Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c6/536fde-a02d-48f5-a75d-fa2fb94da1a2/1/hC0t1cqhdoh6iyJ3cpDGc1N-nWg.roa
File:                     hC0t1cqhdoh6iyJ3cpDGc1N-nWg.roa (raw, json)
Hash identifier:          PxIEeNMR+krZxWibCKKwK2CkVaApOYKXyBnr/5vAmac=
Subject key identifier:   84:2D:2D:D5:CA:A1:76:88:7A:8B:22:77:72:90:C6:73:53:7E:9D:68
Certificate issuer:       /CN=5d6953db48404b0c66a15f0da6efa7fac0a9369e
Certificate serial:       019426D933606B7737F56CDB00E645F7348F
Authority key identifier: 5D:69:53:DB:48:40:4B:0C:66:A1:5F:0D:A6:EF:A7:FA:C0:A9:36:9E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XWlT20hASwxmoV8Npu-n-sCpNp4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c6/536fde-a02d-48f5-a75d-fa2fb94da1a2/1/hC0t1cqhdoh6iyJ3cpDGc1N-nWg.roa
Signing time:             Thu 02 Jan 2025 11:49:16 +0000
ROA not before:           Thu 02 Jan 2025 11:49:16 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     200818
IP address blocks:        185.95.52.0/22 maxlen: 22
                          185.95.52.0/24 maxlen: 24
                          185.95.53.0/24 maxlen: 24
                          185.95.54.0/24 maxlen: 24
                          185.95.55.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c6/536fde-a02d-48f5-a75d-fa2fb94da1a2/1/XWlT20hASwxmoV8Npu-n-sCpNp4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c6/536fde-a02d-48f5-a75d-fa2fb94da1a2/1/XWlT20hASwxmoV8Npu-n-sCpNp4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XWlT20hASwxmoV8Npu-n-sCpNp4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:d9:33:60:6b:77:37:f5:6c:db:00:e6:45:f7:34:8f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5d6953db48404b0c66a15f0da6efa7fac0a9369e
        Validity
            Not Before: Jan  2 11:49:16 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=842d2dd5caa176887a8b22777290c673537e9d68
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:ed:8b:23:9a:5c:2b:d0:17:96:48:0d:b7:38:
                    21:e5:b2:db:4e:44:a0:3b:a5:1c:1a:ef:ac:63:99:
                    93:20:e3:7e:b1:46:69:28:39:b0:35:8b:86:fe:ff:
                    f0:03:60:5f:35:94:8c:2f:04:f7:73:99:ea:ed:fb:
                    fb:d0:1f:a8:5b:35:c7:27:a2:4c:a0:c9:94:79:46:
                    0c:65:70:b6:7b:89:4e:8e:bd:f7:36:9e:5a:12:e0:
                    b4:f0:11:19:64:d8:87:53:8c:11:fd:f8:9e:ae:90:
                    29:10:7c:4d:b4:0f:c1:93:71:c9:f8:04:06:2b:89:
                    59:b5:c4:69:5d:32:82:de:ec:18:2b:06:11:c2:da:
                    9e:58:8b:71:ae:19:8c:5b:96:af:97:4a:f0:c1:3e:
                    be:ab:2a:fc:80:e7:12:76:f7:89:dd:ed:40:26:60:
                    4c:46:9d:b4:80:56:85:7a:fd:b4:14:bc:9a:d2:b5:
                    ee:26:17:c4:61:82:d1:b4:b4:cb:6b:b1:50:16:c0:
                    eb:7e:85:2b:2e:e1:d7:31:ff:8e:de:91:4f:c9:d0:
                    11:8c:40:e3:1a:27:65:c5:1b:8e:bd:c8:58:36:50:
                    ab:7a:bf:1a:48:20:c7:2b:1e:27:02:26:89:5a:5a:
                    4d:45:03:86:d5:1f:ec:9f:d2:7a:74:82:e6:a7:fe:
                    00:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                84:2D:2D:D5:CA:A1:76:88:7A:8B:22:77:72:90:C6:73:53:7E:9D:68
