Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/df/ddda7e-a037-4d38-9555-0a110c49749c/1/5QzI9Kx0_zx8sVl6RSClMEylLsI.roa
File:                     5QzI9Kx0_zx8sVl6RSClMEylLsI.roa (raw, json)
Hash identifier:          ouFHr10qAXIAq0kULKbopJbnAAixS5hvvnbbv6zQ1js=
Subject key identifier:   E5:0C:C8:F4:AC:74:FF:3C:7C:B1:59:7A:45:20:A5:30:4C:A5:2E:C2
Certificate issuer:       /CN=fad1863cbdec1b596daceeb901a0853d6c87e756
Certificate serial:       019422FBB61D158873F5E48B3D72CA478A42
Authority key identifier: FA:D1:86:3C:BD:EC:1B:59:6D:AC:EE:B9:01:A0:85:3D:6C:87:E7:56
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-tGGPL3sG1ltrO65AaCFPWyH51Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/df/ddda7e-a037-4d38-9555-0a110c49749c/1/5QzI9Kx0_zx8sVl6RSClMEylLsI.roa
Signing time:             Wed 01 Jan 2025 17:48:29 +0000
ROA not before:           Wed 01 Jan 2025 17:48:29 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     202652
IP address blocks:        185.157.108.0/22 maxlen: 22
                          185.195.20.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/df/ddda7e-a037-4d38-9555-0a110c49749c/1/1-tGGPL3sG1ltrO65AaCFPWyH51Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/df/ddda7e-a037-4d38-9555-0a110c49749c/1/1-tGGPL3sG1ltrO65AaCFPWyH51Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-tGGPL3sG1ltrO65AaCFPWyH51Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 20:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:fb:b6:1d:15:88:73:f5:e4:8b:3d:72:ca:47:8a:42
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fad1863cbdec1b596daceeb901a0853d6c87e756
        Validity
            Not Before: Jan  1 17:48:29 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e50cc8f4ac74ff3c7cb1597a4520a5304ca52ec2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:b3:bc:3c:e8:20:bc:14:03:a4:8d:a0:a1:c6:
                    3e:e7:33:b2:2d:28:41:d4:eb:8d:ef:06:8e:63:17:
                    b9:82:50:6e:e4:7f:3b:a3:fa:f6:86:a0:fe:c8:de:
                    5b:48:d7:67:10:4e:e5:ec:bc:d5:79:ce:39:56:4a:
                    21:91:5b:85:12:fb:4e:58:65:a9:52:83:09:42:28:
                    e5:c8:09:0d:f1:ae:91:72:05:66:67:92:75:aa:fd:
                    4c:ee:18:2e:3c:97:53:93:88:36:56:b9:5a:ef:bf:
                    ed:41:45:ee:dc:32:7e:8d:cf:3f:fb:37:56:b3:36:
                    7e:dc:a2:6c:45:de:60:63:b8:da:80:5d:62:9d:20:
                    bb:f2:97:a7:85:fb:66:d3:da:1b:e6:db:0b:24:e6:
                    29:a1:0a:c2:40:07:32:0f:af:35:c7:a8:95:f0:ca:
                    2b:a1:0a:0f:58:8b:e4:df:bc:7d:62:2a:88:dc:c7:
                    4b:83:22:4a:b5:75:3b:9f:82:ec:c4:9c:cb:62:28:
                    07:76:da:f1:78:b9:69:fb:7b:c4:70:b6:f8:1f:aa:
                    5e:77:2e:10:26:97:0a:a7:cd:3b:da:9a:cc:49:8f:
                    d7:2f:3b:80:5c:8a:ee:81:10:8a:eb:3e:55:15:03:
                    ed:3b:3e:c6:22:f0:c8:95:d9:1e:18:20:c4:53:e7:
                    09:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E5:0C:C8:F4:AC:74:FF:3C:7C:B1:59:7A:45:20:A5:30:4C:A5:2E:C2
            X509v3 Authority Key Identifier:
                keyid:FA:D1:86:3C:BD:EC:1B:59:6D:AC:EE:B9:01:A0:85:3D:6C:87:E7:56

