Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/56/06d683-5a55-42ad-91d9-5f2ee5ce4581/1/Qpu6vaOAY5n2mIT4E3Vh72x5kkE.roa
File:                     Qpu6vaOAY5n2mIT4E3Vh72x5kkE.roa (raw, json)
Hash identifier:          P0y6XucznI/69rbHwQvBGeYNmc4RVWARo9Yt1RUz3AY=
Subject key identifier:   42:9B:BA:BD:A3:80:63:99:F6:98:84:F8:13:75:61:EF:6C:79:92:41
Certificate issuer:       /CN=11535f8fa4b5f51533d724eaf90dba99715fc6fc
Certificate serial:       019420681DBB0508E8F95CAE0DEBAAD9F7F5
Authority key identifier: 11:53:5F:8F:A4:B5:F5:15:33:D7:24:EA:F9:0D:BA:99:71:5F:C6:FC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/EVNfj6S19RUz1yTq-Q26mXFfxvw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/56/06d683-5a55-42ad-91d9-5f2ee5ce4581/1/Qpu6vaOAY5n2mIT4E3Vh72x5kkE.roa
Signing time:             Wed 01 Jan 2025 05:48:01 +0000
ROA not before:           Wed 01 Jan 2025 05:48:01 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     204195
IP address blocks:        185.115.236.0/22 maxlen: 22
                          2a06:2780::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/56/06d683-5a55-42ad-91d9-5f2ee5ce4581/1/EVNfj6S19RUz1yTq-Q26mXFfxvw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/56/06d683-5a55-42ad-91d9-5f2ee5ce4581/1/EVNfj6S19RUz1yTq-Q26mXFfxvw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/EVNfj6S19RUz1yTq-Q26mXFfxvw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 22 Apr 2025 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:68:1d:bb:05:08:e8:f9:5c:ae:0d:eb:aa:d9:f7:f5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=11535f8fa4b5f51533d724eaf90dba99715fc6fc
        Validity
            Not Before: Jan  1 05:48:01 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=429bbabda3806399f69884f8137561ef6c799241
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:4d:a0:5d:21:fc:19:8d:df:53:62:43:c7:80:
                    76:d7:41:2d:ce:c5:f7:e7:a7:37:8a:fd:ca:68:30:
                    e4:25:0d:4f:8b:8a:ae:03:a5:8e:38:7c:a6:dd:93:
                    22:37:58:a8:05:93:2e:50:47:fd:b6:c2:8b:69:ad:
                    61:36:6a:79:9b:24:62:3f:78:31:77:6e:fe:fa:23:
                    ab:1b:95:5b:fd:5e:07:f9:34:ac:bd:52:ea:63:3e:
                    68:46:a9:50:5a:8a:27:03:9b:dc:82:3f:c6:cc:f3:
                    40:04:19:8b:b7:d8:33:b6:16:f1:dd:b1:82:9d:f6:
                    1e:0c:b7:13:a8:10:77:b8:10:de:be:bc:9d:9e:d2:
                    ea:22:2e:32:c4:e0:74:db:f9:cd:fe:71:9a:b0:8b:
                    88:dc:a2:82:fb:e6:e9:e1:29:7b:06:11:2a:73:88:
                    5e:00:d6:ea:56:3a:90:92:ab:d3:46:62:13:ef:bf:
                    53:bf:be:5e:ae:c6:6f:5d:cb:7f:77:91:62:dd:29:
                    4f:1c:bb:66:9c:06:cd:e4:b0:17:44:ad:a3:b5:46:
                    b5:41:e4:f3:19:e2:ce:56:43:76:d9:80:11:30:6a:
                    dc:ea:dc:04:c6:40:0c:6f:e5:e1:ca:9f:4b:f0:f2:
                    34:60:92:d4:35:38:ce:7d:1f:ae:9e:66:c3:b1:ef:
                    11:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                42:9B:BA:BD:A3:80:63:99:F6:98:84:F8:13:75:61:EF:6C:79:92:41
            X509v3 Authority Key Identifier:
