Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f5/3be899-a52f-43ad-8e89-f1cd9fa28cc5/1/33E6U-90LI21C0lkTnzQ6VfaiXI.roa
File:                     33E6U-90LI21C0lkTnzQ6VfaiXI.roa (raw, json)
Hash identifier:          t0pnwqLcy2OtfvtukL13J3l3uzKc9VJEEKWY4aTDjS8=
Subject key identifier:   DF:71:3A:53:EF:74:2C:8D:B5:0B:49:64:4E:7C:D0:E9:57:DA:89:72
Certificate issuer:       /CN=b79de9458d190e634329f9df1503b5222c1624ee
Certificate serial:       019523F0DDE686B99C5E194989B241F7008A
Authority key identifier: B7:9D:E9:45:8D:19:0E:63:43:29:F9:DF:15:03:B5:22:2C:16:24:EE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/t53pRY0ZDmNDKfnfFQO1IiwWJO4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f5/3be899-a52f-43ad-8e89-f1cd9fa28cc5/1/33E6U-90LI21C0lkTnzQ6VfaiXI.roa
Signing time:             Thu 20 Feb 2025 15:19:02 +0000
ROA not before:           Thu 20 Feb 2025 15:19:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213418
IP address blocks:        185.231.55.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f5/3be899-a52f-43ad-8e89-f1cd9fa28cc5/1/t53pRY0ZDmNDKfnfFQO1IiwWJO4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f5/3be899-a52f-43ad-8e89-f1cd9fa28cc5/1/t53pRY0ZDmNDKfnfFQO1IiwWJO4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/t53pRY0ZDmNDKfnfFQO1IiwWJO4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 22 Apr 2025 10:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:23:f0:dd:e6:86:b9:9c:5e:19:49:89:b2:41:f7:00:8a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b79de9458d190e634329f9df1503b5222c1624ee
        Validity
            Not Before: Feb 20 15:19:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=df713a53ef742c8db50b49644e7cd0e957da8972
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e4:78:d5:8a:6c:1b:f5:f6:70:e1:68:34:13:4c:
                    b7:c7:98:cc:3d:fa:7e:99:a3:6d:6c:4d:d1:37:8f:
                    45:6a:e5:31:8d:18:89:2d:26:03:55:b1:37:61:94:
                    be:e2:70:fd:e7:03:4c:e1:e5:a6:fe:a8:91:93:db:
                    50:f5:e4:3a:87:75:55:1d:62:04:a5:a6:7d:0a:f5:
                    66:35:92:37:33:21:1e:1c:01:d2:d9:7a:45:69:be:
                    fb:4f:87:f7:41:00:b2:83:77:60:ef:24:b0:10:09:
                    8e:54:db:4f:76:82:b6:38:23:25:89:96:f4:87:69:
                    6d:e5:35:b0:a2:32:eb:dc:de:e2:a5:55:09:af:54:
                    6b:23:73:c0:07:6d:28:43:f0:33:b4:c1:94:8a:91:
                    00:21:69:5d:f0:5c:b5:ca:35:4c:37:8f:82:97:90:
                    68:ea:9d:b7:89:bf:74:d7:db:00:4e:75:20:62:6c:
                    18:85:d9:9e:3d:c6:c4:89:31:ab:9b:0b:3c:e7:8b:
                    59:0d:53:30:cc:7d:55:bf:e1:c2:91:00:04:29:6e:
                    7f:aa:dd:1b:66:7d:62:fb:a0:e8:ce:f4:01:44:3a:
                    86:10:6b:ed:53:ae:14:e3:4a:70:ff:5c:be:03:c9:
                    3f:0f:20:dc:18:a3:44:6f:c5:49:36:c0:3e:91:97:
                    c5:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DF:71:3A:53:EF:74:2C:8D:B5:0B:49:64:4E:7C:D0:E9:57:DA:89:72
            X509v3 Authority Key Identifier:
