Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e5/722703-06a7-4fbd-930f-2422abf342ac/1/8HbLvR_ICovY3JkhN3nLEF6TTpU.roa
File:                     8HbLvR_ICovY3JkhN3nLEF6TTpU.roa (raw, json)
Hash identifier:          yBKFoCIX0xdcJSGT3f5HB8GzFB5vs3wuFhH6HKyoacg=
Subject key identifier:   F0:76:CB:BD:1F:C8:0A:8B:D8:DC:99:21:37:79:CB:10:5E:93:4E:95
Certificate issuer:       /CN=5e7ceb9c931cb1795e227ae2c86475513ae4915c
Certificate serial:       019424B3A0D36B68B12D90084FDE23E435C9
Authority key identifier: 5E:7C:EB:9C:93:1C:B1:79:5E:22:7A:E2:C8:64:75:51:3A:E4:91:5C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XnzrnJMcsXleInriyGR1UTrkkVw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e5/722703-06a7-4fbd-930f-2422abf342ac/1/8HbLvR_ICovY3JkhN3nLEF6TTpU.roa
Signing time:             Thu 02 Jan 2025 01:48:59 +0000
ROA not before:           Thu 02 Jan 2025 01:48:59 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     49597
IP address blocks:        185.165.56.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e5/722703-06a7-4fbd-930f-2422abf342ac/1/XnzrnJMcsXleInriyGR1UTrkkVw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e5/722703-06a7-4fbd-930f-2422abf342ac/1/XnzrnJMcsXleInriyGR1UTrkkVw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XnzrnJMcsXleInriyGR1UTrkkVw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:b3:a0:d3:6b:68:b1:2d:90:08:4f:de:23:e4:35:c9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5e7ceb9c931cb1795e227ae2c86475513ae4915c
        Validity
            Not Before: Jan  2 01:48:59 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f076cbbd1fc80a8bd8dc99213779cb105e934e95
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e6:64:60:fa:1e:0f:56:12:27:21:35:08:ec:98:
                    9e:ef:68:5f:5a:24:49:35:c7:c0:2e:e0:78:eb:2e:
                    8b:86:f1:b7:a4:a6:5c:a9:5f:31:a6:f0:53:69:58:
                    ec:cd:be:22:95:44:70:d9:a8:ee:51:89:ad:01:d8:
                    68:ed:c9:25:f8:a7:da:8a:e7:2a:3f:56:cc:0e:e2:
                    46:01:a9:a2:84:37:1e:0b:5a:71:06:e1:1a:13:68:
                    f1:af:eb:4a:6d:a7:ff:f8:4b:7c:74:bd:0f:62:ca:
                    90:c1:7c:83:ea:7c:83:27:42:de:9b:07:55:92:08:
                    0b:6b:e4:c4:db:2a:04:36:f0:ca:e2:f2:44:47:b0:
                    28:cb:6c:5a:63:f3:4d:05:2e:0a:ad:d2:00:f6:f0:
                    bc:9a:34:d3:ab:33:e1:2e:c3:25:c4:2d:a9:fa:3e:
                    03:fb:0f:5d:0e:34:0a:3e:f4:7f:2e:a0:54:b5:66:
                    71:2b:58:84:88:4b:ae:87:7e:b3:be:2a:de:1b:67:
                    9d:7e:bf:a4:2b:99:31:83:fd:0e:67:2c:55:7a:4f:
                    af:82:8d:2c:a0:3b:1e:e9:96:b2:eb:0d:d6:ea:39:
                    a5:ef:12:68:f2:7e:bb:57:46:07:a8:28:8d:fa:31:
                    a0:56:e7:c6:59:02:00:ba:73:2c:9c:07:9f:de:6f:
                    f1:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F0:76:CB:BD:1F:C8:0A:8B:D8:DC:99:21:37:79:CB:10:5E:93:4E:95
            X509v3 Authority Key Identifier:
