Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5f/908a62-f4e0-4985-9e34-12053ade9faf/1/f0yhahkLcuZ1yoHAyLMFgYV-0C4.roa
File:                     f0yhahkLcuZ1yoHAyLMFgYV-0C4.roa (raw, json)
Hash identifier:          o3wGDB8+TAGkWavLVm8YXjs+gVitRLdf6b5WKa02EC8=
Subject key identifier:   7F:4C:A1:6A:19:0B:72:E6:75:CA:81:C0:C8:B3:05:81:85:7E:D0:2E
Certificate issuer:       /CN=c53e2aba0515ec90d10911060fcf29236d76dddf
Certificate serial:       0194258F311FC95EDC6DA9005017C7E1F5CB
Authority key identifier: C5:3E:2A:BA:05:15:EC:90:D1:09:11:06:0F:CF:29:23:6D:76:DD:DF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xT4qugUV7JDRCREGD88pI2123d8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5f/908a62-f4e0-4985-9e34-12053ade9faf/1/f0yhahkLcuZ1yoHAyLMFgYV-0C4.roa
Signing time:             Thu 02 Jan 2025 05:48:48 +0000
ROA not before:           Thu 02 Jan 2025 05:48:48 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     205316
IP address blocks:        185.222.108.0/22 maxlen: 22
                          2a0c:2800::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5f/908a62-f4e0-4985-9e34-12053ade9faf/1/xT4qugUV7JDRCREGD88pI2123d8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5f/908a62-f4e0-4985-9e34-12053ade9faf/1/xT4qugUV7JDRCREGD88pI2123d8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xT4qugUV7JDRCREGD88pI2123d8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:8f:31:1f:c9:5e:dc:6d:a9:00:50:17:c7:e1:f5:cb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c53e2aba0515ec90d10911060fcf29236d76dddf
        Validity
            Not Before: Jan  2 05:48:48 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=7f4ca16a190b72e675ca81c0c8b30581857ed02e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:53:ee:46:da:c8:12:11:26:9f:df:fa:a0:3d:
                    5f:48:63:92:f0:08:ca:21:da:c8:8b:38:cd:71:47:
                    32:0f:f4:fe:80:42:80:b1:59:37:19:83:e7:c9:1e:
                    d4:d4:06:d7:fc:ad:ab:88:f0:e0:5b:a2:26:18:8f:
                    e6:e3:62:46:1f:49:5a:0d:1a:6b:8a:85:30:a2:23:
                    44:0c:dd:0e:88:8b:54:ce:52:11:ec:e0:c2:67:1f:
                    cd:d4:f2:75:b0:51:fa:78:69:ba:6d:19:3a:bb:bd:
                    99:1c:0d:f9:5a:a4:ca:35:79:5e:58:bc:f0:0c:3c:
                    e3:c8:28:d1:21:c4:e5:3f:9a:d6:62:dd:42:bf:34:
                    c6:88:09:42:40:c9:66:ab:aa:c5:f4:0f:bc:28:18:
                    41:70:b1:a9:8d:34:71:6c:4b:29:09:cc:18:84:91:
                    92:2c:58:90:15:f0:5b:5d:fe:02:4c:13:62:60:cd:
                    63:5b:88:8a:60:e9:07:49:55:d4:33:a2:b6:b4:92:
                    5d:61:a0:84:38:1d:29:5a:18:b6:74:73:5f:6a:34:
                    08:d2:6e:b5:f5:d4:da:9b:0e:41:a7:86:9c:fd:ea:
                    f1:7f:57:0a:d8:d9:98:c7:02:47:72:7e:6e:57:c5:
                    13:07:2b:14:04:89:bd:ff:bb:ad:8d:19:14:71:75:
                    ee:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7F:4C:A1:6A:19:0B:72:E6:75:CA:81:C0:C8:B3:05:81:85:7E:D0:2E
            X509v3 Authority Key Identifier:
                keyid:C5:3E:2A:BA:05:15:EC:90:D1:09:11:06:0F:CF:29:23:6D:76:DD:DF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xT4qugUV7JDRCREGD88pI2123d8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5f/908a62-f4e0-4985-9e34-12053ade9faf/1/f0yhahkLcuZ1yoHAyLMFgYV-0C4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5f/908a62-f4e0-4985-9e34-12053ade9faf/1/xT4qugUV7JDRCREGD88pI2123d8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.222.108.0/22
                IPv6:
                  2a0c:2800::/32

    Signature Algorithm: sha256WithRSAEncryption
         2f:a8:14:f2:7f:9a:0b:06:96:d0:4e:92:7d:4c:11:8a:af:3a:
         33:f1:df:eb:1f:c1:c3:73:a4:68:b1:5d:f5:8d:52:5c:4a:07:
         23:11:99:f1:fc:9e:3c:0e:7b:8c:fb:00:bf:c3:1d:50:fe:bb:
         51:d0:20:5e:1a:be:ef:1a:ad:6c:87:38:5a:4b:8a:5b:a3:78:
         55:c3:1d:3e:7f:54:94:d6:d3:2f:13:68:5a:c3:0d:3d:77:4a:
         00:53:64:80:7e:66:af:74:fb:38:c3:ce:ba:e5:88:b3:b4:5e:
         cb:33:63:f5:34:46:08:40:e0:ec:66:3e:8c:b6:93:aa:60:32:
         04:6d:37:16:da:e3:d1:90:1d:69:42:62:a0:4f:e4:cc:52:0c:
         5e:09:c2:a7:db:2c:7c:27:f7:1e:02:13:57:f8:17:cc:46:bf:
         46:55:cc:49:e1:61:b3:97:a2:08:c9:04:59:86:5d:6f:47:dc:
         86:4a:80:63:af:9c:ec:a2:39:b2:34:7f:54:15:46:e5:32:d4:
         ce:fe:17:c7:b5:06:fc:be:d6:2b:f2:b1:08:07:db:a0:9d:43:
         cf:17:f0:98:74:be:c1:62:c1:72:9c:a7:e8:cb:49:f3:f1:aa:
         ce:b2:4e:c0:d5:d4:e5:26:73:15:c5:0d:1f:85:49:81:b2:d8:
         0f:7b:ff:44
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQljzEfyV7cbakAUBfH4fXLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM1M2UyYWJhMDUxNWVjOTBkMTA5MTEwNjBmY2YyOTIzNmQ3
NmRkZGYwHhcNMjUwMTAyMDU0ODQ4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZjRjYTE2YTE5MGI3MmU2NzVjYTgxYzBjOGIzMDU4MTg1N2VkMDJlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkVPuRtrIEhEmn9/6oD1fSGOS8AjK
IdrIizjNcUcyD/T+gEKAsVk3GYPnyR7U1AbX/K2riPDgW6ImGI/m42JGH0laDRpr
ioUwoiNEDN0OiItUzlIR7ODCZx/N1PJ1sFH6eGm6bRk6u72ZHA35WqTKNXleWLzw
DDzjyCjRIcTlP5rWYt1CvzTGiAlCQMlmq6rF9A+8KBhBcLGpjTRxbEspCcwYhJGS
LFiQFfBbXf4CTBNiYM1jW4iKYOkHSVXUM6K2tJJdYaCEOB0pWhi2dHNfajQI0m61
9dTamw5Bp4ac/erxf1cK2NmYxwJHcn5uV8UTBysUBIm9/7utjRkUcXXu+QIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFH9MoWoZC3LmdcqBwMizBYGFftAuMB8GA1UdIwQY
MBaAFMU+KroFFeyQ0QkRBg/PKSNtdt3fMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveFQ0cXVnVVY3SkRSQ1JFR0Q4OHBJMjEyM2Q4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Zi85MDhhNjItZjRlMC00OTg1LTllMzQt
MTIwNTNhZGU5ZmFmLzEvZjB5aGFoa0xjdVoxeW9IQXlMTUZnWVYtMEM0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Zi85MDhhNjItZjRlMC00OTg1LTllMzQtMTIwNTNhZGU5ZmFm
LzEveFQ0cXVnVVY3SkRSQ1JFR0Q4OHBJMjEyM2Q4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCud5sMA0E
AgACMAcDBQAqDCgAMA0GCSqGSIb3DQEBCwUAA4IBAQAvqBTyf5oLBpbQTpJ9TBGK
rzoz8d/rH8HDc6RosV31jVJcSgcjEZnx/J48DnuM+wC/wx1Q/rtR0CBeGr7vGq1s
hzhaS4pbo3hVwx0+f1SU1tMvE2haww09d0oAU2SAfmavdPs4w8665YiztF7LM2P1
NEYIQODsZj6MtpOqYDIEbTcW2uPRkB1pQmKgT+TMUgxeCcKn2yx8J/ceAhNX+BfM
Rr9GVcxJ4WGzl6IIyQRZhl1vR9yGSoBjr5zsojmyNH9UFUblMtTO/hfHtQb8vtYr
8rEIB9ugnUPPF/CYdL7BYsFynKfoy0nz8arOsk7A1dTlJnMVxQ0fhUmBstgPe/9E
-----END CERTIFICATE-----