Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/69/ab3219-c64b-470e-8341-3a12027400e6/1/AlkZJ5y5SgK5NicIMpQu5G4y-kk.roa
File:                     AlkZJ5y5SgK5NicIMpQu5G4y-kk.roa (raw, json)
Hash identifier:          6pDsa6TgLwnLkjOOWWhXhHFWrv8bvlopmayBUNqycZY=
Subject key identifier:   02:59:19:27:9C:B9:4A:02:B9:36:27:08:32:94:2E:E4:6E:32:FA:49
Certificate issuer:       /CN=ba4433865985a7bb5e269c3794ae6f164cfc2ddb
Certificate serial:       0194228E3BF8148B73B20395C47857684DA2
Authority key identifier: BA:44:33:86:59:85:A7:BB:5E:26:9C:37:94:AE:6F:16:4C:FC:2D:DB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ukQzhlmFp7teJpw3lK5vFkz8Lds.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/69/ab3219-c64b-470e-8341-3a12027400e6/1/AlkZJ5y5SgK5NicIMpQu5G4y-kk.roa
Signing time:             Wed 01 Jan 2025 15:48:54 +0000
ROA not before:           Wed 01 Jan 2025 15:48:54 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     202416
IP address blocks:        185.227.5.0/24 maxlen: 24
                          2a11:100::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/69/ab3219-c64b-470e-8341-3a12027400e6/1/ukQzhlmFp7teJpw3lK5vFkz8Lds.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/69/ab3219-c64b-470e-8341-3a12027400e6/1/ukQzhlmFp7teJpw3lK5vFkz8Lds.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ukQzhlmFp7teJpw3lK5vFkz8Lds.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 19 Apr 2025 14:20:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:8e:3b:f8:14:8b:73:b2:03:95:c4:78:57:68:4d:a2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ba4433865985a7bb5e269c3794ae6f164cfc2ddb
        Validity
            Not Before: Jan  1 15:48:54 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=025919279cb94a02b936270832942ee46e32fa49
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:3c:ea:67:cc:d8:5f:90:29:82:28:cc:c4:71:
                    64:ee:4e:d9:a5:d1:22:b7:58:74:d1:df:16:9c:ec:
                    3b:2c:2d:58:a9:3b:26:d0:89:81:60:0e:13:17:ef:
                    bc:dd:d2:f2:bf:9d:62:f6:44:67:c3:4a:11:9f:12:
                    38:1a:1f:4a:fe:0c:27:5f:4f:15:b7:ee:3e:47:3b:
                    74:02:72:2a:b3:7b:f5:c3:d3:2e:34:ab:34:e4:db:
                    82:5f:65:d6:02:99:4b:f7:4c:90:6e:10:0c:05:5d:
                    c3:ae:79:4b:43:1e:fd:e2:6b:e1:b6:2b:e2:3c:9c:
                    48:2c:7c:8e:0a:8e:1c:23:be:c6:09:69:29:03:9f:
                    57:84:a2:e7:17:4a:4e:f1:87:13:67:b2:9a:ea:37:
                    32:0f:cd:ad:a0:b7:3f:97:55:a0:45:45:46:ee:e8:
                    84:24:88:0d:fd:88:99:62:cf:69:76:3d:38:bc:5f:
                    73:0e:c7:c1:2f:4a:b6:21:da:46:ff:43:a8:06:b9:
                    a7:72:34:ea:c8:88:07:46:32:e4:29:18:cb:97:84:
                    2a:d5:cf:bc:6b:14:76:b1:0b:ec:1f:7e:46:17:f1:
                    28:2f:e4:b5:00:1f:af:48:0c:d2:94:42:9d:a3:96:
                    40:83:c4:a0:ee:d1:8e:28:f7:99:9d:d3:be:83:29:
                    2b:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                02:59:19:27:9C:B9:4A:02:B9:36:27:08:32:94:2E:E4:6E:32:FA:49
            X509v3 Authority Key Identifier:
