Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/601d6f-b31a-492e-8ef0-52bccb06af3c/1/9QUsRCAhmLwTzTZMFA3QwgGkN-o.roa
File:                     9QUsRCAhmLwTzTZMFA3QwgGkN-o.roa (raw, json)
Hash identifier:          BYkBRt5u6iYa0bSjaJlYJJH3gyP0JFZinNO6dVWDgNQ=
Subject key identifier:   F5:05:2C:44:20:21:98:BC:13:CD:36:4C:14:0D:D0:C2:01:A4:37:EA
Certificate issuer:       /CN=5a8d389278485edd50d32cf5ca84ce2728c08cc6
Certificate serial:       019423698B4477FE6AF9D8DA85C7FFBA05F9
Authority key identifier: 5A:8D:38:92:78:48:5E:DD:50:D3:2C:F5:CA:84:CE:27:28:C0:8C:C6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Wo04knhIXt1Q0yz1yoTOJyjAjMY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dd/601d6f-b31a-492e-8ef0-52bccb06af3c/1/9QUsRCAhmLwTzTZMFA3QwgGkN-o.roa
Signing time:             Wed 01 Jan 2025 19:48:26 +0000
ROA not before:           Wed 01 Jan 2025 19:48:26 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     60516
IP address blocks:        185.30.4.0/22 maxlen: 22
                          185.30.4.0/23 maxlen: 23
                          185.30.6.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dd/601d6f-b31a-492e-8ef0-52bccb06af3c/1/Wo04knhIXt1Q0yz1yoTOJyjAjMY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dd/601d6f-b31a-492e-8ef0-52bccb06af3c/1/Wo04knhIXt1Q0yz1yoTOJyjAjMY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Wo04knhIXt1Q0yz1yoTOJyjAjMY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:69:8b:44:77:fe:6a:f9:d8:da:85:c7:ff:ba:05:f9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5a8d389278485edd50d32cf5ca84ce2728c08cc6
        Validity
            Not Before: Jan  1 19:48:26 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f5052c44202198bc13cd364c140dd0c201a437ea
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:eb:1c:cf:13:b3:64:f8:7c:e9:51:79:8b:9a:
                    86:31:d6:e3:0d:ef:de:51:31:55:97:9e:4e:f8:46:
                    28:da:2b:37:73:38:26:3a:ce:d3:28:2a:32:73:23:
                    75:d4:40:af:77:13:46:a8:e9:97:9f:27:d3:0a:cf:
                    2f:74:4c:73:98:f5:1f:43:a2:57:0d:5c:23:89:f6:
                    67:dc:b9:39:34:56:61:28:14:54:b7:c2:7a:a6:07:
                    e2:5f:da:70:f1:5f:e9:0d:1f:0e:5b:bd:10:12:b6:
                    d9:32:26:86:47:6f:ff:2d:0b:92:30:c7:ae:e2:b1:
                    11:3e:62:0b:ff:eb:25:0b:0b:f0:5b:52:05:0c:b3:
                    5e:45:b5:26:47:f3:f0:ec:e6:25:3d:9c:cf:74:d6:
                    ae:dc:30:90:f0:af:09:70:84:1e:71:38:1b:9d:24:
                    93:64:88:10:6b:0f:2b:91:30:96:0b:f2:f9:59:0b:
                    82:1c:6c:3b:21:6d:5b:1c:e8:24:6f:27:c4:27:32:
                    8a:63:7c:dc:db:6e:51:69:8f:83:43:d8:69:c2:c9:
                    e3:ab:63:59:0d:36:f6:b7:33:27:ba:ab:11:a8:61:
                    09:be:44:4f:aa:38:fd:d3:e7:b0:b6:72:55:8a:88:
                    fe:20:0f:cb:9c:d1:1e:1d:67:7a:22:0a:aa:35:0e:
                    ab:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F5:05:2C:44:20:21:98:BC:13:CD:36:4C:14:0D:D0:C2:01:A4:37:EA
            X509v3 Authority Key Identifier:
