Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a1/5c4a71-b38a-4eb4-8633-24b3572a83bb/1/X4PWvygxBdxI2bPS7qTomVF09pI.roa
File:                     X4PWvygxBdxI2bPS7qTomVF09pI.roa (raw, json)
Hash identifier:          2E6tFW6VfoZTEjVF3J8CP/Q2ZVMLRzmKJIsn7Czdp0g=
Subject key identifier:   5F:83:D6:BF:28:31:05:DC:48:D9:B3:D2:EE:A4:E8:99:51:74:F6:92
Certificate issuer:       /CN=2fe17bf80ee1e2e70db3ea05dc16f304e7090cf4
Certificate serial:       0194236909A4FA3BCDD5F4315B5B3F7A68EF
Authority key identifier: 2F:E1:7B:F8:0E:E1:E2:E7:0D:B3:EA:05:DC:16:F3:04:E7:09:0C:F4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/L-F7-A7h4ucNs-oF3BbzBOcJDPQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a1/5c4a71-b38a-4eb4-8633-24b3572a83bb/1/X4PWvygxBdxI2bPS7qTomVF09pI.roa
Signing time:             Wed 01 Jan 2025 19:47:53 +0000
ROA not before:           Wed 01 Jan 2025 19:47:53 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     203713
IP address blocks:        185.153.76.0/22 maxlen: 24
                          2a06:9880::/29 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a1/5c4a71-b38a-4eb4-8633-24b3572a83bb/1/L-F7-A7h4ucNs-oF3BbzBOcJDPQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a1/5c4a71-b38a-4eb4-8633-24b3572a83bb/1/L-F7-A7h4ucNs-oF3BbzBOcJDPQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/L-F7-A7h4ucNs-oF3BbzBOcJDPQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 22 Feb 2025 10:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:69:09:a4:fa:3b:cd:d5:f4:31:5b:5b:3f:7a:68:ef
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2fe17bf80ee1e2e70db3ea05dc16f304e7090cf4
        Validity
            Not Before: Jan  1 19:47:53 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5f83d6bf283105dc48d9b3d2eea4e8995174f692
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:05:33:60:5f:12:2f:72:e0:ec:a7:5a:9a:7e:
                    92:6e:f5:c0:88:d1:ac:b2:f5:d1:3f:e5:7a:13:cc:
                    da:95:e9:30:62:2c:2f:80:e6:50:7a:3a:55:0c:58:
                    2f:3c:eb:63:29:2b:43:e2:db:72:b4:8c:86:06:74:
                    eb:45:76:df:ec:ff:e1:db:a1:4b:d8:c9:e4:34:c5:
                    9f:95:e4:55:e7:b5:fa:a4:98:a3:89:0b:19:0a:87:
                    96:71:35:74:b8:78:59:e3:4c:53:35:b9:0b:24:6f:
                    7c:0e:f1:5c:be:b1:03:19:c1:6f:22:52:42:25:19:
                    63:58:d3:76:1d:17:a1:27:f3:4d:83:f6:56:9f:ec:
                    6c:2f:d6:28:cd:23:32:8c:eb:b4:08:6a:16:8f:e0:
                    25:15:16:85:0e:35:82:90:1b:7b:d2:09:63:93:e7:
                    74:6d:40:2d:0a:c2:29:96:77:9b:92:ac:7a:39:06:
                    49:1f:c1:c5:5d:f5:65:6e:68:6b:90:73:c4:36:5f:
                    e2:c6:09:8c:9f:42:46:cd:b6:6e:87:71:b0:4d:79:
                    ed:37:80:ba:9d:ff:8e:d2:ff:db:8a:87:ae:3d:cb:
                    9b:48:35:57:4c:fe:92:62:94:a8:2e:39:69:1d:83:
                    e2:f3:68:5c:c3:e1:25:cb:4c:94:85:80:aa:8e:7a:
                    86:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5F:83:D6:BF:28:31:05:DC:48:D9:B3:D2:EE:A4:E8:99:51:74:F6:92
            X509v3 Authority Key Identifier:
                keyid:2F:E1:7B:F8:0E:E1:E2:E7:0D:B3:EA:05:DC:16:F3:04:E7:09:0C:F4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/L-F7-A7h4ucNs-oF3BbzBOcJDPQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a1/5c4a71-b38a-4eb4-8633-24b3572a83bb/1/X4PWvygxBdxI2bPS7qTomVF09pI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a1/5c4a71-b38a-4eb4-8633-24b3572a83bb/1/L-F7-A7h4ucNs-oF3BbzBOcJDPQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.153.76.0/22
                IPv6:
                  2a06:9880::/29

    Signature Algorithm: sha256WithRSAEncryption
         3f:32:18:b1:63:8e:55:36:ea:ee:9a:10:14:70:e4:fe:56:ad:
         bc:0a:4f:83:c4:03:49:cc:4e:e5:50:40:94:e7:5b:83:d0:4d:
         91:ed:5e:6a:f2:65:de:47:68:06:31:5d:a2:64:28:ed:60:1a:
         f0:2c:cc:c6:89:88:df:04:27:59:27:cb:05:79:43:f7:cb:28:
         5f:98:2b:d2:87:2a:a0:0b:08:a2:17:94:cc:1b:e7:f6:01:be:
         84:0a:ef:75:f2:da:e7:6a:15:42:06:a3:d6:ce:66:50:d5:4b:
         26:c4:0e:64:5d:16:35:b8:c9:3f:ab:ec:dd:09:2c:e8:9e:af:
         e9:21:07:bd:c8:0a:46:7f:01:0c:78:39:fa:77:ca:1b:f3:48:
         07:17:99:f4:b4:e7:55:ff:e4:7b:b9:4d:f5:77:7d:a1:c0:67:
         80:21:3a:89:8b:85:a3:a3:1b:f6:6a:3e:fa:da:46:d2:94:b8:
         ae:a5:d8:9e:d6:24:18:8f:32:89:bc:c0:b9:46:1e:68:e1:79:
         d3:1e:1d:ec:a3:64:f0:ca:69:88:e6:d9:3a:fc:36:73:cc:9e:
         cc:bd:1a:8b:dd:0b:8a:8f:d4:b9:c9:8b:4a:ea:11:69:73:50:
         dd:5f:26:27:79:fe:8f:c0:36:db:d5:c1:0b:3d:2a:60:62:07:
         c5:21:44:09
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQjaQmk+jvN1fQxW1s/emjvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJmZTE3YmY4MGVlMWUyZTcwZGIzZWEwNWRjMTZmMzA0ZTcw
OTBjZjQwHhcNMjUwMTAxMTk0NzUzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZjgzZDZiZjI4MzEwNWRjNDhkOWIzZDJlZWE0ZTg5OTUxNzRmNjkyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvAUzYF8SL3Lg7Kdamn6SbvXAiNGs
svXRP+V6E8zalekwYiwvgOZQejpVDFgvPOtjKStD4ttytIyGBnTrRXbf7P/h26FL
2MnkNMWfleRV57X6pJijiQsZCoeWcTV0uHhZ40xTNbkLJG98DvFcvrEDGcFvIlJC
JRljWNN2HRehJ/NNg/ZWn+xsL9YozSMyjOu0CGoWj+AlFRaFDjWCkBt70gljk+d0
bUAtCsIplnebkqx6OQZJH8HFXfVlbmhrkHPENl/ixgmMn0JGzbZuh3GwTXntN4C6
nf+O0v/bioeuPcubSDVXTP6SYpSoLjlpHYPi82hcw+Ely0yUhYCqjnqGcQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFF+D1r8oMQXcSNmz0u6k6JlRdPaSMB8GA1UdIwQY
MBaAFC/he/gO4eLnDbPqBdwW8wTnCQz0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTC1GNy1BN2g0dWNOcy1vRjNCYnpCT2NKRFBRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMS81YzRhNzEtYjM4YS00ZWI0LTg2MzMt
MjRiMzU3MmE4M2JiLzEvWDRQV3Z5Z3hCZHhJMmJQUzdxVG9tVkYwOXBJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMS81YzRhNzEtYjM4YS00ZWI0LTg2MzMtMjRiMzU3MmE4M2Ji
LzEvTC1GNy1BN2g0dWNOcy1vRjNCYnpCT2NKRFBRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuZlMMA0E
AgACMAcDBQMqBpiAMA0GCSqGSIb3DQEBCwUAA4IBAQA/MhixY45VNurumhAUcOT+
Vq28Ck+DxANJzE7lUECU51uD0E2R7V5q8mXeR2gGMV2iZCjtYBrwLMzGiYjfBCdZ
J8sFeUP3yyhfmCvShyqgCwiiF5TMG+f2Ab6ECu918trnahVCBqPWzmZQ1UsmxA5k
XRY1uMk/q+zdCSzonq/pIQe9yApGfwEMeDn6d8ob80gHF5n0tOdV/+R7uU31d32h
wGeAITqJi4Wjoxv2aj762kbSlLiupdie1iQYjzKJvMC5Rh5o4XnTHh3so2TwymmI
5tk6/DZzzJ7MvRqL3QuKj9S5yYtK6hFpc1DdXyYnef6PwDbb1cELPSpgYgfFIUQJ
-----END CERTIFICATE-----