Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c4/ab9fa6-a906-4ac4-ac0c-6389220b26c6/1/5m0E4hrlymj_oPq4RutDZTBvpFc.roa
File:                     5m0E4hrlymj_oPq4RutDZTBvpFc.roa (raw, json)
Hash identifier:          D3u2GpmWvvHTn4HOSLwFPi92ntWCyeD4rYP1qp5He0g=
Subject key identifier:   E6:6D:04:E2:1A:E5:CA:68:FF:A0:FA:B8:46:EB:43:65:30:6F:A4:57
Certificate issuer:       /CN=69f0070af877d6b986b307b9bc04ef19c440433d
Certificate serial:       01942747B54CAF32B68E85DC77486E5044A0
Authority key identifier: 69:F0:07:0A:F8:77:D6:B9:86:B3:07:B9:BC:04:EF:19:C4:40:43:3D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/afAHCvh31rmGswe5vATvGcRAQz0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c4/ab9fa6-a906-4ac4-ac0c-6389220b26c6/1/5m0E4hrlymj_oPq4RutDZTBvpFc.roa
Signing time:             Thu 02 Jan 2025 13:49:58 +0000
ROA not before:           Thu 02 Jan 2025 13:49:58 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     12693
IP address blocks:        185.127.208.0/22 maxlen: 22
                          2a06:cbc0::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c4/ab9fa6-a906-4ac4-ac0c-6389220b26c6/1/afAHCvh31rmGswe5vATvGcRAQz0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c4/ab9fa6-a906-4ac4-ac0c-6389220b26c6/1/afAHCvh31rmGswe5vATvGcRAQz0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/afAHCvh31rmGswe5vATvGcRAQz0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 18 Apr 2025 13:01:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:47:b5:4c:af:32:b6:8e:85:dc:77:48:6e:50:44:a0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=69f0070af877d6b986b307b9bc04ef19c440433d
        Validity
            Not Before: Jan  2 13:49:58 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e66d04e21ae5ca68ffa0fab846eb4365306fa457
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:ea:18:47:7b:4f:45:d2:59:25:9f:eb:2d:1e:
                    0b:19:50:63:a4:8d:2d:9d:88:44:57:c6:5f:47:0f:
                    14:18:70:14:63:53:7e:b1:d2:6e:21:4e:e3:43:f7:
                    d9:6e:54:78:3d:a0:f9:fd:36:46:17:20:c2:38:79:
                    d7:0e:38:d2:75:93:89:6b:67:06:6b:85:68:b8:96:
                    6f:d7:13:79:b1:e7:5c:af:1f:18:ea:8b:9d:c4:05:
                    e7:d0:13:03:db:3d:9d:71:ce:d9:27:12:b8:0b:b4:
                    9a:d0:92:cb:c7:72:04:aa:14:29:13:22:db:f5:a3:
                    d7:4a:67:c0:df:fd:39:a5:ad:11:a7:83:ad:c6:bc:
                    2d:5b:d8:b6:c7:3f:22:42:0e:37:ca:26:8e:52:dd:
                    4a:2d:1f:3d:1f:58:92:78:d5:e6:b8:bf:8d:68:f6:
                    97:6f:d5:70:a1:34:a0:33:36:fd:7f:15:27:f8:b5:
                    be:28:a1:d8:c3:ba:8f:84:dd:36:c5:25:2b:21:90:
                    89:c3:40:5a:78:c6:6f:e6:9d:e7:cf:8b:9a:00:82:
                    0a:28:de:6a:c6:8d:b3:11:7e:41:5a:01:3b:f9:5e:
                    89:95:5b:14:82:17:47:4a:87:99:3b:3b:8e:3e:93:
                    e6:4c:03:2b:77:61:dc:d7:86:53:33:92:11:a0:a1:
                    ba:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E6:6D:04:E2:1A:E5:CA:68:FF:A0:FA:B8:46:EB:43:65:30:6F:A4:57
            X509v3 Authority Key Identifier:
