Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/72/b1b41d-d886-442a-9524-8c56d8fe17b5/1/Ut6Isd3FyfcwFqXffcOSTj20big.roa
File:                     Ut6Isd3FyfcwFqXffcOSTj20big.roa (raw, json)
Hash identifier:          6WWf7LzHGfNpFV/UMH6n5UZ2IDbI9b8RYTztg7MMT9k=
Subject key identifier:   52:DE:88:B1:DD:C5:C9:F7:30:16:A5:DF:7D:C3:92:4E:3D:B4:6E:28
Certificate issuer:       /CN=1474b6fc67b6b90db311c61fc0e3a9c752833c56
Certificate serial:       01942444BAFE30F09E2FCB62F7BB3E71E8A4
Authority key identifier: 14:74:B6:FC:67:B6:B9:0D:B3:11:C6:1F:C0:E3:A9:C7:52:83:3C:56
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/FHS2_Ge2uQ2zEcYfwOOpx1KDPFY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/72/b1b41d-d886-442a-9524-8c56d8fe17b5/1/Ut6Isd3FyfcwFqXffcOSTj20big.roa
Signing time:             Wed 01 Jan 2025 23:47:51 +0000
ROA not before:           Wed 01 Jan 2025 23:47:51 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     43905
IP address blocks:        185.127.180.0/24 maxlen: 24
                          185.127.181.0/24 maxlen: 24
                          185.127.183.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/72/b1b41d-d886-442a-9524-8c56d8fe17b5/1/FHS2_Ge2uQ2zEcYfwOOpx1KDPFY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/72/b1b41d-d886-442a-9524-8c56d8fe17b5/1/FHS2_Ge2uQ2zEcYfwOOpx1KDPFY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/FHS2_Ge2uQ2zEcYfwOOpx1KDPFY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 23:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:44:ba:fe:30:f0:9e:2f:cb:62:f7:bb:3e:71:e8:a4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1474b6fc67b6b90db311c61fc0e3a9c752833c56
        Validity
            Not Before: Jan  1 23:47:51 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=52de88b1ddc5c9f73016a5df7dc3924e3db46e28
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:b1:12:83:16:5a:7f:3e:91:2c:04:cb:47:67:
                    ac:14:3e:09:0e:51:0b:5e:f8:bb:a2:50:08:4f:bb:
                    a2:0f:a3:a7:b5:75:c1:0b:a2:0f:ea:3f:d0:6b:c3:
                    93:36:0d:e7:93:f4:16:c5:c4:26:14:29:9d:5d:7c:
                    72:31:4f:36:b9:fa:ea:7b:d6:69:3c:f6:c8:59:d7:
                    f8:99:12:6d:c5:3b:1a:b5:fc:2b:16:03:92:b0:29:
                    a4:94:10:b6:0c:70:df:d9:35:e3:97:a9:29:f5:f6:
                    2e:70:e3:20:81:35:86:2f:e1:85:05:4e:2e:b3:83:
                    28:a3:83:f8:43:f0:48:78:d3:77:9c:5e:c9:4a:28:
                    96:27:ad:dc:af:87:28:bb:00:80:83:28:1d:f9:02:
                    ca:19:64:5c:44:8f:a2:1b:cb:c4:f4:7e:ae:76:c0:
                    ff:f6:8c:f1:0d:00:c9:13:de:48:93:19:41:d5:a6:
                    42:a3:c5:a2:43:60:ef:2f:f3:3a:94:68:dd:f8:b8:
                    56:31:f4:32:1b:03:10:fb:f4:02:38:a1:2f:32:be:
                    8e:7f:bc:e5:be:96:df:bd:82:20:d6:f3:b8:9a:f9:
                    d1:f0:7c:7b:21:eb:32:97:cf:be:50:ad:54:83:e3:
                    f8:e9:c8:fa:36:99:85:23:1c:26:3f:be:55:41:31:
                    bd:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                52:DE:88:B1:DD:C5:C9:F7:30:16:A5:DF:7D:C3:92:4E:3D:B4:6E:28
            X509v3 Authority Key Identifier:
                keyid:14:74:B6:FC:67:B6:B9:0D:B3:11:C6:1F:C0:E3:A9:C7:52:83:3C:56

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/FHS2_Ge2uQ2zEcYfwOOpx1KDPFY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/72/b1b41d-d886-442a-9524-8c56d8fe17b5/1/Ut6Isd3FyfcwFqXffcOSTj20big.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/72/b1b41d-d886-442a-9524-8c56d8fe17b5/1/FHS2_Ge2uQ2zEcYfwOOpx1KDPFY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.127.180.0/23
                  185.127.183.0/24

    Signature Algorithm: sha256WithRSAEncryption
         62:bc:19:80:2e:b8:29:52:06:1c:ed:f9:13:3e:3e:db:f6:7a:
         cc:60:db:27:4a:a9:16:5e:02:eb:b9:f5:08:e5:63:ef:99:d6:
         aa:37:70:3f:a2:31:0a:0c:15:ff:f6:e9:55:1e:cb:26:a3:ad:
         d7:8c:b7:4e:ae:3a:76:f1:54:2a:4e:4c:06:1d:7e:f4:11:d8:
         04:94:f2:51:32:9f:26:45:42:84:f5:18:25:fe:38:dc:a9:68:
         6a:71:42:9b:bc:84:a1:00:10:38:36:08:c9:c0:e2:4e:86:7e:
         07:f0:39:6b:f4:e4:cc:67:d7:45:31:1e:49:d8:b8:a1:9c:6f:
         6a:b8:df:f6:94:7b:f3:72:a6:17:43:fc:9b:f6:6e:cc:e7:10:
         9c:3c:cd:65:f3:41:b6:7c:c0:f9:82:0e:e8:03:c3:93:99:83:
         d6:a7:1b:49:6c:66:e2:fe:11:c8:8f:5a:f6:61:d2:a2:dd:ce:
         8f:25:73:43:55:68:45:f5:a7:a8:8d:6d:34:ed:7c:61:c7:50:
         27:06:5e:a2:a2:61:d3:c3:b3:cd:36:fe:42:a9:ca:f6:ba:97:
         c6:0c:aa:26:72:57:72:4d:ac:40:c3:6f:11:71:26:83:bc:8d:
         ee:5b:14:2d:8f:34:27:63:d3:39:63:bf:89:13:68:43:99:1c:
         d7:b3:09:b4
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQkRLr+MPCeL8ti97s+ceikMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE0NzRiNmZjNjdiNmI5MGRiMzExYzYxZmMwZTNhOWM3NTI4
MzNjNTYwHhcNMjUwMTAxMjM0NzUxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MmRlODhiMWRkYzVjOWY3MzAxNmE1ZGY3ZGMzOTI0ZTNkYjQ2ZTI4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvLESgxZafz6RLATLR2esFD4JDlEL
Xvi7olAIT7uiD6OntXXBC6IP6j/Qa8OTNg3nk/QWxcQmFCmdXXxyMU82ufrqe9Zp
PPbIWdf4mRJtxTsatfwrFgOSsCmklBC2DHDf2TXjl6kp9fYucOMggTWGL+GFBU4u
s4Moo4P4Q/BIeNN3nF7JSiiWJ63cr4couwCAgygd+QLKGWRcRI+iG8vE9H6udsD/
9ozxDQDJE95IkxlB1aZCo8WiQ2DvL/M6lGjd+LhWMfQyGwMQ+/QCOKEvMr6Of7zl
vpbfvYIg1vO4mvnR8Hx7Iesyl8++UK1Ug+P46cj6NpmFIxwmP75VQTG9CQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFFLeiLHdxcn3MBal333Dkk49tG4oMB8GA1UdIwQY
MBaAFBR0tvxntrkNsxHGH8DjqcdSgzxWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRkhTMl9HZTJ1UTJ6RWNZZndPT3B4MUtEUEZZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Mi9iMWI0MWQtZDg4Ni00NDJhLTk1MjQt
OGM1NmQ4ZmUxN2I1LzEvVXQ2SXNkM0Z5ZmN3RnFYZmZjT1NUajIwYmlnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Mi9iMWI0MWQtZDg4Ni00NDJhLTk1MjQtOGM1NmQ4ZmUxN2I1
LzEvRkhTMl9HZTJ1UTJ6RWNZZndPT3B4MUtEUEZZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBuX+0AwQA
uX+3MA0GCSqGSIb3DQEBCwUAA4IBAQBivBmALrgpUgYc7fkTPj7b9nrMYNsnSqkW
XgLrufUI5WPvmdaqN3A/ojEKDBX/9ulVHssmo63XjLdOrjp28VQqTkwGHX70EdgE
lPJRMp8mRUKE9Rgl/jjcqWhqcUKbvIShABA4NgjJwOJOhn4H8Dlr9OTMZ9dFMR5J
2LihnG9quN/2lHvzcqYXQ/yb9m7M5xCcPM1l80G2fMD5gg7oA8OTmYPWpxtJbGbi
/hHIj1r2YdKi3c6PJXNDVWhF9aeojW007Xxhx1AnBl6iomHTw7PNNv5Cqcr2upfG
DKomcldyTaxAw28RcSaDvI3uWxQtjzQnY9M5Y7+JE2hDmRzXswm0
-----END CERTIFICATE-----