Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/64879b-6c68-4597-9fab-6fbe293171fe/1/XArLVttX_wCBnKO2u8bWM8Vk3NU.roa
File:                     XArLVttX_wCBnKO2u8bWM8Vk3NU.roa (raw, json)
Hash identifier:          BE5h5QGSzKEJoBRH8Cvw/x+Z7DD6UePHMldATT7VyV4=
Subject key identifier:   5C:0A:CB:56:DB:57:FF:00:81:9C:A3:B6:BB:C6:D6:33:C5:64:DC:D5
Certificate issuer:       /CN=c54dd882852cc4586b1fee34c0501d5db7d60f0b
Certificate serial:       019424B3FE3B649DA13B30ED8E65DF750D99
Authority key identifier: C5:4D:D8:82:85:2C:C4:58:6B:1F:EE:34:C0:50:1D:5D:B7:D6:0F:0B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xU3YgoUsxFhrH-40wFAdXbfWDws.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/87/64879b-6c68-4597-9fab-6fbe293171fe/1/XArLVttX_wCBnKO2u8bWM8Vk3NU.roa
Signing time:             Thu 02 Jan 2025 01:49:23 +0000
ROA not before:           Thu 02 Jan 2025 01:49:23 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     204572
IP address blocks:        185.246.144.0/22 maxlen: 22
                          2a0d:8580::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/87/64879b-6c68-4597-9fab-6fbe293171fe/1/xU3YgoUsxFhrH-40wFAdXbfWDws.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/87/64879b-6c68-4597-9fab-6fbe293171fe/1/xU3YgoUsxFhrH-40wFAdXbfWDws.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xU3YgoUsxFhrH-40wFAdXbfWDws.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:b3:fe:3b:64:9d:a1:3b:30:ed:8e:65:df:75:0d:99
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c54dd882852cc4586b1fee34c0501d5db7d60f0b
        Validity
            Not Before: Jan  2 01:49:23 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5c0acb56db57ff00819ca3b6bbc6d633c564dcd5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:da:1a:5d:62:ea:6d:83:f4:4d:fc:ac:70:10:
                    09:35:8f:d9:00:da:54:fc:34:06:08:d0:3b:08:e7:
                    cc:7e:78:29:51:78:b2:76:10:4a:dd:1d:5a:08:6c:
                    ab:92:34:bd:30:65:71:b3:6a:dc:cf:24:3f:6f:2d:
                    b8:a3:db:d0:fc:ea:20:f1:c8:1b:f3:c6:00:c0:41:
                    34:b6:a0:28:5b:44:66:86:bb:45:03:dc:60:a1:8b:
                    57:54:2d:84:4d:13:cd:57:91:99:10:81:9a:79:93:
                    77:e3:44:85:d1:b0:40:66:e6:4c:2a:55:9e:9c:2a:
                    ac:e8:96:5d:db:02:e2:d2:f9:e5:8e:b2:21:9d:d4:
                    8c:5d:5a:c4:28:df:cf:0b:f1:e6:dc:39:2a:57:f8:
                    b1:4c:ed:c9:e3:7c:54:e5:51:fa:f0:4f:97:e8:73:
                    84:44:cd:f9:05:85:8b:98:70:67:8a:e8:09:c9:90:
                    cd:26:b2:30:8c:3c:03:cb:2b:25:19:fe:dc:cb:49:
                    97:c6:18:d0:6e:f4:bf:4a:6d:2b:4e:08:bc:38:c9:
                    3a:c9:c3:96:40:08:0f:9c:57:d1:bd:40:76:6b:89:
                    c3:d0:6f:6e:f2:6b:43:70:a6:ac:e5:ab:5b:01:73:
                    72:3a:cc:79:eb:b0:78:55:9d:c2:6c:5c:57:75:4b:
                    c3:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5C:0A:CB:56:DB:57:FF:00:81:9C:A3:B6:BB:C6:D6:33:C5:64:DC:D5
            X509v3 Authority Key Identifier:
