Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5c/094c50-2c86-4a55-8eb0-1cf722517baf/1/asNSq8lkmS1XdMPBwyGi7exxYUQ.roa
File:                     asNSq8lkmS1XdMPBwyGi7exxYUQ.roa (raw, json)
Hash identifier:          IeZFlfU/tf7kNLd1ueG9wWhJ27KVNelvhJ00kXOKzso=
Subject key identifier:   6A:C3:52:AB:C9:64:99:2D:57:74:C3:C1:C3:21:A2:ED:EC:71:61:44
Certificate issuer:       /CN=5bf7d0e47122aefefb62cea21674a81025559b1a
Certificate serial:       0194282606ED98ABCC2B5A0841C5FF2647D7
Authority key identifier: 5B:F7:D0:E4:71:22:AE:FE:FB:62:CE:A2:16:74:A8:10:25:55:9B:1A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/W_fQ5HEirv77Ys6iFnSoECVVmxo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5c/094c50-2c86-4a55-8eb0-1cf722517baf/1/asNSq8lkmS1XdMPBwyGi7exxYUQ.roa
Signing time:             Thu 02 Jan 2025 17:52:48 +0000
ROA not before:           Thu 02 Jan 2025 17:52:48 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     49223
IP address blocks:        185.86.0.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5c/094c50-2c86-4a55-8eb0-1cf722517baf/1/W_fQ5HEirv77Ys6iFnSoECVVmxo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5c/094c50-2c86-4a55-8eb0-1cf722517baf/1/W_fQ5HEirv77Ys6iFnSoECVVmxo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/W_fQ5HEirv77Ys6iFnSoECVVmxo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 23:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:28:26:06:ed:98:ab:cc:2b:5a:08:41:c5:ff:26:47:d7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5bf7d0e47122aefefb62cea21674a81025559b1a
        Validity
            Not Before: Jan  2 17:52:48 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6ac352abc964992d5774c3c1c321a2edec716144
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:c4:8e:21:59:ec:58:c2:2c:31:91:7a:c6:4b:
                    df:5e:e7:b5:09:0e:2a:7b:c6:99:4c:44:33:31:94:
                    f0:12:7d:f7:a4:31:36:4b:54:88:07:fd:75:8e:ec:
                    09:0e:a9:11:7c:04:4b:8c:28:fb:ad:e2:ce:3c:cc:
                    7a:23:da:3d:32:20:f0:00:48:21:78:f4:31:5a:83:
                    b5:c0:7d:16:c9:57:ed:99:b4:3e:fa:89:bb:37:0e:
                    0e:8e:b6:31:63:89:f2:a0:45:b1:e2:69:14:ad:ac:
                    d2:71:41:f3:a5:b7:1c:3a:e7:74:64:5b:e5:68:a9:
                    51:8a:f1:1e:5c:bc:d9:14:c4:bf:42:2e:c3:40:8c:
                    22:47:5d:8b:72:10:31:72:54:9e:51:8c:cb:61:b9:
                    ce:f9:73:a7:29:d5:d2:0a:d2:4a:eb:22:05:10:99:
                    86:e4:52:0e:d3:91:01:40:72:4d:e7:a4:4b:bb:8a:
                    d8:ad:3f:a1:86:33:00:c0:8c:fb:7d:80:81:7c:fc:
                    d1:9b:ce:5a:2d:1b:18:2a:6c:d7:87:e0:26:b0:2f:
                    59:d0:fb:1c:97:7b:c0:8c:34:26:8e:c1:de:f4:ed:
                    05:9b:c9:3b:83:57:b4:6d:8e:95:6b:aa:ae:1d:c6:
                    a2:4f:c9:73:cd:58:78:47:a4:f7:db:9d:6d:e2:b3:
                    bf:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6A:C3:52:AB:C9:64:99:2D:57:74:C3:C1:C3:21:A2:ED:EC:71:61:44
            X509v3 Authority Key Identifier:
                keyid:5B:F7:D0:E4:71:22:AE:FE:FB:62:CE:A2:16:74:A8:10:25:55:9B:1A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/W_fQ5HEirv77Ys6iFnSoECVVmxo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5c/094c50-2c86-4a55-8eb0-1cf722517baf/1/asNSq8lkmS1XdMPBwyGi7exxYUQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5c/094c50-2c86-4a55-8eb0-1cf722517baf/1/W_fQ5HEirv77Ys6iFnSoECVVmxo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.86.0.0/22

    Signature Algorithm: sha256WithRSAEncryption
         a4:ca:e2:26:6b:65:8c:25:17:f2:08:95:46:0e:90:9e:ad:38:
         d2:0a:58:74:d9:22:4b:78:53:d2:ff:a9:c2:8b:8e:58:e8:ea:
         8f:26:3f:d0:20:12:6c:a1:1c:be:c4:f7:ba:73:dd:46:73:00:
         52:b9:7b:03:5d:65:b8:25:ac:b9:5d:8e:fa:e5:27:4f:4e:4c:
         cd:0a:bf:1e:e7:64:66:f0:ff:a0:bd:75:1c:20:68:69:9a:86:
         45:59:b3:ed:c3:db:c9:5b:05:78:57:73:6a:77:d6:a4:08:28:
         14:77:4e:ee:ca:39:87:d5:58:1a:a9:c3:1f:87:03:6c:29:44:
         ec:58:33:5d:97:b8:68:94:2e:05:2e:4c:cd:8e:3d:d5:ab:c0:
         2d:ea:14:0e:eb:35:39:7f:c0:33:5c:ce:13:ee:17:1a:05:b4:
         45:5b:8d:7f:35:88:6f:2b:fe:17:53:9b:44:96:fb:55:50:0b:
         8a:6e:6a:aa:f3:99:c2:65:79:72:7f:d5:6f:20:e9:53:25:35:
         f0:ff:42:27:e5:e0:6a:e0:5c:05:e5:94:d3:29:e1:7f:43:57:
         b9:69:5d:a7:ac:db:09:63:99:96:13:af:4d:de:a9:b6:16:7d:
         80:cf:97:8a:21:cc:b1:d4:1f:36:01:ac:3a:1f:4d:46:11:96:
         66:c5:45:b4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQoJgbtmKvMK1oIQcX/JkfXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDViZjdkMGU0NzEyMmFlZmVmYjYyY2VhMjE2NzRhODEwMjU1
NTliMWEwHhcNMjUwMTAyMTc1MjQ4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YWMzNTJhYmM5NjQ5OTJkNTc3NGMzYzFjMzIxYTJlZGVjNzE2MTQ0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxcSOIVnsWMIsMZF6xkvfXue1CQ4q
e8aZTEQzMZTwEn33pDE2S1SIB/11juwJDqkRfARLjCj7reLOPMx6I9o9MiDwAEgh
ePQxWoO1wH0WyVftmbQ++om7Nw4OjrYxY4nyoEWx4mkUrazScUHzpbccOud0ZFvl
aKlRivEeXLzZFMS/Qi7DQIwiR12LchAxclSeUYzLYbnO+XOnKdXSCtJK6yIFEJmG
5FIO05EBQHJN56RLu4rYrT+hhjMAwIz7fYCBfPzRm85aLRsYKmzXh+AmsC9Z0Psc
l3vAjDQmjsHe9O0Fm8k7g1e0bY6Va6quHcaiT8lzzVh4R6T3251t4rO/swIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGrDUqvJZJktV3TDwcMhou3scWFEMB8GA1UdIwQY
MBaAFFv30ORxIq7++2LOohZ0qBAlVZsaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV19mUTVIRWlydjc3WXM2aUZuU29FQ1ZWbXhvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yy8wOTRjNTAtMmM4Ni00YTU1LThlYjAt
MWNmNzIyNTE3YmFmLzEvYXNOU3E4bGttUzFYZE1QQnd5R2k3ZXh4WVVRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yy8wOTRjNTAtMmM4Ni00YTU1LThlYjAtMWNmNzIyNTE3YmFm
LzEvV19mUTVIRWlydjc3WXM2aUZuU29FQ1ZWbXhvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuVYAMA0G
CSqGSIb3DQEBCwUAA4IBAQCkyuIma2WMJRfyCJVGDpCerTjSClh02SJLeFPS/6nC
i45Y6OqPJj/QIBJsoRy+xPe6c91GcwBSuXsDXWW4Jay5XY765SdPTkzNCr8e52Rm
8P+gvXUcIGhpmoZFWbPtw9vJWwV4V3Nqd9akCCgUd07uyjmH1VgaqcMfhwNsKUTs
WDNdl7holC4FLkzNjj3Vq8At6hQO6zU5f8AzXM4T7hcaBbRFW41/NYhvK/4XU5tE
lvtVUAuKbmqq85nCZXlyf9VvIOlTJTXw/0In5eBq4FwF5ZTTKeF/Q1e5aV2nrNsJ
Y5mWE69N3qm2Fn2Az5eKIcyx1B82Aaw6H01GEZZmxUW0
-----END CERTIFICATE-----