQPiRX9g5sNK7j9qn9d+8VqqvpuK1S
3qjttL0zHUvU53P4aP88rK3zJw96EHjzaoPi803WmlEm0iEH9Ba4l5V6hnmRdK//
hFMz2X+g2WEvvodTJWlGQ4L3FNP4ChNLF0wu6c4nIzxWKkiqU2CGnKWZ4BWZJk/J
pBMhLiIomVrUtbHlSLm0XtEweygjr3ZSkYUYDYJDdtWWJsMXbUNumIFO6Iw7ZWPq
N57u23ouPn0oGW+lfM8OO1YXmR8q8oJbQTkGf2G7TVrF
-----END CERTIFICATE-----