Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/63/85fd31-fe91-4389-ab67-3651e40f1436/1/JOqhFiRetaCWX-COli2qt4epZmU.roa
File:                     JOqhFiRetaCWX-COli2qt4epZmU.roa (raw, json)
Hash identifier:          Tggn3wwdEvZYJd/9CH5nD5nBnaCH9L0m/C7cCJYB59s=
Subject key identifier:   24:EA:A1:16:24:5E:B5:A0:96:5F:E0:8E:96:2D:AA:B7:87:A9:66:65
Certificate issuer:       /CN=4b9f31e7352a8707b98c6d27348e8bc493d1a9af
Certificate serial:       01942067E1FDCC35160D5923262734577A62
Authority key identifier: 4B:9F:31:E7:35:2A:87:07:B9:8C:6D:27:34:8E:8B:C4:93:D1:A9:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/S58x5zUqhwe5jG0nNI6LxJPRqa8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/63/85fd31-fe91-4389-ab67-3651e40f1436/1/JOqhFiRetaCWX-COli2qt4epZmU.roa
Signing time:             Wed 01 Jan 2025 05:47:46 +0000
ROA not before:           Wed 01 Jan 2025 05:47:46 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     199181
IP address blocks:        5.158.64.0/20 maxlen: 21
                          77.39.128.0/19 maxlen: 20
                          185.142.68.0/22 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/63/85fd31-fe91-4389-ab67-3651e40f1436/1/S58x5zUqhwe5jG0nNI6LxJPRqa8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/63/85fd31-fe91-4389-ab67-3651e40f1436/1/S58x5zUqhwe5jG0nNI6LxJPRqa8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/S58x5zUqhwe5jG0nNI6LxJPRqa8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 23 Apr 2025 23:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:67:e1:fd:cc:35:16:0d:59:23:26:27:34:57:7a:62
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4b9f31e7352a8707b98c6d27348e8bc493d1a9af
        Validity
            Not Before: Jan  1 05:47:46 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=24eaa116245eb5a0965fe08e962daab787a96665
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:e1:a6:a7:f8:83:e2:8c:a4:e5:cb:6b:c2:db:
                    0d:4e:32:bf:0c:c4:26:c9:42:a1:1d:98:8e:fe:19:
                    df:ba:8d:b1:cf:29:d6:48:23:45:a0:2b:04:6f:1e:
                    89:2f:af:9a:da:ec:d0:de:d3:43:d5:67:28:9b:b5:
                    1f:ce:95:53:54:6f:f8:8b:3f:85:54:c5:d8:df:a9:
                    74:8d:d9:1d:4a:86:04:20:b9:85:a9:30:c1:af:f6:
                    fd:bd:13:6b:ef:19:90:e7:40:a0:d5:d1:c4:b9:df:
                    6e:a7:d4:54:49:f3:af:6b:7d:45:19:38:4a:38:18:
                    bd:80:38:28:c7:cf:2e:d9:f3:1a:48:8e:b5:7d:79:
                    9c:a8:a4:45:28:19:5b:97:49:20:c0:1e:27:f4:f5:
                    15:ab:3b:78:ce:fc:9a:1a:b3:d1:74:7a:31:8c:ed:
                    7c:7b:4e:25:70:2b:21:fa:76:b9:d5:43:01:6a:16:
                    16:16:7d:22:a2:35:8a:cf:8e:56:bb:04:f7:8c:01:
                    2b:c5:13:03:1d:7a:ef:f5:ee:f7:03:fe:71:4d:a4:
                    1f:ac:76:b8:e3:6b:a2:73:0a:f1:30:17:a3:ef:4e:
                    62:3b:30:05:91:e1:97:53:f2:ee:0b:d9:2d:23:78:
                    4b:7e:28:f4:e1:ee:82:37:06:4b:60:59:36:a4:4a:
                    02:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                24:EA:A1:16:24:5E:B5:A0:96:5F:E0:8E:96:2D:AA:B7:87:A9:66:65
            X509v3 Authority Key Identifier:
                keyid:4B:9F:31:E7:35:2A:87:07:B9:8C:6D:27:34:8E:8B:C4:93:D1:A9:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/S58x5zUqhwe5jG0nNI6LxJPRqa8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/63/85fd31-fe91-4389-ab67-3651e40f1436/1/JOqhFiRetaCWX-COli2qt4epZmU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/63/85fd31-fe91-4389-ab67-3651e40f1436/1/S58x5zUqhwe5jG0nNI6LxJPRqa8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.158.64.0/20
                  77.39.128.0/19
                  185.142.68.0/22

    Signature Algorithm: sha256WithRSAEncryption
         64:75:fc:2b:94:d6:9a:6c:1c:54:ac:a3:82:42:b3:fb:59:2e:
         d0:a9:4d:a6:ed:98:29:ea:ce:8b:2d:12:33:f9:cf:2e:70:6d:
         82:9d:a8:28:00:d0:43:64:32:64:3a:4d:98:00:8f:61:35:54:
         05:f5:69:26:c1:8a:88:57:d9:ee:d5:f7:ae:b9:4d:e3:d9:6a:
         46:bf:de:28:96:8e:67:f1:be:12:95:73:8c:d0:8f:a3:03:bd:
         2f:42:84:d7:85:d5:8e:c9:41:4e:79:11:64:71:cb:c3:25:d4:
         da:d5:28:10:1f:f2:b0:f0:b1:72:bc:ea:1e:03:42:f4:fc:20:
         cf:b2:e9:96:7b:e1:13:26:92:ea:ea:68:7b:69:7c:4c:3f:af:
         e1:89:76:88:2c:6d:4a:1e:85:60:e3:40:d5:df:1d:55:41:98:
         6f:63:b7:02:9b:64:46:dd:98:cb:5d:80:2f:03:0f:46:b4:3a:
         ed:f7:f0:3c:f3:fc:60:d0:86:3e:18:30:26:bc:fa:2f:8f:0d:
         72:c7:e8:0d:ac:d4:5d:4c:09:dc:73:26:fe:5e:e8:c3:48:0c:
         1e:55:fa:95:68:45:35:c3:c0:15:89:d8:c0:78:81:17:38:cd:
         2c:47:4c:15:d1:d1:3b:8c:a5:06:87:d8:41:3b:cf:f6:6b:b0:
         75:04:8c:2c
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZQgZ+H9zDUWDVkjJic0V3piMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRiOWYzMWU3MzUyYTg3MDdiOThjNmQyNzM0OGU4YmM0OTNk
MWE5YWYwHhcNMjUwMTAxMDU0NzQ2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNGVhYTExNjI0NWViNWEwOTY1ZmUwOGU5NjJkYWFiNzg3YTk2NjY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr+Gmp/iD4oyk5ctrwtsNTjK/DMQm
yUKhHZiO/hnfuo2xzynWSCNFoCsEbx6JL6+a2uzQ3tND1Wcom7UfzpVTVG/4iz+F
VMXY36l0jdkdSoYEILmFqTDBr/b9vRNr7xmQ50Cg1dHEud9up9RUSfOva31FGThK
OBi9gDgox88u2fMaSI61fXmcqKRFKBlbl0kgwB4n9PUVqzt4zvyaGrPRdHoxjO18
e04lcCsh+na51UMBahYWFn0iojWKz45WuwT3jAErxRMDHXrv9e73A/5xTaQfrHa4
42uicwrxMBej705iOzAFkeGXU/LuC9ktI3hLfij04e6CNwZLYFk2pEoCVwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFCTqoRYkXrWgll/gjpYtqreHqWZlMB8GA1UdIwQY
MBaAFEufMec1KocHuYxtJzSOi8ST0amvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUzU4eDV6VXFod2U1akcwbk5JNkx4SlBScWE4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82My84NWZkMzEtZmU5MS00Mzg5LWFiNjct
MzY1MWU0MGYxNDM2LzEvSk9xaEZpUmV0YUNXWC1DT2xpMnF0NGVwWm1VLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82My84NWZkMzEtZmU5MS00Mzg5LWFiNjctMzY1MWU0MGYxNDM2
LzEvUzU4eDV6VXFod2U1akcwbk5JNkx4SlBScWE4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQEBZ5AAwQF
TSeAAwQCuY5EMA0GCSqGSIb3DQEBCwUAA4IBAQBkdfwrlNaabBxUrKOCQrP7WS7Q
qU2m7Zgp6s6LLRIz+c8ucG2CnagoANBDZDJkOk2YAI9hNVQF9WkmwYqIV9nu1feu
uU3j2WpGv94olo5n8b4SlXOM0I+jA70vQoTXhdWOyUFOeRFkccvDJdTa1SgQH/Kw
8LFyvOoeA0L0/CDPsumWe+ETJpLq6mh7aXxMP6/hiXaILG1KHoVg40DV3x1VQZhv
Y7cCm2RG3ZjLXYAvAw9GtDrt9/A88/xg0IY+GDAmvPovjw1yx+gNrNRdTAnccyb+
XujDSAweVfqVaEU1w8AVidjAeIEXOM0sR0wV0dE7jKUGh9hBO8/2a7B1BIws
-----END CERTIFICATE-----