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-tGGPL3sG1ltrO65AaCFPWyH51Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/df/ddda7e-a037-4d38-9555-0a110c49749c/1/5QzI9Kx0_zx8sVl6RSClMEylLsI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/df/ddda7e-a037-4d38-9555-0a110c49749c/1/1-tGGPL3sG1ltrO65AaCFPWyH51Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.157.108.0/22
                  185.195.20.0/22

    Signature Algorithm: sha256WithRSAEncryption
         59:ec:f4:8a:13:18:9e:11:34:21:08:67:51:31:79:c7:cf:a0:
         6d:fe:78:3f:ea:d1:d6:84:fe:29:c7:77:0d:31:bb:42:86:fd:
         9b:46:f9:d3:40:f1:f5:1b:b3:88:5e:f8:b8:a5:be:3a:54:a4:
         68:5e:d9:2d:44:99:86:7c:7c:e4:54:93:15:d9:e2:44:2b:06:
         35:9e:bf:47:64:51:d5:79:85:2a:41:de:6c:66:c2:ef:8a:72:
         74:fb:1f:b6:1d:74:2f:e4:c3:d8:36:eb:b9:eb:31:cf:89:c4:
         29:a3:24:23:f1:40:e1:9a:dd:f9:a2:04:31:92:d5:60:ef:b1:
         af:14:8d:f5:6d:44:6e:23:48:2f:c8:aa:cc:28:f0:6c:f0:69:
         2e:6d:60:7d:20:66:f8:c4:40:08:3a:59:aa:0c:04:b3:ba:f5:
         e5:7e:e2:b2:17:12:7c:31:19:c7:a8:cb:71:f8:a8:c7:4b:ff:
         24:75:07:27:ad:62:d3:15:bf:ea:ff:34:ec:00:f0:1f:61:1f:
         5b:b0:a3:c3:77:0f:37:01:5a:d8:05:a5:41:35:ba:60:8c:ab:
         37:d2:c7:56:99:4b:ea:94:00:37:24:da:80:44:dc:6f:43:b2:
         ad:6e:45:c9:6e:cd:58:19:d3:b7:94:8f:a2:c6:44:55:c0:79:
         69:ba:a6:d9
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZQi+7YdFYhz9eSLPXLKR4pCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZhZDE4NjNjYmRlYzFiNTk2ZGFjZWViOTAxYTA4NTNkNmM4
N2U3NTYwHhcNMjUwMTAxMTc0ODI5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNTBjYzhmNGFjNzRmZjNjN2NiMTU5N2E0NTIwYTUzMDRjYTUyZWMyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt7O8POggvBQDpI2gocY+5zOyLShB
1OuN7waOYxe5glBu5H87o/r2hqD+yN5bSNdnEE7l7LzVec45VkohkVuFEvtOWGWp
UoMJQijlyAkN8a6RcgVmZ5J1qv1M7hguPJdTk4g2Vrla77/tQUXu3DJ+jc8/+zdW
szZ+3KJsRd5gY7jagF1inSC78penhftm09ob5tsLJOYpoQrCQAcyD681x6iV8Mor
oQoPWIvk37x9YiqI3MdLgyJKtXU7n4LsxJzLYigHdtrxeLlp+3vEcLb4H6pedy4Q
JpcKp8072prMSY/XLzuAXIrugRCK6z5VFQPtOz7GIvDIldkeGCDEU+cJSQIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFOUMyPSsdP88fLFZekUgpTBMpS7CMB8GA1UdIwQY
MBaAFPrRhjy97BtZbazuuQGghT1sh+dWMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS10R0dQTDNzRzFsdHJPNjVBYUNGUFd5SDUxWS5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZGYvZGRkYTdlLWEwMzctNGQzOC05NTU1
LTBhMTEwYzQ5NzQ5Yy8xLzVRekk5S3gwX3p4OHNWbDZSU0NsTUV5bExzSS5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvZGYvZGRkYTdlLWEwMzctNGQzOC05NTU1LTBhMTEwYzQ5NzQ5
Yy8xLzEtdEdHUEwzc0cxbHRyTzY1QWFDRlBXeUg1MVkuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwJQYIKwYBBQUHAQcBAf8EFjAUMBIEAgABMAwDBAK5nWwD
BAK5wxQwDQYJKoZIhvcNAQELBQADggEBAFns9IoTGJ4RNCEIZ1ExecfPoG3+eD/q
0daE/inHdw0xu0KG/ZtG+dNA8fUbs4he+LilvjpUpGhe2S1EmYZ8fORUkxXZ4kQr
BjWev0dkUdV5hSpB3mxmwu+KcnT7H7YddC/kw9g267nrMc+JxCmjJCPxQOGa3fmi
BDGS1WDvsa8UjfVtRG4jSC/Iqswo8GzwaS5tYH0gZvjEQAg6WaoMBLO69eV+4rIX
EnwxGceoy3H4qMdL/yR1ByetYtMVv+r/NOwA8B9hH1uwo8N3DzcBWtgFpUE1umCM
qzfSx1aZS+qUADck2oBE3G9Dsq1uRcluzVgZ07eUj6LGRFXAeWm6ptk=
-----END CERTIFICATE-----