Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/7b2567-dbaf-46d3-8c01-df0e619a0b82/1/lCFWlcHQXl8OCfG8VkJf_ovcDUY.roa
File:                     lCFWlcHQXl8OCfG8VkJf_ovcDUY.roa (raw, json)
Hash identifier:          SWucWn1D4Fv0B4+THeJJxTuUCPWrkWrGEDFRw9TIy8c=
Subject key identifier:   94:21:56:95:C1:D0:5E:5F:0E:09:F1:BC:56:42:5F:FE:8B:DC:0D:46
Certificate issuer:       /CN=8e5a36a38e9e562476ae70b915028e3018712919
Certificate serial:       01942067EC6007FCAAA4DB8BD0F536BB75F0
Authority key identifier: 8E:5A:36:A3:8E:9E:56:24:76:AE:70:B9:15:02:8E:30:18:71:29:19
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jlo2o46eViR2rnC5FQKOMBhxKRk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/7b2567-dbaf-46d3-8c01-df0e619a0b82/1/lCFWlcHQXl8OCfG8VkJf_ovcDUY.roa
Signing time:             Wed 01 Jan 2025 05:47:49 +0000
ROA not before:           Wed 01 Jan 2025 05:47:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     207627
IP address blocks:        185.225.224.0/24 maxlen: 24
                          2a06:4740::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5e/7b2567-dbaf-46d3-8c01-df0e619a0b82/1/jlo2o46eViR2rnC5FQKOMBhxKRk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5e/7b2567-dbaf-46d3-8c01-df0e619a0b82/1/jlo2o46eViR2rnC5FQKOMBhxKRk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jlo2o46eViR2rnC5FQKOMBhxKRk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:67:ec:60:07:fc:aa:a4:db:8b:d0:f5:36:bb:75:f0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8e5a36a38e9e562476ae70b915028e3018712919
        Validity
            Not Before: Jan  1 05:47:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=94215695c1d05e5f0e09f1bc56425ffe8bdc0d46
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:51:f2:6f:6d:bb:f6:8d:99:91:10:f3:7a:f9:
                    a2:0c:a8:90:38:6c:8e:0a:dd:08:0e:da:61:06:43:
                    f7:ca:ae:34:d7:c1:06:41:b4:6d:cb:0b:30:ac:2d:
                    40:6f:87:88:ac:de:1c:fd:f0:82:b2:ad:e5:ab:6f:
                    df:cb:f8:1f:ec:af:f4:d7:86:bc:e3:0d:2d:bd:33:
                    e9:98:99:36:52:97:78:81:78:3f:b3:17:4c:14:0f:
                    ab:fd:77:2a:5e:5d:1a:f9:6b:d3:4d:3b:a1:5d:48:
                    00:c2:a2:25:00:98:c6:01:3d:4c:a4:b1:c9:70:85:
                    e8:52:dc:fc:bd:01:2a:eb:3c:53:37:c6:4d:39:90:
                    b2:ba:70:9f:b9:00:48:3b:55:84:5f:f9:ae:71:cb:
                    69:58:d1:d1:92:29:fa:0f:9a:49:69:4f:f0:45:56:
                    ff:10:97:f9:e0:b7:15:a7:b7:cf:88:21:28:e8:03:
                    3e:94:99:ca:ec:45:1a:1c:6f:5c:6c:be:54:ec:85:
                    4c:e9:52:6c:f1:e4:47:e6:ff:25:ad:43:8c:cc:6b:
                    4c:cf:7c:93:f8:1b:d7:b2:6c:09:76:b2:03:4c:47:
                    d1:29:67:eb:09:1d:37:b8:e0:e9:83:5b:d9:6a:c1:
                    68:8a:54:3a:34:f1:b0:dd:2f:f2:04:11:6e:ae:60:
                    b6:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                94:21:56:95:C1:D0:5E:5F:0E:09:F1:BC:56:42:5F:FE:8B:DC:0D:46
            X509v3 Authority Key Identifier:
                keyid:8E:5A:36:A3:8E:9E:56:24:76:AE:70:B9:15:02:8E:30:18:71:29:19

