Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bb/73cdd0-0649-4fe9-9971-0be6337bf6b6/1/5syV7PgPBQbiBbuoFj10-aiKKG0.roa
File:                     5syV7PgPBQbiBbuoFj10-aiKKG0.roa (raw, json)
Hash identifier:          lK1gem+kZrAq5cKIs+CpHdM5BUtwnIwQ62pWDxE9JKs=
Subject key identifier:   E6:CC:95:EC:F8:0F:05:06:E2:05:BB:A8:16:3D:74:F9:A8:8A:28:6D
Certificate issuer:       /CN=49bf32abf77f412c210f409822d1398ec3beda9b
Certificate serial:       019422FC3E25DD425E310B22B89469C41620
Authority key identifier: 49:BF:32:AB:F7:7F:41:2C:21:0F:40:98:22:D1:39:8E:C3:BE:DA:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Sb8yq_d_QSwhD0CYItE5jsO-2ps.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bb/73cdd0-0649-4fe9-9971-0be6337bf6b6/1/5syV7PgPBQbiBbuoFj10-aiKKG0.roa
Signing time:             Wed 01 Jan 2025 17:49:03 +0000
ROA not before:           Wed 01 Jan 2025 17:49:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     205606
IP address blocks:        185.212.140.0/24 maxlen: 24
                          185.212.141.0/24 maxlen: 24
                          185.212.142.0/24 maxlen: 24
                          185.212.143.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bb/73cdd0-0649-4fe9-9971-0be6337bf6b6/1/Sb8yq_d_QSwhD0CYItE5jsO-2ps.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bb/73cdd0-0649-4fe9-9971-0be6337bf6b6/1/Sb8yq_d_QSwhD0CYItE5jsO-2ps.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Sb8yq_d_QSwhD0CYItE5jsO-2ps.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 20:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:fc:3e:25:dd:42:5e:31:0b:22:b8:94:69:c4:16:20
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=49bf32abf77f412c210f409822d1398ec3beda9b
        Validity
            Not Before: Jan  1 17:49:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e6cc95ecf80f0506e205bba8163d74f9a88a286d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:d6:30:3a:3f:f9:8a:2f:5a:c2:6b:c4:40:17:
                    7b:8a:4e:de:b2:31:4a:9a:2e:47:39:06:ca:6f:92:
                    90:2a:52:1e:d4:b4:26:fe:59:a0:09:26:fb:2e:01:
                    c9:04:5d:04:e2:54:cf:5f:b7:1a:ce:90:3c:42:9b:
                    4d:c6:59:18:f6:a5:77:db:ab:60:11:6b:b2:25:3b:
                    ba:24:49:5a:48:db:7a:48:5f:84:93:86:a2:30:dc:
                    96:78:7f:e8:9e:5c:d5:2e:f2:4d:f3:1f:83:7e:ca:
                    20:0f:c3:b4:43:ca:f3:74:9b:67:e1:5a:d3:0f:c0:
                    0b:e5:47:b5:ca:cf:c3:d6:36:43:8d:14:65:e1:f1:
                    b4:20:87:68:8e:2a:bc:dc:a7:d2:2d:74:8e:4a:df:
                    0a:a0:c2:2c:bf:c6:0c:6b:85:bb:c0:f4:a8:ac:df:
                    be:e3:15:e2:a6:04:30:8b:06:36:9a:c0:bc:f7:89:
                    67:20:27:28:dd:bd:0d:a1:53:03:ff:8d:21:1d:1a:
                    91:8e:22:3a:4d:3b:42:c3:9c:7a:38:9e:bb:5a:ab:
                    9e:72:66:ab:c2:bd:5b:d3:97:40:d4:51:6a:bf:c2:
                    56:68:5d:36:00:39:8c:f7:2c:2f:01:3d:0e:14:55:
                    9f:5c:27:61:38:5a:66:ad:af:cd:05:f5:66:d4:d5:
                    f8:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E6:CC:95:EC:F8:0F:05:06:E2:05:BB:A8:16:3D:74:F9:A8:8A:28:6D
