Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/fb9d5e-a628-4f23-88a5-e5ddd2bb51c5/1/5dz9Tw4bpiGr43q4HQtTf_7BsP0.roa
File:                     5dz9Tw4bpiGr43q4HQtTf_7BsP0.roa (raw, json)
Hash identifier:          0VcdjRI2LyeRRm3QIQdFN5UYWsj35tdfOvua8dhZWaw=
Subject key identifier:   E5:DC:FD:4F:0E:1B:A6:21:AB:E3:7A:B8:1D:0B:53:7F:FE:C1:B0:FD
Certificate issuer:       /CN=699c581aff3d0a90178cfab565a388ccd9bc01ce
Certificate serial:       0194266BEB9CBBD9EEB816067CAFF41CAAA4
Authority key identifier: 69:9C:58:1A:FF:3D:0A:90:17:8C:FA:B5:65:A3:88:CC:D9:BC:01:CE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/aZxYGv89CpAXjPq1ZaOIzNm8Ac4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/fb9d5e-a628-4f23-88a5-e5ddd2bb51c5/1/5dz9Tw4bpiGr43q4HQtTf_7BsP0.roa
Signing time:             Thu 02 Jan 2025 09:49:54 +0000
ROA not before:           Thu 02 Jan 2025 09:49:54 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     49206
IP address blocks:        185.41.48.0/24 maxlen: 24
                          185.41.49.0/24 maxlen: 24
                          185.41.50.0/24 maxlen: 24
                          185.41.51.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/fb9d5e-a628-4f23-88a5-e5ddd2bb51c5/1/aZxYGv89CpAXjPq1ZaOIzNm8Ac4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/fb9d5e-a628-4f23-88a5-e5ddd2bb51c5/1/aZxYGv89CpAXjPq1ZaOIzNm8Ac4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/aZxYGv89CpAXjPq1ZaOIzNm8Ac4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 23:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:6b:eb:9c:bb:d9:ee:b8:16:06:7c:af:f4:1c:aa:a4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=699c581aff3d0a90178cfab565a388ccd9bc01ce
        Validity
            Not Before: Jan  2 09:49:54 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e5dcfd4f0e1ba621abe37ab81d0b537ffec1b0fd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:fd:7b:e1:80:9d:1e:6b:8d:46:9a:bc:8a:71:81:
                    a9:25:f2:2a:b8:b0:16:fa:c0:d1:1b:7b:1c:89:b6:
                    03:a2:ee:a9:99:ac:ba:21:c6:a3:e4:0c:87:e5:36:
                    52:62:c5:5a:42:74:af:8c:a3:84:64:aa:13:a4:52:
                    fe:8d:97:e4:e2:b2:69:5c:70:f1:f6:bd:43:7a:74:
                    cb:5e:f9:87:52:59:67:eb:9a:7e:62:5a:09:f3:4a:
                    bb:82:ba:78:4b:01:8d:7c:6a:62:53:b6:56:ce:ad:
                    dd:4b:d2:73:fa:6d:f8:1f:ab:37:0b:cb:a8:aa:b7:
                    cc:7c:a1:bb:60:07:c2:ad:52:60:12:8d:04:af:f9:
                    17:a8:dd:56:c5:d0:60:6a:39:74:16:57:fd:2c:7f:
                    16:ae:3a:1c:5e:5f:49:56:60:18:10:10:e6:de:9c:
                    d3:d2:26:dc:e3:62:e2:8d:8d:7d:df:9a:0b:36:6c:
                    69:fe:6a:14:97:3e:e7:d3:8b:70:cf:0b:51:75:45:
                    6d:a4:ee:7d:d4:83:fc:73:a3:23:fc:11:e2:d4:23:
                    e9:da:af:38:4c:f5:a2:1e:d7:95:50:8d:54:95:cf:
                    77:a5:2e:be:ad:a7:0e:54:9a:ad:ef:96:97:66:52:
                    65:68:36:ca:85:0b:62:34:f5:39:fd:2d:a9:9f:22:
                    ff:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E5:DC:FD:4F:0E:1B:A6:21:AB:E3:7A:B8:1D:0B:53:7F:FE:C1:B0:FD
