Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/40/c439d3-8f81-4022-987e-e697c52dfc1e/1/d0WzaVWRK0-1XqWWg1imO1fvEdc.roa
File:                     d0WzaVWRK0-1XqWWg1imO1fvEdc.roa (raw, json)
Hash identifier:          eGzK3qDCJFgEI2g80dPr8LU89NhumAd/6hCl+I6fIig=
Subject key identifier:   77:45:B3:69:55:91:2B:4F:B5:5E:A5:96:83:58:A6:3B:57:EF:11:D7
Certificate issuer:       /CN=5c6d7d87faec48dca4369d6838ceec51ae2bd86a
Certificate serial:       01942747241F0A20BE52594CA0994E8DCC9C
Authority key identifier: 5C:6D:7D:87:FA:EC:48:DC:A4:36:9D:68:38:CE:EC:51:AE:2B:D8:6A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XG19h_rsSNykNp1oOM7sUa4r2Go.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/40/c439d3-8f81-4022-987e-e697c52dfc1e/1/d0WzaVWRK0-1XqWWg1imO1fvEdc.roa
Signing time:             Thu 02 Jan 2025 13:49:21 +0000
ROA not before:           Thu 02 Jan 2025 13:49:21 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213317
IP address blocks:        185.167.252.0/24 maxlen: 24
                          2a10:7a80::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/40/c439d3-8f81-4022-987e-e697c52dfc1e/1/XG19h_rsSNykNp1oOM7sUa4r2Go.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/40/c439d3-8f81-4022-987e-e697c52dfc1e/1/XG19h_rsSNykNp1oOM7sUa4r2Go.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XG19h_rsSNykNp1oOM7sUa4r2Go.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 22:00:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:47:24:1f:0a:20:be:52:59:4c:a0:99:4e:8d:cc:9c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5c6d7d87faec48dca4369d6838ceec51ae2bd86a
        Validity
            Not Before: Jan  2 13:49:21 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=7745b36955912b4fb55ea5968358a63b57ef11d7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:99:7d:31:0d:d6:1b:3a:c2:17:f6:ca:5c:a9:
                    cc:02:ba:90:5f:66:9c:82:33:b4:cf:b5:cc:35:3b:
                    51:eb:30:af:1a:59:65:7a:7d:38:29:c6:df:3d:b9:
                    9e:88:68:d2:cf:ef:04:2a:1d:1c:42:8f:a6:08:76:
                    1c:da:b2:60:19:80:ce:27:26:1d:39:78:ef:b8:e1:
                    b2:23:e3:25:96:1a:80:99:0f:e4:c1:86:e7:d1:71:
                    3d:ee:da:e3:41:43:9b:d0:0a:cd:2c:75:ff:98:f3:
                    1c:8c:3c:d7:9b:a4:9d:30:2a:52:df:a1:18:de:ed:
                    a7:a1:75:38:93:88:fa:e1:04:81:d7:c8:26:b1:57:
                    7b:9d:a7:3b:d9:7b:15:3b:d0:e3:e7:a3:3c:2b:f5:
                    4a:9a:98:e8:b7:95:1f:d7:c1:f3:db:19:4b:e5:35:
                    9a:7c:99:f1:0e:e0:89:e3:77:18:c7:1f:8d:42:58:
                    98:d8:d3:92:5c:cf:ba:70:66:25:f1:35:43:56:73:
                    37:27:1d:59:79:c5:f1:3b:13:0e:b7:8c:83:b1:42:
                    8a:db:c4:29:f9:3b:67:21:b0:52:cb:c0:11:bd:e3:
                    23:dd:09:44:6e:db:0f:00:ff:76:3d:3d:4c:9f:ee:
                    d7:6d:8b:ff:74:19:23:46:97:8a:53:ba:72:a5:0a:
                    62:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                77:45:B3:69:55:91:2B:4F:B5:5E:A5:96:83:58:A6:3B:57:EF:11:D7
            X509v3 Authority Key Identifier:
                keyid:5C:6D:7D:87:FA:EC:48:DC:A4:36:9D:68:38:CE:EC:51:AE:2B:D8:6A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XG19h_rsSNykNp1oOM7sUa4r2Go.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/40/c439d3-8f81-4022-987e-e697c52dfc1e/1/d0WzaVWRK0-1XqWWg1imO1fvEdc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/40/c439d3-8f81-4022-987e-e697c52dfc1e/1/XG19h_rsSNykNp1oOM7sUa4r2Go.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.167.252.0/24
                IPv6:
                  2a10:7a80::/29

    Signature Algorithm: sha256WithRSAEncryption
         89:43:a4:c6:fd:26:32:98:d5:dd:56:57:b2:f1:70:dc:b7:92:
         74:08:24:be:f1:a6:a3:5a:29:f1:51:f1:f3:75:d4:58:f4:66:
         8d:62:a2:0c:bb:ab:08:ca:e3:68:7b:48:85:ba:e5:39:a0:4a:
         c9:fb:4d:ce:82:64:d9:51:3d:ff:ac:b7:18:c6:9c:7a:fc:c2:
         55:7f:e5:55:f4:5a:de:50:38:56:fe:9f:91:77:a2:e4:b9:91:
         94:8c:03:35:ba:7c:6b:7e:79:25:f8:8a:4d:80:67:a1:e2:06:
         9e:1d:52:d6:f8:4e:53:05:ce:60:8c:f7:94:0d:74:78:d8:ec:
         4d:16:d0:e3:c7:f0:2c:18:e5:53:5d:31:32:cb:f9:20:67:b6:
         cb:81:1e:f5:e5:ce:f3:a5:d3:98:01:d5:f2:44:9d:1e:4c:6c:
         1a:a6:2a:9c:ce:52:9f:82:16:c5:8c:26:8f:07:9a:63:fc:be:
         8b:4c:ea:d6:d5:89:a9:2c:00:96:ae:94:7e:c5:7a:5f:6f:56:
         15:e1:27:93:2f:66:16:26:2a:09:3c:f1:b5:32:dc:c3:d3:43:
         37:14:b5:90:9e:02:ed:c9:00:88:14:d4:91:3a:71:b7:18:e1:
         f5:5e:c9:9e:55:f0:c5:98:ea:d5:8f:f9:e6:91:42:51:57:01:
         4d:5c:3a:95
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQnRyQfCiC+UllMoJlOjcycMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVjNmQ3ZDg3ZmFlYzQ4ZGNhNDM2OWQ2ODM4Y2VlYzUxYWUy
YmQ4NmEwHhcNMjUwMTAyMTM0OTIxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NzQ1YjM2OTU1OTEyYjRmYjU1ZWE1OTY4MzU4YTYzYjU3ZWYxMWQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu5l9MQ3WGzrCF/bKXKnMArqQX2ac
gjO0z7XMNTtR6zCvGlllen04KcbfPbmeiGjSz+8EKh0cQo+mCHYc2rJgGYDOJyYd
OXjvuOGyI+MllhqAmQ/kwYbn0XE97trjQUOb0ArNLHX/mPMcjDzXm6SdMCpS36EY
3u2noXU4k4j64QSB18gmsVd7nac72XsVO9Dj56M8K/VKmpjot5Uf18Hz2xlL5TWa
fJnxDuCJ43cYxx+NQliY2NOSXM+6cGYl8TVDVnM3Jx1ZecXxOxMOt4yDsUKK28Qp
+TtnIbBSy8ARveMj3QlEbtsPAP92PT1Mn+7XbYv/dBkjRpeKU7pypQpimwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFHdFs2lVkStPtV6lloNYpjtX7xHXMB8GA1UdIwQY
MBaAFFxtfYf67EjcpDadaDjO7FGuK9hqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWEcxOWhfcnNTTnlrTnAxb09NN3NVYTRyMkdvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MC9jNDM5ZDMtOGY4MS00MDIyLTk4N2Ut
ZTY5N2M1MmRmYzFlLzEvZDBXemFWV1JLMC0xWHFXV2cxaW1PMWZ2RWRjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MC9jNDM5ZDMtOGY4MS00MDIyLTk4N2UtZTY5N2M1MmRmYzFl
LzEvWEcxOWhfcnNTTnlrTnAxb09NN3NVYTRyMkdvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAuaf8MA0E
AgACMAcDBQMqEHqAMA0GCSqGSIb3DQEBCwUAA4IBAQCJQ6TG/SYymNXdVley8XDc
t5J0CCS+8aajWinxUfHzddRY9GaNYqIMu6sIyuNoe0iFuuU5oErJ+03OgmTZUT3/
rLcYxpx6/MJVf+VV9FreUDhW/p+Rd6LkuZGUjAM1unxrfnkl+IpNgGeh4gaeHVLW
+E5TBc5gjPeUDXR42OxNFtDjx/AsGOVTXTEyy/kgZ7bLgR715c7zpdOYAdXyRJ0e
TGwapiqczlKfghbFjCaPB5pj/L6LTOrW1YmpLACWrpR+xXpfb1YV4SeTL2YWJioJ
PPG1MtzD00M3FLWQngLtyQCIFNSROnG3GOH1XsmeVfDFmOrVj/nmkUJRVwFNXDqV
-----END CERTIFICATE-----