Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5f/adbb47-572a-49cc-a6d0-51ff20f9fef9/1/b5A8GlRvIxklOSIq2iD6QFLf8Zg.roa
File:                     b5A8GlRvIxklOSIq2iD6QFLf8Zg.roa (raw, json)
Hash identifier:          tkDUlXl5aQGshVl9qpG9acQyqwhYwSAWWDiYiBxguT4=
Subject key identifier:   6F:90:3C:1A:54:6F:23:19:25:39:22:2A:DA:20:FA:40:52:DF:F1:98
Certificate issuer:       /CN=3763e45b816493ccdbdd4b07708a21fb73a1e599
Certificate serial:       01942444A187E13DF7575647C168746140B0
Authority key identifier: 37:63:E4:5B:81:64:93:CC:DB:DD:4B:07:70:8A:21:FB:73:A1:E5:99
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/N2PkW4Fkk8zb3UsHcIoh-3Oh5Zk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5f/adbb47-572a-49cc-a6d0-51ff20f9fef9/1/b5A8GlRvIxklOSIq2iD6QFLf8Zg.roa
Signing time:             Wed 01 Jan 2025 23:47:45 +0000
ROA not before:           Wed 01 Jan 2025 23:47:45 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     216142
IP address blocks:        185.235.33.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5f/adbb47-572a-49cc-a6d0-51ff20f9fef9/1/N2PkW4Fkk8zb3UsHcIoh-3Oh5Zk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5f/adbb47-572a-49cc-a6d0-51ff20f9fef9/1/N2PkW4Fkk8zb3UsHcIoh-3Oh5Zk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/N2PkW4Fkk8zb3UsHcIoh-3Oh5Zk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:44:a1:87:e1:3d:f7:57:56:47:c1:68:74:61:40:b0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3763e45b816493ccdbdd4b07708a21fb73a1e599
        Validity
            Not Before: Jan  1 23:47:45 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6f903c1a546f23192539222ada20fa4052dff198
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:05:89:90:22:04:79:b9:e0:90:6b:c6:1e:b7:
                    80:cc:44:ee:1d:8f:92:ef:f9:fe:ec:6e:2e:43:e2:
                    e6:c9:60:b9:2b:9c:0e:b3:dd:ce:6d:a5:54:5b:3b:
                    be:ef:9f:e4:03:6f:94:a6:cb:4c:3a:cb:d3:f3:37:
                    d8:88:ef:4d:47:8f:e2:d1:b4:ea:ad:86:c5:a2:59:
                    4b:19:f7:2d:4c:66:af:64:9e:15:a0:fc:4e:75:67:
                    5d:0f:99:2d:57:06:17:7a:f8:9e:84:0e:24:d2:06:
                    26:62:a0:68:c8:d1:ba:a4:dd:3c:93:50:af:6e:61:
                    6e:4b:cc:a5:33:24:bd:d8:f1:cc:9b:34:0b:33:a2:
                    fc:7f:34:6a:17:8c:d2:65:a7:7e:d2:84:57:79:b5:
                    67:80:60:f8:2f:7f:16:37:bc:5f:a3:30:c7:3c:37:
                    cb:0a:9d:73:da:ab:09:6c:6f:92:94:61:41:77:5a:
                    7f:65:96:f9:81:dc:0f:4c:2a:50:0f:e8:af:4a:ba:
                    a3:d5:27:23:72:a0:24:ff:40:92:a3:d2:a0:cb:9e:
                    5f:a0:c9:dd:be:9a:cb:49:5e:6c:50:95:21:6b:13:
                    b4:2a:8b:ff:40:28:a7:8c:5c:e9:b8:02:3b:b0:b8:
                    81:73:85:b3:2f:f7:9c:79:bb:9e:0f:c5:14:26:b6:
                    e9:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6F:90:3C:1A:54:6F:23:19:25:39:22:2A:DA:20:FA:40:52:DF:F1:98
            X509v3 Authority Key Identifier:
                keyid:37:63:E4:5B:81:64:93:CC:DB:DD:4B:07:70:8A:21:FB:73:A1:E5:99