                keyid:69:F0:07:0A:F8:77:D6:B9:86:B3:07:B9:BC:04:EF:19:C4:40:43:3D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/afAHCvh31rmGswe5vATvGcRAQz0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c4/ab9fa6-a906-4ac4-ac0c-6389220b26c6/1/5m0E4hrlymj_oPq4RutDZTBvpFc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c4/ab9fa6-a906-4ac4-ac0c-6389220b26c6/1/afAHCvh31rmGswe5vATvGcRAQz0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.127.208.0/22
                IPv6:
                  2a06:cbc0::/29

    Signature Algorithm: sha256WithRSAEncryption
         1c:a5:4a:96:e6:02:a5:17:12:fc:7e:59:6e:1c:83:b0:c3:2e:
         5d:3f:e0:9b:16:b4:48:75:38:44:b7:04:ef:be:f4:04:d5:64:
         ec:cf:0f:9e:7e:2f:86:39:5d:0a:d8:be:dc:69:e3:0c:16:e5:
         4a:2d:23:a5:9d:be:82:e3:b4:28:61:87:91:2f:7d:06:42:12:
         d8:0a:23:b7:3e:23:a0:b8:58:55:6f:37:3d:ca:63:41:38:d5:
         1b:4d:08:70:21:9d:4d:17:86:de:5d:29:e5:90:3d:64:f5:ea:
         96:e0:d9:01:6c:03:aa:81:4a:07:db:20:93:9b:01:65:40:18:
         52:ce:13:6c:bd:ea:14:33:29:3d:f5:df:16:d5:db:ff:2f:da:
         a9:e8:17:ac:4d:a4:c4:c7:cd:9d:77:35:bf:1f:3e:46:b2:b1:
         8b:d9:54:59:23:0a:44:ae:0d:61:be:68:25:64:e2:91:85:18:
         ab:35:d6:2b:fb:b1:1a:16:13:6c:53:e4:34:86:c6:eb:64:23:
         17:49:35:49:f8:2d:c6:8b:cc:4d:53:ae:bc:4a:b5:f3:89:69:
         00:e7:12:e0:1c:c1:43:0c:55:0d:89:54:a0:78:30:4c:79:34:
         f4:55:f6:24:74:72:d3:3b:99:47:42:d3:ac:5b:81:ab:4b:f0:
         ac:ec:25:7b
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQnR7VMrzK2joXcd0huUESgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY5ZjAwNzBhZjg3N2Q2Yjk4NmIzMDdiOWJjMDRlZjE5YzQ0
MDQzM2QwHhcNMjUwMTAyMTM0OTU4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNjZkMDRlMjFhZTVjYTY4ZmZhMGZhYjg0NmViNDM2NTMwNmZhNDU3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAueoYR3tPRdJZJZ/rLR4LGVBjpI0t
nYhEV8ZfRw8UGHAUY1N+sdJuIU7jQ/fZblR4PaD5/TZGFyDCOHnXDjjSdZOJa2cG
a4VouJZv1xN5sedcrx8Y6oudxAXn0BMD2z2dcc7ZJxK4C7Sa0JLLx3IEqhQpEyLb
9aPXSmfA3/05pa0Rp4OtxrwtW9i2xz8iQg43yiaOUt1KLR89H1iSeNXmuL+NaPaX
b9VwoTSgMzb9fxUn+LW+KKHYw7qPhN02xSUrIZCJw0BaeMZv5p3nz4uaAIIKKN5q
xo2zEX5BWgE7+V6JlVsUghdHSoeZOzuOPpPmTAMrd2Hc14ZTM5IRoKG62QIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFOZtBOIa5cpo/6D6uEbrQ2Uwb6RXMB8GA1UdIwQY
MBaAFGnwBwr4d9a5hrMHubwE7xnEQEM9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYWZBSEN2aDMxcm1Hc3dlNXZBVHZHY1JBUXowLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNC9hYjlmYTYtYTkwNi00YWM0LWFjMGMt
NjM4OTIyMGIyNmM2LzEvNW0wRTRocmx5bWpfb1BxNFJ1dERaVEJ2cEZjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNC9hYjlmYTYtYTkwNi00YWM0LWFjMGMtNjM4OTIyMGIyNmM2
LzEvYWZBSEN2aDMxcm1Hc3dlNXZBVHZHY1JBUXowLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuX/QMA0E
AgACMAcDBQMqBsvAMA0GCSqGSIb3DQEBCwUAA4IBAQAcpUqW5gKlFxL8flluHIOw
wy5dP+CbFrRIdThEtwTvvvQE1WTszw+efi+GOV0K2L7caeMMFuVKLSOlnb6C47Qo
YYeRL30GQhLYCiO3PiOguFhVbzc9ymNBONUbTQhwIZ1NF4beXSnlkD1k9eqW4NkB
bAOqgUoH2yCTmwFlQBhSzhNsveoUMyk99d8W1dv/L9qp6BesTaTEx82ddzW/Hz5G
srGL2VRZIwpErg1hvmglZOKRhRirNdYr+7EaFhNsU+Q0hsbrZCMXSTVJ+C3Gi8xN
U668SrXziWkA5xLgHMFDDFUNiVSgeDBMeTT0VfYkdHLTO5lHQtOsW4GrS/Cs7CV7
-----END CERTIFICATE-----