Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e5/5b0cd9-e279-46aa-81da-1bb17a8b26fe/1/PcLN4OCrAYo7gp9-LrNRS28FuGA.roa
File:                     PcLN4OCrAYo7gp9-LrNRS28FuGA.roa (raw, json)
Hash identifier:          4PVTYuLNKNpIeRdCU1ysaHpHPoiG6A7KV2YGI8bMc1w=
Subject key identifier:   3D:C2:CD:E0:E0:AB:01:8A:3B:82:9F:7E:2E:B3:51:4B:6F:05:B8:60
Certificate issuer:       /CN=f5c371f3a34abf1957d1895df8063f4d6207ec02
Certificate serial:       019427487D2FA8B334170C04360CB42BA6CC
Authority key identifier: F5:C3:71:F3:A3:4A:BF:19:57:D1:89:5D:F8:06:3F:4D:62:07:EC:02
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/9cNx86NKvxlX0Yld-AY_TWIH7AI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e5/5b0cd9-e279-46aa-81da-1bb17a8b26fe/1/PcLN4OCrAYo7gp9-LrNRS28FuGA.roa
Signing time:             Thu 02 Jan 2025 13:50:49 +0000
ROA not before:           Thu 02 Jan 2025 13:50:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     209459
IP address blocks:        185.97.116.0/22 maxlen: 24
                          185.143.232.0/22 maxlen: 24
                          193.176.240.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e5/5b0cd9-e279-46aa-81da-1bb17a8b26fe/1/9cNx86NKvxlX0Yld-AY_TWIH7AI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e5/5b0cd9-e279-46aa-81da-1bb17a8b26fe/1/9cNx86NKvxlX0Yld-AY_TWIH7AI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/9cNx86NKvxlX0Yld-AY_TWIH7AI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 20 Apr 2025 01:01:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:48:7d:2f:a8:b3:34:17:0c:04:36:0c:b4:2b:a6:cc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f5c371f3a34abf1957d1895df8063f4d6207ec02
        Validity
            Not Before: Jan  2 13:50:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3dc2cde0e0ab018a3b829f7e2eb3514b6f05b860
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:9a:e0:ce:c7:82:af:2b:c0:15:5a:1d:77:bf:
                    78:86:60:cf:72:15:9e:b7:1b:a7:db:1f:c5:a5:40:
                    36:0d:e8:11:8e:0c:dc:26:b6:dd:58:36:0d:ab:67:
                    31:a4:ce:78:12:64:9c:37:68:21:e1:43:6d:fe:ac:
                    c1:e0:4b:5e:63:44:47:b5:24:ea:bf:02:78:a3:bd:
                    00:8d:79:5d:10:36:d8:38:fe:88:dc:46:69:42:77:
                    54:22:26:4b:f1:dd:7a:db:9c:23:e5:49:02:ea:75:
                    2a:80:4a:0c:b9:aa:92:6d:14:a1:24:9e:f1:58:cc:
                    ed:7b:ab:6d:bb:a0:d9:14:88:51:2d:80:8c:04:5a:
                    89:be:ea:ca:e2:28:a6:4f:bf:69:19:13:8c:f5:08:
                    18:8d:81:25:fc:8a:42:6f:51:31:c9:1f:64:35:bf:
                    0c:3c:7b:a7:32:4b:23:a2:a8:44:1a:ed:8c:4d:71:
                    b0:93:85:e4:43:8c:e6:56:de:99:1e:b5:ac:f7:1c:
                    70:a5:a3:db:b1:22:17:09:0e:5c:26:3a:84:a0:ec:
                    64:da:0d:57:a6:4a:c9:da:e8:a4:59:23:ba:b4:fd:
                    91:d4:08:e1:ee:84:ae:2d:64:f7:ed:6d:df:6a:36:
                    47:5d:4a:70:c4:46:07:05:20:89:2b:a8:cb:58:75:
                    dd:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3D:C2:CD:E0:E0:AB:01:8A:3B:82:9F:7E:2E:B3:51:4B:6F:05:B8:60
            X509v3 Authority Key Identifier:
                keyid:F5:C3:71:F3:A3:4A:BF:19:57:D1:89:5D:F8:06:3F:4D:62:07:EC:02

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9cNx86NKvxlX0Yld-AY_TWIH7AI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e5/5b0cd9-e279-46aa-81da-1bb17a8b26fe/1/PcLN4OCrAYo7gp9-LrNRS28FuGA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e5/5b0cd9-e279-46aa-81da-1bb17a8b26fe/1/9cNx86NKvxlX0Yld-AY_TWIH7AI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.97.116.0/22
                  185.143.232.0/22
                  193.176.240.0/22

    Signature Algorithm: sha256WithRSAEncryption
         4f:f5:b1:e7:1d:39:e2:24:c9:30:25:48:5a:b4:89:71:d0:41:
         2f:78:99:6b:36:12:7b:26:fd:e9:2e:fe:97:53:6f:b1:e7:ee:
         55:4b:cd:95:82:8b:ec:69:d1:f1:d6:ab:73:09:5e:be:c8:ed:
         9a:c3:c0:19:1e:36:c1:cc:a2:9d:29:b0:4a:99:5b:a5:58:19:
         40:8e:26:2c:56:e2:98:46:99:59:9d:3f:84:18:89:4f:7f:73:
         27:f3:dc:1c:8c:c8:c7:b7:55:e5:65:9b:b9:d9:ea:6b:b9:ee:
         8e:83:f3:cb:fe:33:a5:34:1f:74:5f:88:ef:69:53:5d:99:bc:
         86:ec:a2:a9:8f:09:48:92:18:c0:4b:2c:d8:fe:a9:fd:ed:27:
         ac:8b:f7:b4:bb:d6:36:9b:f8:d0:c2:d2:ee:39:a9:ba:29:02:
         ca:de:ab:f9:b7:d7:1a:29:4c:7c:4f:b4:58:4f:c6:21:fc:6c:
         94:d7:72:54:92:60:9d:dc:da:4a:10:c0:f2:04:bb:07:d2:95:
         a4:15:89:5c:19:1f:9a:a2:f9:7b:d4:3e:32:cd:9a:e4:f5:38:
         12:b4:57:31:6c:a4:32:a4:a3:25:af:5e:d3:38:0a:f2:e3:ff:
         88:1f:a8:fd:d5:95:b8:e0:64:5a:86:11:e7:e2:fc:c3:9a:01:
         19:55:3f:df
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZQnSH0vqLM0FwwENgy0K6bMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY1YzM3MWYzYTM0YWJmMTk1N2QxODk1ZGY4MDYzZjRkNjIw
N2VjMDIwHhcNMjUwMTAyMTM1MDQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZGMyY2RlMGUwYWIwMThhM2I4MjlmN2UyZWIzNTE0YjZmMDViODYwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq5rgzseCryvAFVodd794hmDPchWe
txun2x/FpUA2DegRjgzcJrbdWDYNq2cxpM54EmScN2gh4UNt/qzB4EteY0RHtSTq
vwJ4o70AjXldEDbYOP6I3EZpQndUIiZL8d1625wj5UkC6nUqgEoMuaqSbRShJJ7x
WMzte6ttu6DZFIhRLYCMBFqJvurK4iimT79pGROM9QgYjYEl/IpCb1ExyR9kNb8M
PHunMksjoqhEGu2MTXGwk4XkQ4zmVt6ZHrWs9xxwpaPbsSIXCQ5cJjqEoOxk2g1X
pkrJ2uikWSO6tP2R1Ajh7oSuLWT37W3fajZHXUpwxEYHBSCJK6jLWHXdiQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFD3CzeDgqwGKO4Kffi6zUUtvBbhgMB8GA1UdIwQY
MBaAFPXDcfOjSr8ZV9GJXfgGP01iB+wCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOWNOeDg2Tkt2eGxYMFlsZC1BWV9UV0lIN0FJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNS81YjBjZDktZTI3OS00NmFhLTgxZGEt
MWJiMTdhOGIyNmZlLzEvUGNMTjRPQ3JBWW83Z3A5LUxyTlJTMjhGdUdBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNS81YjBjZDktZTI3OS00NmFhLTgxZGEtMWJiMTdhOGIyNmZl
LzEvOWNOeDg2Tkt2eGxYMFlsZC1BWV9UV0lIN0FJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQCuWF0AwQC
uY/oAwQCwbDwMA0GCSqGSIb3DQEBCwUAA4IBAQBP9bHnHTniJMkwJUhatIlx0EEv
eJlrNhJ7Jv3pLv6XU2+x5+5VS82VgovsadHx1qtzCV6+yO2aw8AZHjbBzKKdKbBK
mVulWBlAjiYsVuKYRplZnT+EGIlPf3Mn89wcjMjHt1XlZZu52eprue6Og/PL/jOl
NB90X4jvaVNdmbyG7KKpjwlIkhjASyzY/qn97Sesi/e0u9Y2m/jQwtLuOam6KQLK
3qv5t9caKUx8T7RYT8Yh/GyU13JUkmCd3NpKEMDyBLsH0pWkFYlcGR+aovl71D4y
zZrk9TgStFcxbKQypKMlr17TOAry4/+IH6j91ZW44GRahhHn4vzDmgEZVT/f
-----END CERTIFICATE-----