Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8c/c0b53a-eeec-4038-9238-f81ac56cc3dc/1/rja0swvI9FWxE8KMSBLX04uSXw0.roa
File:                     rja0swvI9FWxE8KMSBLX04uSXw0.roa (raw, json)
Hash identifier:          Z2Ufwd9m2IoyJqT+av4hl2D/R56gkSmO/5BjIjrBUGs=
Subject key identifier:   AE:36:B4:B3:0B:C8:F4:55:B1:13:C2:8C:48:12:D7:D3:8B:92:5F:0D
Certificate issuer:       /CN=55e30ba0ecc6e69189463561d4ea54c23d138f3c
Certificate serial:       01942445451DD4DA727516176DA94D82291F
Authority key identifier: 55:E3:0B:A0:EC:C6:E6:91:89:46:35:61:D4:EA:54:C2:3D:13:8F:3C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VeMLoOzG5pGJRjVh1OpUwj0Tjzw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8c/c0b53a-eeec-4038-9238-f81ac56cc3dc/1/rja0swvI9FWxE8KMSBLX04uSXw0.roa
Signing time:             Wed 01 Jan 2025 23:48:26 +0000
ROA not before:           Wed 01 Jan 2025 23:48:26 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     205891
IP address blocks:        5.182.68.0/22 maxlen: 22
                          185.55.212.0/22 maxlen: 22
                          2a02:4e20::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8c/c0b53a-eeec-4038-9238-f81ac56cc3dc/1/VeMLoOzG5pGJRjVh1OpUwj0Tjzw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8c/c0b53a-eeec-4038-9238-f81ac56cc3dc/1/VeMLoOzG5pGJRjVh1OpUwj0Tjzw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VeMLoOzG5pGJRjVh1OpUwj0Tjzw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:45:45:1d:d4:da:72:75:16:17:6d:a9:4d:82:29:1f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=55e30ba0ecc6e69189463561d4ea54c23d138f3c
        Validity
            Not Before: Jan  1 23:48:26 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ae36b4b30bc8f455b113c28c4812d7d38b925f0d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:a1:0d:e6:5a:b3:11:88:9d:57:04:da:8f:39:
                    61:70:ad:a2:89:c1:0d:2d:b3:3e:e4:6e:f5:5e:d9:
                    c8:86:22:06:cf:93:b9:27:fb:e3:dc:8a:31:3e:a5:
                    4d:02:32:84:4b:7e:85:3d:5d:fa:1d:28:2a:b2:0b:
                    fb:07:2f:8d:8e:9a:d0:55:6f:43:93:f1:2e:19:60:
                    39:cd:ca:94:c1:0a:9e:e0:be:45:49:ce:60:e6:d2:
                    8b:ec:ac:7e:63:6e:a1:0e:a6:f3:91:f9:62:eb:60:
                    72:b2:ca:5e:f2:84:0b:ec:55:d8:c6:d4:a1:fa:e1:
                    8d:c9:f6:46:82:f9:14:d8:48:91:47:a8:97:d1:70:
                    2a:19:f7:f3:35:82:13:b4:ec:ef:13:ba:f8:44:1e:
                    56:03:4c:8f:fd:13:ed:24:c1:bc:53:bc:46:8f:e0:
                    54:93:f9:cf:91:7f:83:ca:e0:04:9c:41:5a:c5:4a:
                    d8:af:76:72:62:1c:d4:f7:72:cf:03:b0:48:d0:b7:
                    b9:3a:cc:da:b1:be:93:e4:48:fa:de:5f:c0:1a:9f:
                    01:4a:ac:6a:13:7d:89:1e:cf:39:2b:61:70:e5:bd:
                    77:61:3f:ba:fb:4f:82:59:04:ce:f9:5c:28:4c:b2:
                    8c:b5:1f:95:08:04:ef:5d:67:b9:d6:0f:ab:1c:87:
                    0b:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AE:36:B4:B3:0B:C8:F4:55:B1:13:C2:8C:48:12:D7:D3:8B:92:5F:0D
            X509v3 Authority Key Identifier:
                keyid:55:E3:0B:A0:EC:C6:E6:91:89:46:35:61:D4:EA:54:C2:3D:13:8F:3C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VeMLoOzG5pGJRjVh1OpUwj0Tjzw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8c/c0b53a-eeec-4038-9238-f81ac56cc3dc/1/rja0swvI9FWxE8KMSBLX04uSXw0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8c/c0b53a-eeec-4038-9238-f81ac56cc3dc/1/VeMLoOzG5pGJRjVh1OpUwj0Tjzw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.182.68.0/22
                  185.55.212.0/22
                IPv6:
                  2a02:4e20::/32

    Signature Algorithm: sha256WithRSAEncryption
         b6:59:ab:18:51:4c:1a:b6:da:25:ef:6c:8b:ca:52:44:2f:03:
         ab:60:bc:ae:45:04:9d:c8:ad:e2:73:ce:db:d5:94:dc:79:c2:
         8f:bb:e0:f2:3e:1f:df:ff:2a:b4:7e:dd:4b:d6:0d:94:03:64:
         fd:9c:75:11:23:c5:8d:53:2e:c9:32:f3:43:54:e4:63:ea:ad:
         95:70:65:90:39:8e:c1:ea:e5:83:2a:77:4f:1c:71:dd:bb:8c:
         2f:40:a6:26:5e:47:4c:71:f6:ab:a6:71:12:46:58:0f:ef:5f:
         ac:b0:ce:c1:34:71:9d:57:a4:90:1d:27:3c:96:d3:30:6a:01:
         ae:d6:3e:7e:4b:e8:b8:f0:0b:f0:2d:b8:c7:94:d2:a0:f2:af:
         e2:93:6d:3f:ee:ff:31:2f:98:c4:b4:c4:2b:a6:08:21:52:8a:
         67:e6:4d:9b:dd:ce:26:30:a7:31:08:b5:b7:ac:93:eb:34:c4:
         f4:65:8b:1c:7d:80:6d:85:bb:d8:f9:70:a4:0e:3f:5c:33:8b:
         8d:ef:f2:09:02:a9:7c:00:80:25:e1:53:b0:1d:e5:3b:dd:19:
         aa:a2:f6:e0:53:91:4d:7a:76:f8:d5:c3:02:c9:4d:cb:b1:1f:
         22:3c:6e:b2:8b:7e:93:89:f5:a4:4e:f0:57:6d:d3:a1:2b:dc:
         89:71:33:7c
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZQkRUUd1NpydRYXbalNgikfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU1ZTMwYmEwZWNjNmU2OTE4OTQ2MzU2MWQ0ZWE1NGMyM2Qx
MzhmM2MwHhcNMjUwMTAxMjM0ODI2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZTM2YjRiMzBiYzhmNDU1YjExM2MyOGM0ODEyZDdkMzhiOTI1ZjBkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0KEN5lqzEYidVwTajzlhcK2iicEN
LbM+5G71XtnIhiIGz5O5J/vj3IoxPqVNAjKES36FPV36HSgqsgv7By+NjprQVW9D
k/EuGWA5zcqUwQqe4L5FSc5g5tKL7Kx+Y26hDqbzkfli62Bysspe8oQL7FXYxtSh
+uGNyfZGgvkU2EiRR6iX0XAqGffzNYITtOzvE7r4RB5WA0yP/RPtJMG8U7xGj+BU
k/nPkX+DyuAEnEFaxUrYr3ZyYhzU93LPA7BI0Le5Oszasb6T5Ej63l/AGp8BSqxq
E32JHs85K2Fw5b13YT+6+0+CWQTO+VwoTLKMtR+VCATvXWe51g+rHIcLkwIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFK42tLMLyPRVsRPCjEgS19OLkl8NMB8GA1UdIwQY
MBaAFFXjC6DsxuaRiUY1YdTqVMI9E488MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVmVNTG9Pekc1cEdKUmpWaDFPcFV3ajBUanp3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Yy9jMGI1M2EtZWVlYy00MDM4LTkyMzgt
ZjgxYWM1NmNjM2RjLzEvcmphMHN3dkk5Rld4RThLTVNCTFgwNHVTWHcwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Yy9jMGI1M2EtZWVlYy00MDM4LTkyMzgtZjgxYWM1NmNjM2Rj
LzEvVmVNTG9Pekc1cEdKUmpWaDFPcFV3ajBUanp3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQCBbZEAwQC
uTfUMA0EAgACMAcDBQAqAk4gMA0GCSqGSIb3DQEBCwUAA4IBAQC2WasYUUwattol
72yLylJELwOrYLyuRQSdyK3ic87b1ZTcecKPu+DyPh/f/yq0ft1L1g2UA2T9nHUR
I8WNUy7JMvNDVORj6q2VcGWQOY7B6uWDKndPHHHdu4wvQKYmXkdMcfarpnESRlgP
71+ssM7BNHGdV6SQHSc8ltMwagGu1j5+S+i48AvwLbjHlNKg8q/ik20/7v8xL5jE
tMQrpgghUopn5k2b3c4mMKcxCLW3rJPrNMT0ZYscfYBthbvY+XCkDj9cM4uN7/IJ
Aql8AIAl4VOwHeU73RmqovbgU5FNenb41cMCyU3LsR8iPG6yi36TifWkTvBXbdOh
K9yJcTN8
-----END CERTIFICATE-----