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/N2PkW4Fkk8zb3UsHcIoh-3Oh5Zk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5f/adbb47-572a-49cc-a6d0-51ff20f9fef9/1/b5A8GlRvIxklOSIq2iD6QFLf8Zg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5f/adbb47-572a-49cc-a6d0-51ff20f9fef9/1/N2PkW4Fkk8zb3UsHcIoh-3Oh5Zk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.235.33.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8e:fd:34:1f:5b:6b:f6:a5:a3:8a:7b:f9:83:db:07:66:eb:cd:
         f2:87:51:58:80:85:fb:ff:52:b6:f4:fd:ad:aa:7f:13:2c:09:
         26:e5:fb:7c:4d:85:c3:98:c6:3f:d8:5d:49:b7:13:3e:f5:e5:
         d2:69:8f:20:0f:98:29:37:a9:84:ef:e9:e6:b9:1b:c8:c2:eb:
         28:07:15:fa:58:58:52:da:f1:56:9b:f4:a5:1d:20:39:39:02:
         2d:8c:6a:7c:c3:8a:59:9b:b9:ec:ab:7b:52:15:da:63:d9:10:
         9f:7c:90:4a:d7:aa:c2:7a:88:3d:d4:44:7f:72:46:47:ae:b1:
         2f:7f:d9:c8:3a:68:6a:47:f9:22:28:70:32:94:d2:5f:97:6e:
         df:38:1b:38:eb:9a:50:f2:7c:c6:1d:ca:ec:c7:9d:56:97:3c:
         06:df:89:04:a5:ba:4b:1c:b4:84:43:64:98:fd:69:1a:df:51:
         33:a8:d0:2c:14:e5:56:da:4b:b7:bf:bb:a4:b1:5d:b2:0d:7a:
         fc:06:dd:dd:51:16:a4:54:4d:c3:3c:ff:9a:6f:63:0c:1c:e9:
         b7:73:04:44:fa:2d:a4:38:4a:4a:48:d5:9f:a1:56:7b:af:3d:
         fe:9b:14:0c:6d:b5:23:be:bd:e6:f4:1b:41:2e:0c:2f:c9:bb:
         34:3e:04:42
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQkRKGH4T33V1ZHwWh0YUCwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM3NjNlNDViODE2NDkzY2NkYmRkNGIwNzcwOGEyMWZiNzNh
MWU1OTkwHhcNMjUwMTAxMjM0NzQ1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZjkwM2MxYTU0NmYyMzE5MjUzOTIyMmFkYTIwZmE0MDUyZGZmMTk4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlQWJkCIEebngkGvGHreAzETuHY+S
7/n+7G4uQ+LmyWC5K5wOs93ObaVUWzu+75/kA2+UpstMOsvT8zfYiO9NR4/i0bTq
rYbFollLGfctTGavZJ4VoPxOdWddD5ktVwYXeviehA4k0gYmYqBoyNG6pN08k1Cv
bmFuS8ylMyS92PHMmzQLM6L8fzRqF4zSZad+0oRXebVngGD4L38WN7xfozDHPDfL
Cp1z2qsJbG+SlGFBd1p/ZZb5gdwPTCpQD+ivSrqj1ScjcqAk/0CSo9Kgy55foMnd
vprLSV5sUJUhaxO0Kov/QCinjFzpuAI7sLiBc4WzL/ecebueD8UUJrbpMwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFG+QPBpUbyMZJTkiKtog+kBS3/GYMB8GA1UdIwQY
MBaAFDdj5FuBZJPM291LB3CKIftzoeWZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTjJQa1c0RmtrOHpiM1VzSGNJb2gtM09oNVprLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Zi9hZGJiNDctNTcyYS00OWNjLWE2ZDAt
NTFmZjIwZjlmZWY5LzEvYjVBOEdsUnZJeGtsT1NJcTJpRDZRRkxmOFpnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Zi9hZGJiNDctNTcyYS00OWNjLWE2ZDAtNTFmZjIwZjlmZWY5
LzEvTjJQa1c0RmtrOHpiM1VzSGNJb2gtM09oNVprLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAueshMA0G
CSqGSIb3DQEBCwUAA4IBAQCO/TQfW2v2paOKe/mD2wdm683yh1FYgIX7/1K29P2t
qn8TLAkm5ft8TYXDmMY/2F1JtxM+9eXSaY8gD5gpN6mE7+nmuRvIwusoBxX6WFhS
2vFWm/SlHSA5OQItjGp8w4pZm7nsq3tSFdpj2RCffJBK16rCeog91ER/ckZHrrEv
f9nIOmhqR/kiKHAylNJfl27fOBs465pQ8nzGHcrsx51WlzwG34kEpbpLHLSEQ2SY
/Wka31EzqNAsFOVW2ku3v7uksV2yDXr8Bt3dURakVE3DPP+ab2MMHOm3cwRE+i2k
OEpKSNWfoVZ7rz3+mxQMbbUjvr3m9BtBLgwvybs0PgRC
-----END CERTIFICATE-----