Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ba/c5a9e3-6722-4b6a-be58-ada5c20e3f7b/1/5KpVCQ3CyEztQ9cIEvVYbZRbiYQ.roa
File:                     5KpVCQ3CyEztQ9cIEvVYbZRbiYQ.roa (raw, json)
Hash identifier:          wEh76twlgMaB5r7NetVkn53k9vIu3IdtKnUUcrVB2Dg=
Subject key identifier:   E4:AA:55:09:0D:C2:C8:4C:ED:43:D7:08:12:F5:58:6D:94:5B:89:84
Certificate issuer:       /CN=1c7ad7754795ddd605f28838bb7cc359df7a266a
Certificate serial:       019585BE7552DFCCB1E6F8EB19765EE1C822
Authority key identifier: 1C:7A:D7:75:47:95:DD:D6:05:F2:88:38:BB:7C:C3:59:DF:7A:26:6A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HHrXdUeV3dYF8og4u3zDWd96Jmo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ba/c5a9e3-6722-4b6a-be58-ada5c20e3f7b/1/5KpVCQ3CyEztQ9cIEvVYbZRbiYQ.roa
Signing time:             Tue 11 Mar 2025 15:06:46 +0000
ROA not before:           Tue 11 Mar 2025 15:06:46 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     199218
IP address blocks:        194.59.6.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ba/c5a9e3-6722-4b6a-be58-ada5c20e3f7b/1/HHrXdUeV3dYF8og4u3zDWd96Jmo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ba/c5a9e3-6722-4b6a-be58-ada5c20e3f7b/1/HHrXdUeV3dYF8og4u3zDWd96Jmo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HHrXdUeV3dYF8og4u3zDWd96Jmo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 13:01:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:85:be:75:52:df:cc:b1:e6:f8:eb:19:76:5e:e1:c8:22
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1c7ad7754795ddd605f28838bb7cc359df7a266a
        Validity
            Not Before: Mar 11 15:06:46 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e4aa55090dc2c84ced43d70812f5586d945b8984
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:99:11:d5:dd:b8:52:75:80:29:cd:e6:0a:35:
                    88:17:db:fc:12:f6:9e:16:b4:02:bd:cf:c7:a6:79:
                    09:7f:52:70:42:80:62:7d:30:e4:49:df:23:74:64:
                    2e:87:13:52:a4:0b:81:38:ac:8c:c1:a7:a4:13:fe:
                    bd:87:10:07:b5:c2:fb:0f:68:ea:b5:04:3c:33:1f:
                    e7:d8:0c:c9:43:92:25:9a:55:0d:1e:f8:16:68:70:
                    15:92:52:ba:c9:44:33:b1:2d:cf:e3:4a:ea:38:c6:
                    b5:bf:63:42:de:d4:16:69:aa:cc:ef:5d:39:53:8f:
                    58:76:a9:42:25:5d:05:6c:dc:c4:49:0b:25:48:09:
                    20:d3:d6:0d:d3:2d:6c:d3:2d:79:81:63:0a:6e:69:
                    9a:a1:68:03:06:db:67:83:5a:94:61:12:27:1e:51:
                    28:0c:28:a4:24:14:15:95:34:08:99:1e:f1:6f:a4:
                    c1:ac:58:f6:2b:17:d5:95:35:7a:14:2c:ee:4a:de:
                    dd:13:10:ad:55:4e:65:71:99:dd:ef:3d:28:d4:82:
                    57:68:86:3d:5b:a0:b7:e1:a5:16:0f:04:05:12:a6:
                    81:24:3f:2a:e1:24:bf:85:02:f6:05:23:f8:ff:d7:
                    da:44:40:52:ec:fa:01:a2:71:75:e2:a6:f1:4d:27:
                    eb:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E4:AA:55:09:0D:C2:C8:4C:ED:43:D7:08:12:F5:58:6D:94:5B:89:84
            X509v3 Authority Key Identifier:
                keyid:1C:7A:D7:75:47:95:DD:D6:05:F2:88:38:BB:7C:C3:59:DF:7A:26:6A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HHrXdUeV3dYF8og4u3zDWd96Jmo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ba/c5a9e3-6722-4b6a-be58-ada5c20e3f7b/1/5KpVCQ3CyEztQ9cIEvVYbZRbiYQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ba/c5a9e3-6722-4b6a-be58-ada5c20e3f7b/1/HHrXdUeV3dYF8og4u3zDWd96Jmo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.59.6.0/24

    Signature Algorithm: sha256WithRSAEncryption
         14:e3:7e:bf:6f:b4:29:77:17:c6:92:96:80:ec:58:6d:5c:42:
         59:bf:d7:72:49:a8:bb:5b:99:89:8c:ca:92:33:28:38:fa:7e:
         82:65:8d:9a:07:eb:32:95:61:23:e3:db:cb:0a:65:e6:64:d4:
         47:01:be:4e:92:b1:67:ef:2b:f5:fb:74:33:45:6f:37:ba:d6:
         31:47:90:e0:b6:69:d6:5d:0d:17:88:b3:ed:97:1e:64:9b:28:
         5d:8b:5e:46:34:1a:ca:3d:76:5a:2c:cb:be:d6:55:08:4b:28:
         f4:08:a2:ab:00:d7:ef:d5:5a:a2:24:fd:35:66:29:70:50:1e:
         69:c9:5f:b6:72:02:2f:90:89:31:80:ab:a3:0e:3f:2c:f3:d4:
         ee:d1:99:b4:6e:25:ef:51:9b:57:31:b7:2c:ba:79:50:d2:4b:
         e8:a7:14:49:23:48:08:89:0c:29:84:ea:3c:b9:27:9e:3e:39:
         59:c0:0e:b5:34:87:31:cd:19:df:fe:ec:74:0a:b1:37:29:8e:
         3d:ec:f1:9f:7d:15:2e:8c:17:7a:38:37:7b:f5:c9:d4:22:89:
         19:ed:9d:5f:c9:52:ed:f3:4d:df:fa:e8:4d:79:9f:8d:ef:34:
         fd:16:fc:79:00:a2:47:9c:03:2c:f9:e8:d1:15:02:16:e6:19:
         ba:13:14:41
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZWFvnVS38yx5vjrGXZe4cgiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjN2FkNzc1NDc5NWRkZDYwNWYyODgzOGJiN2NjMzU5ZGY3
YTI2NmEwHhcNMjUwMzExMTUwNjQ2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNGFhNTUwOTBkYzJjODRjZWQ0M2Q3MDgxMmY1NTg2ZDk0NWI4OTg0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtJkR1d24UnWAKc3mCjWIF9v8Evae
FrQCvc/HpnkJf1JwQoBifTDkSd8jdGQuhxNSpAuBOKyMwaekE/69hxAHtcL7D2jq
tQQ8Mx/n2AzJQ5IlmlUNHvgWaHAVklK6yUQzsS3P40rqOMa1v2NC3tQWaarM7105
U49YdqlCJV0FbNzESQslSAkg09YN0y1s0y15gWMKbmmaoWgDBttng1qUYRInHlEo
DCikJBQVlTQImR7xb6TBrFj2KxfVlTV6FCzuSt7dExCtVU5lcZnd7z0o1IJXaIY9
W6C34aUWDwQFEqaBJD8q4SS/hQL2BSP4/9faREBS7PoBonF14qbxTSfr1wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOSqVQkNwshM7UPXCBL1WG2UW4mEMB8GA1UdIwQY
MBaAFBx613VHld3WBfKIOLt8w1nfeiZqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEhyWGRVZVYzZFlGOG9nNHUzekRXZDk2Sm1vLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYS9jNWE5ZTMtNjcyMi00YjZhLWJlNTgt
YWRhNWMyMGUzZjdiLzEvNUtwVkNRM0N5RXp0UTljSUV2VlliWlJiaVlRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYS9jNWE5ZTMtNjcyMi00YjZhLWJlNTgtYWRhNWMyMGUzZjdi
LzEvSEhyWGRVZVYzZFlGOG9nNHUzekRXZDk2Sm1vLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwjsGMA0G
CSqGSIb3DQEBCwUAA4IBAQAU436/b7QpdxfGkpaA7FhtXEJZv9dySai7W5mJjMqS
Myg4+n6CZY2aB+sylWEj49vLCmXmZNRHAb5OkrFn7yv1+3QzRW83utYxR5DgtmnW
XQ0XiLPtlx5kmyhdi15GNBrKPXZaLMu+1lUISyj0CKKrANfv1VqiJP01ZilwUB5p
yV+2cgIvkIkxgKujDj8s89Tu0Zm0biXvUZtXMbcsunlQ0kvopxRJI0gIiQwphOo8
uSeePjlZwA61NIcxzRnf/ux0CrE3KY497PGffRUujBd6ODd79cnUIokZ7Z1fyVLt
803f+uhNeZ+N7zT9Fvx5AKJHnAMs+ejRFQIW5hm6ExRB
-----END CERTIFICATE-----