                keyid:11:53:5F:8F:A4:B5:F5:15:33:D7:24:EA:F9:0D:BA:99:71:5F:C6:FC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EVNfj6S19RUz1yTq-Q26mXFfxvw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/56/06d683-5a55-42ad-91d9-5f2ee5ce4581/1/Qpu6vaOAY5n2mIT4E3Vh72x5kkE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/56/06d683-5a55-42ad-91d9-5f2ee5ce4581/1/EVNfj6S19RUz1yTq-Q26mXFfxvw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.115.236.0/22
                IPv6:
                  2a06:2780::/29

    Signature Algorithm: sha256WithRSAEncryption
         4d:8b:07:ed:19:97:aa:08:d8:64:21:d7:ae:69:aa:0d:ca:fb:
         99:70:60:6a:ab:8d:cf:43:ed:92:30:57:dd:96:fa:be:14:25:
         98:b4:f8:2a:a0:e2:42:c5:1d:6e:27:54:84:2e:e3:cb:09:3f:
         2d:52:5a:88:04:b8:e2:5e:d3:bf:04:e5:b3:02:1d:99:9b:23:
         b4:5a:98:da:0f:19:ca:89:af:4d:7c:13:12:41:86:5f:01:22:
         32:ad:3f:54:65:ca:3a:d7:d6:34:66:e4:7b:88:0c:4e:b3:b4:
         68:67:64:0f:fb:9f:e3:72:f0:b7:ac:d6:91:e1:2b:56:3b:97:
         a7:1f:31:cf:86:4b:df:b1:d7:a6:b0:88:9f:98:ee:c7:71:7a:
         7b:74:92:28:41:60:ae:41:d6:08:c5:03:91:f8:a6:73:b2:cc:
         7a:4f:80:a2:b9:af:57:14:ee:d0:e9:bf:3a:12:f8:f8:3b:6b:
         9c:f5:60:2a:d2:e8:1b:0b:89:d8:86:1f:a9:99:c6:70:d3:c4:
         7b:ee:84:00:71:64:66:2d:3a:2a:4e:6d:35:bc:9d:03:88:d0:
         fd:eb:cb:4b:b5:5a:c2:d1:77:ca:22:aa:c5:dd:d7:ab:28:2e:
         b3:24:b8:18:09:90:f0:2d:91:39:99:cd:3e:45:08:07:cc:db:
         cd:1e:eb:ac
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQgaB27BQjo+VyuDeuq2ff1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDExNTM1ZjhmYTRiNWY1MTUzM2Q3MjRlYWY5MGRiYTk5NzE1
ZmM2ZmMwHhcNMjUwMTAxMDU0ODAxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MjliYmFiZGEzODA2Mzk5ZjY5ODg0ZjgxMzc1NjFlZjZjNzk5MjQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmE2gXSH8GY3fU2JDx4B210EtzsX3
56c3iv3KaDDkJQ1Pi4quA6WOOHym3ZMiN1ioBZMuUEf9tsKLaa1hNmp5myRiP3gx
d27++iOrG5Vb/V4H+TSsvVLqYz5oRqlQWoonA5vcgj/GzPNABBmLt9gzthbx3bGC
nfYeDLcTqBB3uBDevrydntLqIi4yxOB02/nN/nGasIuI3KKC++bp4Sl7BhEqc4he
ANbqVjqQkqvTRmIT779Tv75ersZvXct/d5Fi3SlPHLtmnAbN5LAXRK2jtUa1QeTz
GeLOVkN22YARMGrc6twExkAMb+Xhyp9L8PI0YJLUNTjOfR+unmbDse8RfwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFEKbur2jgGOZ9piE+BN1Ye9seZJBMB8GA1UdIwQY
MBaAFBFTX4+ktfUVM9ck6vkNuplxX8b8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRVZOZmo2UzE5UlV6MXlUcS1RMjZtWEZmeHZ3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Ni8wNmQ2ODMtNWE1NS00MmFkLTkxZDkt
NWYyZWU1Y2U0NTgxLzEvUXB1NnZhT0FZNW4ybUlUNEUzVmg3Mng1a2tFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Ni8wNmQ2ODMtNWE1NS00MmFkLTkxZDktNWYyZWU1Y2U0NTgx
LzEvRVZOZmo2UzE5UlV6MXlUcS1RMjZtWEZmeHZ3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuXPsMA0E
AgACMAcDBQMqBieAMA0GCSqGSIb3DQEBCwUAA4IBAQBNiwftGZeqCNhkIdeuaaoN
yvuZcGBqq43PQ+2SMFfdlvq+FCWYtPgqoOJCxR1uJ1SELuPLCT8tUlqIBLjiXtO/
BOWzAh2ZmyO0WpjaDxnKia9NfBMSQYZfASIyrT9UZco619Y0ZuR7iAxOs7RoZ2QP
+5/jcvC3rNaR4StWO5enHzHPhkvfsdemsIifmO7HcXp7dJIoQWCuQdYIxQOR+KZz
ssx6T4Ciua9XFO7Q6b86Evj4O2uc9WAq0ugbC4nYhh+pmcZw08R77oQAcWRmLToq
Tm01vJ0DiND968tLtVrC0XfKIqrF3derKC6zJLgYCZDwLZE5mc0+RQgHzNvNHuus
-----END CERTIFICATE-----