Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/73/9f536d-0dd6-43ea-a914-9c088c345ae6/1/DFGrBpxL5h3_HtZEYfNq8WA0iY4.roa
File:                     DFGrBpxL5h3_HtZEYfNq8WA0iY4.roa (raw, json)
Hash identifier:          NDj3b147WLZti/8ZN7y09t2HIoBPYHUrUpvzWm06KUM=
Subject key identifier:   0C:51:AB:06:9C:4B:E6:1D:FF:1E:D6:44:61:F3:6A:F1:60:34:89:8E
Certificate issuer:       /CN=c5c5acc7f7ec2b45b43d2547c96464c008933d52
Certificate serial:       019422FB9B7F97C6037798791DC309F7D437
Authority key identifier: C5:C5:AC:C7:F7:EC:2B:45:B4:3D:25:47:C9:64:64:C0:08:93:3D:52
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xcWsx_fsK0W0PSVHyWRkwAiTPVI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/73/9f536d-0dd6-43ea-a914-9c088c345ae6/1/DFGrBpxL5h3_HtZEYfNq8WA0iY4.roa
Signing time:             Wed 01 Jan 2025 17:48:22 +0000
ROA not before:           Wed 01 Jan 2025 17:48:22 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     199229
IP address blocks:        185.2.20.0/22 maxlen: 22
                          2a02:6740::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/73/9f536d-0dd6-43ea-a914-9c088c345ae6/1/xcWsx_fsK0W0PSVHyWRkwAiTPVI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/73/9f536d-0dd6-43ea-a914-9c088c345ae6/1/xcWsx_fsK0W0PSVHyWRkwAiTPVI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xcWsx_fsK0W0PSVHyWRkwAiTPVI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 19 Apr 2025 10:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:fb:9b:7f:97:c6:03:77:98:79:1d:c3:09:f7:d4:37
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c5c5acc7f7ec2b45b43d2547c96464c008933d52
        Validity
            Not Before: Jan  1 17:48:22 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0c51ab069c4be61dff1ed64461f36af16034898e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f2:e1:19:f5:07:7a:32:8e:3a:c8:bb:76:3b:50:
                    58:6f:04:90:9f:43:2b:5b:45:c3:14:75:c8:ea:e6:
                    32:db:19:55:d4:4c:93:42:01:21:6e:63:a3:d6:db:
                    aa:73:9d:3d:ee:f4:68:6e:f1:fa:3e:de:fb:f2:2c:
                    7c:36:67:f0:2a:de:d2:3f:09:c4:65:b6:f9:e1:86:
                    94:71:ca:62:85:88:50:0d:74:9f:19:25:2d:c5:6b:
                    1e:3b:e3:1a:96:c1:b1:4e:c4:4a:c0:e5:ec:a8:73:
                    ba:c5:06:24:8c:f5:15:5d:88:0b:86:71:a5:eb:ee:
                    37:14:9c:38:c1:83:8f:12:1d:4d:8a:cf:dc:09:5d:
                    4a:e7:f6:84:78:3b:d2:8f:c5:5c:cb:b4:e8:14:16:
                    4d:c7:9f:35:73:af:76:15:82:45:32:4b:f7:87:7d:
                    14:68:96:bb:a5:61:ee:1a:c3:69:6a:8b:f0:32:10:
                    e6:0e:62:91:37:4e:c9:30:a9:29:c8:48:eb:22:58:
                    38:06:9f:2a:76:d8:86:d0:56:f7:81:34:5d:80:fd:
                    b4:84:5a:60:02:2e:58:27:dc:1e:33:e2:bb:b4:51:
                    7c:ee:08:0e:00:2c:14:86:d7:00:3d:05:d2:7b:b3:
                    ba:99:53:45:d0:76:d2:4f:12:85:8e:37:3d:bf:80:
                    92:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0C:51:AB:06:9C:4B:E6:1D:FF:1E:D6:44:61:F3:6A:F1:60:34:89:8E
            X509v3 Authority Key Identifier:
                keyid:C5:C5:AC:C7:F7:EC:2B:45:B4:3D:25:47:C9:64:64:C0:08:93:3D:52

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xcWsx_fsK0W0PSVHyWRkwAiTPVI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/73/9f536d-0dd6-43ea-a914-9c088c345ae6/1/DFGrBpxL5h3_HtZEYfNq8WA0iY4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/73/9f536d-0dd6-43ea-a914-9c088c345ae6/1/xcWsx_fsK0W0PSVHyWRkwAiTPVI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.2.20.0/22
                IPv6:
                  2a02:6740::/32

    Signature Algorithm: sha256WithRSAEncryption
         7d:63:e5:10:c2:91:59:42:d2:5c:56:d2:bf:97:32:54:bb:58:
         87:ab:6f:ff:3e:e6:b0:98:c9:8d:1b:fd:09:39:eb:e2:8a:cb:
         aa:ce:79:48:69:3c:ce:b1:6f:2a:bf:21:ef:e2:56:d8:4c:29:
         2d:61:6d:84:77:19:1c:ed:56:51:9d:74:84:e7:e3:9d:23:4a:
         2d:21:cc:13:82:34:d9:48:f2:5e:28:3c:7d:d9:d3:c9:1a:54:
         dd:7b:aa:14:20:be:c8:7e:5f:e7:ee:db:f9:1d:1c:d5:31:37:
         aa:13:d8:3b:a8:6b:4b:6f:10:2a:ea:74:b7:c8:27:a9:7b:2c:
         f9:a3:e9:aa:a2:ee:25:4e:f4:21:a6:bc:92:c0:8f:ee:d0:b1:
         63:69:8c:07:54:e4:8d:76:eb:35:f0:fd:1f:c2:7c:32:54:28:
         cd:8c:98:36:50:55:2c:cd:f6:a9:0d:6b:26:69:9a:fc:99:59:
         99:ee:c9:86:ef:b2:eb:44:5c:a3:c5:8b:f9:cd:6d:49:6f:5d:
         1e:96:72:ed:74:59:6f:ca:75:10:33:2c:f2:ea:1e:cb:54:db:
         cb:04:05:56:a1:fb:b4:02:5d:dc:3e:14:91:2a:f2:aa:83:7d:
         22:7e:90:84:88:a5:7b:c6:02:5b:c1:60:b0:2d:e9:08:79:7b:
         1b:0f:17:51
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQi+5t/l8YDd5h5HcMJ99Q3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM1YzVhY2M3ZjdlYzJiNDViNDNkMjU0N2M5NjQ2NGMwMDg5
MzNkNTIwHhcNMjUwMTAxMTc0ODIyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYzUxYWIwNjljNGJlNjFkZmYxZWQ2NDQ2MWYzNmFmMTYwMzQ4OThlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8uEZ9Qd6Mo46yLt2O1BYbwSQn0Mr
W0XDFHXI6uYy2xlV1EyTQgEhbmOj1tuqc5097vRobvH6Pt778ix8NmfwKt7SPwnE
Zbb54YaUccpihYhQDXSfGSUtxWseO+MalsGxTsRKwOXsqHO6xQYkjPUVXYgLhnGl
6+43FJw4wYOPEh1Nis/cCV1K5/aEeDvSj8Vcy7ToFBZNx581c692FYJFMkv3h30U
aJa7pWHuGsNpaovwMhDmDmKRN07JMKkpyEjrIlg4Bp8qdtiG0Fb3gTRdgP20hFpg
Ai5YJ9weM+K7tFF87ggOACwUhtcAPQXSe7O6mVNF0HbSTxKFjjc9v4CSnQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFAxRqwacS+Yd/x7WRGHzavFgNImOMB8GA1UdIwQY
MBaAFMXFrMf37CtFtD0lR8lkZMAIkz1SMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveGNXc3hfZnNLMFcwUFNWSHlXUmt3QWlUUFZJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83My85ZjUzNmQtMGRkNi00M2VhLWE5MTQt
OWMwODhjMzQ1YWU2LzEvREZHckJweEw1aDNfSHRaRVlmTnE4V0EwaVk0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83My85ZjUzNmQtMGRkNi00M2VhLWE5MTQtOWMwODhjMzQ1YWU2
LzEveGNXc3hfZnNLMFcwUFNWSHlXUmt3QWlUUFZJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuQIUMA0E
AgACMAcDBQAqAmdAMA0GCSqGSIb3DQEBCwUAA4IBAQB9Y+UQwpFZQtJcVtK/lzJU
u1iHq2//PuawmMmNG/0JOeviisuqznlIaTzOsW8qvyHv4lbYTCktYW2Edxkc7VZR
nXSE5+OdI0otIcwTgjTZSPJeKDx92dPJGlTde6oUIL7Ifl/n7tv5HRzVMTeqE9g7
qGtLbxAq6nS3yCepeyz5o+mqou4lTvQhprySwI/u0LFjaYwHVOSNdus18P0fwnwy
VCjNjJg2UFUszfapDWsmaZr8mVmZ7smG77LrRFyjxYv5zW1Jb10elnLtdFlvynUQ
Myzy6h7LVNvLBAVWofu0Al3cPhSRKvKqg30ifpCEiKV7xgJbwWCwLekIeXsbDxdR
-----END CERTIFICATE-----