Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/4f3f08-986b-48e4-85dd-34ffdb442113/1/pRF0g-KmjQVzQy4b6X1bq_CpEUE.roa
File:                     pRF0g-KmjQVzQy4b6X1bq_CpEUE.roa (raw, json)
Hash identifier:          fou9eP6aKJvlZgNY8H8VBsOY1ef+bJJW7cLSICuAHvo=
Subject key identifier:   A5:11:74:83:E2:A6:8D:05:73:43:2E:1B:E9:7D:5B:AB:F0:A9:11:41
Certificate issuer:       /CN=50399d4435bb85fae910abe38e68533204dfd60b
Certificate serial:       019422FC4BB8C56D3247A77C057C2A44116D
Authority key identifier: 50:39:9D:44:35:BB:85:FA:E9:10:AB:E3:8E:68:53:32:04:DF:D6:0B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/UDmdRDW7hfrpEKvjjmhTMgTf1gs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/4f3f08-986b-48e4-85dd-34ffdb442113/1/pRF0g-KmjQVzQy4b6X1bq_CpEUE.roa
Signing time:             Wed 01 Jan 2025 17:49:07 +0000
ROA not before:           Wed 01 Jan 2025 17:49:07 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     9714
IP address blocks:        185.167.191.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/4f3f08-986b-48e4-85dd-34ffdb442113/1/UDmdRDW7hfrpEKvjjmhTMgTf1gs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/4f3f08-986b-48e4-85dd-34ffdb442113/1/UDmdRDW7hfrpEKvjjmhTMgTf1gs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/UDmdRDW7hfrpEKvjjmhTMgTf1gs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 09 Apr 2025 11:01:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:fc:4b:b8:c5:6d:32:47:a7:7c:05:7c:2a:44:11:6d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=50399d4435bb85fae910abe38e68533204dfd60b
        Validity
            Not Before: Jan  1 17:49:07 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a5117483e2a68d0573432e1be97d5babf0a91141
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:7e:57:89:06:6c:91:b7:e0:ba:9b:4e:47:3f:
                    b1:6a:ee:80:e0:a5:28:11:64:b8:4d:32:a0:74:19:
                    24:05:2f:27:43:fc:ef:68:73:f4:43:dd:ae:8e:a3:
                    e4:ea:c9:80:37:54:cf:9c:3d:24:9a:99:f4:9d:9f:
                    d2:d5:3d:36:48:8f:8d:04:45:95:9e:12:ec:b2:78:
                    eb:8a:e4:56:ea:7e:ca:2c:25:25:18:85:f0:87:2c:
                    fc:6b:af:6e:55:42:81:7d:f5:f8:9a:d6:7e:81:9f:
                    8f:47:c3:4c:55:08:e2:d3:ce:98:65:ab:af:09:1f:
                    21:fc:bc:f6:d3:17:eb:be:0b:9e:18:2e:b4:04:f6:
                    9f:dc:bf:87:23:4f:4e:d9:07:16:02:69:e6:a9:30:
                    70:d4:6f:7c:fe:79:eb:bf:95:f4:a7:3e:51:a7:99:
                    78:68:e5:1f:06:81:e6:40:6e:e3:ea:e9:72:06:4d:
                    8a:6d:60:b2:f5:1d:a7:9a:d5:e0:65:e8:61:65:5d:
                    37:00:a1:1e:cd:97:25:ea:63:64:15:ca:c4:b2:ca:
                    48:76:7d:0c:da:1c:ff:ac:d2:e6:85:27:d1:71:de:
                    11:61:a6:36:fe:bd:f9:2f:af:3e:8b:20:24:e0:c6:
                    45:8a:d2:d0:a2:85:cf:07:be:df:a5:29:51:af:14:
                    cf:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A5:11:74:83:E2:A6:8D:05:73:43:2E:1B:E9:7D:5B:AB:F0:A9:11:41
            X509v3 Authority Key Identifier:
