Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/91/caac0e-5268-423a-afb0-449152f1d3b7/1/XOs9GWbQQcB_n_z1bgeOfcG86tI.roa
File:                     XOs9GWbQQcB_n_z1bgeOfcG86tI.roa (raw, json)
Hash identifier:          +cMtfCuRrVq0izGBXZFPK0kvh5ocAHr52g05OcQaim4=
Subject key identifier:   5C:EB:3D:19:66:D0:41:C0:7F:9F:FC:F5:6E:07:8E:7D:C1:BC:EA:D2
Certificate issuer:       /CN=109b05a35d4109a1e4a834ccadacdd2c6f56b05a
Certificate serial:       01942067F87CC01BC1FA802BBF04A6458476
Authority key identifier: 10:9B:05:A3:5D:41:09:A1:E4:A8:34:CC:AD:AC:DD:2C:6F:56:B0:5A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/EJsFo11BCaHkqDTMrazdLG9WsFo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/91/caac0e-5268-423a-afb0-449152f1d3b7/1/XOs9GWbQQcB_n_z1bgeOfcG86tI.roa
Signing time:             Wed 01 Jan 2025 05:47:52 +0000
ROA not before:           Wed 01 Jan 2025 05:47:52 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     197667
IP address blocks:        185.139.40.0/22 maxlen: 22
                          185.139.41.0/24 maxlen: 24
                          185.139.42.0/24 maxlen: 24
                          185.139.43.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/91/caac0e-5268-423a-afb0-449152f1d3b7/1/EJsFo11BCaHkqDTMrazdLG9WsFo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/91/caac0e-5268-423a-afb0-449152f1d3b7/1/EJsFo11BCaHkqDTMrazdLG9WsFo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/EJsFo11BCaHkqDTMrazdLG9WsFo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 22 Apr 2025 10:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:67:f8:7c:c0:1b:c1:fa:80:2b:bf:04:a6:45:84:76
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=109b05a35d4109a1e4a834ccadacdd2c6f56b05a
        Validity
            Not Before: Jan  1 05:47:52 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5ceb3d1966d041c07f9ffcf56e078e7dc1bcead2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:dd:a5:f0:79:e1:6c:b1:ee:0f:4d:db:bc:3c:
                    1f:5a:ec:e2:9c:c0:6a:cf:ad:e8:6c:d8:af:f4:26:
                    64:b0:e5:d8:67:cf:3c:f5:40:89:8d:e3:d4:06:3b:
                    af:5d:9b:02:8d:de:fc:75:1c:63:b8:3e:6e:07:2e:
                    be:14:e3:ff:93:01:8b:2d:b7:63:63:2e:c1:d6:a1:
                    76:69:28:27:6f:1e:3c:4a:42:67:d5:c1:fa:61:dc:
                    1b:36:17:5b:5c:ec:91:9a:7e:2a:3d:18:37:b9:13:
                    ef:0a:56:08:ef:d1:fd:90:c8:bb:cc:5c:ad:cf:3d:
                    bc:7f:9b:86:4f:e5:10:71:40:8f:e0:b8:05:89:ab:
                    c2:09:cb:61:5c:56:e9:48:cf:f0:c4:8b:1e:e5:f7:
                    e0:89:9b:20:8b:74:d9:06:9f:3e:16:ac:8b:e7:f9:
                    0d:d5:c5:19:02:23:d8:be:46:2c:f0:0e:11:2a:03:
                    9f:f3:5c:44:92:ee:be:9e:be:f0:ca:23:3e:41:6a:
                    93:e9:aa:54:18:f7:cf:5c:b0:45:27:9a:5f:99:e9:
                    dc:32:40:2c:e8:47:f8:2b:85:eb:e2:ba:10:a7:17:
                    47:a5:71:84:4d:7e:c5:38:a1:ce:1a:f9:2a:7b:8a:
                    a3:ce:c6:a7:d7:0d:b4:49:74:61:3b:f2:38:a2:cb:
                    21:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5C:EB:3D:19:66:D0:41:C0:7F:9F:FC:F5:6E:07:8E:7D:C1:BC:EA:D2
