Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6a/c493ee-f66e-4208-a31d-726f83d23892/1/5ihFdcr9l-tc7rukSnsuZYO-sCc.roa
File:                     5ihFdcr9l-tc7rukSnsuZYO-sCc.roa (raw, json)
Hash identifier:          jVp/K4TFXHukJ6ToifAvqgLYscP9U1YkYRjyQ/vS7rs=
Subject key identifier:   E6:28:45:75:CA:FD:97:EB:5C:EE:BB:A4:4A:7B:2E:65:83:BE:B0:27
Certificate issuer:       /CN=4d88eb730ab1a501ea36ea3482d764544e141111
Certificate serial:       019427B3BF9FDBB240F86E922D8F60C051B3
Authority key identifier: 4D:88:EB:73:0A:B1:A5:01:EA:36:EA:34:82:D7:64:54:4E:14:11:11
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TYjrcwqxpQHqNuo0gtdkVE4UERE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6a/c493ee-f66e-4208-a31d-726f83d23892/1/5ihFdcr9l-tc7rukSnsuZYO-sCc.roa
Signing time:             Thu 02 Jan 2025 15:47:58 +0000
ROA not before:           Thu 02 Jan 2025 15:47:58 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     14618
IP address blocks:        185.225.236.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6a/c493ee-f66e-4208-a31d-726f83d23892/1/TYjrcwqxpQHqNuo0gtdkVE4UERE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6a/c493ee-f66e-4208-a31d-726f83d23892/1/TYjrcwqxpQHqNuo0gtdkVE4UERE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TYjrcwqxpQHqNuo0gtdkVE4UERE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 19:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:b3:bf:9f:db:b2:40:f8:6e:92:2d:8f:60:c0:51:b3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4d88eb730ab1a501ea36ea3482d764544e141111
        Validity
            Not Before: Jan  2 15:47:58 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e6284575cafd97eb5ceebba44a7b2e6583beb027
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:72:11:e5:29:6f:71:be:36:1e:9f:a8:0c:4c:
                    e9:c8:83:6d:07:f6:9e:d6:8b:8f:3e:10:53:c4:b4:
                    48:a6:7e:3f:46:52:97:b3:b9:5b:e4:8b:6e:71:e4:
                    86:16:68:95:a8:e6:78:94:7c:32:fb:8a:19:36:ff:
                    cb:1d:63:00:0e:16:0f:be:55:68:e5:2b:29:54:af:
                    9a:10:e3:3a:82:6c:a5:02:a0:59:20:24:38:24:cf:
                    01:ba:a6:7c:34:b4:e7:0a:0f:8b:38:51:55:00:97:
                    09:9f:4e:94:0f:fd:bb:89:fd:5f:a6:b3:58:46:02:
                    6f:56:4a:79:5c:15:8b:52:f6:ee:15:6c:3b:e5:9d:
                    e1:5e:59:48:77:13:e3:95:d8:fa:79:a9:c6:ec:2f:
                    7d:c5:10:2f:10:23:71:16:b0:86:3c:64:5c:91:a6:
                    c1:0e:4f:97:1d:5f:ea:94:70:67:49:5e:ba:b2:be:
                    50:73:4d:b7:00:5f:86:fd:0e:9f:53:5e:4c:6d:67:
                    4d:2e:1a:6c:d8:21:bc:06:c4:6d:5d:ba:bd:b7:ef:
                    7c:33:57:90:da:97:fe:73:ef:e1:16:8e:9b:2d:7d:
                    aa:dc:09:74:ce:95:f6:d0:26:95:ca:09:8a:4b:6c:
                    87:ae:ac:e5:09:f5:4a:88:a0:1f:21:f7:b6:6c:9e:
                    af:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E6:28:45:75:CA:FD:97:EB:5C:EE:BB:A4:4A:7B:2E:65:83:BE:B0:27
            X509v3 Authority Key Identifier:
                keyid:4D:88:EB:73:0A:B1:A5:01:EA:36:EA:34:82:D7:64:54:4E:14:11:11

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TYjrcwqxpQHqNuo0gtdkVE4UERE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/c493ee-f66e-4208-a31d-726f83d23892/1/5ihFdcr9l-tc7rukSnsuZYO-sCc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/c493ee-f66e-4208-a31d-726f83d23892/1/TYjrcwqxpQHqNuo0gtdkVE4UERE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.225.236.0/22

    Signature Algorithm: sha256WithRSAEncryption
         a9:cf:d4:64:74:67:07:e5:b3:62:2d:db:e9:73:ee:7c:8b:78:
         01:63:27:c1:41:74:aa:46:dc:8f:3a:6c:3b:0e:2f:45:ef:f8:
         54:92:9b:19:18:0a:3c:5f:db:4b:30:2b:a4:06:e6:c8:a5:89:
         17:63:08:f5:cc:4a:13:7f:bc:cd:0f:61:a4:a4:b6:bb:5c:56:
         4f:06:6b:ac:bf:55:38:f9:d8:cb:50:b9:d4:15:fe:b1:6b:4b:
         9d:b5:a2:e2:4c:eb:35:bf:3c:2e:e2:9e:c0:91:38:b6:56:7d:
         d8:ae:18:cd:56:3e:88:b8:ce:9a:ca:70:7c:89:1b:ea:d1:ef:
         10:e3:80:93:65:3d:be:2d:e0:85:3b:c3:41:fd:d9:83:d5:68:
         b4:8c:d3:92:a2:5d:32:f8:2a:3f:3e:87:5a:d2:57:60:2b:6c:
         35:06:c3:56:32:10:41:c9:76:fe:f1:a2:f2:74:ca:8b:16:31:
         c5:95:b0:7e:26:46:bf:3c:16:ee:b6:56:f7:59:bc:35:7e:b2:
         a4:df:69:14:16:0e:62:17:88:82:e7:f1:09:30:f8:cf:9d:b9:
         9b:c5:17:5e:ea:35:dc:c5:55:10:28:58:ec:61:27:1e:46:77:
         44:36:0f:b9:72:33:cc:f4:47:f6:b9:4b:5d:e1:0c:94:ed:e6:
         f0:6c:c5:3d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQns7+f27JA+G6SLY9gwFGzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRkODhlYjczMGFiMWE1MDFlYTM2ZWEzNDgyZDc2NDU0NGUx
NDExMTEwHhcNMjUwMTAyMTU0NzU4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNjI4NDU3NWNhZmQ5N2ViNWNlZWJiYTQ0YTdiMmU2NTgzYmViMDI3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuHIR5Slvcb42Hp+oDEzpyINtB/ae
1ouPPhBTxLRIpn4/RlKXs7lb5ItuceSGFmiVqOZ4lHwy+4oZNv/LHWMADhYPvlVo
5SspVK+aEOM6gmylAqBZICQ4JM8BuqZ8NLTnCg+LOFFVAJcJn06UD/27if1fprNY
RgJvVkp5XBWLUvbuFWw75Z3hXllIdxPjldj6eanG7C99xRAvECNxFrCGPGRckabB
Dk+XHV/qlHBnSV66sr5Qc023AF+G/Q6fU15MbWdNLhps2CG8BsRtXbq9t+98M1eQ
2pf+c+/hFo6bLX2q3Al0zpX20CaVygmKS2yHrqzlCfVKiKAfIfe2bJ6v8QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOYoRXXK/ZfrXO67pEp7LmWDvrAnMB8GA1UdIwQY
MBaAFE2I63MKsaUB6jbqNILXZFROFBERMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVFlqcmN3cXhwUUhxTnVvMGd0ZGtWRTRVRVJFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82YS9jNDkzZWUtZjY2ZS00MjA4LWEzMWQt
NzI2ZjgzZDIzODkyLzEvNWloRmRjcjlsLXRjN3J1a1Nuc3VaWU8tc0NjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82YS9jNDkzZWUtZjY2ZS00MjA4LWEzMWQtNzI2ZjgzZDIzODky
LzEvVFlqcmN3cXhwUUhxTnVvMGd0ZGtWRTRVRVJFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCueHsMA0G
CSqGSIb3DQEBCwUAA4IBAQCpz9RkdGcH5bNiLdvpc+58i3gBYyfBQXSqRtyPOmw7
Di9F7/hUkpsZGAo8X9tLMCukBubIpYkXYwj1zEoTf7zND2GkpLa7XFZPBmusv1U4
+djLULnUFf6xa0udtaLiTOs1vzwu4p7AkTi2Vn3YrhjNVj6IuM6aynB8iRvq0e8Q
44CTZT2+LeCFO8NB/dmD1Wi0jNOSol0y+Co/Poda0ldgK2w1BsNWMhBByXb+8aLy
dMqLFjHFlbB+Jka/PBbutlb3Wbw1frKk32kUFg5iF4iC5/EJMPjPnbmbxRde6jXc
xVUQKFjsYSceRndENg+5cjPM9Ef2uUtd4QyU7ebwbMU9
-----END CERTIFICATE-----