                keyid:BA:44:33:86:59:85:A7:BB:5E:26:9C:37:94:AE:6F:16:4C:FC:2D:DB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ukQzhlmFp7teJpw3lK5vFkz8Lds.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/69/ab3219-c64b-470e-8341-3a12027400e6/1/AlkZJ5y5SgK5NicIMpQu5G4y-kk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/69/ab3219-c64b-470e-8341-3a12027400e6/1/ukQzhlmFp7teJpw3lK5vFkz8Lds.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.227.5.0/24
                IPv6:
                  2a11:100::/29

    Signature Algorithm: sha256WithRSAEncryption
         1a:96:62:52:24:68:4f:ac:c3:8e:b9:3e:aa:7c:98:27:06:fd:
         7e:55:07:ae:ee:ef:1b:dd:a9:85:8c:bc:fd:e5:31:30:45:27:
         e7:15:1b:4a:71:d0:4e:89:50:87:b4:74:f3:ce:33:2a:75:a6:
         4e:53:65:56:30:cf:16:02:2a:c8:c4:83:c6:8d:89:d8:f3:df:
         a9:7c:64:f2:ca:14:ed:59:f6:be:bf:66:3f:d2:4a:3e:6e:20:
         05:67:f9:66:b4:a9:d6:48:61:6e:be:5e:3a:73:c9:25:2d:ed:
         2f:f8:fc:da:f5:85:31:1f:c3:1b:41:14:58:40:25:79:a6:8b:
         d0:47:56:19:2f:38:3f:5b:e9:ca:45:85:d9:99:72:b9:f7:69:
         f6:34:a5:45:03:7d:b6:4e:d9:8a:54:fe:c1:aa:01:a1:aa:af:
         1e:5f:e3:0f:59:81:7e:52:7e:d6:99:79:ce:9c:71:72:a5:c0:
         37:e4:27:d7:a7:fb:24:84:18:bf:ec:59:a1:03:f9:04:1a:a5:
         64:6e:71:d1:2e:f9:54:cf:08:d3:e8:34:2c:b3:1c:4e:b7:57:
         77:eb:55:fd:33:91:ac:3c:37:29:75:8e:a3:7a:fd:cb:0b:19:
         bc:08:d3:a3:20:7f:01:ff:7e:cc:d4:8f:75:85:b6:39:56:31:
         8d:45:7a:6f
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQijjv4FItzsgOVxHhXaE2iMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJhNDQzMzg2NTk4NWE3YmI1ZTI2OWMzNzk0YWU2ZjE2NGNm
YzJkZGIwHhcNMjUwMTAxMTU0ODU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMjU5MTkyNzljYjk0YTAyYjkzNjI3MDgzMjk0MmVlNDZlMzJmYTQ5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlzzqZ8zYX5ApgijMxHFk7k7ZpdEi
t1h00d8WnOw7LC1YqTsm0ImBYA4TF++83dLyv51i9kRnw0oRnxI4Gh9K/gwnX08V
t+4+Rzt0AnIqs3v1w9MuNKs05NuCX2XWAplL90yQbhAMBV3DrnlLQx794mvhtivi
PJxILHyOCo4cI77GCWkpA59XhKLnF0pO8YcTZ7Ka6jcyD82toLc/l1WgRUVG7uiE
JIgN/YiZYs9pdj04vF9zDsfBL0q2IdpG/0OoBrmncjTqyIgHRjLkKRjLl4Qq1c+8
axR2sQvsH35GF/EoL+S1AB+vSAzSlEKdo5ZAg8Sg7tGOKPeZndO+gykrLQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFAJZGSecuUoCuTYnCDKULuRuMvpJMB8GA1UdIwQY
MBaAFLpEM4ZZhae7XiacN5SubxZM/C3bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdWtRemhsbUZwN3RlSnB3M2xLNXZGa3o4TGRzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82OS9hYjMyMTktYzY0Yi00NzBlLTgzNDEt
M2ExMjAyNzQwMGU2LzEvQWxrWko1eTVTZ0s1TmljSU1wUXU1RzR5LWtrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82OS9hYjMyMTktYzY0Yi00NzBlLTgzNDEtM2ExMjAyNzQwMGU2
LzEvdWtRemhsbUZwN3RlSnB3M2xLNXZGa3o4TGRzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAueMFMA0E
AgACMAcDBQMqEQEAMA0GCSqGSIb3DQEBCwUAA4IBAQAalmJSJGhPrMOOuT6qfJgn
Bv1+VQeu7u8b3amFjLz95TEwRSfnFRtKcdBOiVCHtHTzzjMqdaZOU2VWMM8WAirI
xIPGjYnY89+pfGTyyhTtWfa+v2Y/0ko+biAFZ/lmtKnWSGFuvl46c8klLe0v+Pza
9YUxH8MbQRRYQCV5povQR1YZLzg/W+nKRYXZmXK592n2NKVFA322TtmKVP7BqgGh
qq8eX+MPWYF+Un7WmXnOnHFypcA35CfXp/skhBi/7FmhA/kEGqVkbnHRLvlUzwjT
6DQssxxOt1d361X9M5GsPDcpdY6jev3LCxm8CNOjIH8B/37M1I91hbY5VjGNRXpv
-----END CERTIFICATE-----