Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/41/844a25-a8df-4561-b3e7-9785a335542a/1/jBuJavuseI2B0_WgKkHYJZFvr_Q.roa
File:                     jBuJavuseI2B0_WgKkHYJZFvr_Q.roa (raw, json)
Hash identifier:          tLuargg/vipoJVRdIR5x9HBU5Ji9GHfTNJavehQ1uxE=
Subject key identifier:   8C:1B:89:6A:FB:AC:78:8D:81:D3:F5:A0:2A:41:D8:25:91:6F:AF:F4
Certificate issuer:       /CN=30aff75209684a354669061d23da29f8ea2f1d5e
Certificate serial:       0195A421606E8EDAAF78C5D9A37F72BFBE72
Authority key identifier: 30:AF:F7:52:09:68:4A:35:46:69:06:1D:23:DA:29:F8:EA:2F:1D:5E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MK_3UgloSjVGaQYdI9op-OovHV4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/41/844a25-a8df-4561-b3e7-9785a335542a/1/jBuJavuseI2B0_WgKkHYJZFvr_Q.roa
Signing time:             Mon 17 Mar 2025 12:43:25 +0000
ROA not before:           Mon 17 Mar 2025 12:43:25 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     203068
IP address blocks:        185.90.208.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/41/844a25-a8df-4561-b3e7-9785a335542a/1/MK_3UgloSjVGaQYdI9op-OovHV4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/41/844a25-a8df-4561-b3e7-9785a335542a/1/MK_3UgloSjVGaQYdI9op-OovHV4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MK_3UgloSjVGaQYdI9op-OovHV4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 14:28:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:a4:21:60:6e:8e:da:af:78:c5:d9:a3:7f:72:bf:be:72
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=30aff75209684a354669061d23da29f8ea2f1d5e
        Validity
            Not Before: Mar 17 12:43:25 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8c1b896afbac788d81d3f5a02a41d825916faff4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:2f:09:54:2b:f4:9a:e1:4e:78:98:b4:0e:26:
                    18:d7:58:47:f1:12:f0:9b:ba:e2:2d:38:04:0a:44:
                    51:eb:57:e6:f2:b5:05:3d:44:63:33:cc:b7:be:34:
                    81:fd:1e:b2:c9:11:b2:be:9c:b8:8f:22:8e:b9:b8:
                    15:67:a7:96:01:eb:14:95:6e:93:2b:14:dc:bd:ed:
                    3e:1b:6f:ce:3a:63:07:36:94:0e:fe:95:62:b2:fd:
                    55:ae:1e:f6:c9:2a:e2:21:8e:94:71:45:36:d2:67:
                    90:e3:02:41:67:b3:98:33:64:83:a7:70:b0:08:d9:
                    b5:78:61:5b:42:06:0f:42:ee:43:22:73:21:97:a6:
                    3d:19:c5:80:46:63:0a:2d:1f:c8:e9:09:4c:b4:61:
                    da:08:ca:c0:a2:27:7b:3d:5c:34:5f:31:b1:ce:d2:
                    7d:6c:46:e0:d8:4d:1c:9c:36:5c:64:b9:b6:db:c4:
                    1e:d5:9c:d2:f6:14:88:31:b6:78:80:b3:20:e5:08:
                    ad:3d:53:64:0b:1b:e5:f5:1e:2b:4c:95:a9:6f:30:
                    dc:11:ee:86:74:41:40:30:1e:ff:a4:da:c0:45:4c:
                    95:20:04:e9:c6:4d:b9:f9:e7:2b:e3:75:7d:92:5a:
                    69:17:f8:d1:f3:ab:65:ae:55:a7:f5:9c:d2:9e:c5:
                    5d:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8C:1B:89:6A:FB:AC:78:8D:81:D3:F5:A0:2A:41:D8:25:91:6F:AF:F4
            X509v3 Authority Key Identifier:
                keyid:30:AF:F7:52:09:68:4A:35:46:69:06:1D:23:DA:29:F8:EA:2F:1D:5E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MK_3UgloSjVGaQYdI9op-OovHV4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/41/844a25-a8df-4561-b3e7-9785a335542a/1/jBuJavuseI2B0_WgKkHYJZFvr_Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/41/844a25-a8df-4561-b3e7-9785a335542a/1/MK_3UgloSjVGaQYdI9op-OovHV4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.90.208.0/22

    Signature Algorithm: sha256WithRSAEncryption
         24:83:36:a1:c2:c4:e9:6f:44:c2:71:16:9d:39:35:78:60:74:
         ae:e9:5e:b1:e7:71:d9:d6:7d:43:3d:e9:7d:a5:01:76:f1:80:
         ed:0b:1a:71:a5:0c:21:37:ef:c3:bf:29:2a:87:e8:2f:ef:54:
         e5:45:20:ac:c7:b5:76:21:1b:dc:99:f5:e5:cb:60:f9:b6:cf:
         b0:cf:a2:70:11:8c:bc:21:eb:af:65:0f:3c:ec:80:c4:5b:40:
         23:a7:0e:d0:ed:11:41:0a:10:cf:27:a4:fb:1d:aa:92:de:ab:
         79:e8:47:ed:81:aa:fd:14:b4:b9:40:a2:2e:45:86:30:db:c1:
         c0:49:7d:cb:53:04:71:3d:8d:46:ad:ce:51:9b:6d:39:f9:37:
         d7:c2:b3:67:01:4e:4f:17:c8:04:92:ec:6e:9a:c7:02:76:5f:
         af:f5:3f:b4:a7:65:35:9c:02:a4:2e:c0:93:12:ba:6b:91:f0:
         3d:f4:b5:aa:ed:7f:09:af:2a:2b:5f:3e:97:f1:45:b1:43:75:
         f4:eb:eb:61:86:71:32:e7:48:a3:b1:45:38:7a:52:70:32:0b:
         c7:0c:ca:fe:ec:36:70:b3:08:80:f7:55:a7:09:af:2d:c2:8d:
         e0:57:9e:39:eb:18:26:da:cf:a4:28:7f:23:d3:a7:dc:53:42:
         ae:8d:7c:4d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZWkIWBujtqveMXZo39yv75yMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMwYWZmNzUyMDk2ODRhMzU0NjY5MDYxZDIzZGEyOWY4ZWEy
ZjFkNWUwHhcNMjUwMzE3MTI0MzI1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YzFiODk2YWZiYWM3ODhkODFkM2Y1YTAyYTQxZDgyNTkxNmZhZmY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsi8JVCv0muFOeJi0DiYY11hH8RLw
m7riLTgECkRR61fm8rUFPURjM8y3vjSB/R6yyRGyvpy4jyKOubgVZ6eWAesUlW6T
KxTcve0+G2/OOmMHNpQO/pVisv1Vrh72ySriIY6UcUU20meQ4wJBZ7OYM2SDp3Cw
CNm1eGFbQgYPQu5DInMhl6Y9GcWARmMKLR/I6QlMtGHaCMrAoid7PVw0XzGxztJ9
bEbg2E0cnDZcZLm228Qe1ZzS9hSIMbZ4gLMg5QitPVNkCxvl9R4rTJWpbzDcEe6G
dEFAMB7/pNrARUyVIATpxk25+ecr43V9klppF/jR86tlrlWn9ZzSnsVdIwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIwbiWr7rHiNgdP1oCpB2CWRb6/0MB8GA1UdIwQY
MBaAFDCv91IJaEo1RmkGHSPaKfjqLx1eMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTUtfM1VnbG9TalZHYVFZZEk5b3AtT292SFY0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MS84NDRhMjUtYThkZi00NTYxLWIzZTct
OTc4NWEzMzU1NDJhLzEvakJ1SmF2dXNlSTJCMF9XZ0trSFlKWkZ2cl9RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MS84NDRhMjUtYThkZi00NTYxLWIzZTctOTc4NWEzMzU1NDJh
LzEvTUtfM1VnbG9TalZHYVFZZEk5b3AtT292SFY0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuVrQMA0G
CSqGSIb3DQEBCwUAA4IBAQAkgzahwsTpb0TCcRadOTV4YHSu6V6x53HZ1n1DPel9
pQF28YDtCxpxpQwhN+/Dvykqh+gv71TlRSCsx7V2IRvcmfXly2D5ts+wz6JwEYy8
IeuvZQ887IDEW0Ajpw7Q7RFBChDPJ6T7HaqS3qt56Eftgar9FLS5QKIuRYYw28HA
SX3LUwRxPY1Grc5Rm205+TfXwrNnAU5PF8gEkuxumscCdl+v9T+0p2U1nAKkLsCT
ErprkfA99LWq7X8JryorXz6X8UWxQ3X06+thhnEy50ijsUU4elJwMgvHDMr+7DZw
swiA91WnCa8two3gV5456xgm2s+kKH8j06fcU0KujXxN
-----END CERTIFICATE-----