            X509v3 Authority Key Identifier:
                keyid:69:9C:58:1A:FF:3D:0A:90:17:8C:FA:B5:65:A3:88:CC:D9:BC:01:CE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/aZxYGv89CpAXjPq1ZaOIzNm8Ac4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/fb9d5e-a628-4f23-88a5-e5ddd2bb51c5/1/5dz9Tw4bpiGr43q4HQtTf_7BsP0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/fb9d5e-a628-4f23-88a5-e5ddd2bb51c5/1/aZxYGv89CpAXjPq1ZaOIzNm8Ac4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.41.48.0/22

    Signature Algorithm: sha256WithRSAEncryption
         6e:00:52:c9:1f:49:af:7d:2f:09:46:ec:ee:3a:4d:a4:84:1d:
         ba:0b:8d:d0:3f:ed:79:6c:68:1b:6c:09:24:f4:f2:f5:98:dd:
         c2:e0:68:82:e4:27:a5:9a:d9:4e:42:a6:ad:24:e0:54:33:c5:
         9c:f0:a6:9e:d9:5e:fc:48:58:c3:40:5b:b6:e9:59:25:2c:9e:
         31:cb:96:1e:48:e3:7b:bc:76:71:95:3f:71:93:3b:d3:3d:13:
         d7:55:ee:74:df:4a:cb:71:5c:69:ab:ac:f0:0f:27:2b:6d:f2:
         f9:38:36:2b:73:ff:32:84:68:64:75:f9:c1:4e:fd:9d:c9:20:
         76:3f:39:dc:4b:85:ba:82:ed:fc:0a:6e:e2:c1:ca:9b:23:d2:
         f0:2e:66:df:e9:89:2e:52:98:7a:00:13:c5:6e:38:e5:5f:ef:
         a6:61:df:8f:1d:7e:f6:6e:56:77:8b:6f:63:59:8c:41:58:13:
         3c:88:d3:00:bf:21:d3:da:d7:70:38:67:46:55:4d:33:71:a5:
         d0:b4:4c:d2:18:41:44:c3:da:bc:4d:7b:89:f1:89:73:9c:7e:
         10:00:24:93:34:be:0b:79:99:90:6a:4f:13:03:59:78:88:cf:
         16:11:eb:ff:28:c9:ff:9a:3f:0e:aa:3e:f4:9f:80:e2:9f:09:
         96:47:79:51
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQma+ucu9nuuBYGfK/0HKqkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY5OWM1ODFhZmYzZDBhOTAxNzhjZmFiNTY1YTM4OGNjZDli
YzAxY2UwHhcNMjUwMTAyMDk0OTU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNWRjZmQ0ZjBlMWJhNjIxYWJlMzdhYjgxZDBiNTM3ZmZlYzFiMGZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA/XvhgJ0ea41GmryKcYGpJfIquLAW
+sDRG3scibYDou6pmay6Icaj5AyH5TZSYsVaQnSvjKOEZKoTpFL+jZfk4rJpXHDx
9r1DenTLXvmHUlln65p+YloJ80q7grp4SwGNfGpiU7ZWzq3dS9Jz+m34H6s3C8uo
qrfMfKG7YAfCrVJgEo0Er/kXqN1WxdBgajl0Flf9LH8WrjocXl9JVmAYEBDm3pzT
0ibc42LijY1935oLNmxp/moUlz7n04twzwtRdUVtpO591IP8c6Mj/BHi1CPp2q84
TPWiHteVUI1Ulc93pS6+racOVJqt75aXZlJlaDbKhQtiNPU5/S2pnyL/MQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOXc/U8OG6Yhq+N6uB0LU3/+wbD9MB8GA1UdIwQY
MBaAFGmcWBr/PQqQF4z6tWWjiMzZvAHOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYVp4WUd2ODlDcEFYalBxMVphT0l6Tm04QWM0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy9mYjlkNWUtYTYyOC00ZjIzLTg4YTUt
ZTVkZGQyYmI1MWM1LzEvNWR6OVR3NGJwaUdyNDNxNEhRdFRmXzdCc1AwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy9mYjlkNWUtYTYyOC00ZjIzLTg4YTUtZTVkZGQyYmI1MWM1
LzEvYVp4WUd2ODlDcEFYalBxMVphT0l6Tm04QWM0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuSkwMA0G
CSqGSIb3DQEBCwUAA4IBAQBuAFLJH0mvfS8JRuzuOk2khB26C43QP+15bGgbbAkk
9PL1mN3C4GiC5CelmtlOQqatJOBUM8Wc8Kae2V78SFjDQFu26VklLJ4xy5YeSON7
vHZxlT9xkzvTPRPXVe5030rLcVxpq6zwDycrbfL5ODYrc/8yhGhkdfnBTv2dySB2
PzncS4W6gu38Cm7iwcqbI9LwLmbf6YkuUph6ABPFbjjlX++mYd+PHX72blZ3i29j
WYxBWBM8iNMAvyHT2tdwOGdGVU0zcaXQtEzSGEFEw9q8TXuJ8YlznH4QACSTNL4L
eZmQak8TA1l4iM8WEev/KMn/mj8Oqj70n4DinwmWR3lR
-----END CERTIFICATE-----