                keyid:B7:9D:E9:45:8D:19:0E:63:43:29:F9:DF:15:03:B5:22:2C:16:24:EE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/t53pRY0ZDmNDKfnfFQO1IiwWJO4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f5/3be899-a52f-43ad-8e89-f1cd9fa28cc5/1/33E6U-90LI21C0lkTnzQ6VfaiXI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f5/3be899-a52f-43ad-8e89-f1cd9fa28cc5/1/t53pRY0ZDmNDKfnfFQO1IiwWJO4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.231.55.0/24

    Signature Algorithm: sha256WithRSAEncryption
         20:cb:d5:de:7b:a9:62:e2:ef:c6:a8:83:59:30:f0:67:81:df:
         dd:91:af:8a:c9:3c:f5:cc:58:4a:2f:5d:69:2f:4c:ad:e8:5f:
         28:70:40:ea:73:f1:f7:13:0b:a6:e6:9f:17:a3:6c:24:e0:c4:
         ad:e6:ad:1e:22:90:3d:0e:af:3d:d1:66:86:a8:b6:b1:57:d1:
         b8:0d:56:9f:9d:0c:a8:7a:42:f0:a7:52:a5:2b:4f:0f:8f:09:
         c0:90:11:84:30:35:02:10:aa:f7:95:2e:34:bb:6b:4b:54:fc:
         8a:e3:6d:2f:75:08:8e:3b:ba:c9:65:34:4d:d5:7d:59:13:8b:
         50:d6:ed:f9:87:e3:2a:7a:a7:11:ec:6c:a2:17:d5:9e:bb:43:
         66:9f:d7:15:36:42:d4:2a:14:d2:8f:59:f1:ec:ff:18:6c:c0:
         d2:05:11:ea:dd:a7:0a:bd:94:32:d1:b1:c9:e9:3a:53:47:16:
         ac:a8:c3:31:e6:49:e9:1a:63:fd:93:a6:40:89:63:56:b3:3e:
         6c:4e:f7:4d:a8:35:88:a3:77:d4:b0:cb:01:73:b5:55:83:d8:
         a0:5c:6c:32:ee:13:75:d2:0b:08:08:ae:ec:32:9a:06:dc:70:
         bc:0d:09:91:dd:27:1c:65:54:c9:b8:48:19:1f:e3:77:64:a7:
         bc:63:ce:d2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZUj8N3mhrmcXhlJibJB9wCKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI3OWRlOTQ1OGQxOTBlNjM0MzI5ZjlkZjE1MDNiNTIyMmMx
NjI0ZWUwHhcNMjUwMjIwMTUxOTAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZjcxM2E1M2VmNzQyYzhkYjUwYjQ5NjQ0ZTdjZDBlOTU3ZGE4OTcyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5HjVimwb9fZw4Wg0E0y3x5jMPfp+
maNtbE3RN49FauUxjRiJLSYDVbE3YZS+4nD95wNM4eWm/qiRk9tQ9eQ6h3VVHWIE
paZ9CvVmNZI3MyEeHAHS2XpFab77T4f3QQCyg3dg7ySwEAmOVNtPdoK2OCMliZb0
h2lt5TWwojLr3N7ipVUJr1RrI3PAB20oQ/AztMGUipEAIWld8Fy1yjVMN4+Cl5Bo
6p23ib9019sATnUgYmwYhdmePcbEiTGrmws854tZDVMwzH1Vv+HCkQAEKW5/qt0b
Zn1i+6DozvQBRDqGEGvtU64U40pw/1y+A8k/DyDcGKNEb8VJNsA+kZfF8QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFN9xOlPvdCyNtQtJZE580OlX2olyMB8GA1UdIwQY
MBaAFLed6UWNGQ5jQyn53xUDtSIsFiTuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdDUzcFJZMFpEbU5ES2ZuZkZRTzFJaXdXSk80LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNS8zYmU4OTktYTUyZi00M2FkLThlODkt
ZjFjZDlmYTI4Y2M1LzEvMzNFNlUtOTBMSTIxQzBsa1RuelE2VmZhaVhJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNS8zYmU4OTktYTUyZi00M2FkLThlODktZjFjZDlmYTI4Y2M1
LzEvdDUzcFJZMFpEbU5ES2ZuZkZRTzFJaXdXSk80LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuec3MA0G
CSqGSIb3DQEBCwUAA4IBAQAgy9Xee6li4u/GqINZMPBngd/dka+KyTz1zFhKL11p
L0yt6F8ocEDqc/H3Ewum5p8Xo2wk4MSt5q0eIpA9Dq890WaGqLaxV9G4DVafnQyo
ekLwp1KlK08PjwnAkBGEMDUCEKr3lS40u2tLVPyK420vdQiOO7rJZTRN1X1ZE4tQ
1u35h+MqeqcR7GyiF9Weu0Nmn9cVNkLUKhTSj1nx7P8YbMDSBRHq3acKvZQy0bHJ
6TpTRxasqMMx5knpGmP9k6ZAiWNWsz5sTvdNqDWIo3fUsMsBc7VVg9igXGwy7hN1
0gsICK7sMpoG3HC8DQmR3SccZVTJuEgZH+N3ZKe8Y87S
-----END CERTIFICATE-----