Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/79/3bafd8-c34e-4890-b4cf-73db0f2841c9/1/I1gkA5k4uMZob0hM5xQHdEl5cUo.roa
File:                     I1gkA5k4uMZob0hM5xQHdEl5cUo.roa (raw, json)
Hash identifier:          EhH3dWMV5US/hFp8+LiY1Hpa7FxODhxAHT3s3CfUej8=
Subject key identifier:   23:58:24:03:99:38:B8:C6:68:6F:48:4C:E7:14:07:74:49:79:71:4A
Certificate issuer:       /CN=0253b919d75dc204d9ca38db7b28a174834b3b3d
Certificate serial:       0194236A248C38F2644C12C89E9A2D4EB0E6
Authority key identifier: 02:53:B9:19:D7:5D:C2:04:D9:CA:38:DB:7B:28:A1:74:83:4B:3B:3D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/AlO5GdddwgTZyjjbeyihdINLOz0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/79/3bafd8-c34e-4890-b4cf-73db0f2841c9/1/I1gkA5k4uMZob0hM5xQHdEl5cUo.roa
Signing time:             Wed 01 Jan 2025 19:49:06 +0000
ROA not before:           Wed 01 Jan 2025 19:49:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     203779
IP address blocks:        185.124.52.0/22 maxlen: 24
                          2a06:b040::/29 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/79/3bafd8-c34e-4890-b4cf-73db0f2841c9/1/AlO5GdddwgTZyjjbeyihdINLOz0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/79/3bafd8-c34e-4890-b4cf-73db0f2841c9/1/AlO5GdddwgTZyjjbeyihdINLOz0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/AlO5GdddwgTZyjjbeyihdINLOz0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 28 Apr 2025 23:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:6a:24:8c:38:f2:64:4c:12:c8:9e:9a:2d:4e:b0:e6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0253b919d75dc204d9ca38db7b28a174834b3b3d
        Validity
            Not Before: Jan  1 19:49:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=235824039938b8c6686f484ce71407744979714a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:02:e1:9a:86:bc:09:86:27:b7:7c:64:82:e7:
                    d3:28:8e:c9:c0:3f:a3:5a:24:13:30:35:3a:1b:19:
                    25:c8:8b:79:76:b4:be:f5:1e:62:90:63:da:b9:27:
                    db:73:f0:6d:bf:32:95:50:a1:85:09:4f:4b:38:c5:
                    ce:7c:9b:77:07:ef:e4:ca:15:46:9b:df:e1:66:15:
                    95:5a:f7:78:77:4e:7a:7a:08:6c:43:d3:18:fe:84:
                    9c:ef:50:96:be:8e:db:49:15:a5:64:56:c8:80:f2:
                    56:b2:ee:c4:89:98:df:7d:74:14:f1:3a:9a:2a:25:
                    1e:d9:3c:5c:fb:0b:de:0d:fe:68:2e:84:ef:9c:76:
                    89:f7:ff:84:06:a7:5f:e7:9e:9f:85:3f:24:ff:7a:
                    46:06:96:a1:f8:80:1e:b0:25:17:35:76:23:df:77:
                    69:a5:0e:55:0f:54:49:3b:81:43:a8:bd:13:0c:39:
                    f3:8e:df:19:da:69:08:7a:7c:e4:8a:9d:c5:c1:95:
                    25:00:e8:38:6a:6f:0a:3f:90:22:ad:7b:ff:c3:d9:
                    bb:9f:3c:46:6a:99:52:a0:31:7c:fd:4f:a6:fe:b8:
                    c6:5e:b1:e9:5b:a2:dc:8a:e0:ea:0e:70:27:68:d5:
                    1d:34:93:20:92:bf:08:6a:6c:35:45:b8:22:4d:a9:
                    85:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                23:58:24:03:99:38:B8:C6:68:6F:48:4C:E7:14:07:74:49:79:71:4A
            X509v3 Authority Key Identifier:
                keyid:02:53:B9:19:D7:5D:C2:04:D9:CA:38:DB:7B:28:A1:74:83:4B:3B:3D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/AlO5GdddwgTZyjjbeyihdINLOz0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/79/3bafd8-c34e-4890-b4cf-73db0f2841c9/1/I1gkA5k4uMZob0hM5xQHdEl5cUo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/79/3bafd8-c34e-4890-b4cf-73db0f2841c9/1/AlO5GdddwgTZyjjbeyihdINLOz0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.124.52.0/22
                IPv6:
                  2a06:b040::/29

    Signature Algorithm: sha256WithRSAEncryption
         b0:f4:00:ab:ec:87:8f:49:07:db:ff:9f:0e:e5:06:c8:4c:8f:
         06:9e:9c:79:f8:e9:f7:b7:d4:f9:09:3c:47:83:be:3c:49:e3:
         0b:37:55:df:7f:7e:85:ad:52:70:58:aa:98:b3:52:c0:6e:be:
         b0:7b:66:e7:d6:32:63:13:35:61:94:31:d0:29:23:b8:19:5d:
         d3:59:15:1e:e3:c0:a8:2f:08:cd:06:3c:70:cd:63:3b:ea:7d:
         8b:d7:fc:05:bb:9b:54:ad:a6:35:fa:5a:77:e8:1f:7a:c6:17:
         f5:05:02:51:3f:06:bc:fb:21:ca:74:d2:b1:77:05:7d:c2:85:
         04:b2:35:c1:ed:39:fd:d0:37:d6:e8:92:3d:84:8b:b1:5b:9e:
         95:cc:e9:3e:0d:b0:7c:cd:a5:f3:2c:62:13:bb:89:d0:2e:88:
         15:cd:57:c1:b5:d1:fe:5e:5b:b8:ac:f0:a8:c5:5e:26:36:99:
         f9:0b:cc:73:f4:2d:32:ff:ec:7d:3b:6d:4c:63:34:c5:51:af:
         e5:98:a0:98:96:c2:ca:72:91:48:cb:cf:fd:18:c0:13:74:f4:
         54:3e:39:28:24:2f:fe:cf:cf:3b:07:c3:74:28:61:c7:62:7b:
         95:d1:92:66:13:47:73:e2:75:b4:27:50:50:b5:14:a4:15:8c:
         6c:65:0c:4b
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQjaiSMOPJkTBLInpotTrDmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAyNTNiOTE5ZDc1ZGMyMDRkOWNhMzhkYjdiMjhhMTc0ODM0
YjNiM2QwHhcNMjUwMTAxMTk0OTA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMzU4MjQwMzk5MzhiOGM2Njg2ZjQ4NGNlNzE0MDc3NDQ5Nzk3MTRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmQLhmoa8CYYnt3xkgufTKI7JwD+j
WiQTMDU6GxklyIt5drS+9R5ikGPauSfbc/BtvzKVUKGFCU9LOMXOfJt3B+/kyhVG
m9/hZhWVWvd4d056eghsQ9MY/oSc71CWvo7bSRWlZFbIgPJWsu7EiZjffXQU8Tqa
KiUe2Txc+wveDf5oLoTvnHaJ9/+EBqdf556fhT8k/3pGBpah+IAesCUXNXYj33dp
pQ5VD1RJO4FDqL0TDDnzjt8Z2mkIenzkip3FwZUlAOg4am8KP5AirXv/w9m7nzxG
aplSoDF8/U+m/rjGXrHpW6LciuDqDnAnaNUdNJMgkr8Iamw1RbgiTamFdQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFCNYJAOZOLjGaG9ITOcUB3RJeXFKMB8GA1UdIwQY
MBaAFAJTuRnXXcIE2co423sooXSDSzs9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQWxPNUdkZGR3Z1RaeWpqYmV5aWhkSU5MT3owLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83OS8zYmFmZDgtYzM0ZS00ODkwLWI0Y2Yt
NzNkYjBmMjg0MWM5LzEvSTFna0E1azR1TVpvYjBoTTV4UUhkRWw1Y1VvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83OS8zYmFmZDgtYzM0ZS00ODkwLWI0Y2YtNzNkYjBmMjg0MWM5
LzEvQWxPNUdkZGR3Z1RaeWpqYmV5aWhkSU5MT3owLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuXw0MA0E
AgACMAcDBQMqBrBAMA0GCSqGSIb3DQEBCwUAA4IBAQCw9ACr7IePSQfb/58O5QbI
TI8Gnpx5+On3t9T5CTxHg748SeMLN1Xff36FrVJwWKqYs1LAbr6we2bn1jJjEzVh
lDHQKSO4GV3TWRUe48CoLwjNBjxwzWM76n2L1/wFu5tUraY1+lp36B96xhf1BQJR
Pwa8+yHKdNKxdwV9woUEsjXB7Tn90DfW6JI9hIuxW56VzOk+DbB8zaXzLGITu4nQ
LogVzVfBtdH+Xlu4rPCoxV4mNpn5C8xz9C0y/+x9O21MYzTFUa/lmKCYlsLKcpFI
y8/9GMATdPRUPjkoJC/+z887B8N0KGHHYnuV0ZJmE0dz4nW0J1BQtRSkFYxsZQxL
-----END CERTIFICATE-----