Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/fpI7JZd6PQQxnCtGxyzHdJCkwUg.roa
File:                     fpI7JZd6PQQxnCtGxyzHdJCkwUg.roa (raw, json)
Hash identifier:          VHLJAZltj+25jSpcIwi7Tibcz/Mv1PSnsaysJuu57o0=
Subject key identifier:   7E:92:3B:25:97:7A:3D:04:31:9C:2B:46:C7:2C:C7:74:90:A4:C1:48
Certificate issuer:       /CN=c35eac64ea4802e6824686f7c0d201f2c85cb2aa
Certificate serial:       01944A64C1B2538064547F161C9C34E73C5A
Authority key identifier: C3:5E:AC:64:EA:48:02:E6:82:46:86:F7:C0:D2:01:F2:C8:5C:B2:AA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/w16sZOpIAuaCRob3wNIB8shcsqo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/fpI7JZd6PQQxnCtGxyzHdJCkwUg.roa
Signing time:             Thu 09 Jan 2025 09:28:24 +0000
ROA not before:           Thu 09 Jan 2025 09:28:24 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     205331
IP address blocks:        5.104.183.0/24 maxlen: 24
                          91.191.216.0/23 maxlen: 24
                          185.232.158.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/w16sZOpIAuaCRob3wNIB8shcsqo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/w16sZOpIAuaCRob3wNIB8shcsqo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/w16sZOpIAuaCRob3wNIB8shcsqo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 05:01:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:4a:64:c1:b2:53:80:64:54:7f:16:1c:9c:34:e7:3c:5a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c35eac64ea4802e6824686f7c0d201f2c85cb2aa
        Validity
            Not Before: Jan  9 09:28:24 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=7e923b25977a3d04319c2b46c72cc77490a4c148
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:ec:34:4b:dd:f1:c6:49:f6:fd:1f:d0:b9:df:
                    19:1e:c2:25:44:29:c1:de:35:6e:9d:05:64:eb:17:
                    fb:af:cd:69:8d:31:58:66:64:f5:e2:9f:a8:aa:01:
                    92:05:33:bb:7b:47:0b:22:ee:ba:66:78:9e:0f:be:
                    e2:4f:83:2b:a0:c1:05:ca:48:62:a5:f1:91:f4:36:
                    3a:f0:ec:bb:b1:01:7e:e3:ea:02:21:03:42:ed:6f:
                    3e:3e:e6:f1:ae:1e:a6:6f:c0:af:e4:39:27:e6:80:
                    f9:43:8d:5b:4f:65:20:d4:ae:14:4d:88:61:0b:5b:
                    ef:17:16:76:8a:49:69:e6:98:49:0a:8c:a8:bc:93:
                    5a:07:29:dd:03:20:b4:e4:75:e1:0b:7c:73:8f:a4:
                    55:4a:d5:94:9e:4e:d2:2b:cf:3b:db:a6:24:de:7f:
                    ee:46:2f:de:6c:74:3a:84:32:c1:8b:ab:64:6c:c9:
                    4b:b9:47:f7:56:33:41:e0:b2:c7:27:6d:99:c0:44:
                    25:d5:1f:19:63:c7:3c:fb:d7:5f:f9:e5:d2:52:2a:
                    a6:c0:8c:5d:04:d6:5d:ee:1b:20:37:43:1e:12:b8:
                    ea:d8:8e:f6:52:f7:2c:2e:d5:69:6a:c9:c7:5c:5f:
                    11:86:93:68:91:d8:df:cb:6d:1b:cc:de:33:15:b6:
                    51:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7E:92:3B:25:97:7A:3D:04:31:9C:2B:46:C7:2C:C7:74:90:A4:C1:48
            X509v3 Authority Key Identifier:
                keyid:C3:5E:AC:64:EA:48:02:E6:82:46:86:F7:C0:D2:01:F2:C8:5C:B2:AA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/w16sZOpIAuaCRob3wNIB8shcsqo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/fpI7JZd6PQQxnCtGxyzHdJCkwUg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/w16sZOpIAuaCRob3wNIB8shcsqo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.104.183.0/24
                  91.191.216.0/23
                  185.232.158.0/23

    Signature Algorithm: sha256WithRSAEncryption
         00:23:06:e0:b4:2f:51:b4:74:08:a1:e8:66:df:d2:36:93:00:
         fa:b1:fd:ab:08:d4:76:ba:d2:ba:70:71:db:68:ae:af:75:e1:
         6a:4b:1d:a6:d5:51:94:7b:a3:49:84:fd:9c:6b:49:9a:ff:2c:
         b9:a4:67:85:32:5b:6a:f1:1f:e1:42:5e:69:1d:44:b5:58:02:
         54:0b:3c:a1:3f:03:cb:8b:19:6c:b3:e3:03:96:4f:25:1a:2d:
         68:61:1b:0b:9b:40:8c:fc:12:f1:52:b3:3e:dc:34:3a:32:72:
         3a:41:c1:87:0a:a0:87:36:62:45:43:bf:fa:70:5d:8a:54:7e:
         47:e8:06:f8:97:5d:9a:8c:8b:2d:cd:60:4b:2f:30:0c:19:19:
         e1:b6:39:2a:ef:2a:e7:c8:ff:ce:9f:15:30:f2:2c:6e:d4:22:
         c1:b2:40:74:d2:3b:98:af:14:9c:f7:68:8f:c7:b1:9a:7e:37:
         80:85:62:b2:34:12:ec:8d:45:ed:26:d5:03:f1:c5:b8:d4:68:
         35:fa:c5:dc:0c:03:e0:e0:6c:41:bc:65:fe:87:a3:e6:6b:4a:
         3d:25:7a:e3:45:97:1f:55:64:ef:d8:55:ef:50:54:91:3a:47:
         88:da:bb:92:19:be:d4:4c:88:69:0c:69:a0:21:78:88:3e:24:
         fc:8d:41:7d
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZRKZMGyU4BkVH8WHJw05zxaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMzNWVhYzY0ZWE0ODAyZTY4MjQ2ODZmN2MwZDIwMWYyYzg1
Y2IyYWEwHhcNMjUwMTA5MDkyODI0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZTkyM2IyNTk3N2EzZDA0MzE5YzJiNDZjNzJjYzc3NDkwYTRjMTQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs+w0S93xxkn2/R/Qud8ZHsIlRCnB
3jVunQVk6xf7r81pjTFYZmT14p+oqgGSBTO7e0cLIu66ZnieD77iT4MroMEFykhi
pfGR9DY68Oy7sQF+4+oCIQNC7W8+Pubxrh6mb8Cv5Dkn5oD5Q41bT2Ug1K4UTYhh
C1vvFxZ2iklp5phJCoyovJNaByndAyC05HXhC3xzj6RVStWUnk7SK88726Yk3n/u
Ri/ebHQ6hDLBi6tkbMlLuUf3VjNB4LLHJ22ZwEQl1R8ZY8c8+9df+eXSUiqmwIxd
BNZd7hsgN0MeErjq2I72UvcsLtVpasnHXF8RhpNokdjfy20bzN4zFbZRLQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFH6SOyWXej0EMZwrRscsx3SQpMFIMB8GA1UdIwQY
MBaAFMNerGTqSALmgkaG98DSAfLIXLKqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdzE2c1pPcElBdWFDUm9iM3dOSUI4c2hjc3FvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMy9jY2RkOGItNzcyMC00ZGUwLThjNDMt
ZGFjYjVmMzU2ZWEzLzEvZnBJN0paZDZQUVF4bkN0R3h5ekhkSkNrd1VnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMy9jY2RkOGItNzcyMC00ZGUwLThjNDMtZGFjYjVmMzU2ZWEz
LzEvdzE2c1pPcElBdWFDUm9iM3dOSUI4c2hjc3FvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQABWi3AwQB
W7/YAwQBueieMA0GCSqGSIb3DQEBCwUAA4IBAQAAIwbgtC9RtHQIoehm39I2kwD6
sf2rCNR2utK6cHHbaK6vdeFqSx2m1VGUe6NJhP2ca0ma/yy5pGeFMltq8R/hQl5p
HUS1WAJUCzyhPwPLixlss+MDlk8lGi1oYRsLm0CM/BLxUrM+3DQ6MnI6QcGHCqCH
NmJFQ7/6cF2KVH5H6Ab4l12ajIstzWBLLzAMGRnhtjkq7yrnyP/OnxUw8ixu1CLB
skB00juYrxSc92iPx7GafjeAhWKyNBLsjUXtJtUD8cW41Gg1+sXcDAPg4GxBvGX+
h6Pma0o9JXrjRZcfVWTv2FXvUFSROkeI2ruSGb7UTIhpDGmgIXiIPiT8jUF9
-----END CERTIFICATE-----