Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e0/a7550a-83ec-48d0-bb33-cdee9995e9e7/1/5zY8cTJ9_ultsIEeFLr1owXqfpo.roa
File:                     5zY8cTJ9_ultsIEeFLr1owXqfpo.roa (raw, json)
Hash identifier:          uKuIcfTOzja04k3xKWkz2SqmI76812eF5kHKV8ubvHA=
Subject key identifier:   E7:36:3C:71:32:7D:FE:E9:6D:B0:81:1E:14:BA:F5:A3:05:EA:7E:9A
Certificate issuer:       /CN=0dd84ddac50c59aecaf06b09b8573a862a0ea3db
Certificate serial:       0194236A11712C2764F6FDCB7FD86F3FB09D
Authority key identifier: 0D:D8:4D:DA:C5:0C:59:AE:CA:F0:6B:09:B8:57:3A:86:2A:0E:A3:DB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DdhN2sUMWa7K8GsJuFc6hioOo9s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e0/a7550a-83ec-48d0-bb33-cdee9995e9e7/1/5zY8cTJ9_ultsIEeFLr1owXqfpo.roa
Signing time:             Wed 01 Jan 2025 19:49:01 +0000
ROA not before:           Wed 01 Jan 2025 19:49:01 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     204280
IP address blocks:        185.107.184.0/22 maxlen: 22
                          185.107.184.0/23 maxlen: 23
                          185.107.186.0/23 maxlen: 23
                          185.107.186.0/24 maxlen: 24
                          185.107.187.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e0/a7550a-83ec-48d0-bb33-cdee9995e9e7/1/DdhN2sUMWa7K8GsJuFc6hioOo9s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e0/a7550a-83ec-48d0-bb33-cdee9995e9e7/1/DdhN2sUMWa7K8GsJuFc6hioOo9s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DdhN2sUMWa7K8GsJuFc6hioOo9s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 01 May 2025 07:01:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:6a:11:71:2c:27:64:f6:fd:cb:7f:d8:6f:3f:b0:9d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0dd84ddac50c59aecaf06b09b8573a862a0ea3db
        Validity
            Not Before: Jan  1 19:49:01 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e7363c71327dfee96db0811e14baf5a305ea7e9a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:c9:74:c4:11:22:ce:26:44:41:53:11:f3:14:
                    5e:5f:b4:0f:71:4f:3f:31:84:e2:d2:a3:26:7d:33:
                    6d:da:52:96:34:c3:6d:f4:4b:b6:8a:97:d5:8e:af:
                    f2:c1:79:c1:00:82:56:17:4d:1e:58:d8:8f:6e:b6:
                    c8:76:9f:1c:d3:ab:a6:62:25:51:20:ba:9d:82:10:
                    73:dd:64:30:19:a2:c7:5c:55:3a:70:8d:41:97:09:
                    5d:c0:16:3e:b4:81:cc:6d:0f:2a:e8:e9:c3:6b:bd:
                    8f:8d:d6:c7:19:f4:7e:5e:54:0c:06:41:3c:d7:a2:
                    22:f4:a0:ff:bf:ca:ca:dd:69:66:55:44:d1:a4:dd:
                    79:57:4b:1a:f8:47:4d:02:d6:a4:91:bf:b8:79:43:
                    11:57:02:41:74:2d:fc:07:20:af:31:a7:0b:b5:7d:
                    78:c7:2f:58:69:29:f1:82:38:28:06:21:21:c7:e7:
                    52:74:e8:12:0a:5a:97:59:e1:d2:cf:b9:3e:e0:b2:
                    0d:27:09:db:b2:3d:5e:e2:b3:a7:ba:09:18:66:94:
                    d1:96:57:ce:f2:19:65:5f:e7:e7:97:18:5d:03:71:
                    e9:0e:95:8f:64:e3:eb:91:46:84:f5:9f:9f:9e:b8:
                    d7:2a:dc:66:7a:77:56:7a:58:49:29:1b:bc:a2:ce:
                    cb:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E7:36:3C:71:32:7D:FE:E9:6D:B0:81:1E:14:BA:F5:A3:05:EA:7E:9A