                keyid:50:39:9D:44:35:BB:85:FA:E9:10:AB:E3:8E:68:53:32:04:DF:D6:0B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UDmdRDW7hfrpEKvjjmhTMgTf1gs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/4f3f08-986b-48e4-85dd-34ffdb442113/1/pRF0g-KmjQVzQy4b6X1bq_CpEUE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/4f3f08-986b-48e4-85dd-34ffdb442113/1/UDmdRDW7hfrpEKvjjmhTMgTf1gs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.167.191.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b3:03:24:cf:8d:3f:67:40:09:e2:9e:41:51:1f:bc:4f:fc:fe:
         bc:5b:00:c7:f4:77:b2:fd:38:45:3d:15:09:ae:00:2a:4d:22:
         3e:f5:42:ca:a2:66:9b:7e:3c:33:14:ac:f9:d3:07:d2:c1:55:
         45:d6:61:75:de:e9:44:cc:ed:13:e4:98:33:5d:b6:9a:02:e2:
         9d:1e:65:c1:7e:66:56:f9:97:73:43:3f:f1:5d:6f:ab:c9:13:
         63:75:fa:c4:3e:9e:ab:b5:0d:93:8d:e4:02:6e:c9:66:1b:93:
         5d:02:73:82:9d:e6:6f:98:fe:35:31:09:f2:90:59:07:84:8a:
         ae:2b:da:9c:8d:d0:19:39:c9:2a:1b:da:b8:e7:5d:cf:af:79:
         46:84:58:c9:fa:33:89:8c:5b:67:67:eb:3a:55:c5:b7:d5:e9:
         c0:9a:45:74:7a:bd:d7:21:90:f0:d3:5c:8b:da:61:57:96:7c:
         22:2f:29:2d:68:e3:cc:28:aa:ac:92:f9:e8:a2:aa:24:5c:18:
         5d:c9:c4:26:65:f3:c8:25:8c:67:08:27:41:b0:76:ec:d6:d0:
         43:3b:11:fe:0c:73:da:82:5d:cb:1f:d3:0b:4b:ac:ed:83:84:
         5d:07:40:18:63:66:33:3e:0b:8b:5c:94:3b:26:4e:b6:08:81:
         71:48:a6:78
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQi/Eu4xW0yR6d8BXwqRBFtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUwMzk5ZDQ0MzViYjg1ZmFlOTEwYWJlMzhlNjg1MzMyMDRk
ZmQ2MGIwHhcNMjUwMTAxMTc0OTA3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNTExNzQ4M2UyYTY4ZDA1NzM0MzJlMWJlOTdkNWJhYmYwYTkxMTQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo35XiQZskbfguptORz+xau6A4KUo
EWS4TTKgdBkkBS8nQ/zvaHP0Q92ujqPk6smAN1TPnD0kmpn0nZ/S1T02SI+NBEWV
nhLssnjriuRW6n7KLCUlGIXwhyz8a69uVUKBffX4mtZ+gZ+PR8NMVQji086YZauv
CR8h/Lz20xfrvgueGC60BPaf3L+HI09O2QcWAmnmqTBw1G98/nnrv5X0pz5Rp5l4
aOUfBoHmQG7j6ulyBk2KbWCy9R2nmtXgZehhZV03AKEezZcl6mNkFcrEsspIdn0M
2hz/rNLmhSfRcd4RYaY2/r35L68+iyAk4MZFitLQooXPB77fpSlRrxTPSwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKURdIPipo0Fc0MuG+l9W6vwqRFBMB8GA1UdIwQY
MBaAFFA5nUQ1u4X66RCr445oUzIE39YLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVURtZFJEVzdoZnJwRUt2amptaFRNZ1RmMWdzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi80ZjNmMDgtOTg2Yi00OGU0LTg1ZGQt
MzRmZmRiNDQyMTEzLzEvcFJGMGctS21qUVZ6UXk0YjZYMWJxX0NwRVVFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi80ZjNmMDgtOTg2Yi00OGU0LTg1ZGQtMzRmZmRiNDQyMTEz
LzEvVURtZFJEVzdoZnJwRUt2amptaFRNZ1RmMWdzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuae/MA0G
CSqGSIb3DQEBCwUAA4IBAQCzAyTPjT9nQAninkFRH7xP/P68WwDH9Hey/ThFPRUJ
rgAqTSI+9ULKomabfjwzFKz50wfSwVVF1mF13ulEzO0T5JgzXbaaAuKdHmXBfmZW
+ZdzQz/xXW+ryRNjdfrEPp6rtQ2TjeQCbslmG5NdAnOCneZvmP41MQnykFkHhIqu
K9qcjdAZOckqG9q4513Pr3lGhFjJ+jOJjFtnZ+s6VcW31enAmkV0er3XIZDw01yL
2mFXlnwiLyktaOPMKKqskvnooqokXBhdycQmZfPIJYxnCCdBsHbs1tBDOxH+DHPa
gl3LH9MLS6ztg4RdB0AYY2YzPguLXJQ7Jk62CIFxSKZ4
-----END CERTIFICATE-----