            X509v3 Authority Key Identifier:
                keyid:10:9B:05:A3:5D:41:09:A1:E4:A8:34:CC:AD:AC:DD:2C:6F:56:B0:5A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EJsFo11BCaHkqDTMrazdLG9WsFo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/91/caac0e-5268-423a-afb0-449152f1d3b7/1/XOs9GWbQQcB_n_z1bgeOfcG86tI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/91/caac0e-5268-423a-afb0-449152f1d3b7/1/EJsFo11BCaHkqDTMrazdLG9WsFo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.139.40.0/22

    Signature Algorithm: sha256WithRSAEncryption
         66:70:d9:c1:f3:77:55:a5:69:e9:41:85:c1:67:78:8d:1d:e7:
         01:cb:f9:6d:1c:2b:45:e0:97:5a:d4:1d:92:a5:71:b6:e7:9c:
         55:95:31:a8:da:b1:f6:f2:16:a9:2b:93:ac:a1:16:2f:de:1b:
         de:d1:ac:d4:3e:76:e0:ad:1e:b3:bb:01:8c:2e:b9:ad:88:dc:
         90:20:3f:ca:06:92:14:6d:81:70:54:f6:aa:7c:52:57:33:06:
         f6:0c:cb:cc:dd:ae:46:be:2f:8f:f8:82:ee:96:09:a4:22:85:
         d6:67:dd:6e:16:87:0b:98:b7:2f:db:b9:ae:03:4d:ec:bb:3f:
         f9:a8:23:24:3a:2e:f8:40:5d:e2:8a:a9:d6:db:57:a4:51:3c:
         e8:bb:43:ac:7d:0a:f5:a2:8e:94:8b:75:2f:d2:a3:e4:45:b9:
         65:cb:f0:30:c9:ed:66:71:e7:41:61:c3:3b:22:78:ea:7b:13:
         77:c1:eb:92:22:96:9c:f5:c1:2f:9a:fb:53:2c:22:83:57:70:
         6c:64:f8:a3:4b:b8:32:9c:43:87:72:ec:d4:fc:e5:17:6b:0f:
         90:38:7c:92:4a:d4:c8:4d:54:da:9b:d9:57:56:af:70:00:9a:
         7e:c4:1a:79:26:57:30:d7:2a:1a:b6:ad:2c:67:0e:f4:67:9d:
         50:08:25:ed
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQgZ/h8wBvB+oArvwSmRYR2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEwOWIwNWEzNWQ0MTA5YTFlNGE4MzRjY2FkYWNkZDJjNmY1
NmIwNWEwHhcNMjUwMTAxMDU0NzUyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1Y2ViM2QxOTY2ZDA0MWMwN2Y5ZmZjZjU2ZTA3OGU3ZGMxYmNlYWQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxN2l8HnhbLHuD03bvDwfWuzinMBq
z63obNiv9CZksOXYZ8889UCJjePUBjuvXZsCjd78dRxjuD5uBy6+FOP/kwGLLbdj
Yy7B1qF2aSgnbx48SkJn1cH6YdwbNhdbXOyRmn4qPRg3uRPvClYI79H9kMi7zFyt
zz28f5uGT+UQcUCP4LgFiavCCcthXFbpSM/wxIse5ffgiZsgi3TZBp8+FqyL5/kN
1cUZAiPYvkYs8A4RKgOf81xEku6+nr7wyiM+QWqT6apUGPfPXLBFJ5pfmencMkAs
6Ef4K4Xr4roQpxdHpXGETX7FOKHOGvkqe4qjzsan1w20SXRhO/I4ossh0QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFzrPRlm0EHAf5/89W4Hjn3BvOrSMB8GA1UdIwQY
MBaAFBCbBaNdQQmh5Kg0zK2s3SxvVrBaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRUpzRm8xMUJDYUhrcURUTXJhemRMRzlXc0ZvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85MS9jYWFjMGUtNTI2OC00MjNhLWFmYjAt
NDQ5MTUyZjFkM2I3LzEvWE9zOUdXYlFRY0Jfbl96MWJnZU9mY0c4NnRJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85MS9jYWFjMGUtNTI2OC00MjNhLWFmYjAtNDQ5MTUyZjFkM2I3
LzEvRUpzRm8xMUJDYUhrcURUTXJhemRMRzlXc0ZvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuYsoMA0G
CSqGSIb3DQEBCwUAA4IBAQBmcNnB83dVpWnpQYXBZ3iNHecBy/ltHCtF4Jda1B2S
pXG255xVlTGo2rH28hapK5OsoRYv3hve0azUPnbgrR6zuwGMLrmtiNyQID/KBpIU
bYFwVPaqfFJXMwb2DMvM3a5Gvi+P+ILulgmkIoXWZ91uFocLmLcv27muA03suz/5
qCMkOi74QF3iiqnW21ekUTzou0OsfQr1oo6Ui3Uv0qPkRblly/Awye1mcedBYcM7
InjqexN3weuSIpac9cEvmvtTLCKDV3BsZPijS7gynEOHcuzU/OUXaw+QOHySStTI
TVTam9lXVq9wAJp+xBp5Jlcw1yoatq0sZw70Z51QCCXt
-----END CERTIFICATE-----