Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cc/32f453-f797-4019-a086-74b6faa3c877/1/tzFD8X16hDfmCWt1Dl4XGdomYg8.roa
File:                     tzFD8X16hDfmCWt1Dl4XGdomYg8.roa (raw, json)
Hash identifier:          njuYkI0SwGGHpocv80e/q9DE78xBX5bJk4xkczhpvI8=
Subject key identifier:   B7:31:43:F1:7D:7A:84:37:E6:09:6B:75:0E:5E:17:19:DA:26:62:0F
Certificate issuer:       /CN=5a1829ad467b4e73ffe691ec146b56b36909f51a
Certificate serial:       019424B3C8A7852A58DA9B2C656728D96CDE
Authority key identifier: 5A:18:29:AD:46:7B:4E:73:FF:E6:91:EC:14:6B:56:B3:69:09:F5:1A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WhgprUZ7TnP_5pHsFGtWs2kJ9Ro.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cc/32f453-f797-4019-a086-74b6faa3c877/1/tzFD8X16hDfmCWt1Dl4XGdomYg8.roa
Signing time:             Thu 02 Jan 2025 01:49:09 +0000
ROA not before:           Thu 02 Jan 2025 01:49:09 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     206454
IP address blocks:        185.183.226.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cc/32f453-f797-4019-a086-74b6faa3c877/1/WhgprUZ7TnP_5pHsFGtWs2kJ9Ro.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cc/32f453-f797-4019-a086-74b6faa3c877/1/WhgprUZ7TnP_5pHsFGtWs2kJ9Ro.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WhgprUZ7TnP_5pHsFGtWs2kJ9Ro.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:b3:c8:a7:85:2a:58:da:9b:2c:65:67:28:d9:6c:de
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5a1829ad467b4e73ffe691ec146b56b36909f51a
        Validity
            Not Before: Jan  2 01:49:09 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b73143f17d7a8437e6096b750e5e1719da26620f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:dd:ef:7d:95:d1:4c:c6:62:97:14:fd:cb:a8:
                    00:7a:7e:2a:c4:11:44:f4:f3:b1:51:98:42:a8:91:
                    de:64:14:bc:4b:d2:70:9d:8b:d1:32:af:3f:5b:02:
                    4c:dc:57:f4:6f:cc:da:f7:1c:fa:9b:ec:6c:ed:0e:
                    a6:1f:2c:12:81:53:81:16:e9:72:91:a4:4b:ae:a7:
                    e1:f9:11:f6:66:76:c3:73:da:58:30:ca:35:46:2f:
                    99:8b:5d:f7:51:4d:34:9d:ff:bc:33:c2:a5:3d:09:
                    cf:f5:90:47:6a:d1:14:3c:22:c4:70:51:d0:63:6e:
                    08:4b:15:90:3c:1e:fe:ac:77:b3:01:62:08:3a:83:
                    49:e6:ce:cb:fe:ed:ab:7c:93:d2:13:c3:d2:1c:af:
                    79:4c:f9:c9:7a:8f:4d:e7:2a:56:a0:52:54:5a:4f:
                    eb:fb:31:62:c5:39:e8:51:92:a5:ac:58:11:d1:65:
                    ec:04:11:78:b1:41:e9:9c:dc:88:20:54:bf:67:0e:
                    8a:c6:bb:3f:78:ca:69:13:6e:50:0d:7c:8e:e9:73:
                    1d:5a:c6:ee:01:a3:d5:0b:90:11:e4:df:3c:61:ab:
                    d3:26:02:28:d3:4b:af:04:47:0e:42:51:47:59:2e:
                    34:a4:54:78:e4:e5:93:68:ff:ec:dd:2c:0e:cb:b8:
                    a6:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B7:31:43:F1:7D:7A:84:37:E6:09:6B:75:0E:5E:17:19:DA:26:62:0F
            X509v3 Authority Key Identifier:
                keyid:5A:18:29:AD:46:7B:4E:73:FF:E6:91:EC:14:6B:56:B3:69:09:F5:1A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WhgprUZ7TnP_5pHsFGtWs2kJ9Ro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cc/32f453-f797-4019-a086-74b6faa3c877/1/tzFD8X16hDfmCWt1Dl4XGdomYg8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cc/32f453-f797-4019-a086-74b6faa3c877/1/WhgprUZ7TnP_5pHsFGtWs2kJ9Ro.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.183.226.0/23

    Signature Algorithm: sha256WithRSAEncryption
         75:13:91:d3:d3:e1:29:08:05:e3:af:5c:00:f9:59:43:45:e5:
         7f:1e:65:df:d5:3c:73:27:b3:ee:2d:f0:05:bd:43:c4:f8:a1:
         dd:72:9d:4e:1d:6c:16:82:64:30:71:13:ba:da:cf:b7:24:d5:
         c8:ad:0d:71:52:4a:5e:43:60:fa:05:9d:28:9d:0b:bd:fd:e4:
         4e:19:fe:e5:e9:13:47:2c:c5:d3:c4:83:da:aa:1d:08:96:ad:
         c4:a9:79:e0:f3:15:a1:12:79:cf:e5:e0:ea:d0:5f:39:52:2c:
         e0:e5:a2:2f:98:21:f0:c3:05:97:01:c0:e4:59:49:3e:39:bf:
         0e:bc:13:c9:40:b6:af:65:83:0a:e0:9d:53:d5:6b:bb:7d:81:
         75:16:5f:d6:9e:ee:99:79:de:4f:33:1f:aa:43:39:8e:dd:26:
         ff:df:cb:cc:77:74:41:4e:a7:30:4a:8d:96:25:72:6a:c9:b5:
         60:3d:94:6a:79:18:37:03:e1:8e:3d:91:9f:94:a4:59:af:0b:
         55:f8:77:d6:16:0a:ba:5d:05:5a:38:a0:4b:02:01:8a:e1:92:
         e8:f3:71:77:47:98:33:59:46:37:ed:5f:63:76:ec:e6:fe:db:
         3e:9d:cc:ab:56:e5:74:66:62:f9:ed:32:80:e0:ce:6f:c1:35:
         ac:ef:1a:66
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQks8inhSpY2pssZWco2WzeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVhMTgyOWFkNDY3YjRlNzNmZmU2OTFlYzE0NmI1NmIzNjkw
OWY1MWEwHhcNMjUwMTAyMDE0OTA5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNzMxNDNmMTdkN2E4NDM3ZTYwOTZiNzUwZTVlMTcxOWRhMjY2MjBmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkt3vfZXRTMZilxT9y6gAen4qxBFE
9POxUZhCqJHeZBS8S9JwnYvRMq8/WwJM3Ff0b8za9xz6m+xs7Q6mHywSgVOBFuly
kaRLrqfh+RH2ZnbDc9pYMMo1Ri+Zi133UU00nf+8M8KlPQnP9ZBHatEUPCLEcFHQ
Y24ISxWQPB7+rHezAWIIOoNJ5s7L/u2rfJPSE8PSHK95TPnJeo9N5ypWoFJUWk/r
+zFixTnoUZKlrFgR0WXsBBF4sUHpnNyIIFS/Zw6Kxrs/eMppE25QDXyO6XMdWsbu
AaPVC5AR5N88YavTJgIo00uvBEcOQlFHWS40pFR45OWTaP/s3SwOy7im6wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLcxQ/F9eoQ35glrdQ5eFxnaJmIPMB8GA1UdIwQY
MBaAFFoYKa1Ge05z/+aR7BRrVrNpCfUaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV2hncHJVWjdUblBfNXBIc0ZHdFdzMmtKOVJvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYy8zMmY0NTMtZjc5Ny00MDE5LWEwODYt
NzRiNmZhYTNjODc3LzEvdHpGRDhYMTZoRGZtQ1d0MURsNFhHZG9tWWc4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYy8zMmY0NTMtZjc5Ny00MDE5LWEwODYtNzRiNmZhYTNjODc3
LzEvV2hncHJVWjdUblBfNXBIc0ZHdFdzMmtKOVJvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBubfiMA0G
CSqGSIb3DQEBCwUAA4IBAQB1E5HT0+EpCAXjr1wA+VlDReV/HmXf1TxzJ7PuLfAF
vUPE+KHdcp1OHWwWgmQwcRO62s+3JNXIrQ1xUkpeQ2D6BZ0onQu9/eROGf7l6RNH
LMXTxIPaqh0Ilq3EqXng8xWhEnnP5eDq0F85Uizg5aIvmCHwwwWXAcDkWUk+Ob8O
vBPJQLavZYMK4J1T1Wu7fYF1Fl/Wnu6Zed5PMx+qQzmO3Sb/38vMd3RBTqcwSo2W
JXJqybVgPZRqeRg3A+GOPZGflKRZrwtV+HfWFgq6XQVaOKBLAgGK4ZLo83F3R5gz
WUY37V9jduzm/ts+ncyrVuV0ZmL57TKA4M5vwTWs7xpm
-----END CERTIFICATE-----