Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ad/85b043-36d8-4136-9835-8d477259839b/1/v5RCvCqHry4pLvPzMJDwat4R8VA.roa
File:                     v5RCvCqHry4pLvPzMJDwat4R8VA.roa (raw, json)
Hash identifier:          Nc/262spRPspG2StfvRWMrFBeCURy94KpD9ocUGZ6Ic=
Subject key identifier:   BF:94:42:BC:2A:87:AF:2E:29:2E:F3:F3:30:90:F0:6A:DE:11:F1:50
Certificate issuer:       /CN=827313247c486fe434833c09087a00a900301840
Certificate serial:       019420D5C577BD07163F52B34DFEBC6CBF5D
Authority key identifier: 82:73:13:24:7C:48:6F:E4:34:83:3C:09:08:7A:00:A9:00:30:18:40
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gnMTJHxIb-Q0gzwJCHoAqQAwGEA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ad/85b043-36d8-4136-9835-8d477259839b/1/v5RCvCqHry4pLvPzMJDwat4R8VA.roa
Signing time:             Wed 01 Jan 2025 07:47:48 +0000
ROA not before:           Wed 01 Jan 2025 07:47:48 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     198040
IP address blocks:        91.233.204.0/23 maxlen: 23
                          176.103.160.0/21 maxlen: 21
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ad/85b043-36d8-4136-9835-8d477259839b/1/gnMTJHxIb-Q0gzwJCHoAqQAwGEA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ad/85b043-36d8-4136-9835-8d477259839b/1/gnMTJHxIb-Q0gzwJCHoAqQAwGEA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gnMTJHxIb-Q0gzwJCHoAqQAwGEA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 23:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:d5:c5:77:bd:07:16:3f:52:b3:4d:fe:bc:6c:bf:5d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=827313247c486fe434833c09087a00a900301840
        Validity
            Not Before: Jan  1 07:47:48 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=bf9442bc2a87af2e292ef3f33090f06ade11f150
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:6e:3f:7e:92:22:5f:c7:82:d9:6f:ae:3f:32:
                    f5:2c:62:96:6f:df:90:23:75:1a:0d:f8:d6:67:c3:
                    0c:e3:09:b7:10:2c:a9:91:9d:d3:f8:7d:22:c3:f3:
                    4a:a0:d8:a9:46:ff:e5:7e:89:62:4b:17:fc:54:85:
                    b2:11:89:c7:56:43:a7:39:e5:21:ee:7d:12:5e:de:
                    dd:c3:32:8d:5e:9a:c9:39:8b:4f:48:29:57:75:65:
                    8c:4c:66:0c:83:ad:b8:7b:b5:f1:5c:56:3b:fc:c6:
                    b4:fd:d7:50:17:98:b3:cb:d6:2b:62:22:6f:20:fb:
                    c5:00:ee:63:6c:9c:d2:c7:fc:d0:eb:05:97:42:00:
                    aa:ff:84:8a:fe:eb:bc:06:38:11:68:a6:de:16:d7:
                    2f:fa:c1:17:90:50:8e:32:06:b1:38:cb:08:d9:22:
                    df:5b:2b:b2:6c:f8:a8:40:be:0c:c1:d8:08:44:a6:
                    79:46:2a:11:48:73:c0:0c:fe:28:e4:8b:92:23:e0:
                    64:f4:b5:8d:09:b4:06:0d:46:56:39:54:69:69:7b:
                    51:50:fd:61:4c:bf:cd:48:e5:65:6c:d2:bb:1e:56:
                    e4:ef:46:bd:45:c1:31:e3:03:c7:2b:cb:9d:bc:01:
                    2a:ad:45:89:3c:c9:d3:17:0e:65:d4:cd:1e:b4:9d:
                    a5:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BF:94:42:BC:2A:87:AF:2E:29:2E:F3:F3:30:90:F0:6A:DE:11:F1:50
            X509v3 Authority Key Identifier:
                keyid:82:73:13:24:7C:48:6F:E4:34:83:3C:09:08:7A:00:A9:00:30:18:40

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gnMTJHxIb-Q0gzwJCHoAqQAwGEA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ad/85b043-36d8-4136-9835-8d477259839b/1/v5RCvCqHry4pLvPzMJDwat4R8VA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ad/85b043-36d8-4136-9835-8d477259839b/1/gnMTJHxIb-Q0gzwJCHoAqQAwGEA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.233.204.0/23
                  176.103.160.0/21

    Signature Algorithm: sha256WithRSAEncryption
         8e:dd:37:a8:2a:ab:83:3a:30:fc:ac:fb:5c:90:34:98:6e:d1:
         e3:94:91:73:af:21:82:c1:a9:fb:81:fc:d6:58:da:a6:22:f5:
         2a:24:9e:be:b2:a4:21:31:67:79:f4:a8:37:85:da:e6:d5:e2:
         e6:2d:fb:5d:6d:ae:59:c6:38:73:de:16:21:6e:fc:1f:ca:5d:
         8f:97:e8:11:4a:15:77:7a:ad:43:4c:07:1e:77:43:e5:37:f6:
         5c:54:66:0c:53:92:3c:d9:f7:66:3d:ff:01:dc:bf:28:98:d4:
         3c:3d:22:81:e6:11:a4:e5:2e:75:8c:6e:30:10:cc:a8:46:33:
         c2:cc:3f:82:2b:5d:68:0c:85:9b:04:43:df:f4:e6:6a:2c:dc:
         91:7a:2b:8f:4b:d7:39:10:84:3b:04:09:76:3f:13:9d:e3:97:
         27:87:f7:cc:99:b0:10:58:85:bb:ce:4b:16:9e:73:ff:ae:c2:
         71:b2:6f:fd:f5:a7:1a:48:8b:6b:aa:d4:d4:1c:16:8c:40:f1:
         a2:68:b4:1c:29:47:a1:37:fa:f7:74:4d:42:99:92:e5:5b:6b:
         22:29:51:e2:4f:98:4d:60:f6:b3:4b:40:68:19:83:9e:69:43:
         79:9b:eb:a9:02:81:d4:31:fa:bb:eb:5e:b7:91:77:14:85:1f:
         78:63:a9:78
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQg1cV3vQcWP1KzTf68bL9dMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgyNzMxMzI0N2M0ODZmZTQzNDgzM2MwOTA4N2EwMGE5MDAz
MDE4NDAwHhcNMjUwMTAxMDc0NzQ4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZjk0NDJiYzJhODdhZjJlMjkyZWYzZjMzMDkwZjA2YWRlMTFmMTUwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmW4/fpIiX8eC2W+uPzL1LGKWb9+Q
I3UaDfjWZ8MM4wm3ECypkZ3T+H0iw/NKoNipRv/lfoliSxf8VIWyEYnHVkOnOeUh
7n0SXt7dwzKNXprJOYtPSClXdWWMTGYMg624e7XxXFY7/Ma0/ddQF5izy9YrYiJv
IPvFAO5jbJzSx/zQ6wWXQgCq/4SK/uu8BjgRaKbeFtcv+sEXkFCOMgaxOMsI2SLf
WyuybPioQL4MwdgIRKZ5RioRSHPADP4o5IuSI+Bk9LWNCbQGDUZWOVRpaXtRUP1h
TL/NSOVlbNK7Hlbk70a9RcEx4wPHK8udvAEqrUWJPMnTFw5l1M0etJ2lBwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFL+UQrwqh68uKS7z8zCQ8GreEfFQMB8GA1UdIwQY
MBaAFIJzEyR8SG/kNIM8CQh6AKkAMBhAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ25NVEpIeEliLVEwZ3p3SkNIb0FxUUF3R0VBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZC84NWIwNDMtMzZkOC00MTM2LTk4MzUt
OGQ0NzcyNTk4MzliLzEvdjVSQ3ZDcUhyeTRwTHZQek1KRHdhdDRSOFZBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZC84NWIwNDMtMzZkOC00MTM2LTk4MzUtOGQ0NzcyNTk4Mzli
LzEvZ25NVEpIeEliLVEwZ3p3SkNIb0FxUUF3R0VBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBW+nMAwQD
sGegMA0GCSqGSIb3DQEBCwUAA4IBAQCO3TeoKquDOjD8rPtckDSYbtHjlJFzryGC
wan7gfzWWNqmIvUqJJ6+sqQhMWd59Kg3hdrm1eLmLftdba5Zxjhz3hYhbvwfyl2P
l+gRShV3eq1DTAced0PlN/ZcVGYMU5I82fdmPf8B3L8omNQ8PSKB5hGk5S51jG4w
EMyoRjPCzD+CK11oDIWbBEPf9OZqLNyReiuPS9c5EIQ7BAl2PxOd45cnh/fMmbAQ
WIW7zksWnnP/rsJxsm/99acaSItrqtTUHBaMQPGiaLQcKUehN/r3dE1CmZLlW2si
KVHiT5hNYPazS0BoGYOeaUN5m+upAoHUMfq76163kXcUhR94Y6l4
-----END CERTIFICATE-----