Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6e/536e54-d8fd-45ef-be60-f52306eeb722/1/6-Zj3bcyCjNacB1xPlmd-41FIz0.roa
File:                     6-Zj3bcyCjNacB1xPlmd-41FIz0.roa (raw, json)
Hash identifier:          A56X5AQbB29BB1sjg1qgfONBr80piND7T2p/Wos86gU=
Subject key identifier:   EB:E6:63:DD:B7:32:0A:33:5A:70:1D:71:3E:59:9D:FB:8D:45:23:3D
Certificate issuer:       /CN=82cd5fd3cef3e1caa20bba61fa2d51b6b94eb54d
Certificate serial:       01941F8C14D2375EF2CF3A2675F64D5FF32F
Authority key identifier: 82:CD:5F:D3:CE:F3:E1:CA:A2:0B:BA:61:FA:2D:51:B6:B9:4E:B5:4D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gs1f087z4cqiC7ph-i1RtrlOtU0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6e/536e54-d8fd-45ef-be60-f52306eeb722/1/6-Zj3bcyCjNacB1xPlmd-41FIz0.roa
Signing time:             Wed 01 Jan 2025 01:47:41 +0000
ROA not before:           Wed 01 Jan 2025 01:47:41 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     203495
IP address blocks:        185.133.52.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6e/536e54-d8fd-45ef-be60-f52306eeb722/1/gs1f087z4cqiC7ph-i1RtrlOtU0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6e/536e54-d8fd-45ef-be60-f52306eeb722/1/gs1f087z4cqiC7ph-i1RtrlOtU0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gs1f087z4cqiC7ph-i1RtrlOtU0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:8c:14:d2:37:5e:f2:cf:3a:26:75:f6:4d:5f:f3:2f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=82cd5fd3cef3e1caa20bba61fa2d51b6b94eb54d
        Validity
            Not Before: Jan  1 01:47:41 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ebe663ddb7320a335a701d713e599dfb8d45233d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:15:16:85:7a:d3:00:3a:5e:6d:ea:f9:f4:53:
                    9c:01:c9:a2:ab:a7:1e:ef:87:eb:0b:7b:87:80:9f:
                    4e:da:d7:35:13:dc:44:a9:30:a2:81:d5:bc:00:a6:
                    8b:c8:ee:82:9c:76:bb:bd:14:1e:a0:b2:8b:29:48:
                    05:74:2b:27:dd:93:d5:8a:af:ab:43:54:32:51:a0:
                    76:a7:5d:8b:0f:73:50:fe:ea:b5:ae:28:45:b0:c3:
                    d5:0c:de:09:38:72:23:4d:c7:65:c1:26:61:31:fa:
                    e8:33:8c:60:09:9b:8e:f3:d4:b6:f3:de:72:2c:b2:
                    5c:a4:d6:99:ab:72:31:a3:3c:28:2d:b7:63:f9:d9:
                    12:0e:70:b1:2c:f0:ce:78:0c:65:b0:a6:38:c8:24:
                    7d:81:be:bb:37:e9:c4:36:59:14:17:12:8a:34:7e:
                    79:15:9d:2c:f2:3e:e5:eb:c1:c2:0b:64:be:31:bb:
                    32:06:56:57:f2:e3:70:3c:d9:ab:11:00:19:02:69:
                    42:a4:b1:15:65:e2:7f:7f:0c:33:a8:1a:85:17:6f:
                    25:e8:30:42:af:a9:29:8e:1d:67:9d:56:c5:f6:07:
                    9d:40:a1:6e:ff:25:58:ab:8f:0c:3d:eb:da:91:27:
                    b4:a0:aa:9e:e6:56:01:d7:71:34:19:e2:0a:fc:94:
                    6e:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EB:E6:63:DD:B7:32:0A:33:5A:70:1D:71:3E:59:9D:FB:8D:45:23:3D
            X509v3 Authority Key Identifier:
                keyid:82:CD:5F:D3:CE:F3:E1:CA:A2:0B:BA:61:FA:2D:51:B6:B9:4E:B5:4D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gs1f087z4cqiC7ph-i1RtrlOtU0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6e/536e54-d8fd-45ef-be60-f52306eeb722/1/6-Zj3bcyCjNacB1xPlmd-41FIz0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6e/536e54-d8fd-45ef-be60-f52306eeb722/1/gs1f087z4cqiC7ph-i1RtrlOtU0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.133.52.0/22

    Signature Algorithm: sha256WithRSAEncryption
         63:92:e0:c6:65:11:f9:8a:8e:97:63:b5:70:27:d1:bb:12:f3:
         3a:ee:2f:94:c8:dc:49:90:69:a7:53:ac:cf:27:e6:36:5c:ad:
         8d:8c:5c:86:99:89:bc:36:06:89:6f:a2:c5:7d:52:ca:43:b8:
         f1:ef:5f:9a:6f:cc:03:f8:34:18:bb:29:c1:82:8e:7d:56:11:
         87:4d:95:7e:67:e9:72:c6:29:1e:e4:1e:d1:e2:b1:3a:90:0d:
         12:7e:e5:e4:40:31:14:48:c9:58:ae:cf:df:ac:9a:7c:c2:c6:
         ca:e9:7e:84:ae:96:2f:2a:9b:ee:53:c4:ab:05:ff:38:ca:94:
         41:89:c4:b8:9f:79:e6:f0:69:2b:5d:10:41:18:1e:6c:3a:f2:
         16:4d:7c:fc:3e:19:a9:98:27:b2:ef:fc:bc:15:21:88:72:ce:
         5d:f4:a9:bb:ad:ca:81:63:cb:df:56:87:3a:af:eb:e1:5a:1c:
         d2:51:b0:83:29:01:cb:73:13:f7:79:66:56:26:9a:56:04:58:
         84:aa:20:ec:1e:9e:02:45:13:e3:98:16:c4:fa:22:cf:14:6c:
         47:c9:54:d1:3f:cb:6f:f9:f9:dc:9e:ea:86:40:d2:4e:bb:dd:
         b0:51:26:b5:bc:25:ac:79:ef:8a:31:4c:2e:b9:d6:29:30:0a:
         bb:17:8c:cf
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQfjBTSN17yzzomdfZNX/MvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgyY2Q1ZmQzY2VmM2UxY2FhMjBiYmE2MWZhMmQ1MWI2Yjk0
ZWI1NGQwHhcNMjUwMTAxMDE0NzQxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYmU2NjNkZGI3MzIwYTMzNWE3MDFkNzEzZTU5OWRmYjhkNDUyMzNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtxUWhXrTADpeber59FOcAcmiq6ce
74frC3uHgJ9O2tc1E9xEqTCigdW8AKaLyO6CnHa7vRQeoLKLKUgFdCsn3ZPViq+r
Q1QyUaB2p12LD3NQ/uq1rihFsMPVDN4JOHIjTcdlwSZhMfroM4xgCZuO89S2895y
LLJcpNaZq3IxozwoLbdj+dkSDnCxLPDOeAxlsKY4yCR9gb67N+nENlkUFxKKNH55
FZ0s8j7l68HCC2S+MbsyBlZX8uNwPNmrEQAZAmlCpLEVZeJ/fwwzqBqFF28l6DBC
r6kpjh1nnVbF9gedQKFu/yVYq48MPevakSe0oKqe5lYB13E0GeIK/JRuCwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOvmY923MgozWnAdcT5ZnfuNRSM9MB8GA1UdIwQY
MBaAFILNX9PO8+HKogu6YfotUba5TrVNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ3MxZjA4N3o0Y3FpQzdwaC1pMVJ0cmxPdFUwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82ZS81MzZlNTQtZDhmZC00NWVmLWJlNjAt
ZjUyMzA2ZWViNzIyLzEvNi1aajNiY3lDak5hY0IxeFBsbWQtNDFGSXowLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82ZS81MzZlNTQtZDhmZC00NWVmLWJlNjAtZjUyMzA2ZWViNzIy
LzEvZ3MxZjA4N3o0Y3FpQzdwaC1pMVJ0cmxPdFUwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuYU0MA0G
CSqGSIb3DQEBCwUAA4IBAQBjkuDGZRH5io6XY7VwJ9G7EvM67i+UyNxJkGmnU6zP
J+Y2XK2NjFyGmYm8NgaJb6LFfVLKQ7jx71+ab8wD+DQYuynBgo59VhGHTZV+Z+ly
xike5B7R4rE6kA0SfuXkQDEUSMlYrs/frJp8wsbK6X6ErpYvKpvuU8SrBf84ypRB
icS4n3nm8GkrXRBBGB5sOvIWTXz8PhmpmCey7/y8FSGIcs5d9Km7rcqBY8vfVoc6
r+vhWhzSUbCDKQHLcxP3eWZWJppWBFiEqiDsHp4CRRPjmBbE+iLPFGxHyVTRP8tv
+fncnuqGQNJOu92wUSa1vCWsee+KMUwuudYpMAq7F4zP
-----END CERTIFICATE-----