            X509v3 Authority Key Identifier:
                keyid:0D:D8:4D:DA:C5:0C:59:AE:CA:F0:6B:09:B8:57:3A:86:2A:0E:A3:DB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DdhN2sUMWa7K8GsJuFc6hioOo9s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e0/a7550a-83ec-48d0-bb33-cdee9995e9e7/1/5zY8cTJ9_ultsIEeFLr1owXqfpo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e0/a7550a-83ec-48d0-bb33-cdee9995e9e7/1/DdhN2sUMWa7K8GsJuFc6hioOo9s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.107.184.0/22

    Signature Algorithm: sha256WithRSAEncryption
         1b:67:d0:ee:9f:cc:7b:31:76:b6:f9:a6:47:59:9b:b7:ef:fe:
         d4:16:33:6a:c9:ed:f2:09:59:04:84:01:8c:c2:09:78:de:f9:
         2b:06:5f:96:8a:f5:7c:15:36:f7:ea:6e:47:8b:95:32:56:f9:
         2d:94:45:8d:c4:8a:75:ef:5e:40:c7:c6:33:0d:43:ba:3e:d3:
         3e:78:e3:ee:28:a2:f1:bc:16:18:7f:98:ba:85:a0:c6:a6:a6:
         d4:11:30:67:b4:3e:b9:24:ab:df:19:50:9a:14:40:d1:69:fa:
         a0:24:c3:86:21:24:3e:70:58:23:70:60:67:c2:8c:76:35:b8:
         6f:66:93:a9:7a:8a:f8:5e:95:05:36:4a:89:a7:46:b0:5f:58:
         a3:a0:a4:f4:cf:fb:e0:79:9d:af:9e:38:46:30:10:ff:da:20:
         e1:b0:30:0b:18:f3:e5:33:5b:8e:79:91:2a:e3:9a:82:f9:b0:
         ad:ae:31:9f:c0:ac:96:76:17:db:2f:9c:8e:fd:6f:9a:8c:e9:
         01:69:96:d2:dd:c7:39:fc:dd:d7:19:5c:d7:0e:1c:23:ea:e3:
         69:88:c7:c1:5d:f2:e2:ab:0e:f3:8a:fb:84:b7:66:11:c3:4c:
         b5:73:22:16:23:3c:3a:a8:e3:56:56:ea:61:45:29:0a:c5:28:
         b2:d1:56:ba
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQjahFxLCdk9v3Lf9hvP7CdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBkZDg0ZGRhYzUwYzU5YWVjYWYwNmIwOWI4NTczYTg2MmEw
ZWEzZGIwHhcNMjUwMTAxMTk0OTAxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNzM2M2M3MTMyN2RmZWU5NmRiMDgxMWUxNGJhZjVhMzA1ZWE3ZTlhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq8l0xBEiziZEQVMR8xReX7QPcU8/
MYTi0qMmfTNt2lKWNMNt9Eu2ipfVjq/ywXnBAIJWF00eWNiPbrbIdp8c06umYiVR
ILqdghBz3WQwGaLHXFU6cI1BlwldwBY+tIHMbQ8q6OnDa72PjdbHGfR+XlQMBkE8
16Ii9KD/v8rK3WlmVUTRpN15V0sa+EdNAtakkb+4eUMRVwJBdC38ByCvMacLtX14
xy9YaSnxgjgoBiEhx+dSdOgSClqXWeHSz7k+4LINJwnbsj1e4rOnugkYZpTRllfO
8hllX+fnlxhdA3HpDpWPZOPrkUaE9Z+fnrjXKtxmendWelhJKRu8os7L6QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOc2PHEyff7pbbCBHhS69aMF6n6aMB8GA1UdIwQY
MBaAFA3YTdrFDFmuyvBrCbhXOoYqDqPbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRGRoTjJzVU1XYTdLOEdzSnVGYzZoaW9PbzlzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMC9hNzU1MGEtODNlYy00OGQwLWJiMzMt
Y2RlZTk5OTVlOWU3LzEvNXpZOGNUSjlfdWx0c0lFZUZMcjFvd1hxZnBvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMC9hNzU1MGEtODNlYy00OGQwLWJiMzMtY2RlZTk5OTVlOWU3
LzEvRGRoTjJzVU1XYTdLOEdzSnVGYzZoaW9PbzlzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuWu4MA0G
CSqGSIb3DQEBCwUAA4IBAQAbZ9Dun8x7MXa2+aZHWZu37/7UFjNqye3yCVkEhAGM
wgl43vkrBl+WivV8FTb36m5Hi5UyVvktlEWNxIp1715Ax8YzDUO6PtM+eOPuKKLx
vBYYf5i6haDGpqbUETBntD65JKvfGVCaFEDRafqgJMOGISQ+cFgjcGBnwox2Nbhv
ZpOpeor4XpUFNkqJp0awX1ijoKT0z/vgeZ2vnjhGMBD/2iDhsDALGPPlM1uOeZEq
45qC+bCtrjGfwKyWdhfbL5yO/W+ajOkBaZbS3cc5/N3XGVzXDhwj6uNpiMfBXfLi
qw7zivuEt2YRw0y1cyIWIzw6qONWVuphRSkKxSiy0Va6
-----END CERTIFICATE-----