Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/55/b5fa3e-a218-4a91-bf88-cc8ec6f3d875/1/JeZLPNCPKVMS7Vt6LZeXxA-ds0g.roa
File:                     JeZLPNCPKVMS7Vt6LZeXxA-ds0g.roa (raw, json)
Hash identifier:          /f0u5t1QpLsdf+IADDIVQN8I7srP1xn8uwV6B+UG0jU=
Subject key identifier:   25:E6:4B:3C:D0:8F:29:53:12:ED:5B:7A:2D:97:97:C4:0F:9D:B3:48
Certificate issuer:       /CN=ba4a0d1d80ff1eecd3659074a497bfbe8c5543f6
Certificate serial:       019424453E3217A4B2E2864273326D4B4EE9
Authority key identifier: BA:4A:0D:1D:80:FF:1E:EC:D3:65:90:74:A4:97:BF:BE:8C:55:43:F6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ukoNHYD_HuzTZZB0pJe_voxVQ_Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/55/b5fa3e-a218-4a91-bf88-cc8ec6f3d875/1/JeZLPNCPKVMS7Vt6LZeXxA-ds0g.roa
Signing time:             Wed 01 Jan 2025 23:48:25 +0000
ROA not before:           Wed 01 Jan 2025 23:48:25 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     12843
IP address blocks:        185.53.204.0/22 maxlen: 22
                          185.53.204.0/23 maxlen: 23
                          185.53.206.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/55/b5fa3e-a218-4a91-bf88-cc8ec6f3d875/1/ukoNHYD_HuzTZZB0pJe_voxVQ_Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/55/b5fa3e-a218-4a91-bf88-cc8ec6f3d875/1/ukoNHYD_HuzTZZB0pJe_voxVQ_Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ukoNHYD_HuzTZZB0pJe_voxVQ_Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 23:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:45:3e:32:17:a4:b2:e2:86:42:73:32:6d:4b:4e:e9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ba4a0d1d80ff1eecd3659074a497bfbe8c5543f6
        Validity
            Not Before: Jan  1 23:48:25 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=25e64b3cd08f295312ed5b7a2d9797c40f9db348
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:24:aa:11:ab:c2:3b:65:d5:f4:ff:2c:13:8d:
                    59:00:5a:92:83:cc:7b:2d:94:f3:2a:52:b9:51:b1:
                    ee:a1:b3:d6:ad:db:a2:5e:be:f6:5c:1f:85:7a:dc:
                    1e:d7:e7:8f:bd:12:d1:c0:6a:e6:7c:80:88:ed:73:
                    9c:f7:dd:d6:87:32:4f:f5:75:e9:b0:37:dc:74:86:
                    41:bd:7b:fe:7a:7a:32:cf:13:db:82:99:a2:4f:21:
                    a3:08:67:b5:d4:83:a1:81:db:aa:00:b4:cb:7c:e2:
                    36:1a:0d:c2:69:12:13:0f:29:67:f7:f5:89:84:47:
                    ee:d3:1c:bf:0a:80:ec:2e:b8:3e:13:b0:e5:a4:d3:
                    1d:d5:42:8c:a8:55:4a:49:4c:ec:3a:c0:fc:11:a6:
                    0d:fe:1e:57:cd:aa:2e:ed:98:40:ab:15:2e:b6:e5:
                    d2:41:a8:ac:77:79:03:f6:63:88:75:5f:70:3e:cc:
                    ab:eb:b2:ce:f5:c2:ac:fa:7a:e4:5c:00:9e:0c:5c:
                    18:f1:27:2c:34:b9:18:06:ba:5d:93:9f:4b:d9:1d:
                    ec:fc:fe:17:69:ff:c1:00:6e:73:6f:5f:21:43:71:
                    27:ef:c0:d8:a8:c1:a4:22:12:42:65:29:ea:fb:b9:
                    4b:03:58:b2:2b:56:64:c4:22:1d:de:68:91:fc:62:
                    1c:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                25:E6:4B:3C:D0:8F:29:53:12:ED:5B:7A:2D:97:97:C4:0F:9D:B3:48
