Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/78/f536cd-943f-4554-9f17-344cc502f1bd/1/CNh_5j_R_gJpT50KvKASnm2ddQQ.roa
File:                     CNh_5j_R_gJpT50KvKASnm2ddQQ.roa (raw, json)
Hash identifier:          sz6v/CsZnD6nQK+LURUo6p2F2VafhVQMBGjcdFGL5T4=
Subject key identifier:   08:D8:7F:E6:3F:D1:FE:02:69:4F:9D:0A:BC:A0:12:9E:6D:9D:75:04
Certificate issuer:       /CN=304e59a223f4bcb823492fb1096c3a82310c03da
Certificate serial:       019427B625D5D305A4C9DA31228E277E2520
Authority key identifier: 30:4E:59:A2:23:F4:BC:B8:23:49:2F:B1:09:6C:3A:82:31:0C:03:DA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ME5ZoiP0vLgjSS-xCWw6gjEMA9o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/78/f536cd-943f-4554-9f17-344cc502f1bd/1/CNh_5j_R_gJpT50KvKASnm2ddQQ.roa
Signing time:             Thu 02 Jan 2025 15:50:36 +0000
ROA not before:           Thu 02 Jan 2025 15:50:36 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     57166
IP address blocks:        185.119.106.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/78/f536cd-943f-4554-9f17-344cc502f1bd/1/ME5ZoiP0vLgjSS-xCWw6gjEMA9o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/78/f536cd-943f-4554-9f17-344cc502f1bd/1/ME5ZoiP0vLgjSS-xCWw6gjEMA9o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ME5ZoiP0vLgjSS-xCWw6gjEMA9o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 23 Apr 2025 21:00:55 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:b6:25:d5:d3:05:a4:c9:da:31:22:8e:27:7e:25:20
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=304e59a223f4bcb823492fb1096c3a82310c03da
        Validity
            Not Before: Jan  2 15:50:36 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=08d87fe63fd1fe02694f9d0abca0129e6d9d7504
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:73:6b:0e:02:a3:00:a5:2f:a0:9a:80:a3:61:
                    70:fd:d8:91:d2:14:d7:ba:fa:4b:4a:7e:1a:0b:18:
                    7c:1e:1e:4f:a4:3c:35:0e:25:3b:55:7e:68:12:2d:
                    4f:e6:4e:f9:bc:74:08:29:d7:b1:4b:87:a7:5e:9d:
                    0c:5e:95:cc:0f:af:c1:a7:a1:46:94:d5:c9:9d:50:
                    48:b3:8f:cc:b2:ee:a1:88:4f:1d:d4:4d:49:2e:b0:
                    f8:e1:8b:49:6b:30:a0:ed:65:5e:0d:54:33:43:92:
                    c6:db:fb:75:b2:16:00:55:0f:e8:d5:64:75:05:d5:
                    d2:61:ca:26:a8:ed:d3:89:02:d2:94:9f:7e:86:33:
                    67:dc:4f:36:29:d3:59:db:31:a6:b1:ca:55:a0:fc:
                    55:33:a6:f3:21:86:11:68:fd:54:a4:d3:43:bc:a1:
                    7a:f3:84:5d:0b:42:55:bc:56:83:50:04:94:13:56:
                    1a:bb:c9:6b:ce:8d:a8:02:4c:36:d3:11:22:94:de:
                    10:d9:d0:fe:2b:c1:d8:98:58:8f:78:58:e1:f4:bd:
                    be:e1:d9:2b:9e:1b:4e:cb:80:97:69:e1:e0:cf:bf:
                    36:ee:b2:ae:7d:76:8f:6a:3a:56:2e:fe:b7:2b:81:
                    c0:06:c0:51:2a:bb:3b:a1:01:b9:d4:02:11:3e:16:
                    cc:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                08:D8:7F:E6:3F:D1:FE:02:69:4F:9D:0A:BC:A0:12:9E:6D:9D:75:04
            X509v3 Authority Key Identifier:
                keyid:30:4E:59:A2:23:F4:BC:B8:23:49:2F:B1:09:6C:3A:82:31:0C:03:DA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ME5ZoiP0vLgjSS-xCWw6gjEMA9o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/78/f536cd-943f-4554-9f17-344cc502f1bd/1/CNh_5j_R_gJpT50KvKASnm2ddQQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/78/f536cd-943f-4554-9f17-344cc502f1bd/1/ME5ZoiP0vLgjSS-xCWw6gjEMA9o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.119.106.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4f:65:b6:0f:73:8b:1b:04:22:c0:55:62:c1:f5:1f:ee:5b:16:
         4b:39:62:c9:cb:81:c1:18:79:4e:8e:37:a0:89:06:f4:03:ed:
         24:22:ff:62:bc:5f:1f:b9:fa:c9:09:5f:54:f5:39:49:bb:46:
         be:b6:e2:e6:22:93:00:f3:e6:03:a0:55:7a:fa:d3:e1:6a:9f:
         0b:7c:82:f7:f4:a9:14:bb:c6:c1:75:64:8b:35:78:54:2e:bb:
         00:d6:c7:02:44:76:14:ed:fc:bb:c5:29:37:28:94:d1:a1:fe:
         54:fc:17:f0:d2:c2:09:11:d5:f5:a2:3a:01:b3:f7:dd:43:e4:
         43:04:c8:e6:0f:13:cd:99:10:24:32:8c:5b:c0:95:36:cd:d6:
         48:f1:8e:34:12:3d:aa:a0:c0:f8:5e:75:f4:4a:80:71:df:ef:
         ef:c9:3f:ad:36:e2:25:c3:e3:29:da:75:fa:b0:e3:95:73:ae:
         3d:f9:40:76:de:bf:39:fc:c5:4e:d6:8c:39:e7:fa:74:d0:ca:
         e7:3c:f6:fe:be:f4:bb:7a:dd:54:10:df:21:ae:7d:0d:e0:94:
         a4:72:d8:d0:fd:aa:cc:0d:84:6f:12:27:ec:e6:34:2e:20:79:
         19:51:ec:54:4b:89:90:bf:07:b9:3f:d0:40:fc:14:96:d7:a3:
         3d:cf:50:48
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQntiXV0wWkydoxIo4nfiUgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMwNGU1OWEyMjNmNGJjYjgyMzQ5MmZiMTA5NmMzYTgyMzEw
YzAzZGEwHhcNMjUwMTAyMTU1MDM2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwOGQ4N2ZlNjNmZDFmZTAyNjk0ZjlkMGFiY2EwMTI5ZTZkOWQ3NTA0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjXNrDgKjAKUvoJqAo2Fw/diR0hTX
uvpLSn4aCxh8Hh5PpDw1DiU7VX5oEi1P5k75vHQIKdexS4enXp0MXpXMD6/Bp6FG
lNXJnVBIs4/Msu6hiE8d1E1JLrD44YtJazCg7WVeDVQzQ5LG2/t1shYAVQ/o1WR1
BdXSYcomqO3TiQLSlJ9+hjNn3E82KdNZ2zGmscpVoPxVM6bzIYYRaP1UpNNDvKF6
84RdC0JVvFaDUASUE1Yau8lrzo2oAkw20xEilN4Q2dD+K8HYmFiPeFjh9L2+4dkr
nhtOy4CXaeHgz7827rKufXaPajpWLv63K4HABsBRKrs7oQG51AIRPhbMUQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAjYf+Y/0f4CaU+dCrygEp5tnXUEMB8GA1UdIwQY
MBaAFDBOWaIj9Ly4I0kvsQlsOoIxDAPaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTUU1Wm9pUDB2TGdqU1MteENXdzZnakVNQTlvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83OC9mNTM2Y2QtOTQzZi00NTU0LTlmMTct
MzQ0Y2M1MDJmMWJkLzEvQ05oXzVqX1JfZ0pwVDUwS3ZLQVNubTJkZFFRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83OC9mNTM2Y2QtOTQzZi00NTU0LTlmMTctMzQ0Y2M1MDJmMWJk
LzEvTUU1Wm9pUDB2TGdqU1MteENXdzZnakVNQTlvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuXdqMA0G
CSqGSIb3DQEBCwUAA4IBAQBPZbYPc4sbBCLAVWLB9R/uWxZLOWLJy4HBGHlOjjeg
iQb0A+0kIv9ivF8fufrJCV9U9TlJu0a+tuLmIpMA8+YDoFV6+tPhap8LfIL39KkU
u8bBdWSLNXhULrsA1scCRHYU7fy7xSk3KJTRof5U/Bfw0sIJEdX1ojoBs/fdQ+RD
BMjmDxPNmRAkMoxbwJU2zdZI8Y40Ej2qoMD4XnX0SoBx3+/vyT+tNuIlw+Mp2nX6
sOOVc649+UB23r85/MVO1ow55/p00MrnPPb+vvS7et1UEN8hrn0N4JSkctjQ/arM
DYRvEifs5jQuIHkZUexUS4mQvwe5P9BA/BSW16M9z1BI
-----END CERTIFICATE-----