Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5d/a05eba-9d85-489b-aec7-ed42d3a625a4/1/iFRT7pIErYyjSrvBoxfFD5pxtGQ.roa
File:                     iFRT7pIErYyjSrvBoxfFD5pxtGQ.roa (raw, json)
Hash identifier:          5ByeZ/21OPrr4ys4yOkH+9BugOf167l7MKLoGEfw+nA=
Subject key identifier:   88:54:53:EE:92:04:AD:8C:A3:4A:BB:C1:A3:17:C5:0F:9A:71:B4:64
Certificate issuer:       /CN=e0d435784da8c218e0ff107cdcfe24ca4569c949
Certificate serial:       0194221FA1EDCA5E693CF77C86ED669A6B06
Authority key identifier: E0:D4:35:78:4D:A8:C2:18:E0:FF:10:7C:DC:FE:24:CA:45:69:C9:49
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4NQ1eE2owhjg_xB83P4kykVpyUk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5d/a05eba-9d85-489b-aec7-ed42d3a625a4/1/iFRT7pIErYyjSrvBoxfFD5pxtGQ.roa
Signing time:             Wed 01 Jan 2025 13:48:05 +0000
ROA not before:           Wed 01 Jan 2025 13:48:05 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     59742
IP address blocks:        87.243.69.0/24 maxlen: 24
                          185.73.236.0/22 maxlen: 22
                          2a03:46a0::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5d/a05eba-9d85-489b-aec7-ed42d3a625a4/1/4NQ1eE2owhjg_xB83P4kykVpyUk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5d/a05eba-9d85-489b-aec7-ed42d3a625a4/1/4NQ1eE2owhjg_xB83P4kykVpyUk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4NQ1eE2owhjg_xB83P4kykVpyUk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 23:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:1f:a1:ed:ca:5e:69:3c:f7:7c:86:ed:66:9a:6b:06
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e0d435784da8c218e0ff107cdcfe24ca4569c949
        Validity
            Not Before: Jan  1 13:48:05 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=885453ee9204ad8ca34abbc1a317c50f9a71b464
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:3b:fa:ab:28:b2:5d:7a:f4:ba:94:00:e2:19:
                    65:dc:25:41:6f:53:aa:c9:8a:5f:fa:79:9c:3e:c7:
                    8f:40:77:84:ca:70:ef:7a:fd:6a:4d:44:02:a2:6b:
                    a4:a6:c2:a7:e5:d6:1f:f7:d8:01:a8:94:05:7c:7e:
                    c8:b0:ca:c2:42:f5:9a:e0:eb:f0:8e:e2:23:37:c7:
                    7c:d1:5b:bb:32:24:fd:1a:fd:3b:77:3e:89:90:2a:
                    0d:50:01:5e:45:6a:9a:26:4c:75:41:c3:42:6a:38:
                    0a:da:50:e1:a5:7c:7b:cd:41:82:c7:c8:36:66:c4:
                    72:f5:27:18:27:2e:49:9d:37:1c:3c:b9:0e:94:53:
                    ce:26:54:75:ae:9d:49:4d:91:fc:18:0e:00:6c:77:
                    7d:81:b1:f0:33:93:f9:73:1c:d2:69:1c:dc:35:03:
                    6f:52:f1:9d:9a:ea:b8:7a:c4:5d:bb:49:d0:46:29:
                    62:40:ca:d4:c2:f1:da:8d:ca:ac:2f:fe:d3:fc:b5:
                    02:7b:f8:df:29:85:48:66:64:14:4f:e5:6e:2e:0c:
                    e5:3d:43:bf:55:d1:1b:28:8c:36:6c:41:67:27:c6:
                    07:8b:3a:eb:68:ed:55:0b:ef:da:c4:a1:6d:03:9d:
                    6e:fd:e3:1a:91:13:fb:c5:62:dc:01:3c:9e:c7:8c:
                    cf:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                88:54:53:EE:92:04:AD:8C:A3:4A:BB:C1:A3:17:C5:0F:9A:71:B4:64
            X509v3 Authority Key Identifier:
                keyid:E0:D4:35:78:4D:A8:C2:18:E0:FF:10:7C:DC:FE:24:CA:45:69:C9:49

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4NQ1eE2owhjg_xB83P4kykVpyUk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5d/a05eba-9d85-489b-aec7-ed42d3a625a4/1/iFRT7pIErYyjSrvBoxfFD5pxtGQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5d/a05eba-9d85-489b-aec7-ed42d3a625a4/1/4NQ1eE2owhjg_xB83P4kykVpyUk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.243.69.0/24
                  185.73.236.0/22
                IPv6:
                  2a03:46a0::/32

    Signature Algorithm: sha256WithRSAEncryption
         5e:50:34:ba:18:60:4a:b5:d8:f0:1a:a1:38:82:3a:75:66:10:
         e1:9d:96:81:97:5f:ab:bf:80:10:89:ae:f1:94:78:8d:79:75:
         23:fc:43:1d:e8:57:31:a8:51:96:0b:01:a7:da:55:f2:d8:41:
         ec:af:da:97:a2:61:b0:0d:41:99:bd:30:26:d1:d2:24:da:e7:
         cc:70:95:00:80:18:ed:fd:81:4e:a9:45:f6:73:e2:12:89:31:
         ee:28:b7:43:b7:31:86:ad:21:cc:9d:af:82:ca:d2:c5:4f:d7:
         d0:c7:b8:85:73:37:06:db:b9:25:7e:5b:59:b7:7d:10:a1:37:
         c2:fc:af:29:3c:a4:85:9d:eb:a8:0e:a1:0b:ac:5b:4f:ba:76:
         ff:7c:b5:73:f1:5e:0a:9e:3a:91:24:f5:c6:4d:6a:61:99:7e:
         d7:14:fa:d0:2f:18:e3:11:85:14:c6:bd:aa:3e:45:18:a0:21:
         fd:e0:dc:de:b5:2d:24:75:44:33:38:de:eb:2b:c4:fa:3c:3d:
         84:e5:8f:e5:8e:25:07:3f:20:c6:f6:8a:d2:b3:82:83:d4:b2:
         37:c9:e8:ff:6d:59:cd:2f:78:2a:d3:66:47:c7:d5:2c:51:06:
         63:07:6f:8d:bd:d1:04:43:3c:f1:3e:e8:36:04:7f:00:0c:b7:
         e1:51:26:c9
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZQiH6Htyl5pPPd8hu1mmmsGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUwZDQzNTc4NGRhOGMyMThlMGZmMTA3Y2RjZmUyNGNhNDU2
OWM5NDkwHhcNMjUwMTAxMTM0ODA1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ODU0NTNlZTkyMDRhZDhjYTM0YWJiYzFhMzE3YzUwZjlhNzFiNDY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwDv6qyiyXXr0upQA4hll3CVBb1Oq
yYpf+nmcPsePQHeEynDvev1qTUQComukpsKn5dYf99gBqJQFfH7IsMrCQvWa4Ovw
juIjN8d80Vu7MiT9Gv07dz6JkCoNUAFeRWqaJkx1QcNCajgK2lDhpXx7zUGCx8g2
ZsRy9ScYJy5JnTccPLkOlFPOJlR1rp1JTZH8GA4AbHd9gbHwM5P5cxzSaRzcNQNv
UvGdmuq4esRdu0nQRiliQMrUwvHajcqsL/7T/LUCe/jfKYVIZmQUT+VuLgzlPUO/
VdEbKIw2bEFnJ8YHizrraO1VC+/axKFtA51u/eMakRP7xWLcATyex4zPqQIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFIhUU+6SBK2Mo0q7waMXxQ+acbRkMB8GA1UdIwQY
MBaAFODUNXhNqMIY4P8QfNz+JMpFaclJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNE5RMWVFMm93aGpnX3hCODNQNGt5a1ZweVVrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZC9hMDVlYmEtOWQ4NS00ODliLWFlYzct
ZWQ0MmQzYTYyNWE0LzEvaUZSVDdwSUVyWXlqU3J2Qm94ZkZENXB4dEdRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZC9hMDVlYmEtOWQ4NS00ODliLWFlYzctZWQ0MmQzYTYyNWE0
LzEvNE5RMWVFMm93aGpnX3hCODNQNGt5a1ZweVVrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQAV/NFAwQC
uUnsMA0EAgACMAcDBQAqA0agMA0GCSqGSIb3DQEBCwUAA4IBAQBeUDS6GGBKtdjw
GqE4gjp1ZhDhnZaBl1+rv4AQia7xlHiNeXUj/EMd6FcxqFGWCwGn2lXy2EHsr9qX
omGwDUGZvTAm0dIk2ufMcJUAgBjt/YFOqUX2c+ISiTHuKLdDtzGGrSHMna+CytLF
T9fQx7iFczcG27klfltZt30QoTfC/K8pPKSFneuoDqELrFtPunb/fLVz8V4KnjqR
JPXGTWphmX7XFPrQLxjjEYUUxr2qPkUYoCH94NzetS0kdUQzON7rK8T6PD2E5Y/l
jiUHPyDG9orSs4KD1LI3yej/bVnNL3gq02ZHx9UsUQZjB2+NvdEEQzzxPug2BH8A
DLfhUSbJ
-----END CERTIFICATE-----