Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/fS_qctzhyYta4hOugsNTdbe8f0c.roa
File:                     fS_qctzhyYta4hOugsNTdbe8f0c.roa (raw, json)
Hash identifier:          AvFfBuzrTsfr7l1zLSqygS9noOouVq+KI+h2STnP7+0=
Subject key identifier:   7D:2F:EA:72:DC:E1:C9:8B:5A:E2:13:AE:82:C3:53:75:B7:BC:7F:47
Certificate issuer:       /CN=0534c49fcfa8a45041d95ed4d8d4fc69c727a467
Certificate serial:       01942748425939211AB4081957C467590E17
Authority key identifier: 05:34:C4:9F:CF:A8:A4:50:41:D9:5E:D4:D8:D4:FC:69:C7:27:A4:67
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/fS_qctzhyYta4hOugsNTdbe8f0c.roa
Signing time:             Thu 02 Jan 2025 13:50:34 +0000
ROA not before:           Thu 02 Jan 2025 13:50:34 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     202147
IP address blocks:        178.19.40.0/23 maxlen: 23
                          185.229.216.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 16:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:48:42:59:39:21:1a:b4:08:19:57:c4:67:59:0e:17
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0534c49fcfa8a45041d95ed4d8d4fc69c727a467
        Validity
            Not Before: Jan  2 13:50:34 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=7d2fea72dce1c98b5ae213ae82c35375b7bc7f47
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:17:1a:2d:be:d3:1b:11:b7:7a:b4:3b:c6:bd:
                    c7:bc:15:9c:37:4a:5e:7a:6d:49:c0:f5:74:c6:f4:
                    de:14:92:e7:23:8d:f9:63:01:05:13:6b:80:a2:ab:
                    6a:6e:6c:91:9a:bf:5e:ea:8e:cb:74:09:3a:e8:09:
                    91:ec:93:4c:ad:62:26:5f:09:ea:76:70:6c:6a:28:
                    0e:94:ba:60:5e:9a:70:c4:dc:14:10:4c:86:fd:82:
                    63:37:5d:fb:ab:69:34:f3:5b:c6:b5:c2:6a:f4:03:
                    41:e1:e1:73:15:86:5e:38:1f:d9:35:c9:75:59:79:
                    06:f9:13:df:57:98:0e:90:49:96:5b:01:5e:65:c9:
                    93:2a:aa:90:96:7d:25:a6:fe:42:1d:4e:29:47:57:
                    f4:b5:72:fe:5f:d7:ac:13:48:5f:db:39:14:48:03:
                    26:b5:df:96:f9:6e:cb:53:15:ad:d0:44:56:9a:dc:
                    ff:44:94:f8:48:8c:80:01:2d:58:a6:d4:43:70:5f:
                    ec:3c:60:4f:b9:6f:c3:9f:58:19:d9:9b:4b:de:73:
                    03:ef:da:9b:50:8f:05:e8:f7:6e:de:59:e0:3d:48:
                    2e:ce:f0:e1:16:9c:a7:d1:09:48:99:0f:7e:f2:52:
                    6a:13:0d:ac:61:56:83:a3:bf:3d:2a:e8:9f:7c:29:
                    30:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7D:2F:EA:72:DC:E1:C9:8B:5A:E2:13:AE:82:C3:53:75:B7:BC:7F:47
            X509v3 Authority Key Identifier:
                keyid:05:34:C4:9F:CF:A8:A4:50:41:D9:5E:D4:D8:D4:FC:69:C7:27:A4:67