                keyid:5A:8D:38:92:78:48:5E:DD:50:D3:2C:F5:CA:84:CE:27:28:C0:8C:C6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Wo04knhIXt1Q0yz1yoTOJyjAjMY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/601d6f-b31a-492e-8ef0-52bccb06af3c/1/9QUsRCAhmLwTzTZMFA3QwgGkN-o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/601d6f-b31a-492e-8ef0-52bccb06af3c/1/Wo04knhIXt1Q0yz1yoTOJyjAjMY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.30.4.0/22

    Signature Algorithm: sha256WithRSAEncryption
         62:10:0e:ac:55:22:6c:a6:b9:20:40:e4:a0:a3:c9:a8:6b:84:
         82:a8:90:f5:18:af:ba:ff:b2:4c:d1:21:b3:f0:c5:47:25:c8:
         3f:3f:52:c3:7f:35:35:2e:78:a5:ca:f5:14:1d:1d:20:1d:fd:
         71:2e:53:7a:73:d4:91:27:c6:13:4a:de:4e:ae:a8:de:97:df:
         65:b6:8f:1c:83:97:f7:2f:e9:d3:98:ec:2e:6d:fe:c5:2a:f3:
         92:ec:f3:b7:09:1b:1f:13:07:74:60:16:9e:39:db:d5:a9:43:
         01:06:23:b7:bd:09:ce:f9:be:c4:fe:3a:bb:21:42:bc:16:7b:
         52:c9:77:66:7e:f3:b4:1f:f4:ea:e8:2b:9f:d4:34:21:77:3e:
         52:bb:60:25:3e:96:07:f7:b4:61:e6:d0:24:47:9b:ec:2e:fa:
         c5:6d:e9:5d:2e:2f:a8:a6:23:e1:7f:5d:15:5b:c8:96:17:a4:
         66:c8:30:3b:ac:fa:25:20:ed:47:ef:5c:52:ba:f3:99:e9:9f:
         1b:4b:9e:21:65:4a:29:3b:c7:ef:1f:81:75:da:27:9d:c9:5c:
         f3:d4:eb:84:3b:34:6e:67:aa:63:6c:65:cf:51:26:c6:af:28:
         56:61:4f:ff:d8:18:46:70:ab:3a:11:f2:5c:82:63:91:64:b7:
         a5:af:08:72
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQjaYtEd/5q+djahcf/ugX5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVhOGQzODkyNzg0ODVlZGQ1MGQzMmNmNWNhODRjZTI3Mjhj
MDhjYzYwHhcNMjUwMTAxMTk0ODI2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNTA1MmM0NDIwMjE5OGJjMTNjZDM2NGMxNDBkZDBjMjAxYTQzN2VhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApOsczxOzZPh86VF5i5qGMdbjDe/e
UTFVl55O+EYo2is3czgmOs7TKCoycyN11ECvdxNGqOmXnyfTCs8vdExzmPUfQ6JX
DVwjifZn3Lk5NFZhKBRUt8J6pgfiX9pw8V/pDR8OW70QErbZMiaGR2//LQuSMMeu
4rERPmIL/+slCwvwW1IFDLNeRbUmR/Pw7OYlPZzPdNau3DCQ8K8JcIQecTgbnSST
ZIgQaw8rkTCWC/L5WQuCHGw7IW1bHOgkbyfEJzKKY3zc225RaY+DQ9hpwsnjq2NZ
DTb2tzMnuqsRqGEJvkRPqjj90+ewtnJVioj+IA/LnNEeHWd6IgqqNQ6rBQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPUFLEQgIZi8E802TBQN0MIBpDfqMB8GA1UdIwQY
MBaAFFqNOJJ4SF7dUNMs9cqEzicowIzGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV28wNGtuaElYdDFRMHl6MXlvVE9KeWpBak1ZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC82MDFkNmYtYjMxYS00OTJlLThlZjAt
NTJiY2NiMDZhZjNjLzEvOVFVc1JDQWhtTHdUelRaTUZBM1F3Z0drTi1vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC82MDFkNmYtYjMxYS00OTJlLThlZjAtNTJiY2NiMDZhZjNj
LzEvV28wNGtuaElYdDFRMHl6MXlvVE9KeWpBak1ZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuR4EMA0G
CSqGSIb3DQEBCwUAA4IBAQBiEA6sVSJsprkgQOSgo8moa4SCqJD1GK+6/7JM0SGz
8MVHJcg/P1LDfzU1LnilyvUUHR0gHf1xLlN6c9SRJ8YTSt5Orqjel99lto8cg5f3
L+nTmOwubf7FKvOS7PO3CRsfEwd0YBaeOdvVqUMBBiO3vQnO+b7E/jq7IUK8FntS
yXdmfvO0H/Tq6Cuf1DQhdz5Su2AlPpYH97Rh5tAkR5vsLvrFbeldLi+opiPhf10V
W8iWF6RmyDA7rPolIO1H71xSuvOZ6Z8bS54hZUopO8fvH4F12iedyVzz1OuEOzRu
Z6pjbGXPUSbGryhWYU//2BhGcKs6EfJcgmORZLelrwhy
-----END CERTIFICATE-----