Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/5Jcl3bo0DOU2D6OK5FJw09lBt7k.roa
File:                     5Jcl3bo0DOU2D6OK5FJw09lBt7k.roa (raw, json)
Hash identifier:          kttJ2VYAoM8AfdMoiwlgrzMSSLaETFpLw5hGHuA6Ln4=
Subject key identifier:   E4:97:25:DD:BA:34:0C:E5:36:0F:A3:8A:E4:52:70:D3:D9:41:B7:B9
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       01942521E1A1B16BBE31E0542D323CDBF38C
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/5Jcl3bo0DOU2D6OK5FJw09lBt7k.roa
Signing time:             Thu 02 Jan 2025 03:49:24 +0000
ROA not before:           Thu 02 Jan 2025 03:49:24 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     64267
IP address blocks:        185.232.117.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Feb 2025 21:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:21:e1:a1:b1:6b:be:31:e0:54:2d:32:3c:db:f3:8c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Jan  2 03:49:24 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e49725ddba340ce5360fa38ae45270d3d941b7b9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:09:08:5e:fc:7b:59:14:f8:67:45:b8:e6:d0:
                    40:38:e8:93:21:0a:6e:48:fb:08:b3:08:c4:57:65:
                    8d:78:2d:a8:d9:a5:1c:9c:3a:c0:82:e8:7c:5d:f0:
                    bf:57:19:99:44:82:e6:95:3d:4e:31:29:11:2a:cd:
                    0a:97:76:56:29:1d:18:71:83:b8:7f:95:fe:1a:40:
                    f0:1b:b6:97:42:3f:c8:09:02:83:b5:cc:82:bc:41:
                    3d:7c:77:0f:d8:0b:73:ea:9a:ef:5d:4f:b7:87:7a:
                    06:ec:70:d7:87:6d:46:7a:73:d6:fb:c4:f7:1b:7c:
                    d6:ec:d2:95:8e:f9:f9:9c:d9:1e:b9:eb:66:b1:78:
                    16:ab:b3:3c:1b:d9:68:ff:e5:23:7a:aa:93:f4:2f:
                    44:49:48:46:a9:6e:e9:8a:93:5a:a2:50:9f:7a:2a:
                    c5:ac:70:75:2d:77:fc:f4:91:d2:5d:13:89:c6:f2:
                    34:9e:93:f0:1d:f6:bc:96:61:8a:ae:6c:5d:aa:77:
                    e8:57:cd:f4:cb:38:c0:15:74:1b:5f:42:7c:ae:e0:
                    26:df:30:35:f3:ae:af:60:8d:2f:18:09:13:a2:5b:
                    b5:ee:1e:f4:7e:5b:11:fb:51:4e:7d:d3:fc:69:3b:
                    d5:8b:27:0c:4d:4f:23:31:c6:63:30:3b:8a:5f:82:
                    41:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E4:97:25:DD:BA:34:0C:E5:36:0F:A3:8A:E4:52:70:D3:D9:41:B7:B9
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/5Jcl3bo0DOU2D6OK5FJw09lBt7k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.232.117.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2a:93:50:3c:d1:f6:ac:22:a4:cb:0b:db:87:34:1f:0b:43:92:
         14:d5:6e:91:0b:90:99:f0:cc:69:c1:4b:b2:94:f3:19:31:ff:
         f4:60:38:d5:69:d5:72:7e:7d:f9:a5:a0:2c:57:ab:cf:f1:47:
         e9:c3:38:9b:c0:0d:ff:02:c7:20:e4:f8:58:55:01:54:d8:98:
         b7:7c:d6:1d:8a:81:fc:f0:08:79:2d:18:87:3e:2f:33:ff:08:
         0c:ea:79:3b:6d:49:b6:ce:e7:b0:70:6d:19:94:de:e1:5d:a5:
         d1:1d:dc:2d:34:6a:a3:5f:84:2b:d8:f6:50:c6:9a:b6:0f:8d:
         0b:b1:5b:32:c6:56:b3:c1:2f:26:47:9c:05:1c:d8:a3:39:ba:
         ff:e0:22:f3:a1:23:2c:4a:5f:8a:7a:c3:0b:78:fe:1b:f2:dc:
         cd:9f:fe:99:d5:16:7f:29:5a:3c:06:06:a7:1f:d1:98:c3:17:
         2e:b1:5c:bd:98:f1:ed:08:bf:95:42:34:7e:25:b4:da:3d:d5:
         a8:6e:aa:eb:09:91:0a:40:a0:cd:37:4d:78:a5:f1:e8:46:4b:
         70:40:d6:df:98:a6:60:58:30:0d:f8:e5:5f:d6:a7:2d:26:d3:
         d8:6c:a3:c4:07:fa:a6:04:f9:bf:cf:64:03:ed:fd:5d:d7:1b:
         da:fb:f5:d2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQlIeGhsWu+MeBULTI82/OMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjUwMTAyMDM0OTI0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNDk3MjVkZGJhMzQwY2U1MzYwZmEzOGFlNDUyNzBkM2Q5NDFiN2I5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzwkIXvx7WRT4Z0W45tBAOOiTIQpu
SPsIswjEV2WNeC2o2aUcnDrAguh8XfC/VxmZRILmlT1OMSkRKs0Kl3ZWKR0YcYO4
f5X+GkDwG7aXQj/ICQKDtcyCvEE9fHcP2Atz6prvXU+3h3oG7HDXh21GenPW+8T3
G3zW7NKVjvn5nNkeuetmsXgWq7M8G9lo/+UjeqqT9C9ESUhGqW7pipNaolCfeirF
rHB1LXf89JHSXROJxvI0npPwHfa8lmGKrmxdqnfoV830yzjAFXQbX0J8ruAm3zA1
866vYI0vGAkTolu17h70flsR+1FOfdP8aTvViycMTU8jMcZjMDuKX4JBJwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOSXJd26NAzlNg+jiuRScNPZQbe5MB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvNUpjbDNibzBET1UyRDZPSzVGSncwOWxCdDdrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAueh1MA0G
CSqGSIb3DQEBCwUAA4IBAQAqk1A80fasIqTLC9uHNB8LQ5IU1W6RC5CZ8MxpwUuy
lPMZMf/0YDjVadVyfn35paAsV6vP8UfpwzibwA3/Ascg5PhYVQFU2Ji3fNYdioH8
8Ah5LRiHPi8z/wgM6nk7bUm2zuewcG0ZlN7hXaXRHdwtNGqjX4Qr2PZQxpq2D40L
sVsyxlazwS8mR5wFHNijObr/4CLzoSMsSl+KesMLeP4b8tzNn/6Z1RZ/KVo8Bgan
H9GYwxcusVy9mPHtCL+VQjR+JbTaPdWobqrrCZEKQKDNN014pfHoRktwQNbfmKZg
WDAN+OVf1qctJtPYbKPEB/qmBPm/z2QD7f1d1xva+/XS
-----END CERTIFICATE-----