Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fd/d91255-3243-4a47-946a-f04cc1c230cf/1/XQ5elbBA2ZOvWo4wBD0xrzoPgZw.roa
File:                     XQ5elbBA2ZOvWo4wBD0xrzoPgZw.roa (raw, json)
Hash identifier:          ziFD345nN2nfL35s2objtJIz7sADWUma9lbt9LOBqXI=
Subject key identifier:   5D:0E:5E:95:B0:40:D9:93:AF:5A:8E:30:04:3D:31:AF:3A:0F:81:9C
Certificate issuer:       /CN=380ef7ff5b54f53fcf2312abe2ec3f5958ba1425
Certificate serial:       01942825BBA39EA7BCB87C23B06CA15F02C7
Authority key identifier: 38:0E:F7:FF:5B:54:F5:3F:CF:23:12:AB:E2:EC:3F:59:58:BA:14:25
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OA73_1tU9T_PIxKr4uw_WVi6FCU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fd/d91255-3243-4a47-946a-f04cc1c230cf/1/XQ5elbBA2ZOvWo4wBD0xrzoPgZw.roa
Signing time:             Thu 02 Jan 2025 17:52:28 +0000
ROA not before:           Thu 02 Jan 2025 17:52:28 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     198843
IP address blocks:        185.158.36.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fd/d91255-3243-4a47-946a-f04cc1c230cf/1/OA73_1tU9T_PIxKr4uw_WVi6FCU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fd/d91255-3243-4a47-946a-f04cc1c230cf/1/OA73_1tU9T_PIxKr4uw_WVi6FCU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OA73_1tU9T_PIxKr4uw_WVi6FCU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 07:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:28:25:bb:a3:9e:a7:bc:b8:7c:23:b0:6c:a1:5f:02:c7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=380ef7ff5b54f53fcf2312abe2ec3f5958ba1425
        Validity
            Not Before: Jan  2 17:52:28 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5d0e5e95b040d993af5a8e30043d31af3a0f819c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:fe:be:a8:14:4f:bd:60:f7:18:f8:75:af:46:
                    fb:be:5c:a8:29:88:f1:de:3a:22:22:0e:48:8c:41:
                    0e:ca:8f:36:31:98:39:1e:3c:96:ae:6d:b1:2a:51:
                    03:ba:7b:ea:71:f4:ef:0f:71:39:3a:6e:5e:7a:68:
                    d6:59:30:14:f4:d7:6f:41:5b:ca:60:85:cb:b4:e7:
                    44:da:ca:cf:82:88:9e:00:2a:c7:77:a9:17:be:67:
                    14:90:f9:56:68:e5:89:8a:70:80:ae:d9:db:45:83:
                    2b:0f:ca:ac:51:8f:03:e6:1a:42:8a:13:42:06:b0:
                    9a:76:8d:f1:41:19:29:b1:28:3c:31:ff:8a:3f:42:
                    77:56:01:3b:31:b5:44:20:e2:33:9c:44:b6:97:a1:
                    5e:0d:f5:72:d4:61:67:cd:2b:25:b0:be:ee:70:98:
                    aa:08:c7:d0:fe:53:65:0b:56:0b:61:a5:04:5c:8c:
                    8c:ea:a0:92:f8:ff:48:40:bc:0b:26:8e:ae:1c:8f:
                    1b:f7:de:86:91:83:ea:b3:55:77:4a:f4:4a:61:f0:
                    69:99:65:3e:e0:ae:6f:70:2d:a6:40:78:c4:f2:2a:
                    75:6f:18:05:0d:db:f7:6d:f1:67:e7:61:9d:6e:50:
                    4f:c7:c1:66:4c:63:51:e8:20:fa:cc:70:ba:21:1f:
                    e7:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5D:0E:5E:95:B0:40:D9:93:AF:5A:8E:30:04:3D:31:AF:3A:0F:81:9C
            X509v3 Authority Key Identifier:
                keyid:38:0E:F7:FF:5B:54:F5:3F:CF:23:12:AB:E2:EC:3F:59:58:BA:14:25

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OA73_1tU9T_PIxKr4uw_WVi6FCU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/d91255-3243-4a47-946a-f04cc1c230cf/1/XQ5elbBA2ZOvWo4wBD0xrzoPgZw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/d91255-3243-4a47-946a-f04cc1c230cf/1/OA73_1tU9T_PIxKr4uw_WVi6FCU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.158.36.0/22

    Signature Algorithm: sha256WithRSAEncryption
         17:37:aa:31:49:5d:d7:84:d3:1a:7c:63:12:83:25:e3:95:db:
         a7:b7:73:6e:91:00:5b:c8:07:61:7f:91:91:b4:67:9e:bf:6e:
         e0:7f:52:4d:30:99:e0:ec:db:50:c1:7a:1b:ec:9a:2d:cb:1e:
         ca:d9:91:7a:74:1c:26:81:37:ea:31:d8:84:2c:4a:99:70:d9:
         1d:56:0b:e4:16:2c:d3:b0:1d:c9:27:83:0a:8c:b1:c2:96:42:
         d9:f4:1a:4b:79:a6:e2:23:7e:ae:f4:92:c6:ba:fb:dd:8c:82:
         7c:48:83:a7:e4:47:2e:68:64:bf:0d:48:d8:2f:ee:ca:d1:e3:
         03:dd:3a:f7:3f:d1:5f:6e:53:3d:c1:78:f9:ee:67:7b:27:3d:
         12:ad:5c:46:e4:a1:24:e3:df:80:ea:39:ec:65:7f:fe:6e:a8:
         9b:c3:d5:da:8e:e6:27:1a:17:5c:d6:15:63:4e:c7:eb:3e:80:
         5b:6c:13:5f:7b:c8:ff:fa:35:7e:69:6d:a1:91:0e:c9:f7:31:
         99:a8:bb:9d:e2:fc:18:b9:57:35:12:0f:64:ce:5d:95:89:48:
         12:b9:0f:17:ad:60:fc:7e:b2:e7:80:4a:a6:68:fb:9f:d4:aa:
         0f:0f:79:31:89:5b:e8:c8:ad:0c:6d:eb:7e:6b:2a:57:0c:93:
         23:57:87:f9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQoJbujnqe8uHwjsGyhXwLHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM4MGVmN2ZmNWI1NGY1M2ZjZjIzMTJhYmUyZWMzZjU5NThi
YTE0MjUwHhcNMjUwMTAyMTc1MjI4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZDBlNWU5NWIwNDBkOTkzYWY1YThlMzAwNDNkMzFhZjNhMGY4MTljMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsf6+qBRPvWD3GPh1r0b7vlyoKYjx
3joiIg5IjEEOyo82MZg5HjyWrm2xKlEDunvqcfTvD3E5Om5eemjWWTAU9NdvQVvK
YIXLtOdE2srPgoieACrHd6kXvmcUkPlWaOWJinCArtnbRYMrD8qsUY8D5hpCihNC
BrCado3xQRkpsSg8Mf+KP0J3VgE7MbVEIOIznES2l6FeDfVy1GFnzSslsL7ucJiq
CMfQ/lNlC1YLYaUEXIyM6qCS+P9IQLwLJo6uHI8b996GkYPqs1V3SvRKYfBpmWU+
4K5vcC2mQHjE8ip1bxgFDdv3bfFn52GdblBPx8FmTGNR6CD6zHC6IR/n6wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFF0OXpWwQNmTr1qOMAQ9Ma86D4GcMB8GA1UdIwQY
MBaAFDgO9/9bVPU/zyMSq+LsP1lYuhQlMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT0E3M18xdFU5VF9QSXhLcjR1d19XVmk2RkNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZC9kOTEyNTUtMzI0My00YTQ3LTk0NmEt
ZjA0Y2MxYzIzMGNmLzEvWFE1ZWxiQkEyWk92V280d0JEMHhyem9QZ1p3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZC9kOTEyNTUtMzI0My00YTQ3LTk0NmEtZjA0Y2MxYzIzMGNm
LzEvT0E3M18xdFU5VF9QSXhLcjR1d19XVmk2RkNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuZ4kMA0G
CSqGSIb3DQEBCwUAA4IBAQAXN6oxSV3XhNMafGMSgyXjldunt3NukQBbyAdhf5GR
tGeev27gf1JNMJng7NtQwXob7Jotyx7K2ZF6dBwmgTfqMdiELEqZcNkdVgvkFizT
sB3JJ4MKjLHClkLZ9BpLeabiI36u9JLGuvvdjIJ8SIOn5EcuaGS/DUjYL+7K0eMD
3Tr3P9FfblM9wXj57md7Jz0SrVxG5KEk49+A6jnsZX/+bqibw9XajuYnGhdc1hVj
TsfrPoBbbBNfe8j/+jV+aW2hkQ7J9zGZqLud4vwYuVc1Eg9kzl2ViUgSuQ8XrWD8
frLngEqmaPuf1KoPD3kxiVvoyK0Mbet+aypXDJMjV4f5
-----END CERTIFICATE-----