Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/5S3qhOkDp7ceWG5OIntgZmxN96E.roa
File:                     5S3qhOkDp7ceWG5OIntgZmxN96E.roa (raw, json)
Hash identifier:          drLVLEJNLFnIAij/HtL8rmpqo1+Pnky2+2hDR9sMlAs=
Subject key identifier:   E5:2D:EA:84:E9:03:A7:B7:1E:58:6E:4E:22:7B:60:66:6C:4D:F7:A1
Certificate issuer:       /CN=6c8fd1a8ae5996c1e5692c1a8c42bfe9c3ba5745
Certificate serial:       0194236A4F98E62516D5C2082C34D9389316
Authority key identifier: 6C:8F:D1:A8:AE:59:96:C1:E5:69:2C:1A:8C:42:BF:E9:C3:BA:57:45
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bI_RqK5ZlsHlaSwajEK_6cO6V0U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/5S3qhOkDp7ceWG5OIntgZmxN96E.roa
Signing time:             Wed 01 Jan 2025 19:49:17 +0000
ROA not before:           Wed 01 Jan 2025 19:49:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     207803
IP address blocks:        185.224.145.0/24 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/bI_RqK5ZlsHlaSwajEK_6cO6V0U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/bI_RqK5ZlsHlaSwajEK_6cO6V0U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bI_RqK5ZlsHlaSwajEK_6cO6V0U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 06:01:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:6a:4f:98:e6:25:16:d5:c2:08:2c:34:d9:38:93:16
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6c8fd1a8ae5996c1e5692c1a8c42bfe9c3ba5745
        Validity
            Not Before: Jan  1 19:49:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e52dea84e903a7b71e586e4e227b60666c4df7a1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:3f:ab:c3:cc:39:ae:c4:9f:c3:3a:e8:bc:fb:
                    b9:15:6a:1c:3a:ab:5d:96:bb:75:78:11:2c:20:5d:
                    66:a0:07:6d:4d:5a:0f:07:6b:c4:ca:b1:c5:9e:4c:
                    10:84:b4:b8:1f:ea:6c:ce:7d:69:55:1e:e2:a2:4c:
                    e5:af:a5:a8:6f:4c:ec:5b:47:cf:c7:70:4e:e8:58:
                    03:4f:e7:0b:6c:e6:9f:b2:99:7d:0b:d3:64:ce:ea:
                    57:b0:46:da:c0:aa:22:d7:de:55:7a:b4:82:d4:c7:
                    f7:c3:03:33:91:9d:e4:b4:d9:80:52:ca:8e:9f:c3:
                    ef:eb:ae:2d:32:76:a8:53:3c:b9:a8:18:3f:c9:8b:
                    62:39:96:08:a5:f0:91:c0:c3:45:63:36:20:83:6d:
                    97:9a:f2:9e:0f:ca:20:2a:c3:b9:ac:b2:bd:e8:b9:
                    26:e3:e6:87:1c:31:9c:4d:35:bb:5d:c6:7d:f1:52:
                    51:85:dc:cf:9d:5d:54:fe:ea:63:59:4f:c1:ae:31:
                    1b:d8:b3:a8:93:04:b1:7c:3c:42:c5:21:e1:37:42:
                    63:3f:3e:96:9a:84:03:f0:8b:bc:1b:fd:30:08:29:
                    ee:ba:51:98:c4:ce:de:2a:aa:e7:50:f9:35:b8:87:
                    67:ae:3b:aa:c1:1b:f8:ff:08:0c:f3:23:cd:b9:0f:
                    5a:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E5:2D:EA:84:E9:03:A7:B7:1E:58:6E:4E:22:7B:60:66:6C:4D:F7:A1
            X509v3 Authority Key Identifier:
                keyid:6C:8F:D1:A8:AE:59:96:C1:E5:69:2C:1A:8C:42:BF:E9:C3:BA:57:45