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/fS_qctzhyYta4hOugsNTdbe8f0c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.19.40.0/23
                  185.229.216.0/22

    Signature Algorithm: sha256WithRSAEncryption
         4d:ae:93:92:6b:cb:74:23:8c:bd:d7:b5:33:ab:22:ec:a8:62:
         e3:90:8d:6e:60:cf:29:6d:53:40:b7:38:1c:a0:2c:13:17:74:
         75:89:e9:50:ee:15:90:a8:fd:4f:72:01:51:85:05:da:af:f2:
         0b:3b:33:bc:63:3c:c5:34:06:1b:cd:c7:7b:d3:73:d9:c2:db:
         ca:19:12:19:9d:e3:2e:63:37:20:cf:2e:10:79:c5:d8:ed:53:
         47:51:59:a7:00:fb:57:43:4d:e2:ac:93:f8:1e:c1:fd:73:b0:
         1f:19:7d:9b:95:03:55:31:5a:b5:6f:0d:56:fb:93:ef:af:6f:
         b3:a0:06:ae:06:74:16:b4:c7:cd:9b:84:3a:d5:13:2b:31:0f:
         aa:ee:a4:07:e4:11:ed:e8:b5:7b:d7:9f:f7:2d:31:7f:51:14:
         2a:26:b6:dd:a4:90:45:f3:bc:c9:3f:d9:de:10:2d:1a:11:d7:
         68:6a:d5:7c:00:e4:38:db:0b:86:ec:31:02:98:14:7a:82:90:
         23:ba:66:ca:1e:a9:cc:2d:43:8e:a6:3d:ef:34:10:25:ee:71:
         1a:f5:7a:f8:05:95:b0:fb:e2:96:91:64:2f:d1:06:cc:2a:9d:
         c0:4b:bb:f0:59:ef:30:f2:1b:da:7a:4e:88:c8:b4:67:c2:04:
         8a:8b:39:45
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQnSEJZOSEatAgZV8RnWQ4XMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1MzRjNDlmY2ZhOGE0NTA0MWQ5NWVkNGQ4ZDRmYzY5Yzcy
N2E0NjcwHhcNMjUwMTAyMTM1MDM0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZDJmZWE3MmRjZTFjOThiNWFlMjEzYWU4MmMzNTM3NWI3YmM3ZjQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlhcaLb7TGxG3erQ7xr3HvBWcN0pe
em1JwPV0xvTeFJLnI435YwEFE2uAoqtqbmyRmr9e6o7LdAk66AmR7JNMrWImXwnq
dnBsaigOlLpgXppwxNwUEEyG/YJjN137q2k081vGtcJq9ANB4eFzFYZeOB/ZNcl1
WXkG+RPfV5gOkEmWWwFeZcmTKqqQln0lpv5CHU4pR1f0tXL+X9esE0hf2zkUSAMm
td+W+W7LUxWt0ERWmtz/RJT4SIyAAS1YptRDcF/sPGBPuW/Dn1gZ2ZtL3nMD79qb
UI8F6Pdu3lngPUguzvDhFpyn0QlImQ9+8lJqEw2sYVaDo789KuiffCkwawIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFH0v6nLc4cmLWuITroLDU3W3vH9HMB8GA1UdIwQY
MBaAFAU0xJ/PqKRQQdle1NjU/GnHJ6RnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlRURW44LW9wRkJCMlY3VTJOVDhhY2NucEdjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS8wY2NiZGEtZDZmMS00NTI3LTgxMDYt
Y2Q3ZTA2Y2JiNTMxLzEvZlNfcWN0emh5WXRhNGhPdWdzTlRkYmU4ZjBjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS8wY2NiZGEtZDZmMS00NTI3LTgxMDYtY2Q3ZTA2Y2JiNTMx
LzEvQlRURW44LW9wRkJCMlY3VTJOVDhhY2NucEdjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBshMoAwQC
ueXYMA0GCSqGSIb3DQEBCwUAA4IBAQBNrpOSa8t0I4y917UzqyLsqGLjkI1uYM8p
bVNAtzgcoCwTF3R1ielQ7hWQqP1PcgFRhQXar/ILOzO8YzzFNAYbzcd703PZwtvK
GRIZneMuYzcgzy4QecXY7VNHUVmnAPtXQ03irJP4HsH9c7AfGX2blQNVMVq1bw1W
+5Pvr2+zoAauBnQWtMfNm4Q61RMrMQ+q7qQH5BHt6LV715/3LTF/URQqJrbdpJBF
87zJP9neEC0aEddoatV8AOQ42wuG7DECmBR6gpAjumbKHqnMLUOOpj3vNBAl7nEa
9Xr4BZWw++KWkWQv0QbMKp3AS7vwWe8w8hvaek6IyLRnwgSKizlF
-----END CERTIFICATE-----