Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/82/c6e217-03ff-4396-adfe-255f0c51bbe0/1/F5ASQ_x2NzqLG2YPK-IJMnC68oA.roa
File:                     F5ASQ_x2NzqLG2YPK-IJMnC68oA.roa (raw, json)
Hash identifier:          rL17KB2ZeYz5uA3Maczd8dyCWpJw7h3YziKqc9PF9RM=
Subject key identifier:   17:90:12:43:FC:76:37:3A:8B:1B:66:0F:2B:E2:09:32:70:BA:F2:80
Certificate issuer:       /CN=043692f2a1d1bc76ff7f9d29091beda08b7bc96c
Certificate serial:       019422FC0757CF48929CA63AF8C2A700B34A
Authority key identifier: 04:36:92:F2:A1:D1:BC:76:FF:7F:9D:29:09:1B:ED:A0:8B:7B:C9:6C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BDaS8qHRvHb_f50pCRvtoIt7yWw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/82/c6e217-03ff-4396-adfe-255f0c51bbe0/1/F5ASQ_x2NzqLG2YPK-IJMnC68oA.roa
Signing time:             Wed 01 Jan 2025 17:48:49 +0000
ROA not before:           Wed 01 Jan 2025 17:48:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     204969
IP address blocks:        185.234.104.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/82/c6e217-03ff-4396-adfe-255f0c51bbe0/1/BDaS8qHRvHb_f50pCRvtoIt7yWw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/82/c6e217-03ff-4396-adfe-255f0c51bbe0/1/BDaS8qHRvHb_f50pCRvtoIt7yWw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BDaS8qHRvHb_f50pCRvtoIt7yWw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 14 May 2025 08:00:52 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:fc:07:57:cf:48:92:9c:a6:3a:f8:c2:a7:00:b3:4a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=043692f2a1d1bc76ff7f9d29091beda08b7bc96c
        Validity
            Not Before: Jan  1 17:48:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=17901243fc76373a8b1b660f2be2093270baf280
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:f8:e4:e6:06:54:e2:fb:39:6e:51:c9:eb:f5:
                    be:ff:42:be:66:27:d4:01:4a:a5:c1:b2:95:42:9d:
                    a2:44:48:6b:b2:e4:3a:e8:99:2a:12:f7:06:af:79:
                    4d:d6:32:5f:3a:a3:35:c0:6b:fc:d6:79:55:99:d8:
                    78:22:5e:7e:dc:29:16:2f:d4:94:24:00:9b:f0:31:
                    31:76:ac:f0:be:41:05:35:40:66:ef:98:d9:b1:4d:
                    bc:02:4c:8c:b3:e9:7d:e5:06:0e:03:a3:57:25:96:
                    f1:d2:44:b3:4f:cf:4b:dd:31:a0:85:1c:65:87:6e:
                    80:19:f0:c9:38:ac:1e:d9:c9:14:83:3d:2b:fa:73:
                    e8:13:eb:32:99:1a:d9:12:9e:8d:b4:d3:3a:45:97:
                    97:3c:e1:98:59:b2:a5:e1:7c:eb:fc:11:ad:08:73:
                    81:6e:55:25:91:6f:63:39:40:fa:0c:22:56:f2:0f:
                    4e:c9:fc:d4:24:71:29:54:e5:27:0f:e3:4c:bf:83:
                    65:50:1c:ff:e5:09:2c:65:64:6f:73:78:0a:c4:b3:
                    a9:a3:d6:a8:74:b0:a1:7c:bf:30:53:c4:1b:40:00:
                    7f:d6:3f:e5:1a:4b:69:7e:8b:4d:ec:8a:0f:9d:74:
                    69:7c:e6:ed:e0:99:af:18:20:49:2a:4e:9e:4e:3c:
                    d4:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                17:90:12:43:FC:76:37:3A:8B:1B:66:0F:2B:E2:09:32:70:BA:F2:80
            X509v3 Authority Key Identifier:
                keyid:04:36:92:F2:A1:D1:BC:76:FF:7F:9D:29:09:1B:ED:A0:8B:7B:C9:6C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BDaS8qHRvHb_f50pCRvtoIt7yWw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/82/c6e217-03ff-4396-adfe-255f0c51bbe0/1/F5ASQ_x2NzqLG2YPK-IJMnC68oA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/82/c6e217-03ff-4396-adfe-255f0c51bbe0/1/BDaS8qHRvHb_f50pCRvtoIt7yWw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.234.104.0/22

    Signature Algorithm: sha256WithRSAEncryption
         83:01:a6:d4:ee:a5:df:13:f7:f6:f6:83:57:54:1e:64:c2:57:
         f8:68:ca:72:37:b4:15:23:e6:3b:a7:20:e7:82:22:81:a9:0f:
         4a:00:70:27:8f:94:ee:12:93:59:14:35:e9:35:82:28:fb:1b:
         af:70:6f:61:72:36:d9:f4:42:a3:48:0a:3a:03:f2:81:f9:11:
         16:50:bb:55:64:27:85:84:5f:10:7b:2e:4b:4d:9f:0b:cb:78:
         90:c6:9b:88:96:4f:01:cf:df:0b:24:63:03:28:81:f3:e1:78:
         2d:90:26:2b:76:8e:52:4f:8c:6b:8d:38:19:a6:eb:9c:a5:bc:
         7e:d1:32:fa:03:60:9f:a4:18:31:f4:91:b6:4a:e2:61:fa:c5:
         ff:7e:e3:0f:02:d3:bd:0e:3d:e7:08:8e:ae:48:18:27:e7:e4:
         ca:26:42:ba:46:56:b9:ba:59:2f:68:c8:d1:cc:dc:7e:6e:a6:
         00:3f:c4:4c:7d:83:0f:41:85:0f:d0:e6:3f:9e:db:e4:d1:1a:
         15:ca:67:2f:eb:ce:46:a2:ee:8d:6a:5e:b9:2e:2e:b0:d4:01:
         79:6c:73:04:ac:06:82:1e:ff:0a:e3:a6:7c:55:a0:78:b1:38:
         14:c1:1a:bb:ce:3f:93:cb:bc:81:ac:ea:9c:a0:8d:94:c6:b8:
         68:4e:6c:af
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQi/AdXz0iSnKY6+MKnALNKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA0MzY5MmYyYTFkMWJjNzZmZjdmOWQyOTA5MWJlZGEwOGI3
YmM5NmMwHhcNMjUwMTAxMTc0ODQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNzkwMTI0M2ZjNzYzNzNhOGIxYjY2MGYyYmUyMDkzMjcwYmFmMjgwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzvjk5gZU4vs5blHJ6/W+/0K+ZifU
AUqlwbKVQp2iREhrsuQ66JkqEvcGr3lN1jJfOqM1wGv81nlVmdh4Il5+3CkWL9SU
JACb8DExdqzwvkEFNUBm75jZsU28AkyMs+l95QYOA6NXJZbx0kSzT89L3TGghRxl
h26AGfDJOKwe2ckUgz0r+nPoE+symRrZEp6NtNM6RZeXPOGYWbKl4Xzr/BGtCHOB
blUlkW9jOUD6DCJW8g9OyfzUJHEpVOUnD+NMv4NlUBz/5QksZWRvc3gKxLOpo9ao
dLChfL8wU8QbQAB/1j/lGktpfotN7IoPnXRpfObt4JmvGCBJKk6eTjzU8wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBeQEkP8djc6ixtmDyviCTJwuvKAMB8GA1UdIwQY
MBaAFAQ2kvKh0bx2/3+dKQkb7aCLe8lsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQkRhUzhxSFJ2SGJfZjUwcENSdnRvSXQ3eVd3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Mi9jNmUyMTctMDNmZi00Mzk2LWFkZmUt
MjU1ZjBjNTFiYmUwLzEvRjVBU1FfeDJOenFMRzJZUEstSUpNbkM2OG9BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Mi9jNmUyMTctMDNmZi00Mzk2LWFkZmUtMjU1ZjBjNTFiYmUw
LzEvQkRhUzhxSFJ2SGJfZjUwcENSdnRvSXQ3eVd3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuepoMA0G
CSqGSIb3DQEBCwUAA4IBAQCDAabU7qXfE/f29oNXVB5kwlf4aMpyN7QVI+Y7pyDn
giKBqQ9KAHAnj5TuEpNZFDXpNYIo+xuvcG9hcjbZ9EKjSAo6A/KB+REWULtVZCeF
hF8Qey5LTZ8Ly3iQxpuIlk8Bz98LJGMDKIHz4XgtkCYrdo5ST4xrjTgZpuucpbx+
0TL6A2CfpBgx9JG2SuJh+sX/fuMPAtO9Dj3nCI6uSBgn5+TKJkK6Rla5ulkvaMjR
zNx+bqYAP8RMfYMPQYUP0OY/ntvk0RoVymcv685Gou6Nal65Li6w1AF5bHMErAaC
Hv8K46Z8VaB4sTgUwRq7zj+Ty7yBrOqcoI2UxrhoTmyv
-----END CERTIFICATE-----