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bI_RqK5ZlsHlaSwajEK_6cO6V0U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/5S3qhOkDp7ceWG5OIntgZmxN96E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/bI_RqK5ZlsHlaSwajEK_6cO6V0U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.224.145.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c8:0e:c2:86:83:53:c0:89:a7:34:58:72:be:b7:6e:d3:ae:a4:
         72:e1:d3:ef:0f:2c:2e:fb:2a:cd:6a:19:02:ba:69:0d:c5:40:
         d4:d1:22:b7:d0:81:24:7f:a8:73:b7:99:c7:26:bf:72:48:3c:
         36:4a:b9:1c:69:ce:86:27:fa:07:dd:5d:f6:7b:bb:5f:fe:8e:
         fd:e2:22:6b:32:dd:58:63:1f:87:94:27:6d:83:78:ed:07:0a:
         b6:2b:ed:ce:fe:96:4a:ae:e5:bd:71:0a:a9:71:9f:3a:b3:7e:
         f7:41:41:db:75:75:ae:04:be:fd:2d:2a:15:57:eb:de:e3:57:
         e4:bd:e1:34:8d:6f:f5:2c:fc:99:92:26:66:45:b3:fe:50:ff:
         84:07:e6:3e:9c:7c:e7:2f:c3:65:02:17:dc:03:37:ff:66:86:
         e6:6b:1b:cc:77:af:95:56:ad:8e:91:93:c7:68:94:a6:ed:2d:
         9c:69:43:68:ec:08:53:f6:0c:10:3f:b8:9f:7d:59:6f:05:1a:
         c9:6a:54:1a:88:d8:81:e5:0f:12:5d:6f:20:fb:1d:64:c8:a5:
         3e:5d:48:bf:d7:4e:cc:da:1c:6d:d0:ce:bd:81:17:7a:c2:a0:
         0f:b1:99:64:2b:e8:61:14:48:b6:52:6f:de:72:31:10:35:87:
         db:e3:40:c6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQjak+Y5iUW1cIILDTZOJMWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZjOGZkMWE4YWU1OTk2YzFlNTY5MmMxYThjNDJiZmU5YzNi
YTU3NDUwHhcNMjUwMTAxMTk0OTE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNTJkZWE4NGU5MDNhN2I3MWU1ODZlNGUyMjdiNjA2NjZjNGRmN2ExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuz+rw8w5rsSfwzrovPu5FWocOqtd
lrt1eBEsIF1moAdtTVoPB2vEyrHFnkwQhLS4H+pszn1pVR7iokzlr6Wob0zsW0fP
x3BO6FgDT+cLbOafspl9C9NkzupXsEbawKoi195VerSC1Mf3wwMzkZ3ktNmAUsqO
n8Pv664tMnaoUzy5qBg/yYtiOZYIpfCRwMNFYzYgg22XmvKeD8ogKsO5rLK96Lkm
4+aHHDGcTTW7XcZ98VJRhdzPnV1U/upjWU/BrjEb2LOokwSxfDxCxSHhN0JjPz6W
moQD8Iu8G/0wCCnuulGYxM7eKqrnUPk1uIdnrjuqwRv4/wgM8yPNuQ9aNwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOUt6oTpA6e3HlhuTiJ7YGZsTfehMB8GA1UdIwQY
MBaAFGyP0aiuWZbB5WksGoxCv+nDuldFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYklfUnFLNVpsc0hsYVN3YWpFS182Y082VjBVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC80OTI1OTAtYTAyZi00NDNlLWFhYTMt
ZmVhYzI2ZWFlY2MyLzEvNVMzcWhPa0RwN2NlV0c1T0ludGdabXhOOTZFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC80OTI1OTAtYTAyZi00NDNlLWFhYTMtZmVhYzI2ZWFlY2My
LzEvYklfUnFLNVpsc0hsYVN3YWpFS182Y082VjBVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAueCRMA0G
CSqGSIb3DQEBCwUAA4IBAQDIDsKGg1PAiac0WHK+t27TrqRy4dPvDywu+yrNahkC
umkNxUDU0SK30IEkf6hzt5nHJr9ySDw2Srkcac6GJ/oH3V32e7tf/o794iJrMt1Y
Yx+HlCdtg3jtBwq2K+3O/pZKruW9cQqpcZ86s373QUHbdXWuBL79LSoVV+ve41fk
veE0jW/1LPyZkiZmRbP+UP+EB+Y+nHznL8NlAhfcAzf/ZobmaxvMd6+VVq2OkZPH
aJSm7S2caUNo7AhT9gwQP7iffVlvBRrJalQaiNiB5Q8SXW8g+x1kyKU+XUi/107M
2hxt0M69gRd6wqAPsZlkK+hhFEi2Um/ecjEQNYfb40DG
-----END CERTIFICATE-----