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jlo2o46eViR2rnC5FQKOMBhxKRk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/7b2567-dbaf-46d3-8c01-df0e619a0b82/1/lCFWlcHQXl8OCfG8VkJf_ovcDUY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/7b2567-dbaf-46d3-8c01-df0e619a0b82/1/jlo2o46eViR2rnC5FQKOMBhxKRk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.225.224.0/24
                IPv6:
                  2a06:4740::/29

    Signature Algorithm: sha256WithRSAEncryption
         5f:a2:3d:5a:07:2e:ba:6f:16:b4:89:77:ab:df:b7:1a:e5:9e:
         7c:b4:4e:51:66:90:36:28:f0:c3:09:bd:f2:e0:5f:58:03:96:
         9a:73:76:0a:93:65:58:ab:02:69:12:2d:d9:fc:1b:6d:ee:4a:
         7c:87:bc:1e:78:a9:b1:7b:94:7f:70:ff:6f:13:36:2d:8e:91:
         3f:15:20:b4:2e:50:84:2f:6a:d3:35:f4:5e:aa:64:6f:cb:37:
         d9:50:60:5b:ee:7b:48:12:83:41:a2:e8:a1:72:51:45:0d:39:
         5d:df:e2:c1:a3:6c:01:61:41:b5:53:c1:45:db:a5:14:11:4d:
         7e:ef:98:62:d8:29:d7:bc:80:9a:d8:8f:65:f3:56:a6:af:20:
         f7:64:f2:32:de:21:56:f1:be:b8:21:7b:ef:68:0d:8d:3b:ec:
         dd:46:71:4f:17:d9:d8:f7:5f:e6:62:d8:38:81:88:54:a0:24:
         7a:3e:b1:f9:5a:ff:ae:3f:52:12:34:d8:be:11:b9:3d:04:9d:
         81:03:41:50:bd:98:64:c1:99:be:4e:37:4e:d8:64:5a:bd:95:
         70:6c:4a:35:e7:e6:06:5c:01:64:09:b3:f0:6c:20:3c:1e:5e:
         41:e1:55:c3:b2:1c:b5:56:5a:2d:1b:1d:98:27:f2:73:20:6d:
         5b:a7:40:e6
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQgZ+xgB/yqpNuL0PU2u3XwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhlNWEzNmEzOGU5ZTU2MjQ3NmFlNzBiOTE1MDI4ZTMwMTg3
MTI5MTkwHhcNMjUwMTAxMDU0NzQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NDIxNTY5NWMxZDA1ZTVmMGUwOWYxYmM1NjQyNWZmZThiZGMwZDQ2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2FHyb2279o2ZkRDzevmiDKiQOGyO
Ct0IDtphBkP3yq4018EGQbRtywswrC1Ab4eIrN4c/fCCsq3lq2/fy/gf7K/014a8
4w0tvTPpmJk2Upd4gXg/sxdMFA+r/XcqXl0a+WvTTTuhXUgAwqIlAJjGAT1MpLHJ
cIXoUtz8vQEq6zxTN8ZNOZCyunCfuQBIO1WEX/mucctpWNHRkin6D5pJaU/wRVb/
EJf54LcVp7fPiCEo6AM+lJnK7EUaHG9cbL5U7IVM6VJs8eRH5v8lrUOMzGtMz3yT
+BvXsmwJdrIDTEfRKWfrCR03uODpg1vZasFoilQ6NPGw3S/yBBFurmC2MwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFJQhVpXB0F5fDgnxvFZCX/6L3A1GMB8GA1UdIwQY
MBaAFI5aNqOOnlYkdq5wuRUCjjAYcSkZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvamxvMm80NmVWaVIycm5DNUZRS09NQmh4S1JrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83YjI1NjctZGJhZi00NmQzLThjMDEt
ZGYwZTYxOWEwYjgyLzEvbENGV2xjSFFYbDhPQ2ZHOFZrSmZfb3ZjRFVZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83YjI1NjctZGJhZi00NmQzLThjMDEtZGYwZTYxOWEwYjgy
LzEvamxvMm80NmVWaVIycm5DNUZRS09NQmh4S1JrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAueHgMA0E
AgACMAcDBQMqBkdAMA0GCSqGSIb3DQEBCwUAA4IBAQBfoj1aBy66bxa0iXer37ca
5Z58tE5RZpA2KPDDCb3y4F9YA5aac3YKk2VYqwJpEi3Z/Btt7kp8h7weeKmxe5R/
cP9vEzYtjpE/FSC0LlCEL2rTNfReqmRvyzfZUGBb7ntIEoNBouihclFFDTld3+LB
o2wBYUG1U8FF26UUEU1+75hi2CnXvICa2I9l81amryD3ZPIy3iFW8b64IXvvaA2N
O+zdRnFPF9nY91/mYtg4gYhUoCR6PrH5Wv+uP1ISNNi+Ebk9BJ2BA0FQvZhkwZm+
TjdO2GRavZVwbEo15+YGXAFkCbPwbCA8Hl5B4VXDshy1VlotGx2YJ/JzIG1bp0Dm
-----END CERTIFICATE-----