Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/88/d351bf-71ce-4857-9e50-c2647385e727/1/R5r0xeVYQuyhFWywaHju63NvX88.roa
File:                     R5r0xeVYQuyhFWywaHju63NvX88.roa (raw, json)
Hash identifier:          gil6oFrijLp6JqgDOMjfduAOivvAur9Q9eunuVq1Ysg=
Subject key identifier:   47:9A:F4:C5:E5:58:42:EC:A1:15:6C:B0:68:78:EE:EB:73:6F:5F:CF
Certificate issuer:       /CN=d9ad18f4c36067220f4d833cbc78a10f94eb0888
Certificate serial:       019424B3A5A33DFC36F0BADFC50B7C9A7C5D
Authority key identifier: D9:AD:18:F4:C3:60:67:22:0F:4D:83:3C:BC:78:A1:0F:94:EB:08:88
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2a0Y9MNgZyIPTYM8vHihD5TrCIg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/88/d351bf-71ce-4857-9e50-c2647385e727/1/R5r0xeVYQuyhFWywaHju63NvX88.roa
Signing time:             Thu 02 Jan 2025 01:49:00 +0000
ROA not before:           Thu 02 Jan 2025 01:49:00 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     208652
IP address blocks:        185.72.51.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/88/d351bf-71ce-4857-9e50-c2647385e727/1/2a0Y9MNgZyIPTYM8vHihD5TrCIg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/88/d351bf-71ce-4857-9e50-c2647385e727/1/2a0Y9MNgZyIPTYM8vHihD5TrCIg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2a0Y9MNgZyIPTYM8vHihD5TrCIg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 23 Apr 2025 04:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:b3:a5:a3:3d:fc:36:f0:ba:df:c5:0b:7c:9a:7c:5d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d9ad18f4c36067220f4d833cbc78a10f94eb0888
        Validity
            Not Before: Jan  2 01:49:00 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=479af4c5e55842eca1156cb06878eeeb736f5fcf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:9d:9c:5a:c5:2a:c6:b9:5f:c9:96:28:6b:a5:
                    ae:93:c2:f9:05:fe:8b:30:e4:5b:bb:8f:23:74:37:
                    00:e3:64:35:ba:e6:09:7c:c4:6d:33:2d:f1:4a:74:
                    81:02:a3:7b:13:f5:f5:29:b6:ff:e2:3b:23:1c:e4:
                    d1:e0:35:cb:89:24:63:c9:cf:58:b0:81:92:cd:a8:
                    cd:47:88:3d:40:22:0d:0c:9b:d3:bc:db:72:53:6e:
                    7f:60:49:cc:d0:aa:2f:84:54:7d:ab:af:c5:05:48:
                    2f:64:e9:dc:b3:24:3e:26:c7:b5:46:9c:f6:f6:3b:
                    fb:df:d8:cd:62:5e:50:1d:cf:04:15:32:38:de:1d:
                    61:bb:8a:80:33:e9:73:52:9b:c2:c7:13:c6:a0:d0:
                    5e:b0:24:4f:11:9b:ba:9f:79:e6:2f:33:54:1d:73:
                    bb:b5:89:46:97:b9:ba:8b:de:b6:c7:7a:29:8a:4a:
                    40:a6:9b:33:db:ee:d4:3a:18:24:8c:18:20:6e:8e:
                    2b:95:5d:ff:70:ca:cb:c3:c2:24:c1:14:5c:09:0c:
                    dc:aa:d9:12:bc:21:9d:df:8d:61:36:35:5b:6a:d1:
                    a0:83:29:9b:b4:ad:21:65:1d:f5:ee:e3:83:e4:1c:
                    91:98:31:13:bd:b7:9c:d5:1c:6d:7c:ee:ef:8a:be:
                    8a:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                47:9A:F4:C5:E5:58:42:EC:A1:15:6C:B0:68:78:EE:EB:73:6F:5F:CF
            X509v3 Authority Key Identifier:
                keyid:D9:AD:18:F4:C3:60:67:22:0F:4D:83:3C:BC:78:A1:0F:94:EB:08:88

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2a0Y9MNgZyIPTYM8vHihD5TrCIg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/88/d351bf-71ce-4857-9e50-c2647385e727/1/R5r0xeVYQuyhFWywaHju63NvX88.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/88/d351bf-71ce-4857-9e50-c2647385e727/1/2a0Y9MNgZyIPTYM8vHihD5TrCIg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.72.51.0/24

    Signature Algorithm: sha256WithRSAEncryption
         36:49:3b:3f:94:d1:3f:0e:2e:7e:b3:1a:f1:1a:5f:ab:b5:87:
         8f:bf:aa:35:50:67:70:8d:d3:38:2d:e4:13:0e:ff:b3:8c:ec:
         97:1a:7a:e0:1d:7d:54:4a:ea:b9:e9:5b:ac:ee:ea:fc:0f:8e:
         3d:6f:41:87:a1:c1:6d:6c:9f:bf:9d:e4:3e:4c:e5:3b:16:8f:
         cc:2a:9b:9a:54:f0:34:12:4a:77:3a:0c:b1:6f:3a:75:b0:46:
         05:e4:b5:a8:8f:c8:8c:eb:4f:bc:cc:00:c4:60:74:99:2e:d5:
         8a:aa:0d:59:5d:3c:a0:f0:bc:e7:31:a1:90:0c:4f:4e:f3:f3:
         7a:4d:4d:bc:a3:73:05:64:d3:29:63:ed:2b:57:31:1a:5d:6b:
         4a:8c:de:aa:7f:ad:99:68:87:ba:9a:8b:2d:70:e2:92:25:06:
         40:ad:63:90:e9:f9:e4:6f:1d:1c:a0:eb:b9:39:2a:ee:4b:58:
         f7:34:c4:4e:e0:94:d7:03:2d:e2:27:69:6a:1b:78:06:4e:52:
         10:3e:ff:32:01:22:4b:ac:61:9e:e8:b5:57:77:cc:e6:38:5f:
         a7:27:93:35:db:17:ce:ed:a3:3a:3f:e1:6c:c8:b2:1a:49:6c:
         8a:95:6b:4a:9b:4c:cb:64:dc:80:91:cd:1d:f4:bd:c4:5e:6e:
         d6:eb:cc:a5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQks6WjPfw28LrfxQt8mnxdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ5YWQxOGY0YzM2MDY3MjIwZjRkODMzY2JjNzhhMTBmOTRl
YjA4ODgwHhcNMjUwMTAyMDE0OTAwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NzlhZjRjNWU1NTg0MmVjYTExNTZjYjA2ODc4ZWVlYjczNmY1ZmNmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqJ2cWsUqxrlfyZYoa6Wuk8L5Bf6L
MORbu48jdDcA42Q1uuYJfMRtMy3xSnSBAqN7E/X1Kbb/4jsjHOTR4DXLiSRjyc9Y
sIGSzajNR4g9QCINDJvTvNtyU25/YEnM0KovhFR9q6/FBUgvZOncsyQ+Jse1Rpz2
9jv739jNYl5QHc8EFTI43h1hu4qAM+lzUpvCxxPGoNBesCRPEZu6n3nmLzNUHXO7
tYlGl7m6i962x3opikpAppsz2+7UOhgkjBggbo4rlV3/cMrLw8IkwRRcCQzcqtkS
vCGd341hNjVbatGggymbtK0hZR317uOD5ByRmDETvbec1RxtfO7vir6K8wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEea9MXlWELsoRVssGh47utzb1/PMB8GA1UdIwQY
MBaAFNmtGPTDYGciD02DPLx4oQ+U6wiIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMmEwWTlNTmdaeUlQVFlNOHZIaWhENVRyQ0lnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84OC9kMzUxYmYtNzFjZS00ODU3LTllNTAt
YzI2NDczODVlNzI3LzEvUjVyMHhlVllRdXloRld5d2FIanU2M052WDg4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84OC9kMzUxYmYtNzFjZS00ODU3LTllNTAtYzI2NDczODVlNzI3
LzEvMmEwWTlNTmdaeUlQVFlNOHZIaWhENVRyQ0lnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuUgzMA0G
CSqGSIb3DQEBCwUAA4IBAQA2STs/lNE/Di5+sxrxGl+rtYePv6o1UGdwjdM4LeQT
Dv+zjOyXGnrgHX1USuq56Vus7ur8D449b0GHocFtbJ+/neQ+TOU7Fo/MKpuaVPA0
Ekp3Ogyxbzp1sEYF5LWoj8iM60+8zADEYHSZLtWKqg1ZXTyg8LznMaGQDE9O8/N6
TU28o3MFZNMpY+0rVzEaXWtKjN6qf62ZaIe6mostcOKSJQZArWOQ6fnkbx0coOu5
OSruS1j3NMRO4JTXAy3iJ2lqG3gGTlIQPv8yASJLrGGe6LVXd8zmOF+nJ5M12xfO
7aM6P+FsyLIaSWyKlWtKm0zLZNyAkc0d9L3EXm7W68yl
-----END CERTIFICATE-----