            X509v3 Authority Key Identifier:
                keyid:49:BF:32:AB:F7:7F:41:2C:21:0F:40:98:22:D1:39:8E:C3:BE:DA:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Sb8yq_d_QSwhD0CYItE5jsO-2ps.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bb/73cdd0-0649-4fe9-9971-0be6337bf6b6/1/5syV7PgPBQbiBbuoFj10-aiKKG0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bb/73cdd0-0649-4fe9-9971-0be6337bf6b6/1/Sb8yq_d_QSwhD0CYItE5jsO-2ps.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.212.140.0/22

    Signature Algorithm: sha256WithRSAEncryption
         13:1d:d2:32:b3:05:b3:b0:0a:15:4d:44:dd:a8:f3:75:43:1d:
         e1:45:57:c9:59:b9:ef:aa:db:18:bd:28:4b:33:49:c2:dc:58:
         cd:05:05:f3:06:88:f1:92:da:9c:06:cc:b3:78:e4:58:6b:38:
         a4:fc:05:7d:1b:21:e7:7c:d7:48:be:8d:94:b3:a9:13:48:20:
         da:d4:6c:00:1e:73:fd:f6:dc:db:20:36:67:5e:3f:dd:ed:d5:
         70:ff:27:87:ad:4f:b6:69:09:c8:65:2d:15:d1:96:77:8c:1e:
         5b:cb:18:84:dc:b4:a6:aa:04:06:3e:03:f5:5c:39:90:be:fc:
         2e:79:85:6b:5c:2c:52:50:03:32:34:e3:b5:9f:85:81:93:fd:
         e0:af:f1:44:fe:86:f6:8f:21:0c:a1:a8:ba:d8:89:e1:7e:db:
         55:5d:83:f2:e3:cf:15:af:d4:89:c6:f0:31:8e:a5:63:32:ab:
         f9:6f:05:e0:31:de:ae:70:01:ef:3d:5c:f3:10:16:35:3a:1a:
         32:51:b2:74:b2:0e:c8:4f:c4:68:8c:62:90:c7:21:4b:2c:68:
         72:7a:5d:06:80:c0:aa:80:25:8b:31:40:94:e4:dd:03:60:f8:
         ab:6c:1a:8f:da:7d:9b:53:22:6d:6c:d2:ab:7b:ba:4a:b2:a5:
         fa:cb:68:17
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQi/D4l3UJeMQsiuJRpxBYgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ5YmYzMmFiZjc3ZjQxMmMyMTBmNDA5ODIyZDEzOThlYzNi
ZWRhOWIwHhcNMjUwMTAxMTc0OTAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNmNjOTVlY2Y4MGYwNTA2ZTIwNWJiYTgxNjNkNzRmOWE4OGEyODZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAytYwOj/5ii9awmvEQBd7ik7esjFK
mi5HOQbKb5KQKlIe1LQm/lmgCSb7LgHJBF0E4lTPX7cazpA8QptNxlkY9qV326tg
EWuyJTu6JElaSNt6SF+Ek4aiMNyWeH/onlzVLvJN8x+DfsogD8O0Q8rzdJtn4VrT
D8AL5Ue1ys/D1jZDjRRl4fG0IIdojiq83KfSLXSOSt8KoMIsv8YMa4W7wPSorN++
4xXipgQwiwY2msC894lnICco3b0NoVMD/40hHRqRjiI6TTtCw5x6OJ67Wquecmar
wr1b05dA1FFqv8JWaF02ADmM9ywvAT0OFFWfXCdhOFpmra/NBfVm1NX4awIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFObMlez4DwUG4gW7qBY9dPmoiihtMB8GA1UdIwQY
MBaAFEm/Mqv3f0EsIQ9AmCLROY7DvtqbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU2I4eXFfZF9RU3doRDBDWUl0RTVqc08tMnBzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYi83M2NkZDAtMDY0OS00ZmU5LTk5NzEt
MGJlNjMzN2JmNmI2LzEvNXN5VjdQZ1BCUWJpQmJ1b0ZqMTAtYWlLS0cwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYi83M2NkZDAtMDY0OS00ZmU5LTk5NzEtMGJlNjMzN2JmNmI2
LzEvU2I4eXFfZF9RU3doRDBDWUl0RTVqc08tMnBzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCudSMMA0G
CSqGSIb3DQEBCwUAA4IBAQATHdIyswWzsAoVTUTdqPN1Qx3hRVfJWbnvqtsYvShL
M0nC3FjNBQXzBojxktqcBsyzeORYazik/AV9GyHnfNdIvo2Us6kTSCDa1GwAHnP9
9tzbIDZnXj/d7dVw/yeHrU+2aQnIZS0V0ZZ3jB5byxiE3LSmqgQGPgP1XDmQvvwu
eYVrXCxSUAMyNOO1n4WBk/3gr/FE/ob2jyEMoai62InhfttVXYPy488Vr9SJxvAx
jqVjMqv5bwXgMd6ucAHvPVzzEBY1OhoyUbJ0sg7IT8RojGKQxyFLLGhyel0GgMCq
gCWLMUCU5N0DYPirbBqP2n2bUyJtbNKre7pKsqX6y2gX
-----END CERTIFICATE-----