Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/78/6f6ce2-e6ee-4e2a-905d-f9cb0a7b206c/1/5V9nQk8eS6DyC882Rg33Rs4PgXA.roa
File:                     5V9nQk8eS6DyC882Rg33Rs4PgXA.roa (raw, json)
Hash identifier:          CplRfVFqh0nKDCBvHrkyF9RjBMlnhGzkyUPZCH8h8VA=
Subject key identifier:   E5:5F:67:42:4F:1E:4B:A0:F2:0B:CF:36:46:0D:F7:46:CE:0F:81:70
Certificate issuer:       /CN=73c69d04583500c5ef81136831237593e0bb86ce
Certificate serial:       0194274628B6F5ADC4A9E27D213EC5F03FB7
Authority key identifier: 73:C6:9D:04:58:35:00:C5:EF:81:13:68:31:23:75:93:E0:BB:86:CE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/c8adBFg1AMXvgRNoMSN1k-C7hs4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/78/6f6ce2-e6ee-4e2a-905d-f9cb0a7b206c/1/5V9nQk8eS6DyC882Rg33Rs4PgXA.roa
Signing time:             Thu 02 Jan 2025 13:48:16 +0000
ROA not before:           Thu 02 Jan 2025 13:48:16 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     30823
IP address blocks:        185.244.29.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/78/6f6ce2-e6ee-4e2a-905d-f9cb0a7b206c/1/c8adBFg1AMXvgRNoMSN1k-C7hs4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/78/6f6ce2-e6ee-4e2a-905d-f9cb0a7b206c/1/c8adBFg1AMXvgRNoMSN1k-C7hs4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/c8adBFg1AMXvgRNoMSN1k-C7hs4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 09:01:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:46:28:b6:f5:ad:c4:a9:e2:7d:21:3e:c5:f0:3f:b7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=73c69d04583500c5ef81136831237593e0bb86ce
        Validity
            Not Before: Jan  2 13:48:16 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e55f67424f1e4ba0f20bcf36460df746ce0f8170
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:75:7e:4c:88:c4:09:a8:d3:f6:c2:6e:8b:f3:
                    7d:7c:f8:9f:1f:8d:87:10:c4:db:f6:f5:30:bd:2a:
                    81:49:ba:bd:5e:2f:92:ea:99:59:43:70:16:49:06:
                    9c:6b:5e:49:65:30:d6:b4:eb:e1:5d:73:e4:38:22:
                    b1:c8:b6:38:41:d4:34:56:a2:14:71:dc:ec:3d:5e:
                    1f:c3:9a:91:42:b7:19:d3:94:73:ae:11:12:2f:a5:
                    27:8c:3c:78:ba:59:58:a2:36:af:28:e1:00:f8:67:
                    a7:7e:1d:3f:fa:67:48:aa:bf:0c:57:c6:57:fa:45:
                    86:7e:3e:75:9e:54:d7:ef:4e:59:78:cd:92:59:a0:
                    56:ec:93:9f:5c:21:b7:aa:0a:35:bd:e9:6a:2e:bb:
                    fa:81:e6:fe:c9:54:0d:ea:a7:03:10:1d:78:50:b6:
                    4c:43:f6:89:01:2d:06:61:77:d0:76:3e:6f:09:96:
                    06:9d:12:6d:ec:44:7d:a9:0e:02:e4:3d:cc:5f:6d:
                    40:ed:35:c7:b5:63:79:1a:7b:ad:04:f7:83:d7:fd:
                    e1:4d:fc:5e:88:0a:30:04:81:82:84:6b:44:bd:8a:
                    97:5c:ce:6a:28:f0:dc:f5:11:93:7f:3b:d0:12:d7:
                    7b:3b:10:ff:01:1d:aa:a4:b5:bb:76:83:48:91:a6:
                    82:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E5:5F:67:42:4F:1E:4B:A0:F2:0B:CF:36:46:0D:F7:46:CE:0F:81:70
            X509v3 Authority Key Identifier:
                keyid:73:C6:9D:04:58:35:00:C5:EF:81:13:68:31:23:75:93:E0:BB:86:CE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8adBFg1AMXvgRNoMSN1k-C7hs4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/78/6f6ce2-e6ee-4e2a-905d-f9cb0a7b206c/1/5V9nQk8eS6DyC882Rg33Rs4PgXA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/78/6f6ce2-e6ee-4e2a-905d-f9cb0a7b206c/1/c8adBFg1AMXvgRNoMSN1k-C7hs4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.244.29.0/24

    Signature Algorithm: sha256WithRSAEncryption
         64:3a:d0:e6:39:10:f5:ae:26:a8:26:72:43:60:fc:6d:27:15:
         80:0f:39:03:99:84:1b:9d:bd:3b:5f:88:06:4f:d7:4a:a3:d8:
         07:d9:06:d2:75:72:f0:f9:8d:b0:4d:23:38:9b:2b:c7:9f:e6:
         36:f8:7d:61:6b:8f:93:20:93:50:11:9d:e9:e1:d1:b1:44:63:
         0b:99:44:83:ad:6b:34:f4:76:d9:3d:e6:9a:f7:e0:a4:c4:d2:
         c6:48:68:1f:d1:f0:4f:cf:e4:5a:84:4b:40:29:ac:4a:5a:b4:
         16:27:0b:9c:b5:01:cc:b4:f3:29:8a:8e:5d:f9:02:39:ec:6b:
         78:6e:91:c5:fa:35:49:1e:9c:c5:8a:d6:4d:6f:1a:0d:6e:64:
         19:bb:7b:91:91:62:48:4f:96:0b:3d:fb:20:27:ba:01:5a:08:
         38:56:dd:33:be:12:d1:72:30:c4:9b:a3:f5:c4:17:f1:60:1f:
         e1:ea:6c:ec:9d:6c:92:e7:f0:9e:46:0b:0e:20:fe:94:21:43:
         7e:67:39:de:df:d0:70:50:e9:0c:1e:89:ad:f9:37:11:a8:31:
         4f:8f:79:b9:83:cc:4e:fb:06:19:9f:de:2d:0e:fb:69:68:ad:
         04:61:c6:f3:fd:36:34:7d:1e:75:62:4d:b3:26:ff:df:94:7d:
         f0:7b:be:73
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQnRii29a3EqeJ9IT7F8D+3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDczYzY5ZDA0NTgzNTAwYzVlZjgxMTM2ODMxMjM3NTkzZTBi
Yjg2Y2UwHhcNMjUwMTAyMTM0ODE2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNTVmNjc0MjRmMWU0YmEwZjIwYmNmMzY0NjBkZjc0NmNlMGY4MTcwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsXV+TIjECajT9sJui/N9fPifH42H
EMTb9vUwvSqBSbq9Xi+S6plZQ3AWSQaca15JZTDWtOvhXXPkOCKxyLY4QdQ0VqIU
cdzsPV4fw5qRQrcZ05RzrhESL6UnjDx4ullYojavKOEA+Genfh0/+mdIqr8MV8ZX
+kWGfj51nlTX705ZeM2SWaBW7JOfXCG3qgo1velqLrv6geb+yVQN6qcDEB14ULZM
Q/aJAS0GYXfQdj5vCZYGnRJt7ER9qQ4C5D3MX21A7TXHtWN5GnutBPeD1/3hTfxe
iAowBIGChGtEvYqXXM5qKPDc9RGTfzvQEtd7OxD/AR2qpLW7doNIkaaCsQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOVfZ0JPHkug8gvPNkYN90bOD4FwMB8GA1UdIwQY
MBaAFHPGnQRYNQDF74ETaDEjdZPgu4bOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYzhhZEJGZzFBTVh2Z1JOb01TTjFrLUM3aHM0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83OC82ZjZjZTItZTZlZS00ZTJhLTkwNWQt
ZjljYjBhN2IyMDZjLzEvNVY5blFrOGVTNkR5Qzg4MlJnMzNSczRQZ1hBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83OC82ZjZjZTItZTZlZS00ZTJhLTkwNWQtZjljYjBhN2IyMDZj
LzEvYzhhZEJGZzFBTVh2Z1JOb01TTjFrLUM3aHM0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAufQdMA0G
CSqGSIb3DQEBCwUAA4IBAQBkOtDmORD1riaoJnJDYPxtJxWADzkDmYQbnb07X4gG
T9dKo9gH2QbSdXLw+Y2wTSM4myvHn+Y2+H1ha4+TIJNQEZ3p4dGxRGMLmUSDrWs0
9HbZPeaa9+CkxNLGSGgf0fBPz+RahEtAKaxKWrQWJwuctQHMtPMpio5d+QI57Gt4
bpHF+jVJHpzFitZNbxoNbmQZu3uRkWJIT5YLPfsgJ7oBWgg4Vt0zvhLRcjDEm6P1
xBfxYB/h6mzsnWyS5/CeRgsOIP6UIUN+Zzne39BwUOkMHomt+TcRqDFPj3m5g8xO
+wYZn94tDvtpaK0EYcbz/TY0fR51Yk2zJv/flH3we75z
-----END CERTIFICATE-----