Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e2/f0f5e3-6050-4e2d-a4ea-a4ea0a63f766/1/rwgU2mlTS06e7YPqA2lYPO26aP0.roa
File:                     rwgU2mlTS06e7YPqA2lYPO26aP0.roa (raw, json)
Hash identifier:          w9oJA8hR7uQfiHK53Tj7B18Tkd/AVTn4HnDtFZKJyRA=
Subject key identifier:   AF:08:14:DA:69:53:4B:4E:9E:ED:83:EA:03:69:58:3C:ED:BA:68:FD
Certificate issuer:       /CN=a5c6373eab19cf43dd2f43111398383ee2bad030
Certificate serial:       019422FBA0519BFE9A94C6B8A7C64087A2E4
Authority key identifier: A5:C6:37:3E:AB:19:CF:43:DD:2F:43:11:13:98:38:3E:E2:BA:D0:30
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pcY3PqsZz0PdL0MRE5g4PuK60DA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e2/f0f5e3-6050-4e2d-a4ea-a4ea0a63f766/1/rwgU2mlTS06e7YPqA2lYPO26aP0.roa
Signing time:             Wed 01 Jan 2025 17:48:23 +0000
ROA not before:           Wed 01 Jan 2025 17:48:23 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     206092
IP address blocks:        185.228.3.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e2/f0f5e3-6050-4e2d-a4ea-a4ea0a63f766/1/pcY3PqsZz0PdL0MRE5g4PuK60DA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e2/f0f5e3-6050-4e2d-a4ea-a4ea0a63f766/1/pcY3PqsZz0PdL0MRE5g4PuK60DA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/pcY3PqsZz0PdL0MRE5g4PuK60DA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 13:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:fb:a0:51:9b:fe:9a:94:c6:b8:a7:c6:40:87:a2:e4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a5c6373eab19cf43dd2f43111398383ee2bad030
        Validity
            Not Before: Jan  1 17:48:23 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=af0814da69534b4e9eed83ea0369583cedba68fd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:b3:1b:5f:48:e6:52:56:36:9c:ae:fe:56:c2:
                    43:1b:db:3c:27:8e:1a:46:c5:a7:dd:2b:10:73:8a:
                    f2:53:e8:c6:16:4b:86:e4:f3:40:40:cb:6d:72:99:
                    1c:14:a9:f9:cb:f5:76:aa:e3:4b:97:19:33:09:e9:
                    2f:ea:8d:0b:88:ef:db:c3:2c:f8:e7:0c:5b:b2:67:
                    65:fb:86:04:d2:5e:ee:4e:27:c1:98:ac:27:1c:3f:
                    0a:a3:9a:97:12:d1:05:d2:21:65:1c:8a:db:2b:26:
                    b2:01:53:95:8e:46:0d:09:24:f2:4b:eb:29:11:33:
                    89:cc:85:a3:7c:c6:74:4f:31:9d:21:52:ac:47:96:
                    82:9a:04:84:b4:01:a8:2d:e4:be:9b:6a:d1:c1:92:
                    51:14:d7:b7:0d:e4:15:c7:57:ab:cd:73:1a:5f:8c:
                    0b:39:a8:a4:ad:e4:8d:ca:76:5b:22:14:e1:2b:8b:
                    37:81:e7:3b:3f:fb:84:1e:e7:00:b9:6a:8c:36:b6:
                    5f:37:f0:ce:0f:4c:d3:4b:82:f2:77:51:1c:10:29:
                    a1:30:35:7c:13:7c:8a:6d:66:a9:ab:e4:8a:35:e9:
                    77:6d:43:a6:ec:88:ab:89:9e:1a:42:9f:10:b8:b3:
                    75:4d:c4:aa:92:d0:09:6f:af:b3:22:4b:78:8d:92:
                    4b:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AF:08:14:DA:69:53:4B:4E:9E:ED:83:EA:03:69:58:3C:ED:BA:68:FD
            X509v3 Authority Key Identifier:
                keyid:A5:C6:37:3E:AB:19:CF:43:DD:2F:43:11:13:98:38:3E:E2:BA:D0:30

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pcY3PqsZz0PdL0MRE5g4PuK60DA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/f0f5e3-6050-4e2d-a4ea-a4ea0a63f766/1/rwgU2mlTS06e7YPqA2lYPO26aP0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/f0f5e3-6050-4e2d-a4ea-a4ea0a63f766/1/pcY3PqsZz0PdL0MRE5g4PuK60DA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.228.3.0/24

    Signature Algorithm: sha256WithRSAEncryption
         15:ae:05:68:82:4d:02:78:38:67:dc:be:92:f7:86:83:b5:6a:
         4f:91:14:d8:f5:44:cd:f1:10:33:3a:08:10:05:2d:80:fc:dd:
         72:4a:b3:7b:05:17:47:07:62:2f:0d:a8:f9:41:54:a6:96:76:
         32:43:d8:d9:54:99:85:ed:9c:eb:a7:0a:58:1a:56:18:2b:93:
         a6:d1:fb:bf:6b:80:ee:dd:34:c3:6f:45:1d:b1:b7:5b:b9:cb:
         f9:b3:3a:de:70:35:bb:93:92:2c:da:42:10:10:43:dd:44:a4:
         5b:25:d8:a9:85:55:4a:02:b1:6c:7f:3c:fd:52:f2:cd:0b:57:
         01:a7:c8:08:6f:cb:90:f8:91:56:3d:43:6f:82:fb:c4:54:0a:
         fd:07:5e:90:65:ec:3c:5e:ba:06:b1:67:47:19:fc:b3:c7:d3:
         67:64:24:cf:23:4a:b5:5b:10:08:cf:06:8c:d5:fb:c9:7a:19:
         28:87:65:e9:3c:76:28:b9:e4:4a:37:4d:d2:50:bb:30:19:a5:
         94:dd:e7:1d:a9:e7:5e:0a:2a:e8:1b:d2:0c:a4:53:60:4e:ba:
         d5:74:7c:ee:f2:3d:48:02:7f:2e:ae:d9:e7:34:5b:8e:4d:f7:
         c0:ea:8d:fc:d9:f0:0a:92:60:06:f9:67:bb:62:43:9d:83:ef:
         0e:05:16:be
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQi+6BRm/6alMa4p8ZAh6LkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE1YzYzNzNlYWIxOWNmNDNkZDJmNDMxMTEzOTgzODNlZTJi
YWQwMzAwHhcNMjUwMTAxMTc0ODIzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZjA4MTRkYTY5NTM0YjRlOWVlZDgzZWEwMzY5NTgzY2VkYmE2OGZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvLMbX0jmUlY2nK7+VsJDG9s8J44a
RsWn3SsQc4ryU+jGFkuG5PNAQMttcpkcFKn5y/V2quNLlxkzCekv6o0LiO/bwyz4
5wxbsmdl+4YE0l7uTifBmKwnHD8Ko5qXEtEF0iFlHIrbKyayAVOVjkYNCSTyS+sp
ETOJzIWjfMZ0TzGdIVKsR5aCmgSEtAGoLeS+m2rRwZJRFNe3DeQVx1erzXMaX4wL
OaikreSNynZbIhThK4s3gec7P/uEHucAuWqMNrZfN/DOD0zTS4Lyd1EcECmhMDV8
E3yKbWapq+SKNel3bUOm7IiriZ4aQp8QuLN1TcSqktAJb6+zIkt4jZJL8QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFK8IFNppU0tOnu2D6gNpWDztumj9MB8GA1UdIwQY
MBaAFKXGNz6rGc9D3S9DEROYOD7iutAwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcGNZM1Bxc1p6MFBkTDBNUkU1ZzRQdUs2MERBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMi9mMGY1ZTMtNjA1MC00ZTJkLWE0ZWEt
YTRlYTBhNjNmNzY2LzEvcndnVTJtbFRTMDZlN1lQcUEybFlQTzI2YVAwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMi9mMGY1ZTMtNjA1MC00ZTJkLWE0ZWEtYTRlYTBhNjNmNzY2
LzEvcGNZM1Bxc1p6MFBkTDBNUkU1ZzRQdUs2MERBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAueQDMA0G
CSqGSIb3DQEBCwUAA4IBAQAVrgVogk0CeDhn3L6S94aDtWpPkRTY9UTN8RAzOggQ
BS2A/N1ySrN7BRdHB2IvDaj5QVSmlnYyQ9jZVJmF7ZzrpwpYGlYYK5Om0fu/a4Du
3TTDb0Udsbdbucv5szrecDW7k5Is2kIQEEPdRKRbJdiphVVKArFsfzz9UvLNC1cB
p8gIb8uQ+JFWPUNvgvvEVAr9B16QZew8XroGsWdHGfyzx9NnZCTPI0q1WxAIzwaM
1fvJehkoh2XpPHYoueRKN03SULswGaWU3ecdqedeCiroG9IMpFNgTrrVdHzu8j1I
An8urtnnNFuOTffA6o382fAKkmAG+We7YkOdg+8OBRa+
-----END CERTIFICATE-----