Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a4/dcdae6-d695-4266-ba9b-93b3a3696d96/1/1-ULqgodsKdgq0QGqHWFhgo5ogvQ.roa
File:                     1-ULqgodsKdgq0QGqHWFhgo5ogvQ.roa (raw, json)
Hash identifier:          obLlzUthCY3UaVFlC6lirF19aJQ7EJCv/V0i0S1h9pU=
Subject key identifier:   F9:42:EA:82:87:6C:29:D8:2A:D1:01:AA:1D:61:61:82:8E:68:82:F4
Certificate issuer:       /CN=e631b080d4ea6fd0616a6e701c7c815d6ff87c00
Certificate serial:       0194266BFD7EADD45EB67AA1A84E56DCB6E2
Authority key identifier: E6:31:B0:80:D4:EA:6F:D0:61:6A:6E:70:1C:7C:81:5D:6F:F8:7C:00
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5jGwgNTqb9Bham5wHHyBXW_4fAA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a4/dcdae6-d695-4266-ba9b-93b3a3696d96/1/1-ULqgodsKdgq0QGqHWFhgo5ogvQ.roa
Signing time:             Thu 02 Jan 2025 09:49:58 +0000
ROA not before:           Thu 02 Jan 2025 09:49:58 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     50319
IP address blocks:        5.180.140.0/22 maxlen: 22
                          185.84.196.0/22 maxlen: 22
                          185.144.196.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a4/dcdae6-d695-4266-ba9b-93b3a3696d96/1/5jGwgNTqb9Bham5wHHyBXW_4fAA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a4/dcdae6-d695-4266-ba9b-93b3a3696d96/1/5jGwgNTqb9Bham5wHHyBXW_4fAA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/5jGwgNTqb9Bham5wHHyBXW_4fAA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 23 Apr 2025 13:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:6b:fd:7e:ad:d4:5e:b6:7a:a1:a8:4e:56:dc:b6:e2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e631b080d4ea6fd0616a6e701c7c815d6ff87c00
        Validity
            Not Before: Jan  2 09:49:58 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f942ea82876c29d82ad101aa1d6161828e6882f4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:74:34:ea:d4:5f:f7:70:48:e8:ee:f1:89:a7:
                    25:6b:20:f2:91:f6:8b:e7:1a:08:7b:19:bd:5e:1d:
                    16:27:5f:d1:e5:53:ca:81:75:af:cb:18:a2:ce:b3:
                    c2:ec:43:7b:7c:a9:78:ad:5d:0b:a7:d4:04:a3:c6:
                    1f:28:a9:d7:28:57:21:60:f7:52:a0:58:70:1e:f0:
                    e6:f0:e5:49:5e:25:56:c1:ac:c3:99:26:53:a3:26:
                    7d:c2:6f:71:95:21:3d:fa:f1:26:a0:68:fd:59:a9:
                    9d:d5:6d:c8:af:b0:1c:6d:60:5f:df:aa:76:2c:f3:
                    7b:8f:b2:e1:6d:2b:aa:78:95:e8:e4:a5:b4:c5:8f:
                    89:71:f0:fb:49:3a:89:c5:75:c7:a7:c8:9a:97:e2:
                    f5:ec:bc:60:62:1b:ab:82:97:93:41:51:b2:f6:87:
                    48:eb:fc:ef:98:3d:e8:8a:93:b7:f3:b0:8e:c2:f6:
                    67:d3:c0:0b:ce:f0:26:26:c0:31:88:b4:c6:64:75:
                    21:f3:ef:b5:84:73:7e:49:0f:54:0d:c8:99:5e:4d:
                    55:69:e7:39:f0:2c:2d:c5:95:4f:8f:c9:4e:e1:b6:
                    f6:ed:b0:8e:10:16:62:4b:9b:50:3c:27:b2:dd:9f:
                    93:af:03:21:b1:a0:5c:b4:ba:0c:2d:ca:cc:0d:86:
                    72:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F9:42:EA:82:87:6C:29:D8:2A:D1:01:AA:1D:61:61:82:8E:68:82:F4
            X509v3 Authority Key Identifier:
                keyid:E6:31:B0:80:D4:EA:6F:D0:61:6A:6E:70:1C:7C:81:5D:6F:F8:7C:00

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5jGwgNTqb9Bham5wHHyBXW_4fAA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a4/dcdae6-d695-4266-ba9b-93b3a3696d96/1/1-ULqgodsKdgq0QGqHWFhgo5ogvQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a4/dcdae6-d695-4266-ba9b-93b3a3696d96/1/5jGwgNTqb9Bham5wHHyBXW_4fAA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.180.140.0/22
                  185.84.196.0/22
                  185.144.196.0/22

    Signature Algorithm: sha256WithRSAEncryption
         98:f3:4f:79:fa:67:4d:f3:e9:86:c2:6c:37:16:6c:0a:30:23:
         5d:6e:7a:ba:ac:bc:50:ef:0a:4d:15:d0:9e:95:69:ef:46:f0:
         f6:85:dd:07:08:24:c2:dd:91:5d:e4:6d:7b:34:7a:38:85:5d:
         1d:4c:f6:cb:7d:90:c9:83:64:59:8a:5f:7b:35:69:80:64:e6:
         46:fa:af:9a:10:79:e9:d5:b9:a1:3f:e4:19:f2:df:66:df:5e:
         9f:e8:37:21:77:3f:58:b8:87:7a:7d:7a:ae:f5:82:97:d7:39:
         58:f5:13:c4:da:82:57:ea:9b:ce:df:f6:d7:1b:19:03:05:45:
         db:aa:17:8e:c6:98:4c:98:45:17:91:d5:06:82:e8:7f:5b:cc:
         36:a6:ae:e6:e0:b9:b0:3b:96:f4:33:23:bf:79:6d:05:06:4f:
         d9:23:1a:8d:82:72:4c:cf:19:4b:c9:85:cb:cb:81:65:07:ec:
         c6:38:01:b3:4b:bb:c0:07:36:3b:ae:99:ea:b7:3e:5f:c2:82:
         54:90:57:43:45:5e:d3:65:11:3f:bf:46:9c:26:b7:a1:d7:6c:
         00:ae:63:77:59:46:87:0e:2b:18:92:77:c6:88:c4:bf:1a:12:
         68:76:8e:e9:76:99:cc:73:a4:09:e0:0a:54:31:d0:ac:61:0c:
         9d:63:94:7e
-----BEGIN CERTIFICATE-----
MIIFCjCCA/KgAwIBAgISAZQma/1+rdRetnqhqE5W3LbiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU2MzFiMDgwZDRlYTZmZDA2MTZhNmU3MDFjN2M4MTVkNmZm
ODdjMDAwHhcNMjUwMTAyMDk0OTU4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmOTQyZWE4Mjg3NmMyOWQ4MmFkMTAxYWExZDYxNjE4MjhlNjg4MmY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApHQ06tRf93BI6O7xiaclayDykfaL
5xoIexm9Xh0WJ1/R5VPKgXWvyxiizrPC7EN7fKl4rV0Lp9QEo8YfKKnXKFchYPdS
oFhwHvDm8OVJXiVWwazDmSZToyZ9wm9xlSE9+vEmoGj9Wamd1W3Ir7AcbWBf36p2
LPN7j7LhbSuqeJXo5KW0xY+JcfD7STqJxXXHp8ial+L17LxgYhurgpeTQVGy9odI
6/zvmD3oipO387COwvZn08ALzvAmJsAxiLTGZHUh8++1hHN+SQ9UDciZXk1Vaec5
8CwtxZVPj8lO4bb27bCOEBZiS5tQPCey3Z+TrwMhsaBctLoMLcrMDYZybQIDAQAB
o4ICFjCCAhIwHQYDVR0OBBYEFPlC6oKHbCnYKtEBqh1hYYKOaIL0MB8GA1UdIwQY
MBaAFOYxsIDU6m/QYWpucBx8gV1v+HwAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNWpHd2dOVHFiOUJoYW01d0hIeUJYV180ZkFBLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNC9kY2RhZTYtZDY5NS00MjY2LWJhOWIt
OTNiM2EzNjk2ZDk2LzEvMS1VTHFnb2RzS2RncTBRR3FIV0ZoZ281b2d2US5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvYTQvZGNkYWU2LWQ2OTUtNDI2Ni1iYTliLTkzYjNhMzY5NmQ5
Ni8xLzVqR3dnTlRxYjlCaGFtNXdISHlCWFdfNGZBQS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjArBggrBgEFBQcBBwEB/wQcMBowGAQCAAEwEgMEAgW0jAME
ArlUxAMEArmQxDANBgkqhkiG9w0BAQsFAAOCAQEAmPNPefpnTfPphsJsNxZsCjAj
XW56uqy8UO8KTRXQnpVp70bw9oXdBwgkwt2RXeRtezR6OIVdHUz2y32QyYNkWYpf
ezVpgGTmRvqvmhB56dW5oT/kGfLfZt9en+g3IXc/WLiHen16rvWCl9c5WPUTxNqC
V+qbzt/21xsZAwVF26oXjsaYTJhFF5HVBoLof1vMNqau5uC5sDuW9DMjv3ltBQZP
2SMajYJyTM8ZS8mFy8uBZQfsxjgBs0u7wAc2O66Z6rc+X8KCVJBXQ0Ve02URP79G
nCa3oddsAK5jd1lGhw4rGJJ3xojEvxoSaHaO6XaZzHOkCeAKVDHQrGEMnWOUfg==
-----END CERTIFICATE-----