Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/5s-77C94bS-b-oeirqKacrjpNtU.roa
File:                     5s-77C94bS-b-oeirqKacrjpNtU.roa (raw, json)
Hash identifier:          79AOtBjCZVMwqoVJRGFQVFWRcElSRmhyoHksf8x7LQ4=
Subject key identifier:   E6:CF:BB:EC:2F:78:6D:2F:9B:FA:87:A2:AE:A2:9A:72:B8:E9:36:D5
Certificate issuer:       /CN=0534c49fcfa8a45041d95ed4d8d4fc69c727a467
Certificate serial:       0195A92ACF78039F1948BBD48AA132B26BFC
Authority key identifier: 05:34:C4:9F:CF:A8:A4:50:41:D9:5E:D4:D8:D4:FC:69:C7:27:A4:67
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/5s-77C94bS-b-oeirqKacrjpNtU.roa
Signing time:             Tue 18 Mar 2025 12:11:49 +0000
ROA not before:           Tue 18 Mar 2025 12:11:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     204629
IP address blocks:        185.244.228.0/22 maxlen: 22
                          2a0a:e9c5::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 16:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:a9:2a:cf:78:03:9f:19:48:bb:d4:8a:a1:32:b2:6b:fc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0534c49fcfa8a45041d95ed4d8d4fc69c727a467
        Validity
            Not Before: Mar 18 12:11:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e6cfbbec2f786d2f9bfa87a2aea29a72b8e936d5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:51:65:ac:10:84:2a:00:48:f5:53:35:03:0e:
                    7a:93:d2:c4:10:22:3f:ff:b9:63:f4:93:1a:b3:ff:
                    66:0c:b3:72:68:f7:2d:d3:76:75:fe:4e:83:27:fb:
                    aa:ff:a7:03:16:c0:68:ae:a6:79:33:54:a9:2a:f0:
                    29:24:f7:72:ae:69:c9:c6:e1:93:82:e8:90:24:9f:
                    50:30:09:39:1f:23:fb:81:96:ba:44:b1:70:b9:f4:
                    db:df:30:2c:85:2c:82:87:cb:0d:aa:4f:a8:25:c4:
                    0a:27:1a:f4:6e:14:f4:3e:dc:a1:7b:ce:1a:00:c1:
                    cd:2e:3b:a4:8b:34:df:1a:80:b0:2a:21:27:07:78:
                    c7:00:b4:ea:04:52:a2:f7:8c:f9:49:13:f9:1b:01:
                    ed:05:f8:6c:46:7d:b6:8f:11:b3:27:69:b9:64:02:
                    c8:c9:60:3d:44:72:e2:11:2d:56:88:cd:c4:7b:eb:
                    dc:14:ef:b1:c6:89:7e:07:c2:df:77:29:e7:9e:b9:
                    79:1d:72:b0:04:a0:e5:7e:94:4a:5b:e8:af:f0:2d:
                    fc:c9:49:e6:81:f2:20:de:21:aa:98:b0:6e:36:bb:
                    c7:59:e8:4c:12:4d:0d:16:3b:5a:98:bb:be:21:af:
                    06:d7:f7:1c:48:cb:47:95:85:c3:24:e3:44:4b:0a:
                    55:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E6:CF:BB:EC:2F:78:6D:2F:9B:FA:87:A2:AE:A2:9A:72:B8:E9:36:D5
            X509v3 Authority Key Identifier:
                keyid:05:34:C4:9F:CF:A8:A4:50:41:D9:5E:D4:D8:D4:FC:69:C7:27:A4:67

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/5s-77C94bS-b-oeirqKacrjpNtU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.244.228.0/22
