Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c5/3e5c96-7e95-4797-aa6a-a8978e3aae98/1/5n3hhQySb1NrByIDgtCkzEgt_WM.roa
File:                     5n3hhQySb1NrByIDgtCkzEgt_WM.roa (raw, json)
Hash identifier:          BHSkITUeUSX88rZNHQLj861kFL+qSiq/jooPQfUztJo=
Subject key identifier:   E6:7D:E1:85:0C:92:6F:53:6B:07:22:03:82:D0:A4:CC:48:2D:FD:63
Certificate issuer:       /CN=4eeb86abd5374e553098209075b9afecabef333a
Certificate serial:       019320CBFB2A896DDEDF56C33C09381248AF
Authority key identifier: 4E:EB:86:AB:D5:37:4E:55:30:98:20:90:75:B9:AF:EC:AB:EF:33:3A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TuuGq9U3TlUwmCCQdbmv7KvvMzo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c5/3e5c96-7e95-4797-aa6a-a8978e3aae98/1/5n3hhQySb1NrByIDgtCkzEgt_WM.roa
Signing time:             Tue 12 Nov 2024 14:34:19 +0000
ROA not before:           Tue 12 Nov 2024 14:34:19 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     29017
IP address blocks:        185.230.220.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c5/3e5c96-7e95-4797-aa6a-a8978e3aae98/1/TuuGq9U3TlUwmCCQdbmv7KvvMzo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c5/3e5c96-7e95-4797-aa6a-a8978e3aae98/1/TuuGq9U3TlUwmCCQdbmv7KvvMzo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TuuGq9U3TlUwmCCQdbmv7KvvMzo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 08:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:20:cb:fb:2a:89:6d:de:df:56:c3:3c:09:38:12:48:af
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4eeb86abd5374e553098209075b9afecabef333a
        Validity
            Not Before: Nov 12 14:34:19 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e67de1850c926f536b07220382d0a4cc482dfd63
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:a9:ec:3b:6e:f1:94:d1:90:8d:43:ae:48:fa:
                    e2:fd:3f:49:49:17:ca:f1:85:90:e2:a8:75:37:81:
                    56:1b:cd:bc:61:33:3e:cb:7b:36:77:c5:5c:46:65:
                    20:14:07:b1:0a:d4:c9:6e:2f:16:d5:40:ff:32:86:
                    65:6b:e2:27:66:97:4a:26:34:e2:b3:8f:f2:29:8e:
                    89:34:45:d2:7e:14:67:38:ed:fa:ff:46:e1:30:2f:
                    36:e7:c7:2d:86:ca:0b:86:e6:66:18:dd:28:d6:01:
                    c9:6e:32:37:5e:f2:20:56:36:2c:ed:8c:55:18:ea:
                    cc:58:3d:aa:4b:94:57:3b:3b:94:b9:75:4f:31:ae:
                    b8:8b:8b:55:72:31:96:1a:3e:5a:13:99:1e:a1:5c:
                    47:ee:2e:f4:68:c6:58:c8:db:ef:d6:de:8a:24:a7:
                    97:3b:86:b6:ce:7c:3c:7e:89:a9:46:cd:8f:97:46:
                    e2:88:7a:5d:66:cd:9d:95:d2:ac:08:6e:9f:1b:c7:
                    a4:14:38:59:34:c0:0f:95:26:0e:d1:9a:32:ec:38:
                    07:32:0b:4f:23:1c:72:22:c6:e3:52:30:7a:71:fd:
                    47:2e:78:3f:ba:ea:71:7e:ac:eb:68:3e:57:2e:01:
                    55:7d:eb:ac:4d:46:31:ec:0c:f9:4b:ab:c2:11:32:
                    a0:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E6:7D:E1:85:0C:92:6F:53:6B:07:22:03:82:D0:A4:CC:48:2D:FD:63
            X509v3 Authority Key Identifier:
                keyid:4E:EB:86:AB:D5:37:4E:55:30:98:20:90:75:B9:AF:EC:AB:EF:33:3A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TuuGq9U3TlUwmCCQdbmv7KvvMzo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/3e5c96-7e95-4797-aa6a-a8978e3aae98/1/5n3hhQySb1NrByIDgtCkzEgt_WM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/3e5c96-7e95-4797-aa6a-a8978e3aae98/1/TuuGq9U3TlUwmCCQdbmv7KvvMzo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.230.220.0/24

    Signature Algorithm: sha256WithRSAEncryption
         64:7e:af:09:9a:5f:d4:b6:14:e9:b0:d0:43:0e:2c:cf:55:7f:
         3a:03:30:0a:64:ff:8c:f4:eb:6d:97:01:f1:c6:35:30:1d:41:
         cc:2f:2c:47:34:e1:cf:7f:fc:c7:bd:33:57:1f:90:0e:5c:40:
         dc:e9:d0:9a:3a:d0:19:a4:e9:fe:14:ce:16:20:62:69:22:a4:
         e4:c1:c3:36:ba:9e:bb:aa:3b:5c:e1:12:6d:60:ae:35:31:5f:
         a4:54:21:cb:7e:d2:80:ac:8e:77:2e:14:93:cf:27:d8:77:b4:
         e8:43:8e:8e:0f:54:d6:d7:b3:e2:1a:2f:09:b1:33:cf:c0:80:
         59:d6:1a:7f:ab:15:cf:a2:45:27:7d:57:63:6a:07:2b:80:a9:
         8d:16:91:ec:be:f7:19:78:b6:74:08:8d:f6:c8:49:d1:f0:e4:
         10:de:d1:d3:0e:00:ff:5f:ab:2a:be:0c:01:6b:b5:42:44:d1:
         80:83:5a:a4:69:11:9d:99:b5:c5:d9:71:3c:08:a0:1d:a0:10:
         e1:00:79:70:c7:31:63:68:5f:83:a7:64:9d:91:d6:56:22:73:
         ca:e7:e7:55:37:ad:38:59:b3:fa:d2:57:9a:07:56:63:2d:8c:
         a2:16:5c:f0:8a:a5:7e:bd:9e:7b:ea:a5:6e:5e:34:55:fc:51:
         71:ea:ce:19
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZMgy/sqiW3e31bDPAk4EkivMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRlZWI4NmFiZDUzNzRlNTUzMDk4MjA5MDc1YjlhZmVjYWJl
ZjMzM2EwHhcNMjQxMTEyMTQzNDE5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNjdkZTE4NTBjOTI2ZjUzNmIwNzIyMDM4MmQwYTRjYzQ4MmRmZDYzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmKnsO27xlNGQjUOuSPri/T9JSRfK
8YWQ4qh1N4FWG828YTM+y3s2d8VcRmUgFAexCtTJbi8W1UD/MoZla+InZpdKJjTi
s4/yKY6JNEXSfhRnOO36/0bhMC8258cthsoLhuZmGN0o1gHJbjI3XvIgVjYs7YxV
GOrMWD2qS5RXOzuUuXVPMa64i4tVcjGWGj5aE5keoVxH7i70aMZYyNvv1t6KJKeX
O4a2znw8fompRs2Pl0biiHpdZs2dldKsCG6fG8ekFDhZNMAPlSYO0Zoy7DgHMgtP
IxxyIsbjUjB6cf1HLng/uupxfqzraD5XLgFVfeusTUYx7Az5S6vCETKgnQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOZ94YUMkm9TawciA4LQpMxILf1jMB8GA1UdIwQY
MBaAFE7rhqvVN05VMJggkHW5r+yr7zM6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHV1R3E5VTNUbFV3bUNDUWRibXY3S3Z2TXpvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNS8zZTVjOTYtN2U5NS00Nzk3LWFhNmEt
YTg5NzhlM2FhZTk4LzEvNW4zaGhReVNiMU5yQnlJRGd0Q2t6RWd0X1dNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNS8zZTVjOTYtN2U5NS00Nzk3LWFhNmEtYTg5NzhlM2FhZTk4
LzEvVHV1R3E5VTNUbFV3bUNDUWRibXY3S3Z2TXpvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuebcMA0G
CSqGSIb3DQEBCwUAA4IBAQBkfq8Jml/UthTpsNBDDizPVX86AzAKZP+M9OttlwHx
xjUwHUHMLyxHNOHPf/zHvTNXH5AOXEDc6dCaOtAZpOn+FM4WIGJpIqTkwcM2up67
qjtc4RJtYK41MV+kVCHLftKArI53LhSTzyfYd7ToQ46OD1TW17PiGi8JsTPPwIBZ
1hp/qxXPokUnfVdjagcrgKmNFpHsvvcZeLZ0CI32yEnR8OQQ3tHTDgD/X6sqvgwB
a7VCRNGAg1qkaRGdmbXF2XE8CKAdoBDhAHlwxzFjaF+Dp2SdkdZWInPK5+dVN604
WbP60leaB1ZjLYyiFlzwiqV+vZ576qVuXjRV/FFx6s4Z
-----END CERTIFICATE-----