                keyid:5E:7C:EB:9C:93:1C:B1:79:5E:22:7A:E2:C8:64:75:51:3A:E4:91:5C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XnzrnJMcsXleInriyGR1UTrkkVw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e5/722703-06a7-4fbd-930f-2422abf342ac/1/8HbLvR_ICovY3JkhN3nLEF6TTpU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e5/722703-06a7-4fbd-930f-2422abf342ac/1/XnzrnJMcsXleInriyGR1UTrkkVw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.165.56.0/22

    Signature Algorithm: sha256WithRSAEncryption
         80:ec:56:b6:c0:1d:e9:00:c6:da:80:0f:a1:d7:10:fc:76:17:
         e5:56:24:ad:da:9d:14:e8:66:fb:f0:e7:1f:a6:b2:d2:e3:e6:
         48:e7:2a:c0:ae:9a:88:04:92:04:19:99:5b:01:a4:37:d4:b5:
         47:03:a9:55:9f:0c:0b:4e:cc:cd:15:2a:1b:6e:fc:d3:73:cf:
         05:81:5f:61:ae:c2:b6:48:cd:a1:aa:8a:71:f5:87:2e:bb:08:
         c4:c9:21:6b:fc:13:c7:58:34:1e:55:9d:ea:2d:44:07:57:71:
         54:df:91:45:2d:68:2e:8c:3d:7b:ff:b5:9f:0c:87:c3:b4:13:
         17:39:bf:73:93:5a:7a:6e:31:82:ad:e1:85:b5:ef:34:db:66:
         6c:72:b9:36:17:ff:39:cc:cd:c3:44:14:26:fe:c1:17:ec:a3:
         2f:3e:5a:db:e4:80:06:87:2a:73:ef:b4:18:50:96:54:c2:33:
         0e:b2:c0:82:0d:4a:38:5f:a3:70:89:0c:ca:fc:7e:67:5c:73:
         b2:71:7c:6b:85:8d:82:0e:3e:b4:e5:11:e4:0e:a0:69:d4:e5:
         77:7f:82:1c:96:44:fa:d9:8b:85:2d:ea:76:8f:0b:71:cf:d1:
         19:08:dd:40:a1:c1:de:f6:01:df:67:a0:a6:c0:74:ed:b4:4e:
         45:69:74:87
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQks6DTa2ixLZAIT94j5DXJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVlN2NlYjljOTMxY2IxNzk1ZTIyN2FlMmM4NjQ3NTUxM2Fl
NDkxNWMwHhcNMjUwMTAyMDE0ODU5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMDc2Y2JiZDFmYzgwYThiZDhkYzk5MjEzNzc5Y2IxMDVlOTM0ZTk1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5mRg+h4PVhInITUI7Jie72hfWiRJ
NcfALuB46y6LhvG3pKZcqV8xpvBTaVjszb4ilURw2ajuUYmtAdho7ckl+Kfaiucq
P1bMDuJGAamihDceC1pxBuEaE2jxr+tKbaf/+Et8dL0PYsqQwXyD6nyDJ0LemwdV
kggLa+TE2yoENvDK4vJER7Aoy2xaY/NNBS4KrdIA9vC8mjTTqzPhLsMlxC2p+j4D
+w9dDjQKPvR/LqBUtWZxK1iEiEuuh36zvireG2edfr+kK5kxg/0OZyxVek+vgo0s
oDse6Zay6w3W6jml7xJo8n67V0YHqCiN+jGgVufGWQIAunMsnAef3m/xEwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPB2y70fyAqL2NyZITd5yxBek06VMB8GA1UdIwQY
MBaAFF5865yTHLF5XiJ64shkdVE65JFcMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWG56cm5KTWNzWGxlSW5yaXlHUjFVVHJra1Z3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNS83MjI3MDMtMDZhNy00ZmJkLTkzMGYt
MjQyMmFiZjM0MmFjLzEvOEhiTHZSX0lDb3ZZM0praE4zbkxFRjZUVHBVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNS83MjI3MDMtMDZhNy00ZmJkLTkzMGYtMjQyMmFiZjM0MmFj
LzEvWG56cm5KTWNzWGxlSW5yaXlHUjFVVHJra1Z3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuaU4MA0G
CSqGSIb3DQEBCwUAA4IBAQCA7Fa2wB3pAMbagA+h1xD8dhflViSt2p0U6Gb78Ocf
prLS4+ZI5yrArpqIBJIEGZlbAaQ31LVHA6lVnwwLTszNFSobbvzTc88FgV9hrsK2
SM2hqopx9YcuuwjEySFr/BPHWDQeVZ3qLUQHV3FU35FFLWgujD17/7WfDIfDtBMX
Ob9zk1p6bjGCreGFte8022Zscrk2F/85zM3DRBQm/sEX7KMvPlrb5IAGhypz77QY
UJZUwjMOssCCDUo4X6NwiQzK/H5nXHOycXxrhY2CDj605RHkDqBp1OV3f4IclkT6
2YuFLep2jwtxz9EZCN1AocHe9gHfZ6CmwHTttE5FaXSH
-----END CERTIFICATE-----