                IPv6:
                  2a0a:e9c5::/32

    Signature Algorithm: sha256WithRSAEncryption
         76:56:d9:45:79:b8:f6:a5:de:25:2e:d5:31:0c:1d:ca:32:4f:
         d4:2d:ca:c9:68:d5:e9:3a:50:76:68:f3:51:dd:2b:7d:92:27:
         80:98:40:2f:24:7f:56:57:58:c0:83:01:8c:b7:b6:22:1b:a9:
         62:3f:b3:cb:13:9a:bb:f1:2e:12:93:c8:f9:32:62:85:fd:ec:
         b2:81:c7:8e:32:ea:86:73:d0:92:3a:26:c5:09:24:99:66:f8:
         cf:7f:be:fe:e0:f5:d4:5b:ca:db:ae:0a:49:78:ad:ee:3c:a0:
         29:c9:e6:85:ef:1d:c1:1b:7b:cd:a7:dd:56:4d:00:e0:fc:50:
         80:ac:a6:4c:c3:80:17:d3:8f:d4:8c:f6:eb:6c:50:91:12:52:
         59:f9:28:12:13:2c:66:f9:3e:fb:ad:2e:b5:02:a9:88:b7:5a:
         5d:2d:36:ca:27:18:72:b5:85:08:74:56:4a:f7:25:27:21:f7:
         a6:f7:56:bb:8a:be:7d:06:dc:07:a9:fd:39:12:f8:3c:ab:6a:
         99:bc:2c:47:5d:2e:34:14:4e:b3:9d:da:80:91:94:12:76:46:
         09:cb:35:b5:8b:74:55:8f:e5:3a:8b:ec:a8:33:54:65:18:2e:
         be:95:84:43:98:00:4b:3f:6c:6b:2e:2c:4e:98:5b:1d:fe:3d:
         63:5f:5f:81
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZWpKs94A58ZSLvUiqEysmv8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1MzRjNDlmY2ZhOGE0NTA0MWQ5NWVkNGQ4ZDRmYzY5Yzcy
N2E0NjcwHhcNMjUwMzE4MTIxMTQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNmNmYmJlYzJmNzg2ZDJmOWJmYTg3YTJhZWEyOWE3MmI4ZTkzNmQ1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs1FlrBCEKgBI9VM1Aw56k9LEECI/
/7lj9JMas/9mDLNyaPct03Z1/k6DJ/uq/6cDFsBorqZ5M1SpKvApJPdyrmnJxuGT
guiQJJ9QMAk5HyP7gZa6RLFwufTb3zAshSyCh8sNqk+oJcQKJxr0bhT0Ptyhe84a
AMHNLjukizTfGoCwKiEnB3jHALTqBFKi94z5SRP5GwHtBfhsRn22jxGzJ2m5ZALI
yWA9RHLiES1WiM3Ee+vcFO+xxol+B8Lfdynnnrl5HXKwBKDlfpRKW+iv8C38yUnm
gfIg3iGqmLBuNrvHWehMEk0NFjtamLu+Ia8G1/ccSMtHlYXDJONESwpV1QIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFObPu+wveG0vm/qHoq6imnK46TbVMB8GA1UdIwQY
MBaAFAU0xJ/PqKRQQdle1NjU/GnHJ6RnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlRURW44LW9wRkJCMlY3VTJOVDhhY2NucEdjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS8wY2NiZGEtZDZmMS00NTI3LTgxMDYt
Y2Q3ZTA2Y2JiNTMxLzEvNXMtNzdDOTRiUy1iLW9laXJxS2FjcmpwTnRVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS8wY2NiZGEtZDZmMS00NTI3LTgxMDYtY2Q3ZTA2Y2JiNTMx
LzEvQlRURW44LW9wRkJCMlY3VTJOVDhhY2NucEdjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCufTkMA0E
AgACMAcDBQAqCunFMA0GCSqGSIb3DQEBCwUAA4IBAQB2VtlFebj2pd4lLtUxDB3K
Mk/ULcrJaNXpOlB2aPNR3St9kieAmEAvJH9WV1jAgwGMt7YiG6liP7PLE5q78S4S
k8j5MmKF/eyygceOMuqGc9CSOibFCSSZZvjPf77+4PXUW8rbrgpJeK3uPKApyeaF
7x3BG3vNp91WTQDg/FCArKZMw4AX04/UjPbrbFCRElJZ+SgSEyxm+T77rS61AqmI
t1pdLTbKJxhytYUIdFZK9yUnIfem91a7ir59BtwHqf05Evg8q2qZvCxHXS40FE6z
ndqAkZQSdkYJyzW1i3RVj+U6i+yoM1RlGC6+lYRDmABLP2xrLixOmFsd/j1jX1+B
-----END CERTIFICATE-----