Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/89/b4e503-574b-4565-9217-c511a3e912b6/1/P6YsCB60bdxzv4t_5XQIIDzFPeY.roa
File:                     P6YsCB60bdxzv4t_5XQIIDzFPeY.roa (raw, json)
Hash identifier:          xUCT7UgrS19y4qu5oqKezYDaIbTPOH3d0vqLz4yp/ZM=
Subject key identifier:   3F:A6:2C:08:1E:B4:6D:DC:73:BF:8B:7F:E5:74:08:20:3C:C5:3D:E6
Certificate issuer:       /CN=e4c86da3f483246518d368034bc86113906a55a3
Certificate serial:       019420681CA5CD800FFE542CCABF9E51A447
Authority key identifier: E4:C8:6D:A3:F4:83:24:65:18:D3:68:03:4B:C8:61:13:90:6A:55:A3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5Mhto_SDJGUY02gDS8hhE5BqVaM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/89/b4e503-574b-4565-9217-c511a3e912b6/1/P6YsCB60bdxzv4t_5XQIIDzFPeY.roa
Signing time:             Wed 01 Jan 2025 05:48:01 +0000
ROA not before:           Wed 01 Jan 2025 05:48:01 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     5089
IP address blocks:        185.10.120.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/89/b4e503-574b-4565-9217-c511a3e912b6/1/5Mhto_SDJGUY02gDS8hhE5BqVaM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/89/b4e503-574b-4565-9217-c511a3e912b6/1/5Mhto_SDJGUY02gDS8hhE5BqVaM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/5Mhto_SDJGUY02gDS8hhE5BqVaM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 22:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:68:1c:a5:cd:80:0f:fe:54:2c:ca:bf:9e:51:a4:47
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e4c86da3f483246518d368034bc86113906a55a3
        Validity
            Not Before: Jan  1 05:48:01 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3fa62c081eb46ddc73bf8b7fe57408203cc53de6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:f3:b3:77:36:58:8a:9b:59:25:b2:88:e8:ec:
                    66:e8:b5:14:cf:40:25:bc:98:80:57:89:6d:17:64:
                    eb:3c:a2:d9:4f:47:22:ea:fe:58:39:f0:4d:42:c3:
                    31:4d:f5:ee:ee:2e:dc:51:40:d7:3a:68:95:25:5e:
                    04:3f:73:74:29:fd:a3:85:8d:c4:f0:9a:25:5d:99:
                    a8:64:35:2e:b8:8d:ba:5b:11:8d:c0:de:3a:42:39:
                    67:f3:27:15:a5:66:84:4a:6c:c4:7d:3a:55:b5:5b:
                    2e:a9:a4:ae:97:57:e0:26:95:eb:c3:a6:c1:86:a4:
                    c5:e8:31:6f:d6:8e:bc:5f:ff:d4:66:84:51:a0:c1:
                    3f:df:b4:58:0b:ff:46:ef:32:0f:8c:0b:d9:ac:f2:
                    b0:db:43:0a:90:4a:9d:87:20:34:95:4b:94:a3:93:
                    c1:12:b3:08:81:e7:7b:fb:0b:6f:9d:61:e6:04:a8:
                    07:d4:2e:38:03:b3:59:13:13:81:c7:56:f6:7b:f4:
                    87:8e:9e:f9:9f:13:dd:42:10:c6:32:f8:5e:13:64:
                    eb:1f:4f:ad:7d:36:e6:8d:18:0d:5e:4d:ae:4b:f1:
                    45:fe:cd:d5:13:e0:bf:bd:14:c1:99:fb:2b:6c:64:
                    1d:96:67:54:65:21:c6:42:51:61:fd:25:c7:4e:ec:
                    5a:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3F:A6:2C:08:1E:B4:6D:DC:73:BF:8B:7F:E5:74:08:20:3C:C5:3D:E6
            X509v3 Authority Key Identifier:
                keyid:E4:C8:6D:A3:F4:83:24:65:18:D3:68:03:4B:C8:61:13:90:6A:55:A3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5Mhto_SDJGUY02gDS8hhE5BqVaM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/89/b4e503-574b-4565-9217-c511a3e912b6/1/P6YsCB60bdxzv4t_5XQIIDzFPeY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/89/b4e503-574b-4565-9217-c511a3e912b6/1/5Mhto_SDJGUY02gDS8hhE5BqVaM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.10.120.0/23

    Signature Algorithm: sha256WithRSAEncryption
         30:fd:d6:0d:f9:d8:b1:ec:50:ed:a0:f8:92:36:b3:76:2f:31:
         9e:34:8f:d6:fe:d1:44:cc:56:f0:93:9e:0c:51:ad:0e:80:a3:
         d6:4b:65:19:17:cc:0e:f6:99:ce:b2:52:7c:19:97:81:54:bc:
         c7:18:6f:a6:fb:66:59:fe:01:77:e1:a0:0f:d6:18:6f:d4:3a:
         5d:d4:0d:33:5a:3e:b3:aa:d7:93:4c:5f:e4:58:9f:b1:9b:7d:
         3e:3a:cb:af:f4:8a:e1:4e:46:56:83:ea:63:55:d0:f5:89:94:
         cd:a1:ea:42:bc:6e:f7:7f:bd:ca:38:cf:53:08:32:ed:ee:f5:
         95:bd:5a:13:a5:7a:11:fc:c7:8a:68:29:cc:1f:72:05:db:36:
         79:66:88:ed:55:b4:c3:2f:7f:1e:42:1c:1f:96:d9:54:18:0e:
         61:cf:57:32:3a:69:93:f3:c6:da:ce:1c:f4:cf:91:83:d4:89:
         ce:33:29:66:bb:b8:ea:0c:71:65:44:a7:5f:c8:15:54:c8:bd:
         22:fb:85:60:93:e3:90:c6:93:41:8e:56:9d:ec:3b:d4:8c:49:
         88:ba:6b:a5:db:dd:f6:41:a0:ba:45:4a:f8:e3:17:b9:ae:47:
         0e:2f:f4:85:e8:c5:b4:5b:c1:66:4d:10:78:15:a2:4b:a6:55:
         2f:0e:c8:52
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQgaBylzYAP/lQsyr+eUaRHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU0Yzg2ZGEzZjQ4MzI0NjUxOGQzNjgwMzRiYzg2MTEzOTA2
YTU1YTMwHhcNMjUwMTAxMDU0ODAxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZmE2MmMwODFlYjQ2ZGRjNzNiZjhiN2ZlNTc0MDgyMDNjYzUzZGU2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0/OzdzZYiptZJbKI6Oxm6LUUz0Al
vJiAV4ltF2TrPKLZT0ci6v5YOfBNQsMxTfXu7i7cUUDXOmiVJV4EP3N0Kf2jhY3E
8JolXZmoZDUuuI26WxGNwN46Qjln8ycVpWaESmzEfTpVtVsuqaSul1fgJpXrw6bB
hqTF6DFv1o68X//UZoRRoME/37RYC/9G7zIPjAvZrPKw20MKkEqdhyA0lUuUo5PB
ErMIged7+wtvnWHmBKgH1C44A7NZExOBx1b2e/SHjp75nxPdQhDGMvheE2TrH0+t
fTbmjRgNXk2uS/FF/s3VE+C/vRTBmfsrbGQdlmdUZSHGQlFh/SXHTuxa4QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFD+mLAgetG3cc7+Lf+V0CCA8xT3mMB8GA1UdIwQY
MBaAFOTIbaP0gyRlGNNoA0vIYROQalWjMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNU1odG9fU0RKR1VZMDJnRFM4aGhFNUJxVmFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84OS9iNGU1MDMtNTc0Yi00NTY1LTkyMTct
YzUxMWEzZTkxMmI2LzEvUDZZc0NCNjBiZHh6djR0XzVYUUlJRHpGUGVZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84OS9iNGU1MDMtNTc0Yi00NTY1LTkyMTctYzUxMWEzZTkxMmI2
LzEvNU1odG9fU0RKR1VZMDJnRFM4aGhFNUJxVmFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBuQp4MA0G
CSqGSIb3DQEBCwUAA4IBAQAw/dYN+dix7FDtoPiSNrN2LzGeNI/W/tFEzFbwk54M
Ua0OgKPWS2UZF8wO9pnOslJ8GZeBVLzHGG+m+2ZZ/gF34aAP1hhv1Dpd1A0zWj6z
qteTTF/kWJ+xm30+Osuv9IrhTkZWg+pjVdD1iZTNoepCvG73f73KOM9TCDLt7vWV
vVoTpXoR/MeKaCnMH3IF2zZ5ZojtVbTDL38eQhwfltlUGA5hz1cyOmmT88bazhz0
z5GD1InOMylmu7jqDHFlRKdfyBVUyL0i+4Vgk+OQxpNBjlad7DvUjEmIumul2932
QaC6RUr44xe5rkcOL/SF6MW0W8FmTRB4FaJLplUvDshS
-----END CERTIFICATE-----