Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/7243b8-a8f9-4520-80c1-0565f337dcbe/1/vLkg6vsM00eiYmKWC5SDs25Gs0o.roa
File:                     vLkg6vsM00eiYmKWC5SDs25Gs0o.roa (raw, json)
Hash identifier:          laQ0wIfMQs3t8Q/rYbMaQJvlRI3pM205xGMs2yoH4OQ=
Subject key identifier:   BC:B9:20:EA:FB:0C:D3:47:A2:62:62:96:0B:94:83:B3:6E:46:B3:4A
Certificate issuer:       /CN=edcc2d279130d1a1bb3ee5a3b5f3323057b3c4fd
Certificate serial:       019423D7FD6CDAA6B1E1115F709AFD6868DB
Authority key identifier: ED:CC:2D:27:91:30:D1:A1:BB:3E:E5:A3:B5:F3:32:30:57:B3:C4:FD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7cwtJ5Ew0aG7PuWjtfMyMFezxP0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/7243b8-a8f9-4520-80c1-0565f337dcbe/1/vLkg6vsM00eiYmKWC5SDs25Gs0o.roa
Signing time:             Wed 01 Jan 2025 21:49:05 +0000
ROA not before:           Wed 01 Jan 2025 21:49:05 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     198636
IP address blocks:        185.235.186.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5e/7243b8-a8f9-4520-80c1-0565f337dcbe/1/7cwtJ5Ew0aG7PuWjtfMyMFezxP0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5e/7243b8-a8f9-4520-80c1-0565f337dcbe/1/7cwtJ5Ew0aG7PuWjtfMyMFezxP0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7cwtJ5Ew0aG7PuWjtfMyMFezxP0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:d7:fd:6c:da:a6:b1:e1:11:5f:70:9a:fd:68:68:db
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=edcc2d279130d1a1bb3ee5a3b5f3323057b3c4fd
        Validity
            Not Before: Jan  1 21:49:05 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=bcb920eafb0cd347a26262960b9483b36e46b34a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:12:d6:a3:40:60:22:95:97:3b:6d:3d:e5:b0:
                    22:14:52:dd:ee:29:63:6f:74:0d:4a:9d:05:e4:4c:
                    0b:08:3a:cc:2d:1c:f4:fa:dc:4b:4d:b2:2e:a0:cb:
                    e8:3e:c1:c1:1a:4f:ba:0c:78:5b:82:f0:7b:a8:31:
                    39:3d:df:26:aa:07:0d:c0:9c:3a:93:18:48:07:07:
                    a0:4b:03:1b:89:04:2d:fb:3b:86:4b:0d:19:46:0d:
                    e2:28:3f:36:d1:10:d9:92:1a:2e:c5:47:67:63:61:
                    4f:15:35:9f:62:7e:29:c4:52:51:b4:4b:b7:fd:6c:
                    63:a9:70:38:a2:ef:52:74:cd:a6:a0:97:26:75:40:
                    61:50:d1:5f:73:20:cc:6c:fd:46:d9:15:61:f9:2d:
                    59:54:7b:b4:31:06:46:55:46:b4:a5:82:da:ee:33:
                    a1:87:bf:9c:f9:b2:4b:50:8b:1e:da:72:96:52:a0:
                    a5:49:7e:ee:2b:d2:11:a9:ae:9d:0e:bf:7b:0e:45:
                    78:ef:00:6e:51:93:6f:7a:b3:83:ec:a9:0a:df:e2:
                    65:e4:cc:1c:09:95:0b:e0:ef:84:fb:fd:39:ef:1c:
                    2c:e9:66:da:53:84:83:2e:cb:0d:f8:3f:a8:59:bc:
                    9a:74:10:f3:3a:e4:78:15:5e:b7:8d:67:83:65:a1:
                    16:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BC:B9:20:EA:FB:0C:D3:47:A2:62:62:96:0B:94:83:B3:6E:46:B3:4A
            X509v3 Authority Key Identifier:
                keyid:ED:CC:2D:27:91:30:D1:A1:BB:3E:E5:A3:B5:F3:32:30:57:B3:C4:FD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7cwtJ5Ew0aG7PuWjtfMyMFezxP0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/7243b8-a8f9-4520-80c1-0565f337dcbe/1/vLkg6vsM00eiYmKWC5SDs25Gs0o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/7243b8-a8f9-4520-80c1-0565f337dcbe/1/7cwtJ5Ew0aG7PuWjtfMyMFezxP0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.235.186.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a5:18:f6:27:5c:d9:3b:9c:93:88:de:d7:ea:59:01:7e:2e:b1:
         c0:6d:d5:3b:17:e7:3a:f0:54:25:05:1c:db:78:13:e3:19:7b:
         a5:a4:cb:7e:04:58:72:2e:ed:47:79:ba:39:3c:ee:f2:13:0d:
         b9:bd:4d:72:7b:55:dd:b6:6b:93:60:0e:e2:69:11:9b:3f:ef:
         4a:74:d6:56:e8:bc:bb:ad:58:f3:a3:95:da:e2:0a:a2:ef:46:
         5b:c1:9c:21:47:9f:40:9a:7d:12:d8:3c:9f:90:9c:9a:ff:29:
         12:95:98:6e:9e:23:d5:c8:b5:e9:ff:c0:9a:5a:4c:2b:5b:aa:
         55:bb:e2:4d:5f:5a:fd:39:e2:50:e7:46:24:f3:49:48:5b:b0:
         98:a2:04:12:ba:ca:3f:5d:3c:dc:f5:14:f5:1a:03:d7:af:5c:
         29:6d:71:3e:8b:d5:9c:e0:2a:37:b3:c4:55:b6:ae:3b:93:c4:
         21:25:0e:dc:9d:e9:1e:fe:ca:c8:9d:27:d0:95:28:cf:f6:28:
         35:f5:27:c3:5f:90:47:f4:7b:49:d7:fe:5e:bb:90:2e:f3:28:
         85:ff:97:af:b1:ad:97:2d:3d:02:af:c1:a7:0f:4d:89:fd:d1:
         24:ab:16:64:17:7b:22:22:22:d1:b3:6e:20:dc:55:84:af:ed:
         88:af:ac:81
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQj1/1s2qax4RFfcJr9aGjbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVkY2MyZDI3OTEzMGQxYTFiYjNlZTVhM2I1ZjMzMjMwNTdi
M2M0ZmQwHhcNMjUwMTAxMjE0OTA1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiY2I5MjBlYWZiMGNkMzQ3YTI2MjYyOTYwYjk0ODNiMzZlNDZiMzRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArRLWo0BgIpWXO2095bAiFFLd7ilj
b3QNSp0F5EwLCDrMLRz0+txLTbIuoMvoPsHBGk+6DHhbgvB7qDE5Pd8mqgcNwJw6
kxhIBwegSwMbiQQt+zuGSw0ZRg3iKD820RDZkhouxUdnY2FPFTWfYn4pxFJRtEu3
/WxjqXA4ou9SdM2moJcmdUBhUNFfcyDMbP1G2RVh+S1ZVHu0MQZGVUa0pYLa7jOh
h7+c+bJLUIse2nKWUqClSX7uK9IRqa6dDr97DkV47wBuUZNverOD7KkK3+Jl5Mwc
CZUL4O+E+/057xws6WbaU4SDLssN+D+oWbyadBDzOuR4FV63jWeDZaEWbwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLy5IOr7DNNHomJilguUg7NuRrNKMB8GA1UdIwQY
MBaAFO3MLSeRMNGhuz7lo7XzMjBXs8T9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN2N3dEo1RXcwYUc3UHVXanRmTXlNRmV6eFAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83MjQzYjgtYThmOS00NTIwLTgwYzEt
MDU2NWYzMzdkY2JlLzEvdkxrZzZ2c00wMGVpWW1LV0M1U0RzMjVHczBvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83MjQzYjgtYThmOS00NTIwLTgwYzEtMDU2NWYzMzdkY2Jl
LzEvN2N3dEo1RXcwYUc3UHVXanRmTXlNRmV6eFAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAueu6MA0G
CSqGSIb3DQEBCwUAA4IBAQClGPYnXNk7nJOI3tfqWQF+LrHAbdU7F+c68FQlBRzb
eBPjGXulpMt+BFhyLu1Hebo5PO7yEw25vU1ye1XdtmuTYA7iaRGbP+9KdNZW6Ly7
rVjzo5Xa4gqi70ZbwZwhR59Amn0S2DyfkJya/ykSlZhuniPVyLXp/8CaWkwrW6pV
u+JNX1r9OeJQ50Yk80lIW7CYogQSuso/XTzc9RT1GgPXr1wpbXE+i9Wc4Co3s8RV
tq47k8QhJQ7cneke/srInSfQlSjP9ig19SfDX5BH9HtJ1/5eu5Au8yiF/5evsa2X
LT0Cr8GnD02J/dEkqxZkF3siIiLRs24g3FWEr+2Ir6yB
-----END CERTIFICATE-----