            X509v3 Authority Key Identifier:
                keyid:5D:69:53:DB:48:40:4B:0C:66:A1:5F:0D:A6:EF:A7:FA:C0:A9:36:9E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XWlT20hASwxmoV8Npu-n-sCpNp4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c6/536fde-a02d-48f5-a75d-fa2fb94da1a2/1/hC0t1cqhdoh6iyJ3cpDGc1N-nWg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c6/536fde-a02d-48f5-a75d-fa2fb94da1a2/1/XWlT20hASwxmoV8Npu-n-sCpNp4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.95.52.0/22

    Signature Algorithm: sha256WithRSAEncryption
         0d:e8:e9:87:49:48:11:72:58:f1:2e:76:4f:83:3c:19:d7:ce:
         d5:35:40:69:37:6c:c5:43:80:8e:cc:51:d0:cd:2f:c4:f2:49:
         35:88:28:23:4f:2b:4e:6a:12:5e:8f:2d:6c:25:45:d0:ec:d2:
         04:ce:76:57:31:7a:e5:73:9c:bf:93:84:04:cb:fe:ae:ff:4c:
         40:d3:5b:24:b6:d3:79:cd:c6:4b:1b:29:2a:91:d1:d8:6f:f1:
         cf:7c:fc:03:88:83:29:2b:de:be:ad:9a:03:84:56:d2:8c:d8:
         e1:a6:7d:fe:d0:eb:d8:ec:44:b6:ed:ea:23:a8:d5:03:b4:de:
         99:19:bb:65:de:cc:24:b4:75:07:17:d9:9b:f9:17:31:ee:d0:
         b8:2d:06:27:03:73:f0:07:fd:29:83:81:06:18:5e:5c:31:9b:
         e7:d6:fc:ed:19:76:b8:4b:e8:09:6e:f2:eb:c8:9c:ce:a7:71:
         07:22:ae:29:4c:28:a9:de:3f:ac:f9:d7:14:e6:b8:9c:01:2d:
         a6:0c:74:38:51:41:67:59:32:90:1c:50:4c:91:11:00:4e:d4:
         b0:0f:c5:2f:b0:99:aa:2a:6b:4b:82:de:24:6b:48:f9:fa:56:
         0f:91:0e:7c:23:38:23:42:7c:c9:6a:5b:60:60:81:9d:21:40:
         55:85:5b:22
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQm2TNga3c39WzbAOZF9zSPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVkNjk1M2RiNDg0MDRiMGM2NmExNWYwZGE2ZWZhN2ZhYzBh
OTM2OWUwHhcNMjUwMTAyMTE0OTE2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NDJkMmRkNWNhYTE3Njg4N2E4YjIyNzc3MjkwYzY3MzUzN2U5ZDY4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzO2LI5pcK9AXlkgNtzgh5bLbTkSg
O6UcGu+sY5mTION+sUZpKDmwNYuG/v/wA2BfNZSMLwT3c5nq7fv70B+oWzXHJ6JM
oMmUeUYMZXC2e4lOjr33Np5aEuC08BEZZNiHU4wR/fierpApEHxNtA/Bk3HJ+AQG
K4lZtcRpXTKC3uwYKwYRwtqeWItxrhmMW5avl0rwwT6+qyr8gOcSdveJ3e1AJmBM
Rp20gFaFev20FLya0rXuJhfEYYLRtLTLa7FQFsDrfoUrLuHXMf+O3pFPydARjEDj
GidlxRuOvchYNlCrer8aSCDHKx4nAiaJWlpNRQOG1R/sn9J6dILmp/4A+QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIQtLdXKoXaIeosid3KQxnNTfp1oMB8GA1UdIwQY
MBaAFF1pU9tIQEsMZqFfDabvp/rAqTaeMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWFdsVDIwaEFTd3htb1Y4TnB1LW4tc0NwTnA0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNi81MzZmZGUtYTAyZC00OGY1LWE3NWQt
ZmEyZmI5NGRhMWEyLzEvaEMwdDFjcWhkb2g2aXlKM2NwREdjMU4tbldnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNi81MzZmZGUtYTAyZC00OGY1LWE3NWQtZmEyZmI5NGRhMWEy
LzEvWFdsVDIwaEFTd3htb1Y4TnB1LW4tc0NwTnA0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuV80MA0G
CSqGSIb3DQEBCwUAA4IBAQAN6OmHSUgRcljxLnZPgzwZ187VNUBpN2zFQ4COzFHQ
zS/E8kk1iCgjTytOahJejy1sJUXQ7NIEznZXMXrlc5y/k4QEy/6u/0xA01skttN5
zcZLGykqkdHYb/HPfPwDiIMpK96+rZoDhFbSjNjhpn3+0OvY7ES27eojqNUDtN6Z
Gbtl3swktHUHF9mb+Rcx7tC4LQYnA3PwB/0pg4EGGF5cMZvn1vztGXa4S+gJbvLr
yJzOp3EHIq4pTCip3j+s+dcU5ricAS2mDHQ4UUFnWTKQHFBMkREATtSwD8UvsJmq
KmtLgt4ka0j5+lYPkQ58IzgjQnzJaltgYIGdIUBVhVsi
-----END CERTIFICATE-----