Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c5/c5fc54-74c2-4f3d-95c1-44023c3b784e/1/zGlqz5otF9hY2Y3sk2pn1erhTAU.roa
File:                     zGlqz5otF9hY2Y3sk2pn1erhTAU.roa (raw, json)
Hash identifier:          ofXFe05Yp+tSBC9fBzRKiln4g1Kad9/L6uAtEFx8Z54=
Subject key identifier:   CC:69:6A:CF:9A:2D:17:D8:58:D9:8D:EC:93:6A:67:D5:EA:E1:4C:05
Certificate issuer:       /CN=26d9a16c2fa7d4c370b5325214be4420b611f1f9
Certificate serial:       01942825F1F7075FB526C153151F5FAAF021
Authority key identifier: 26:D9:A1:6C:2F:A7:D4:C3:70:B5:32:52:14:BE:44:20:B6:11:F1:F9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JtmhbC-n1MNwtTJSFL5EILYR8fk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c5/c5fc54-74c2-4f3d-95c1-44023c3b784e/1/zGlqz5otF9hY2Y3sk2pn1erhTAU.roa
Signing time:             Thu 02 Jan 2025 17:52:42 +0000
ROA not before:           Thu 02 Jan 2025 17:52:42 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     8412
IP address blocks:        185.225.96.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c5/c5fc54-74c2-4f3d-95c1-44023c3b784e/1/JtmhbC-n1MNwtTJSFL5EILYR8fk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c5/c5fc54-74c2-4f3d-95c1-44023c3b784e/1/JtmhbC-n1MNwtTJSFL5EILYR8fk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JtmhbC-n1MNwtTJSFL5EILYR8fk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 23:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:28:25:f1:f7:07:5f:b5:26:c1:53:15:1f:5f:aa:f0:21
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=26d9a16c2fa7d4c370b5325214be4420b611f1f9
        Validity
            Not Before: Jan  2 17:52:42 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=cc696acf9a2d17d858d98dec936a67d5eae14c05
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e2:97:a2:db:28:a6:6f:d4:e3:79:32:72:7f:b8:
                    f1:5d:b5:03:2f:19:1d:bc:b4:23:92:cc:9e:de:d6:
                    88:68:03:7b:69:f8:4e:10:df:16:60:e6:60:9a:7b:
                    6f:14:b0:17:99:87:39:fe:74:d6:7b:e8:a9:78:d8:
                    1a:a8:b8:7b:f3:da:93:16:89:66:34:d1:f7:07:1b:
                    30:56:2f:32:7d:b8:a4:44:95:a0:d5:ed:7a:47:58:
                    0f:fd:5d:18:0f:87:47:c2:63:76:e2:0e:7d:35:d9:
                    97:d8:56:5d:c0:2f:a6:2d:32:af:94:26:3a:32:32:
                    0e:aa:1b:2b:e1:a7:3f:5a:09:2e:d5:32:d2:f4:b8:
                    50:75:29:e9:02:26:31:dc:1a:b8:ed:68:94:59:a9:
                    2f:98:3e:d8:95:4f:d2:27:4b:56:0d:7f:23:e9:5d:
                    d7:9c:2e:38:40:8e:b8:61:d3:54:2c:59:1e:2a:3a:
                    d8:ae:15:9f:6e:83:0e:d4:6d:a0:3c:e6:14:49:14:
                    11:42:1a:e9:87:5c:f9:04:17:65:1a:58:5d:92:ca:
                    7e:35:08:65:ec:13:27:11:cd:c3:4f:15:00:6c:69:
                    51:12:5d:ba:46:0c:50:78:58:62:8e:cc:80:b9:4e:
                    f2:ce:47:9d:b5:3f:12:d6:47:d8:79:8d:71:6c:2e:
                    c0:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CC:69:6A:CF:9A:2D:17:D8:58:D9:8D:EC:93:6A:67:D5:EA:E1:4C:05
            X509v3 Authority Key Identifier:
                keyid:26:D9:A1:6C:2F:A7:D4:C3:70:B5:32:52:14:BE:44:20:B6:11:F1:F9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JtmhbC-n1MNwtTJSFL5EILYR8fk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/c5fc54-74c2-4f3d-95c1-44023c3b784e/1/zGlqz5otF9hY2Y3sk2pn1erhTAU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/c5fc54-74c2-4f3d-95c1-44023c3b784e/1/JtmhbC-n1MNwtTJSFL5EILYR8fk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.225.96.0/24

    Signature Algorithm: sha256WithRSAEncryption
         61:58:a4:87:e7:84:65:2e:66:7c:d7:c7:0d:92:4c:52:3b:d1:
         c1:9b:5c:1f:ca:f0:00:14:46:90:fa:31:33:e4:ce:68:ae:a2:
         58:0a:0e:02:75:35:c3:2c:c4:ee:8f:c3:88:38:ff:67:25:1b:
         cb:ae:f7:73:e8:ae:41:b5:15:fa:c7:22:74:0d:fd:e7:47:55:
         36:1d:bc:40:10:46:e0:00:d6:dc:f6:b3:06:b2:07:ac:e1:ab:
         af:16:05:20:f9:51:37:f2:6d:df:a3:27:28:c6:61:10:b2:d7:
         77:8e:e3:5a:90:ff:e2:07:5a:96:d6:69:b4:0f:91:22:b7:ae:
         5e:19:40:5a:4a:da:55:0f:bb:5d:c7:d9:2e:bb:2b:6d:c0:a5:
         36:91:dc:e3:2a:70:ae:57:c3:9b:da:0a:e9:de:53:fc:ed:d4:
         e9:5e:de:34:9e:95:e4:9a:55:3e:ae:c5:d2:e5:f8:74:f0:f0:
         17:c1:9f:77:69:ea:73:45:3c:ce:ee:be:de:74:19:b9:3d:10:
         33:dd:d8:07:51:77:6b:8d:4f:13:31:36:68:43:9b:68:93:55:
         cb:7e:a1:36:c2:a7:49:d0:6b:ee:c1:ec:41:03:77:21:4d:8d:
         8c:b7:e8:3b:5a:f3:dc:62:83:a2:7d:fc:e3:d2:4b:13:d1:c0:
         76:02:be:32
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQoJfH3B1+1JsFTFR9fqvAhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI2ZDlhMTZjMmZhN2Q0YzM3MGI1MzI1MjE0YmU0NDIwYjYx
MWYxZjkwHhcNMjUwMTAyMTc1MjQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYzY5NmFjZjlhMmQxN2Q4NThkOThkZWM5MzZhNjdkNWVhZTE0YzA1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4pei2yimb9TjeTJyf7jxXbUDLxkd
vLQjksye3taIaAN7afhOEN8WYOZgmntvFLAXmYc5/nTWe+ipeNgaqLh789qTFolm
NNH3BxswVi8yfbikRJWg1e16R1gP/V0YD4dHwmN24g59NdmX2FZdwC+mLTKvlCY6
MjIOqhsr4ac/Wgku1TLS9LhQdSnpAiYx3Bq47WiUWakvmD7YlU/SJ0tWDX8j6V3X
nC44QI64YdNULFkeKjrYrhWfboMO1G2gPOYUSRQRQhrph1z5BBdlGlhdksp+NQhl
7BMnEc3DTxUAbGlREl26RgxQeFhijsyAuU7yzkedtT8S1kfYeY1xbC7AswIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMxpas+aLRfYWNmN7JNqZ9Xq4UwFMB8GA1UdIwQY
MBaAFCbZoWwvp9TDcLUyUhS+RCC2EfH5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSnRtaGJDLW4xTU53dFRKU0ZMNUVJTFlSOGZrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNS9jNWZjNTQtNzRjMi00ZjNkLTk1YzEt
NDQwMjNjM2I3ODRlLzEvekdscXo1b3RGOWhZMlkzc2sycG4xZXJoVEFVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNS9jNWZjNTQtNzRjMi00ZjNkLTk1YzEtNDQwMjNjM2I3ODRl
LzEvSnRtaGJDLW4xTU53dFRKU0ZMNUVJTFlSOGZrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAueFgMA0G
CSqGSIb3DQEBCwUAA4IBAQBhWKSH54RlLmZ818cNkkxSO9HBm1wfyvAAFEaQ+jEz
5M5orqJYCg4CdTXDLMTuj8OIOP9nJRvLrvdz6K5BtRX6xyJ0Df3nR1U2HbxAEEbg
ANbc9rMGsges4auvFgUg+VE38m3foycoxmEQstd3juNakP/iB1qW1mm0D5Eit65e
GUBaStpVD7tdx9kuuyttwKU2kdzjKnCuV8Ob2grp3lP87dTpXt40npXkmlU+rsXS
5fh08PAXwZ93aepzRTzO7r7edBm5PRAz3dgHUXdrjU8TMTZoQ5tok1XLfqE2wqdJ
0GvuwexBA3chTY2Mt+g7WvPcYoOiffzj0ksT0cB2Ar4y
-----END CERTIFICATE-----