Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/41/794f36-9d2a-41bd-928c-94d1b1d16b85/1/jwS8BYVyHmc8BIbLl_GpRDxb_fw.roa
File:                     jwS8BYVyHmc8BIbLl_GpRDxb_fw.roa (raw, json)
Hash identifier:          0vGJk8zdxED0U8VXXJSNZD+4l1MurWavnTSCf1SPtXE=
Subject key identifier:   8F:04:BC:05:85:72:1E:67:3C:04:86:CB:97:F1:A9:44:3C:5B:FD:FC
Certificate issuer:       /CN=51b2c401ce5c9e881cd9a3be8efec60022da0eb6
Certificate serial:       019711D6BD0E92B7EEE99BB15BEF744E44F3
Authority key identifier: 51:B2:C4:01:CE:5C:9E:88:1C:D9:A3:BE:8E:FE:C6:00:22:DA:0E:B6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/UbLEAc5cnogc2aO-jv7GACLaDrY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/41/794f36-9d2a-41bd-928c-94d1b1d16b85/1/jwS8BYVyHmc8BIbLl_GpRDxb_fw.roa
Signing time:             Tue 27 May 2025 13:02:55 +0000
ROA not before:           Tue 27 May 2025 13:02:55 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     14618
IP address blocks:        185.170.5.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/41/794f36-9d2a-41bd-928c-94d1b1d16b85/1/UbLEAc5cnogc2aO-jv7GACLaDrY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/41/794f36-9d2a-41bd-928c-94d1b1d16b85/1/UbLEAc5cnogc2aO-jv7GACLaDrY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/UbLEAc5cnogc2aO-jv7GACLaDrY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 15 Jun 2025 13:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:11:d6:bd:0e:92:b7:ee:e9:9b:b1:5b:ef:74:4e:44:f3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=51b2c401ce5c9e881cd9a3be8efec60022da0eb6
        Validity
            Not Before: May 27 13:02:55 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8f04bc0585721e673c0486cb97f1a9443c5bfdfc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:e1:10:8b:68:6d:d4:c6:cf:49:4d:12:4a:b7:
                    4f:a2:3c:37:97:45:0b:7d:e1:cf:42:fb:27:7b:7f:
                    16:6d:8e:df:39:5e:fa:79:bf:db:4f:35:20:77:d8:
                    6a:13:d7:f7:08:bc:93:bd:32:6d:a6:e3:11:ea:c3:
                    4f:ba:5b:5e:a7:04:a7:37:7b:9d:32:22:e8:44:c8:
                    d6:6c:39:61:09:01:3e:6a:5f:be:c9:2e:c7:7b:2e:
                    3b:ce:ee:14:28:bc:d7:58:d1:fa:11:f5:97:f1:d8:
                    ab:bb:9e:b9:42:9f:b9:66:41:94:a5:e0:02:93:ed:
                    27:25:62:7a:a6:a1:57:c3:77:f2:cb:db:62:a5:3b:
                    c2:54:8d:d1:e0:56:ea:b9:d4:ff:99:a4:38:50:ec:
                    97:d5:bc:44:2e:e2:cf:e4:88:e1:ab:ad:20:55:73:
                    76:91:c9:73:ff:f6:39:44:a3:40:d4:13:88:f1:73:
                    b8:70:1d:58:46:0c:49:d1:a6:68:00:c3:e8:c4:68:
                    04:4d:e5:e9:a9:0c:76:d4:fc:22:ce:32:69:68:8f:
                    7f:96:e4:77:86:c9:8d:ab:20:c5:dc:90:35:9d:f0:
                    62:cc:22:08:d9:8a:c2:b6:f4:b3:62:53:e2:13:15:
                    d2:1e:f6:aa:b8:0f:c8:2a:6a:f8:81:d8:0d:ab:ec:
                    94:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8F:04:BC:05:85:72:1E:67:3C:04:86:CB:97:F1:A9:44:3C:5B:FD:FC
            X509v3 Authority Key Identifier:
                keyid:51:B2:C4:01:CE:5C:9E:88:1C:D9:A3:BE:8E:FE:C6:00:22:DA:0E:B6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UbLEAc5cnogc2aO-jv7GACLaDrY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/41/794f36-9d2a-41bd-928c-94d1b1d16b85/1/jwS8BYVyHmc8BIbLl_GpRDxb_fw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/41/794f36-9d2a-41bd-928c-94d1b1d16b85/1/UbLEAc5cnogc2aO-jv7GACLaDrY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.170.5.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4a:f2:1e:f0:84:15:48:6c:72:17:c1:26:7f:35:5a:6a:cf:1c:
         9b:b1:51:c1:62:69:eb:5d:ff:79:d4:37:10:be:b3:e8:e9:46:
         00:d2:52:81:7e:04:ea:74:dc:de:23:99:ad:56:94:f3:62:29:
         73:07:ca:5d:49:99:75:80:55:58:e7:a7:43:2a:68:6e:0c:7e:
         ad:62:4c:e6:86:a6:d5:be:7d:bc:71:5b:79:fd:38:5e:6c:aa:
         89:f8:b4:b6:42:a0:b0:0e:a1:57:6e:03:5d:97:78:1a:9d:4d:
         6e:19:43:34:ce:05:97:54:d1:76:5d:8a:a9:53:36:7f:5a:dc:
         f0:0c:9c:01:84:68:b5:42:7a:18:84:d2:48:36:0b:41:6e:06:
         02:81:9d:b7:d5:32:c5:b2:7c:ef:1d:00:b6:2a:07:95:2c:30:
         dc:f1:48:85:a0:4e:f7:f1:32:a5:1a:a3:2f:d4:1c:44:e3:d8:
         a4:8a:30:b7:63:c5:ab:bd:3f:7b:07:45:a1:8b:8b:d2:0b:12:
         8e:e7:37:83:ae:ff:a0:86:d2:65:45:24:7e:b2:1f:93:27:57:
         5e:38:d7:6e:84:d3:d8:c9:14:73:61:8f:ab:64:02:ad:4e:ff:
         1b:ec:1a:bc:85:32:3e:81:f5:c5:b5:f0:97:e6:ed:cf:7e:55:
         16:c9:c3:af
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZcR1r0Okrfu6ZuxW+90TkTzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUxYjJjNDAxY2U1YzllODgxY2Q5YTNiZThlZmVjNjAwMjJk
YTBlYjYwHhcNMjUwNTI3MTMwMjU1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZjA0YmMwNTg1NzIxZTY3M2MwNDg2Y2I5N2YxYTk0NDNjNWJmZGZjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyOEQi2ht1MbPSU0SSrdPojw3l0UL
feHPQvsne38WbY7fOV76eb/bTzUgd9hqE9f3CLyTvTJtpuMR6sNPultepwSnN3ud
MiLoRMjWbDlhCQE+al++yS7Hey47zu4UKLzXWNH6EfWX8diru565Qp+5ZkGUpeAC
k+0nJWJ6pqFXw3fyy9tipTvCVI3R4FbqudT/maQ4UOyX1bxELuLP5Ijhq60gVXN2
kclz//Y5RKNA1BOI8XO4cB1YRgxJ0aZoAMPoxGgETeXpqQx21PwizjJpaI9/luR3
hsmNqyDF3JA1nfBizCII2YrCtvSzYlPiExXSHvaquA/IKmr4gdgNq+yUrQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFI8EvAWFch5nPASGy5fxqUQ8W/38MB8GA1UdIwQY
MBaAFFGyxAHOXJ6IHNmjvo7+xgAi2g62MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVWJMRUFjNWNub2djMmFPLWp2N0dBQ0xhRHJZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MS83OTRmMzYtOWQyYS00MWJkLTkyOGMt
OTRkMWIxZDE2Yjg1LzEvandTOEJZVnlIbWM4QkliTGxfR3BSRHhiX2Z3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MS83OTRmMzYtOWQyYS00MWJkLTkyOGMtOTRkMWIxZDE2Yjg1
LzEvVWJMRUFjNWNub2djMmFPLWp2N0dBQ0xhRHJZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuaoFMA0G
CSqGSIb3DQEBCwUAA4IBAQBK8h7whBVIbHIXwSZ/NVpqzxybsVHBYmnrXf951DcQ
vrPo6UYA0lKBfgTqdNzeI5mtVpTzYilzB8pdSZl1gFVY56dDKmhuDH6tYkzmhqbV
vn28cVt5/ThebKqJ+LS2QqCwDqFXbgNdl3ganU1uGUM0zgWXVNF2XYqpUzZ/Wtzw
DJwBhGi1QnoYhNJINgtBbgYCgZ231TLFsnzvHQC2KgeVLDDc8UiFoE738TKlGqMv
1BxE49ikijC3Y8WrvT97B0Whi4vSCxKO5zeDrv+ghtJlRSR+sh+TJ1deONduhNPY
yRRzYY+rZAKtTv8b7Bq8hTI+gfXFtfCX5u3PflUWycOv
-----END CERTIFICATE-----