Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5c/179bd8-fc68-4f76-86ff-68f316607376/1/y0QD6cVeHITeOOUrewdmduPjNyw.roa
File:                     y0QD6cVeHITeOOUrewdmduPjNyw.roa (raw, json)
Hash identifier:          d578B+uX2xF03DWPlSDJU4G4ivlMPauq0XylCe7obdU=
Subject key identifier:   CB:44:03:E9:C5:5E:1C:84:DE:38:E5:2B:7B:07:66:76:E3:E3:37:2C
Certificate issuer:       /CN=5a3b1dddab33e45506ad977040924720417d5688
Certificate serial:       019426D9D247B87D6BBAC05CD87FEDE35442
Authority key identifier: 5A:3B:1D:DD:AB:33:E4:55:06:AD:97:70:40:92:47:20:41:7D:56:88
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Wjsd3asz5FUGrZdwQJJHIEF9Vog.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5c/179bd8-fc68-4f76-86ff-68f316607376/1/y0QD6cVeHITeOOUrewdmduPjNyw.roa
Signing time:             Thu 02 Jan 2025 11:49:56 +0000
ROA not before:           Thu 02 Jan 2025 11:49:56 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     200915
IP address blocks:        185.91.152.0/22 maxlen: 23
                          2a05:eb40::/29 maxlen: 30
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5c/179bd8-fc68-4f76-86ff-68f316607376/1/Wjsd3asz5FUGrZdwQJJHIEF9Vog.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5c/179bd8-fc68-4f76-86ff-68f316607376/1/Wjsd3asz5FUGrZdwQJJHIEF9Vog.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Wjsd3asz5FUGrZdwQJJHIEF9Vog.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 23 Apr 2025 04:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:d9:d2:47:b8:7d:6b:ba:c0:5c:d8:7f:ed:e3:54:42
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5a3b1dddab33e45506ad977040924720417d5688
        Validity
            Not Before: Jan  2 11:49:56 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=cb4403e9c55e1c84de38e52b7b076676e3e3372c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:0d:72:4e:3f:06:42:7f:ac:13:3e:aa:66:10:
                    69:f7:63:ea:db:3e:c1:9f:e7:26:2f:78:15:51:0f:
                    27:db:db:a7:11:97:44:3d:6e:38:9c:66:7a:9c:c0:
                    4d:fd:9f:b2:1b:55:ea:89:c9:1d:3f:73:7f:e5:a4:
                    02:7a:09:23:f3:0a:fc:79:b5:60:9c:0a:a7:b5:07:
                    34:6f:05:1a:3c:59:80:cf:a8:a3:d7:36:f4:61:98:
                    a9:5f:ef:21:28:0f:16:e1:8d:b5:d3:c7:6f:ed:b2:
                    70:e8:c4:24:3b:fb:1a:b0:71:3b:fc:32:80:36:19:
                    30:8f:4e:c2:40:28:85:09:22:a4:fd:e0:a4:39:d2:
                    c3:90:42:30:d6:d4:35:5a:08:85:4d:6a:76:31:c2:
                    26:df:ee:41:42:52:c7:f7:a5:c1:7b:07:c6:f6:8b:
                    44:57:da:0e:64:7f:eb:1c:42:3d:52:85:27:e7:94:
                    0a:54:ae:4b:c5:2b:7c:89:e5:91:90:b0:01:c1:13:
                    ba:1a:63:ca:4b:32:52:09:f3:2a:e1:10:a9:1c:b3:
                    7f:a4:59:47:25:4a:70:d7:bf:df:00:ee:7a:80:f6:
                    ca:d5:3a:1f:14:7c:ea:87:34:cb:42:de:b3:63:11:
                    fa:d9:a9:68:a3:1f:a3:b1:95:4a:7d:e9:48:d3:79:
                    68:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CB:44:03:E9:C5:5E:1C:84:DE:38:E5:2B:7B:07:66:76:E3:E3:37:2C
            X509v3 Authority Key Identifier:
                keyid:5A:3B:1D:DD:AB:33:E4:55:06:AD:97:70:40:92:47:20:41:7D:56:88

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Wjsd3asz5FUGrZdwQJJHIEF9Vog.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5c/179bd8-fc68-4f76-86ff-68f316607376/1/y0QD6cVeHITeOOUrewdmduPjNyw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5c/179bd8-fc68-4f76-86ff-68f316607376/1/Wjsd3asz5FUGrZdwQJJHIEF9Vog.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.91.152.0/22
                IPv6:
                  2a05:eb40::/29

    Signature Algorithm: sha256WithRSAEncryption
         8a:6d:e2:a3:d6:6b:ef:92:2b:d7:0c:78:34:ff:9e:31:01:a3:
         48:31:05:e9:bc:07:d3:d5:62:0f:4d:74:f0:a5:d1:c1:1f:c2:
         c0:19:9b:20:d6:e6:b2:7f:32:2b:99:37:a4:ae:17:04:7a:42:
         2d:d2:67:07:d1:73:eb:46:33:a1:9f:58:d3:c0:8d:2c:89:62:
         0f:76:26:ec:d9:1a:9b:7e:ca:32:75:90:10:5d:3c:fc:37:8e:
         f0:b7:d5:e2:f5:fa:d8:2b:9a:49:4d:e9:66:49:8d:b1:d4:51:
         fd:c1:c7:10:3e:ed:c3:e0:a1:fc:c4:a5:a4:98:6e:b8:38:94:
         0c:4b:93:f4:2d:59:12:5c:34:41:7e:2f:81:4f:b4:6b:dd:91:
         15:62:c0:88:f7:a0:d7:4f:5d:bc:98:e4:1e:b7:1c:cb:41:42:
         d1:30:a1:31:5e:7d:13:47:22:75:8a:82:80:96:95:8c:4e:38:
         df:a7:49:2b:b0:11:73:f7:29:97:29:d1:99:d7:ec:87:9a:d5:
         c8:8a:cb:f9:57:00:cb:2e:39:99:4a:60:64:d7:2d:77:8f:44:
         6c:d3:63:55:fd:20:28:2d:60:0f:d2:2a:f2:a1:25:b1:24:c9:
         aa:0d:cd:37:9c:82:86:e4:eb:23:05:60:78:9f:02:f7:c5:33:
         62:c5:20:d8
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQm2dJHuH1rusBc2H/t41RCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVhM2IxZGRkYWIzM2U0NTUwNmFkOTc3MDQwOTI0NzIwNDE3
ZDU2ODgwHhcNMjUwMTAyMTE0OTU2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYjQ0MDNlOWM1NWUxYzg0ZGUzOGU1MmI3YjA3NjY3NmUzZTMzNzJjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArw1yTj8GQn+sEz6qZhBp92Pq2z7B
n+cmL3gVUQ8n29unEZdEPW44nGZ6nMBN/Z+yG1XqickdP3N/5aQCegkj8wr8ebVg
nAqntQc0bwUaPFmAz6ij1zb0YZipX+8hKA8W4Y2108dv7bJw6MQkO/sasHE7/DKA
Nhkwj07CQCiFCSKk/eCkOdLDkEIw1tQ1WgiFTWp2McIm3+5BQlLH96XBewfG9otE
V9oOZH/rHEI9UoUn55QKVK5LxSt8ieWRkLABwRO6GmPKSzJSCfMq4RCpHLN/pFlH
JUpw17/fAO56gPbK1TofFHzqhzTLQt6zYxH62aloox+jsZVKfelI03loLwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFMtEA+nFXhyE3jjlK3sHZnbj4zcsMB8GA1UdIwQY
MBaAFFo7Hd2rM+RVBq2XcECSRyBBfVaIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV2pzZDNhc3o1RlVHclpkd1FKSkhJRUY5Vm9nLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yy8xNzliZDgtZmM2OC00Zjc2LTg2ZmYt
NjhmMzE2NjA3Mzc2LzEveTBRRDZjVmVISVRlT09VcmV3ZG1kdVBqTnl3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yy8xNzliZDgtZmM2OC00Zjc2LTg2ZmYtNjhmMzE2NjA3Mzc2
LzEvV2pzZDNhc3o1RlVHclpkd1FKSkhJRUY5Vm9nLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuVuYMA0E
AgACMAcDBQMqBetAMA0GCSqGSIb3DQEBCwUAA4IBAQCKbeKj1mvvkivXDHg0/54x
AaNIMQXpvAfT1WIPTXTwpdHBH8LAGZsg1uayfzIrmTekrhcEekIt0mcH0XPrRjOh
n1jTwI0siWIPdibs2RqbfsoydZAQXTz8N47wt9Xi9frYK5pJTelmSY2x1FH9wccQ
Pu3D4KH8xKWkmG64OJQMS5P0LVkSXDRBfi+BT7Rr3ZEVYsCI96DXT128mOQetxzL
QULRMKExXn0TRyJ1ioKAlpWMTjjfp0krsBFz9ymXKdGZ1+yHmtXIisv5VwDLLjmZ
SmBk1y13j0Rs02NV/SAoLWAP0iryoSWxJMmqDc03nIKG5OsjBWB4nwL3xTNixSDY
-----END CERTIFICATE-----