Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/64/fd596a-3f54-4e06-8620-6e0d213f484a/1/RHreYh0WmNugHNPOVP5GHBEiSQE.roa
File:                     RHreYh0WmNugHNPOVP5GHBEiSQE.roa (raw, json)
Hash identifier:          lDEy9crc1E/w31v0jSsa/vEhnHdpcWtnPtxtDbNUjjc=
Subject key identifier:   44:7A:DE:62:1D:16:98:DB:A0:1C:D3:CE:54:FE:46:1C:11:22:49:01
Certificate issuer:       /CN=af88fde6fadbb6b2c1db6fe41f829d1f2015be0b
Certificate serial:       0194737AF89EA8DB2C940AD5CE15886013C4
Authority key identifier: AF:88:FD:E6:FA:DB:B6:B2:C1:DB:6F:E4:1F:82:9D:1F:20:15:BE:0B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/r4j95vrbtrLB22_kH4KdHyAVvgs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/64/fd596a-3f54-4e06-8620-6e0d213f484a/1/RHreYh0WmNugHNPOVP5GHBEiSQE.roa
Signing time:             Fri 17 Jan 2025 08:57:06 +0000
ROA not before:           Fri 17 Jan 2025 08:57:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     205282
IP address blocks:        5.181.161.0/24 maxlen: 24
                          194.48.203.0/24 maxlen: 24
                          213.130.74.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/64/fd596a-3f54-4e06-8620-6e0d213f484a/1/r4j95vrbtrLB22_kH4KdHyAVvgs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/64/fd596a-3f54-4e06-8620-6e0d213f484a/1/r4j95vrbtrLB22_kH4KdHyAVvgs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/r4j95vrbtrLB22_kH4KdHyAVvgs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:73:7a:f8:9e:a8:db:2c:94:0a:d5:ce:15:88:60:13:c4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=af88fde6fadbb6b2c1db6fe41f829d1f2015be0b
        Validity
            Not Before: Jan 17 08:57:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=447ade621d1698dba01cd3ce54fe461c11224901
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:5e:36:f4:4e:7d:a9:75:97:b1:80:d9:f9:2e:
                    95:a0:30:83:43:7d:c2:9b:25:09:44:ce:be:54:2f:
                    c7:37:39:31:07:91:03:15:1d:ec:6b:48:49:9d:8b:
                    bc:0a:5b:23:00:3a:0e:0e:33:c8:99:12:f4:37:58:
                    96:d1:f1:1d:3a:7c:12:b0:c4:48:2d:1d:69:a9:f1:
                    58:51:da:53:f3:91:03:36:a3:04:eb:b9:2b:b0:8b:
                    14:f4:3b:98:a1:d4:b1:70:25:06:e9:94:d9:88:d2:
                    c8:20:3e:21:da:1e:18:ab:06:4f:2d:d2:43:04:97:
                    e5:d7:c6:eb:8f:df:25:46:ec:82:de:d0:ce:56:51:
                    8d:76:4d:ec:e8:4b:a0:a9:5c:f6:1f:9e:04:c2:7c:
                    71:48:84:fa:32:d2:46:45:35:08:bb:51:7b:77:df:
                    8f:70:70:32:e4:7a:70:0f:36:48:f5:68:1c:c8:d0:
                    59:7e:d1:e7:5c:1f:04:da:91:92:72:2f:b3:36:0d:
                    5e:0c:0d:0c:b9:43:91:b0:ca:95:be:79:55:25:33:
                    af:07:e7:99:5c:bb:5a:4c:04:67:3f:75:15:bb:01:
                    c7:ae:92:7f:1f:b1:8a:7c:78:31:38:8f:01:6d:58:
                    09:c0:5e:e7:5e:d4:f8:12:df:ae:a7:54:28:36:fe:
                    98:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                44:7A:DE:62:1D:16:98:DB:A0:1C:D3:CE:54:FE:46:1C:11:22:49:01
            X509v3 Authority Key Identifier:
                keyid:AF:88:FD:E6:FA:DB:B6:B2:C1:DB:6F:E4:1F:82:9D:1F:20:15:BE:0B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/r4j95vrbtrLB22_kH4KdHyAVvgs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/64/fd596a-3f54-4e06-8620-6e0d213f484a/1/RHreYh0WmNugHNPOVP5GHBEiSQE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/64/fd596a-3f54-4e06-8620-6e0d213f484a/1/r4j95vrbtrLB22_kH4KdHyAVvgs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.181.161.0/24
                  194.48.203.0/24
                  213.130.74.0/24

    Signature Algorithm: sha256WithRSAEncryption
         33:4f:ed:d5:42:f0:4d:d4:35:32:39:a1:3f:cb:4d:26:6d:08:
         9b:5e:b4:e2:fe:ae:81:e6:cb:ae:73:a4:f8:8e:80:d3:d7:f3:
         37:f7:aa:97:e4:3a:42:d5:cc:39:e5:69:f2:46:dc:9f:18:72:
         2e:a0:1a:20:1e:2c:57:74:bf:1c:8c:94:fc:49:56:d7:88:10:
         dd:e2:a7:7f:ac:a3:a9:d9:74:65:f0:f1:07:ed:f6:63:bb:68:
         7c:d1:94:6c:24:32:41:d8:3d:a9:a0:c5:20:08:cf:13:25:9f:
         67:03:ad:1b:6c:d2:35:15:25:1c:ff:74:33:85:97:51:b1:01:
         60:b3:ce:8e:a8:d9:48:6b:7b:f3:40:0d:c7:a8:92:6b:f5:94:
         b7:6f:30:0d:d2:74:cf:8b:0a:b1:d3:d3:37:cc:7e:cc:5e:4f:
         a0:b0:0f:d4:89:c3:20:f6:98:a9:1a:c6:ee:52:f7:90:e2:2f:
         cf:8f:a3:0b:7c:48:05:a0:0f:c9:11:38:33:f3:b2:8d:38:a0:
         16:a4:d7:13:7e:0f:28:bf:ed:57:8e:83:e4:c4:dd:47:76:ff:
         d7:85:ed:7d:b8:9c:09:6b:ca:e4:15:7a:28:29:76:48:31:a2:
         27:46:68:84:49:b4:d6:c1:a3:6f:5c:fc:01:1d:c4:e6:3a:e1:
         50:dc:4f:86
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZRzevieqNsslArVzhWIYBPEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFmODhmZGU2ZmFkYmI2YjJjMWRiNmZlNDFmODI5ZDFmMjAx
NWJlMGIwHhcNMjUwMTE3MDg1NzA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NDdhZGU2MjFkMTY5OGRiYTAxY2QzY2U1NGZlNDYxYzExMjI0OTAxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoF429E59qXWXsYDZ+S6VoDCDQ33C
myUJRM6+VC/HNzkxB5EDFR3sa0hJnYu8ClsjADoODjPImRL0N1iW0fEdOnwSsMRI
LR1pqfFYUdpT85EDNqME67krsIsU9DuYodSxcCUG6ZTZiNLIID4h2h4YqwZPLdJD
BJfl18brj98lRuyC3tDOVlGNdk3s6EugqVz2H54EwnxxSIT6MtJGRTUIu1F7d9+P
cHAy5HpwDzZI9WgcyNBZftHnXB8E2pGSci+zNg1eDA0MuUORsMqVvnlVJTOvB+eZ
XLtaTARnP3UVuwHHrpJ/H7GKfHgxOI8BbVgJwF7nXtT4Et+up1QoNv6YWwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFER63mIdFpjboBzTzlT+RhwRIkkBMB8GA1UdIwQY
MBaAFK+I/eb627aywdtv5B+CnR8gFb4LMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcjRqOTV2cmJ0ckxCMjJfa0g0S2RIeUFWdmdzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NC9mZDU5NmEtM2Y1NC00ZTA2LTg2MjAt
NmUwZDIxM2Y0ODRhLzEvUkhyZVloMFdtTnVnSE5QT1ZQNUdIQkVpU1FFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NC9mZDU5NmEtM2Y1NC00ZTA2LTg2MjAtNmUwZDIxM2Y0ODRh
LzEvcjRqOTV2cmJ0ckxCMjJfa0g0S2RIeUFWdmdzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQABbWhAwQA
wjDLAwQA1YJKMA0GCSqGSIb3DQEBCwUAA4IBAQAzT+3VQvBN1DUyOaE/y00mbQib
XrTi/q6B5suuc6T4joDT1/M396qX5DpC1cw55WnyRtyfGHIuoBogHixXdL8cjJT8
SVbXiBDd4qd/rKOp2XRl8PEH7fZju2h80ZRsJDJB2D2poMUgCM8TJZ9nA60bbNI1
FSUc/3QzhZdRsQFgs86OqNlIa3vzQA3HqJJr9ZS3bzAN0nTPiwqx09M3zH7MXk+g
sA/UicMg9pipGsbuUveQ4i/Pj6MLfEgFoA/JETgz87KNOKAWpNcTfg8ov+1XjoPk
xN1Hdv/Xhe19uJwJa8rkFXooKXZIMaInRmiESbTWwaNvXPwBHcTmOuFQ3E+G
-----END CERTIFICATE-----