                keyid:C5:4D:D8:82:85:2C:C4:58:6B:1F:EE:34:C0:50:1D:5D:B7:D6:0F:0B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xU3YgoUsxFhrH-40wFAdXbfWDws.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/64879b-6c68-4597-9fab-6fbe293171fe/1/XArLVttX_wCBnKO2u8bWM8Vk3NU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/87/64879b-6c68-4597-9fab-6fbe293171fe/1/xU3YgoUsxFhrH-40wFAdXbfWDws.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.246.144.0/22
                IPv6:
                  2a0d:8580::/32

    Signature Algorithm: sha256WithRSAEncryption
         6b:eb:c4:a5:50:33:0d:f9:06:8a:67:ec:06:94:d2:a4:00:87:
         51:ae:8c:7e:c6:c8:aa:04:64:5b:3b:83:38:6a:8a:19:e9:00:
         b6:9e:c9:9f:f4:89:a2:3a:c6:8c:16:66:68:23:18:b6:a8:56:
         53:61:cf:9a:51:47:42:a5:14:18:d3:1c:7b:2e:97:d7:ba:a3:
         08:b2:e3:24:94:37:e3:11:75:30:d3:da:55:87:e9:e5:0c:06:
         47:aa:ec:a7:53:69:51:94:5d:3b:bf:78:52:1c:8a:88:15:29:
         f0:de:0a:d2:44:47:2f:92:dc:7a:4c:62:df:02:97:9d:21:b0:
         94:f1:41:99:0f:19:23:20:a7:ca:da:7b:97:f4:9b:27:0b:d8:
         d6:f2:4f:a6:00:91:33:be:9c:a5:67:28:a0:97:f5:13:0c:e7:
         c0:4a:8f:be:6a:bb:5b:18:dc:7d:53:3e:f2:75:31:90:56:f2:
         18:a8:e1:c4:f4:29:e6:03:88:9d:4d:63:06:ed:16:d3:30:9d:
         76:79:eb:9b:a9:93:4a:78:1c:3b:dc:0b:6d:7b:53:b3:20:c6:
         6d:5b:a7:c1:8b:20:aa:ab:b7:ff:b9:99:a0:a0:a1:0b:8c:1f:
         68:87:43:1e:d1:3d:1c:ae:c8:0b:4b:f8:d1:cf:f4:e6:38:a2:
         e2:cf:88:47
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQks/47ZJ2hOzDtjmXfdQ2ZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM1NGRkODgyODUyY2M0NTg2YjFmZWUzNGMwNTAxZDVkYjdk
NjBmMGIwHhcNMjUwMTAyMDE0OTIzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YzBhY2I1NmRiNTdmZjAwODE5Y2EzYjZiYmM2ZDYzM2M1NjRkY2Q1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2doaXWLqbYP0TfyscBAJNY/ZANpU
/DQGCNA7COfMfngpUXiydhBK3R1aCGyrkjS9MGVxs2rczyQ/by24o9vQ/Oog8cgb
88YAwEE0tqAoW0RmhrtFA9xgoYtXVC2ETRPNV5GZEIGaeZN340SF0bBAZuZMKlWe
nCqs6JZd2wLi0vnljrIhndSMXVrEKN/PC/Hm3DkqV/ixTO3J43xU5VH68E+X6HOE
RM35BYWLmHBniugJyZDNJrIwjDwDyyslGf7cy0mXxhjQbvS/Sm0rTgi8OMk6ycOW
QAgPnFfRvUB2a4nD0G9u8mtDcKas5atbAXNyOsx567B4VZ3CbFxXdUvDUQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFFwKy1bbV/8AgZyjtrvG1jPFZNzVMB8GA1UdIwQY
MBaAFMVN2IKFLMRYax/uNMBQHV231g8LMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveFUzWWdvVXN4RmhySC00MHdGQWRYYmZXRHdzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny82NDg3OWItNmM2OC00NTk3LTlmYWIt
NmZiZTI5MzE3MWZlLzEvWEFyTFZ0dFhfd0NCbktPMnU4YldNOFZrM05VLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ny82NDg3OWItNmM2OC00NTk3LTlmYWItNmZiZTI5MzE3MWZl
LzEveFUzWWdvVXN4RmhySC00MHdGQWRYYmZXRHdzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCufaQMA0E
AgACMAcDBQAqDYWAMA0GCSqGSIb3DQEBCwUAA4IBAQBr68SlUDMN+QaKZ+wGlNKk
AIdRrox+xsiqBGRbO4M4aooZ6QC2nsmf9ImiOsaMFmZoIxi2qFZTYc+aUUdCpRQY
0xx7LpfXuqMIsuMklDfjEXUw09pVh+nlDAZHquynU2lRlF07v3hSHIqIFSnw3grS
REcvktx6TGLfApedIbCU8UGZDxkjIKfK2nuX9JsnC9jW8k+mAJEzvpylZyigl/UT
DOfASo++artbGNx9Uz7ydTGQVvIYqOHE9CnmA4idTWMG7RbTMJ12eeubqZNKeBw7
3Atte1OzIMZtW6fBiyCqq7f/uZmgoKELjB9oh0Me0T0crsgLS/jRz/TmOKLiz4hH
-----END CERTIFICATE-----