Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/35/5ecfc2-da70-4333-8f96-5b87825c07ee/1/BzIUJhUJbKG8FJ3ZDsR0CAFvEys.roa
File:                     BzIUJhUJbKG8FJ3ZDsR0CAFvEys.roa (raw, json)
Hash identifier:          Wo3BYY5cyZkRMqsE1puPM7lM2g8GnmQ0M7pog+XPkLo=
Subject key identifier:   07:32:14:26:15:09:6C:A1:BC:14:9D:D9:0E:C4:74:08:01:6F:13:2B
Certificate issuer:       /CN=4456c14cd8724f9a909627b94e006cf69d12307b
Certificate serial:       0195420ADB8CFB085A16BA2041530444D334
Authority key identifier: 44:56:C1:4C:D8:72:4F:9A:90:96:27:B9:4E:00:6C:F6:9D:12:30:7B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RFbBTNhyT5qQlie5TgBs9p0SMHs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/35/5ecfc2-da70-4333-8f96-5b87825c07ee/1/BzIUJhUJbKG8FJ3ZDsR0CAFvEys.roa
Signing time:             Wed 26 Feb 2025 11:36:02 +0000
ROA not before:           Wed 26 Feb 2025 11:36:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     44547
IP address blocks:        185.36.127.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/35/5ecfc2-da70-4333-8f96-5b87825c07ee/1/RFbBTNhyT5qQlie5TgBs9p0SMHs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/35/5ecfc2-da70-4333-8f96-5b87825c07ee/1/RFbBTNhyT5qQlie5TgBs9p0SMHs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RFbBTNhyT5qQlie5TgBs9p0SMHs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 13:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:42:0a:db:8c:fb:08:5a:16:ba:20:41:53:04:44:d3:34
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4456c14cd8724f9a909627b94e006cf69d12307b
        Validity
            Not Before: Feb 26 11:36:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0732142615096ca1bc149dd90ec47408016f132b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f3:75:f4:ee:3f:61:56:6b:02:14:b4:21:38:84:
                    f4:9e:9e:1c:c3:2f:88:03:48:eb:45:b2:2c:01:75:
                    49:7b:57:7f:fc:cc:b1:4e:04:2d:c2:4f:4c:27:4f:
                    83:01:d3:16:d0:17:e2:57:c1:5c:ec:57:4c:ae:a3:
                    22:79:cc:79:07:8a:af:90:fd:d8:64:b6:db:df:71:
                    9d:23:cb:b0:6a:fb:e5:60:f1:33:16:19:a2:0a:8f:
                    11:77:55:5f:68:54:06:ee:df:cb:d2:ee:82:81:6f:
                    af:07:73:ed:3c:04:be:21:7c:f5:26:ed:fc:56:ef:
                    70:30:69:9b:cd:f2:be:01:cc:64:42:e2:30:3c:8f:
                    17:b7:07:14:e2:ba:b5:ff:20:05:13:05:b4:3f:79:
                    da:76:35:c1:c3:56:63:14:57:6f:55:f4:4b:34:bb:
                    3e:71:a6:8a:b9:2c:c0:51:65:63:8f:21:d2:64:9c:
                    28:52:f6:57:73:22:bf:37:fa:55:b7:1a:95:1d:68:
                    e2:4f:44:57:b5:37:75:de:58:34:0a:8d:fa:19:7b:
                    a6:93:1c:3c:43:93:2b:61:cc:01:e3:78:25:77:d2:
                    76:5d:a9:02:63:a0:91:13:64:e8:36:2b:a4:d6:33:
                    60:b7:30:0f:96:e7:6b:b2:24:57:84:fa:e7:9b:29:
                    89:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                07:32:14:26:15:09:6C:A1:BC:14:9D:D9:0E:C4:74:08:01:6F:13:2B
            X509v3 Authority Key Identifier:
                keyid:44:56:C1:4C:D8:72:4F:9A:90:96:27:B9:4E:00:6C:F6:9D:12:30:7B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RFbBTNhyT5qQlie5TgBs9p0SMHs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/35/5ecfc2-da70-4333-8f96-5b87825c07ee/1/BzIUJhUJbKG8FJ3ZDsR0CAFvEys.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/35/5ecfc2-da70-4333-8f96-5b87825c07ee/1/RFbBTNhyT5qQlie5TgBs9p0SMHs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.36.127.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4f:96:10:4b:e6:3a:bc:74:3d:02:4d:e6:af:96:b8:07:e8:bb:
         a0:42:d3:96:b1:4b:91:2d:7b:25:4d:c2:87:3f:cd:86:97:e5:
         3d:b9:fa:c7:c2:9c:98:b3:40:ea:fb:93:d3:32:00:0d:98:00:
         b6:5d:cc:5e:99:d2:d8:62:20:d5:f1:21:bc:02:3a:0c:e6:27:
         67:19:b4:d8:d1:86:17:19:7d:e8:de:47:bc:b1:9a:29:2f:d8:
         91:88:ba:d1:12:b0:b0:8f:98:bb:05:92:41:41:2e:c2:7e:f0:
         61:6f:9f:3a:a6:3f:bd:1c:dd:c7:91:f4:5a:cb:e3:6a:6e:04:
         72:6b:bb:4e:16:4e:b0:19:1f:b4:ea:61:a2:1e:7f:73:25:17:
         f5:55:e0:c2:f7:02:6c:01:ab:e0:02:01:7e:47:6f:1d:82:c1:
         0f:f0:95:30:a9:be:32:99:2b:23:e6:51:07:c7:3a:55:11:c0:
         0d:91:54:6a:31:69:a3:d8:1e:1c:98:49:0e:fc:18:a8:dc:6f:
         7f:9a:e5:d7:1d:1c:8a:d3:a2:71:17:23:52:3c:57:73:72:4c:
         cd:88:89:97:39:b8:db:ef:ea:31:ba:0b:b0:82:34:ba:65:98:
         f7:8d:0b:72:2b:d0:d6:71:ca:c6:de:50:8e:d8:da:2a:a2:22:
         18:bf:f4:b6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZVCCtuM+whaFrogQVMERNM0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ0NTZjMTRjZDg3MjRmOWE5MDk2MjdiOTRlMDA2Y2Y2OWQx
MjMwN2IwHhcNMjUwMjI2MTEzNjAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNzMyMTQyNjE1MDk2Y2ExYmMxNDlkZDkwZWM0NzQwODAxNmYxMzJiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA83X07j9hVmsCFLQhOIT0np4cwy+I
A0jrRbIsAXVJe1d//MyxTgQtwk9MJ0+DAdMW0BfiV8Fc7FdMrqMiecx5B4qvkP3Y
ZLbb33GdI8uwavvlYPEzFhmiCo8Rd1VfaFQG7t/L0u6CgW+vB3PtPAS+IXz1Ju38
Vu9wMGmbzfK+AcxkQuIwPI8XtwcU4rq1/yAFEwW0P3nadjXBw1ZjFFdvVfRLNLs+
caaKuSzAUWVjjyHSZJwoUvZXcyK/N/pVtxqVHWjiT0RXtTd13lg0Co36GXumkxw8
Q5MrYcwB43gld9J2XakCY6CRE2ToNiuk1jNgtzAPludrsiRXhPrnmymJeQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAcyFCYVCWyhvBSd2Q7EdAgBbxMrMB8GA1UdIwQY
MBaAFERWwUzYck+akJYnuU4AbPadEjB7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUkZiQlROaHlUNXFRbGllNVRnQnM5cDBTTUhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNS81ZWNmYzItZGE3MC00MzMzLThmOTYt
NWI4NzgyNWMwN2VlLzEvQnpJVUpoVUpiS0c4RkozWkRzUjBDQUZ2RXlzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNS81ZWNmYzItZGE3MC00MzMzLThmOTYtNWI4NzgyNWMwN2Vl
LzEvUkZiQlROaHlUNXFRbGllNVRnQnM5cDBTTUhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuSR/MA0G
CSqGSIb3DQEBCwUAA4IBAQBPlhBL5jq8dD0CTeavlrgH6LugQtOWsUuRLXslTcKH
P82Gl+U9ufrHwpyYs0Dq+5PTMgANmAC2XcxemdLYYiDV8SG8AjoM5idnGbTY0YYX
GX3o3ke8sZopL9iRiLrRErCwj5i7BZJBQS7CfvBhb586pj+9HN3HkfRay+NqbgRy
a7tOFk6wGR+06mGiHn9zJRf1VeDC9wJsAavgAgF+R28dgsEP8JUwqb4ymSsj5lEH
xzpVEcANkVRqMWmj2B4cmEkO/Bio3G9/muXXHRyK06JxFyNSPFdzckzNiImXObjb
7+oxuguwgjS6ZZj3jQtyK9DWccrG3lCO2NoqoiIYv/S2
-----END CERTIFICATE-----