            X509v3 Authority Key Identifier:
                keyid:BA:4A:0D:1D:80:FF:1E:EC:D3:65:90:74:A4:97:BF:BE:8C:55:43:F6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ukoNHYD_HuzTZZB0pJe_voxVQ_Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/55/b5fa3e-a218-4a91-bf88-cc8ec6f3d875/1/JeZLPNCPKVMS7Vt6LZeXxA-ds0g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/55/b5fa3e-a218-4a91-bf88-cc8ec6f3d875/1/ukoNHYD_HuzTZZB0pJe_voxVQ_Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.53.204.0/22

    Signature Algorithm: sha256WithRSAEncryption
         85:27:36:4e:42:a9:79:94:65:ed:e3:63:de:3f:c1:58:ae:0f:
         c7:ba:5a:74:e4:39:a9:36:6d:c0:5a:eb:93:f3:50:43:16:44:
         64:71:04:82:61:a6:d2:4a:f9:85:05:52:bd:64:8e:5a:3c:4e:
         8a:28:e9:07:65:b8:e4:1f:c8:45:6b:f9:64:69:16:9b:cf:53:
         6c:fd:fc:87:cd:a5:80:ad:f8:d4:75:5b:58:09:db:13:7d:7b:
         49:1b:33:21:e7:c5:91:30:31:bb:65:13:8d:86:97:5f:14:8c:
         2e:ff:97:59:e1:a9:07:2a:67:ad:86:55:6d:8d:14:7c:22:9b:
         83:61:c5:55:37:c3:ed:cc:f9:f6:ff:51:9e:8e:58:86:4a:b0:
         84:2c:c0:ae:fb:96:f6:bd:fe:da:ca:d6:41:a9:a3:10:7c:37:
         65:ef:eb:b0:ea:6a:c8:14:e2:0b:74:17:4d:8b:77:b0:9f:90:
         b0:41:f4:17:6a:f1:97:6e:28:d2:1e:4d:7b:cc:20:fa:80:92:
         7e:ac:94:71:f4:ea:32:ec:84:3c:aa:03:fa:9a:b5:f5:9e:19:
         33:38:8b:78:a8:01:69:a1:b1:80:4d:e2:b8:20:7b:01:d1:33:
         a0:05:f3:21:8a:bc:73:15:f7:a6:68:60:b1:16:1e:81:b5:9b:
         14:fb:b1:f6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQkRT4yF6Sy4oZCczJtS07pMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJhNGEwZDFkODBmZjFlZWNkMzY1OTA3NGE0OTdiZmJlOGM1
NTQzZjYwHhcNMjUwMTAxMjM0ODI1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNWU2NGIzY2QwOGYyOTUzMTJlZDViN2EyZDk3OTdjNDBmOWRiMzQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnCSqEavCO2XV9P8sE41ZAFqSg8x7
LZTzKlK5UbHuobPWrduiXr72XB+Fetwe1+ePvRLRwGrmfICI7XOc993WhzJP9XXp
sDfcdIZBvXv+enoyzxPbgpmiTyGjCGe11IOhgduqALTLfOI2Gg3CaRITDyln9/WJ
hEfu0xy/CoDsLrg+E7DlpNMd1UKMqFVKSUzsOsD8EaYN/h5Xzaou7ZhAqxUutuXS
Qaisd3kD9mOIdV9wPsyr67LO9cKs+nrkXACeDFwY8ScsNLkYBrpdk59L2R3s/P4X
af/BAG5zb18hQ3En78DYqMGkIhJCZSnq+7lLA1iyK1ZkxCId3miR/GIc5wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCXmSzzQjylTEu1bei2Xl8QPnbNIMB8GA1UdIwQY
MBaAFLpKDR2A/x7s02WQdKSXv76MVUP2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdWtvTkhZRF9IdXpUWlpCMHBKZV92b3hWUV9ZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81NS9iNWZhM2UtYTIxOC00YTkxLWJmODgt
Y2M4ZWM2ZjNkODc1LzEvSmVaTFBOQ1BLVk1TN1Z0NkxaZVh4QS1kczBnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81NS9iNWZhM2UtYTIxOC00YTkxLWJmODgtY2M4ZWM2ZjNkODc1
LzEvdWtvTkhZRF9IdXpUWlpCMHBKZV92b3hWUV9ZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuTXMMA0G
CSqGSIb3DQEBCwUAA4IBAQCFJzZOQql5lGXt42PeP8FYrg/Hulp05DmpNm3AWuuT
81BDFkRkcQSCYabSSvmFBVK9ZI5aPE6KKOkHZbjkH8hFa/lkaRabz1Ns/fyHzaWA
rfjUdVtYCdsTfXtJGzMh58WRMDG7ZRONhpdfFIwu/5dZ4akHKmethlVtjRR8IpuD
YcVVN8PtzPn2/1GejliGSrCELMCu+5b2vf7aytZBqaMQfDdl7+uw6mrIFOILdBdN
i3ewn5CwQfQXavGXbijSHk17zCD6gJJ+rJRx9Ooy7IQ8qgP6mrX1nhkzOIt4qAFp
obGATeK4IHsB0TOgBfMhirxzFfemaGCxFh6BtZsU+7H2
-----END CERTIFICATE-----