Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a6/5eecf3-637f-450c-8489-34ba0738a341/1/gIOaHcti7t355LnXTtGCztKWtS0.roa
File:                     gIOaHcti7t355LnXTtGCztKWtS0.roa (raw, json)
Hash identifier:          Cn1RCEjcCDtykL3i8BWxXer7cpYHt86vURgQOr3lUzo=
Subject key identifier:   80:83:9A:1D:CB:62:EE:DD:F9:E4:B9:D7:4E:D1:82:CE:D2:96:B5:2D
Certificate issuer:       /CN=932e8078ea420afc1a78bf922a9a2f274679c8a8
Certificate serial:       019421443E0367BEAD2304259F23C3472329
Authority key identifier: 93:2E:80:78:EA:42:0A:FC:1A:78:BF:92:2A:9A:2F:27:46:79:C8:A8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ky6AeOpCCvwaeL-SKpovJ0Z5yKg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a6/5eecf3-637f-450c-8489-34ba0738a341/1/gIOaHcti7t355LnXTtGCztKWtS0.roa
Signing time:             Wed 01 Jan 2025 09:48:27 +0000
ROA not before:           Wed 01 Jan 2025 09:48:27 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     51201
IP address blocks:        185.231.5.0/24 maxlen: 24
                          2a0c:3500:1::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a6/5eecf3-637f-450c-8489-34ba0738a341/1/ky6AeOpCCvwaeL-SKpovJ0Z5yKg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a6/5eecf3-637f-450c-8489-34ba0738a341/1/ky6AeOpCCvwaeL-SKpovJ0Z5yKg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ky6AeOpCCvwaeL-SKpovJ0Z5yKg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:44:3e:03:67:be:ad:23:04:25:9f:23:c3:47:23:29
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=932e8078ea420afc1a78bf922a9a2f274679c8a8
        Validity
            Not Before: Jan  1 09:48:27 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=80839a1dcb62eeddf9e4b9d74ed182ced296b52d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:da:c4:26:1e:d1:40:62:c9:aa:bb:4c:de:b0:
                    cf:1b:ad:c3:cd:03:42:6c:97:28:d5:be:29:f4:ec:
                    5e:89:0a:8d:d9:7d:d1:f8:57:9e:d4:39:30:85:db:
                    de:4f:8c:79:48:3d:90:ac:95:ca:04:4f:4c:ef:e9:
                    49:a6:b4:3e:84:a0:3c:0f:8b:2e:1b:9d:b1:f6:2e:
                    af:4e:9d:19:98:0f:f6:0c:2d:c8:23:e7:28:f1:9e:
                    67:fa:49:34:ba:bc:be:18:88:ee:91:7e:49:6a:f7:
                    d4:dd:e7:dd:ed:a5:66:87:0d:a9:cb:0a:b0:e3:32:
                    80:6a:4c:bf:f2:fe:3c:af:2e:8b:c4:e9:d9:cd:fa:
                    5d:87:b9:e3:a0:3f:56:8d:75:54:8a:ce:e7:87:73:
                    67:3c:34:6d:9f:71:d9:74:9f:52:4f:f0:e5:d0:13:
                    1f:cc:78:00:e0:9e:bf:82:cc:65:04:bd:f5:8d:00:
                    c9:25:57:44:17:9c:a3:42:59:82:d1:78:bb:1d:22:
                    ce:bc:0e:c1:77:83:c5:f7:59:b4:a1:88:9b:1d:d2:
                    37:eb:32:26:d9:16:d2:31:cd:96:a5:cb:7f:28:58:
                    a2:d2:ae:41:8b:25:03:89:bf:b5:69:7d:d8:f8:c2:
                    8e:7e:ae:b8:9e:9a:49:75:c9:71:2e:92:bd:23:b8:
                    9e:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                80:83:9A:1D:CB:62:EE:DD:F9:E4:B9:D7:4E:D1:82:CE:D2:96:B5:2D
            X509v3 Authority Key Identifier:
                keyid:93:2E:80:78:EA:42:0A:FC:1A:78:BF:92:2A:9A:2F:27:46:79:C8:A8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ky6AeOpCCvwaeL-SKpovJ0Z5yKg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a6/5eecf3-637f-450c-8489-34ba0738a341/1/gIOaHcti7t355LnXTtGCztKWtS0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a6/5eecf3-637f-450c-8489-34ba0738a341/1/ky6AeOpCCvwaeL-SKpovJ0Z5yKg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.231.5.0/24
                IPv6:
                  2a0c:3500:1::/48

    Signature Algorithm: sha256WithRSAEncryption
         9d:aa:39:09:c1:0f:2b:3a:a1:f0:98:8b:f7:02:90:11:00:61:
         96:e6:9a:27:d7:d0:e8:36:e7:1a:e6:6e:92:46:49:1d:1a:02:
         46:40:55:b0:0c:0a:8c:a2:c0:d4:f2:b6:be:1c:46:7b:20:d2:
         d5:2d:fd:e3:55:41:09:07:46:41:61:f0:7e:c3:fb:73:a6:4a:
         63:39:c8:aa:c2:54:43:2d:55:30:b5:0d:74:b0:1a:ab:9e:c0:
         54:70:a1:ec:0e:43:a6:6a:eb:49:37:4b:21:af:c4:31:a3:71:
         8a:ff:04:43:4f:3f:be:fd:90:fc:fd:56:78:27:81:50:38:fa:
         73:37:d6:c3:12:e1:9e:4a:32:7b:9d:2d:9a:fe:1b:10:c7:d7:
         d3:4c:50:b4:20:c4:43:f2:4b:0c:e2:54:77:08:94:5d:9d:7d:
         b5:f0:e0:90:a5:3d:5a:e2:4a:c5:31:2e:54:5e:b7:fb:e5:b7:
         f0:42:b9:b5:aa:65:f8:a4:8b:6a:86:c7:8f:e5:92:c0:69:b1:
         50:28:b0:b4:ec:30:e0:c8:bf:c2:fd:37:81:c9:09:2e:95:a7:
         6c:e7:8d:3f:4d:95:70:fa:bc:d2:6c:58:28:19:cc:12:71:02:
         de:f8:de:78:a4:a5:95:2d:23:01:62:4a:27:e0:47:4e:dd:9d:
         5e:e8:b9:d0
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZQhRD4DZ76tIwQlnyPDRyMpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkzMmU4MDc4ZWE0MjBhZmMxYTc4YmY5MjJhOWEyZjI3NDY3
OWM4YTgwHhcNMjUwMTAxMDk0ODI3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MDgzOWExZGNiNjJlZWRkZjllNGI5ZDc0ZWQxODJjZWQyOTZiNTJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl9rEJh7RQGLJqrtM3rDPG63DzQNC
bJco1b4p9OxeiQqN2X3R+Fee1DkwhdveT4x5SD2QrJXKBE9M7+lJprQ+hKA8D4su
G52x9i6vTp0ZmA/2DC3II+co8Z5n+kk0ury+GIjukX5JavfU3efd7aVmhw2pywqw
4zKAaky/8v48ry6LxOnZzfpdh7njoD9WjXVUis7nh3NnPDRtn3HZdJ9ST/Dl0BMf
zHgA4J6/gsxlBL31jQDJJVdEF5yjQlmC0Xi7HSLOvA7Bd4PF91m0oYibHdI36zIm
2RbSMc2Wpct/KFii0q5BiyUDib+1aX3Y+MKOfq64nppJdclxLpK9I7ie4QIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFICDmh3LYu7d+eS5107Rgs7SlrUtMB8GA1UdIwQY
MBaAFJMugHjqQgr8Gni/kiqaLydGecioMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva3k2QWVPcENDdndhZUwtU0twb3ZKMFo1eUtnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNi81ZWVjZjMtNjM3Zi00NTBjLTg0ODkt
MzRiYTA3MzhhMzQxLzEvZ0lPYUhjdGk3dDM1NUxuWFR0R0N6dEtXdFMwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNi81ZWVjZjMtNjM3Zi00NTBjLTg0ODktMzRiYTA3MzhhMzQx
LzEva3k2QWVPcENDdndhZUwtU0twb3ZKMFo1eUtnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAuecFMA8E
AgACMAkDBwAqDDUAAAEwDQYJKoZIhvcNAQELBQADggEBAJ2qOQnBDys6ofCYi/cC
kBEAYZbmmifX0Og25xrmbpJGSR0aAkZAVbAMCoyiwNTytr4cRnsg0tUt/eNVQQkH
RkFh8H7D+3OmSmM5yKrCVEMtVTC1DXSwGquewFRwoewOQ6Zq60k3SyGvxDGjcYr/
BENPP779kPz9VngngVA4+nM31sMS4Z5KMnudLZr+GxDH19NMULQgxEPySwziVHcI
lF2dfbXw4JClPVriSsUxLlRet/vlt/BCubWqZfiki2qGx4/lksBpsVAosLTsMODI
v8L9N4HJCS6Vp2znjT9NlXD6vNJsWCgZzBJxAt743nikpZUtIwFiSifgR07dnV7o
udA=
-----END CERTIFICATE-----