Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/07/d9a004-b953-4c73-81e4-0711694000a0/1/Bduq-yHvQD-QD1Xm7ItxU8Y4-T0.roa
File:                     Bduq-yHvQD-QD1Xm7ItxU8Y4-T0.roa (raw, json)
Hash identifier:          P7+nwfqVY/aah4pDKJSFyLVnh+hvfYn9MKyiz8j6bgs=
Subject key identifier:   05:DB:AA:FB:21:EF:40:3F:90:0F:55:E6:EC:8B:71:53:C6:38:F9:3D
Certificate issuer:       /CN=8afc31f36c97777f906b93e83ae657f00aeb3099
Certificate serial:       01941FFA86064077C09B524E1FB164662F90
Authority key identifier: 8A:FC:31:F3:6C:97:77:7F:90:6B:93:E8:3A:E6:57:F0:0A:EB:30:99
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ivwx82yXd3-Qa5PoOuZX8ArrMJk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/07/d9a004-b953-4c73-81e4-0711694000a0/1/Bduq-yHvQD-QD1Xm7ItxU8Y4-T0.roa
Signing time:             Wed 01 Jan 2025 03:48:19 +0000
ROA not before:           Wed 01 Jan 2025 03:48:19 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     205164
IP address blocks:        185.214.192.0/22 maxlen: 32
                          2a0c:f600::/29 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/07/d9a004-b953-4c73-81e4-0711694000a0/1/ivwx82yXd3-Qa5PoOuZX8ArrMJk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/07/d9a004-b953-4c73-81e4-0711694000a0/1/ivwx82yXd3-Qa5PoOuZX8ArrMJk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ivwx82yXd3-Qa5PoOuZX8ArrMJk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 22 Apr 2025 10:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:fa:86:06:40:77:c0:9b:52:4e:1f:b1:64:66:2f:90
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8afc31f36c97777f906b93e83ae657f00aeb3099
        Validity
            Not Before: Jan  1 03:48:19 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=05dbaafb21ef403f900f55e6ec8b7153c638f93d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:a3:02:e3:94:10:5a:1f:7d:62:2f:e2:70:7d:
                    f1:9d:a7:6e:14:e7:da:14:8a:8e:fe:af:2b:d7:f1:
                    45:43:27:54:2f:33:db:be:d2:0f:12:22:58:90:f9:
                    03:1e:72:ca:14:a8:c3:b5:fe:fb:29:20:46:a3:d2:
                    38:75:4c:f4:65:bb:46:05:62:94:4b:92:e5:84:94:
                    28:6d:38:66:60:1c:f2:a6:9d:bc:80:73:88:37:53:
                    33:cc:f9:e4:5f:71:d6:5e:2a:49:a3:5c:a9:55:ad:
                    c5:c4:fd:cc:02:25:b9:c2:95:0c:9d:9b:5f:ea:9c:
                    c9:7d:58:c3:eb:05:fc:8d:04:ea:4e:eb:d0:0f:b7:
                    4c:3f:3e:6f:2e:29:81:56:1f:fa:92:c2:3d:ac:9b:
                    5f:6b:97:a8:f5:55:13:d2:5a:c0:c3:72:42:2d:9b:
                    1b:23:5e:3b:59:39:69:62:18:b6:fd:ec:75:ae:07:
                    c1:16:b5:67:46:2c:0a:30:73:3c:44:96:dd:70:c3:
                    d5:d3:83:e3:3a:ba:08:b4:06:be:d6:1f:a9:d0:0b:
                    a7:77:f4:8f:a3:a0:53:ab:72:a3:9b:c3:4e:db:8c:
                    a2:96:76:cf:a8:35:53:2e:18:d5:a9:5c:db:7a:dd:
                    6c:40:ca:43:0b:b2:23:f1:ea:93:65:f5:38:a6:f4:
                    77:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                05:DB:AA:FB:21:EF:40:3F:90:0F:55:E6:EC:8B:71:53:C6:38:F9:3D
            X509v3 Authority Key Identifier:
                keyid:8A:FC:31:F3:6C:97:77:7F:90:6B:93:E8:3A:E6:57:F0:0A:EB:30:99

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ivwx82yXd3-Qa5PoOuZX8ArrMJk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/07/d9a004-b953-4c73-81e4-0711694000a0/1/Bduq-yHvQD-QD1Xm7ItxU8Y4-T0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/07/d9a004-b953-4c73-81e4-0711694000a0/1/ivwx82yXd3-Qa5PoOuZX8ArrMJk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.214.192.0/22
                IPv6:
                  2a0c:f600::/29

    Signature Algorithm: sha256WithRSAEncryption
         39:6b:43:5b:43:d1:92:e5:6b:9e:c2:e5:73:bb:fd:67:fb:d8:
         1b:c8:4a:80:0b:b4:9f:8d:ff:bf:a1:78:a6:1f:59:19:6b:f2:
         72:9d:2c:f3:64:97:a9:0a:2d:28:bc:bb:ca:4b:a6:9d:43:c7:
         1b:1f:6b:a3:d5:61:57:7f:7e:ab:25:29:fe:b6:e2:cd:65:2d:
         e5:a8:d8:af:78:d4:b9:61:91:b1:e6:17:b8:15:f0:56:72:a8:
         77:42:1b:29:19:58:e8:ce:1b:ff:89:d2:7d:26:7e:ee:01:63:
         06:7f:81:6a:b8:3e:a5:13:04:8c:6d:2e:43:76:61:a0:6f:d3:
         ac:0a:43:35:a4:03:45:0d:9a:46:00:17:c8:5e:de:77:43:ee:
         9d:1b:55:7f:13:67:25:04:ce:28:c2:94:3e:54:b0:6f:8f:49:
         99:0d:28:a0:b5:dd:07:84:d4:d0:de:5c:a8:a8:ef:00:65:d1:
         84:58:39:39:11:93:13:74:35:2a:2e:ab:95:54:a3:e9:68:38:
         e8:a7:ab:93:19:1d:75:02:11:d5:8c:01:8c:15:a4:b0:31:09:
         1c:bd:c4:1f:61:74:b4:4e:8c:b2:d5:c7:85:7c:42:1e:86:a5:
         18:db:59:0a:91:5a:a5:9a:7a:5f:1b:42:c5:4f:b9:09:65:76:
         98:b1:d2:7b
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQf+oYGQHfAm1JOH7FkZi+QMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhhZmMzMWYzNmM5Nzc3N2Y5MDZiOTNlODNhZTY1N2YwMGFl
YjMwOTkwHhcNMjUwMTAxMDM0ODE5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNWRiYWFmYjIxZWY0MDNmOTAwZjU1ZTZlYzhiNzE1M2M2MzhmOTNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlaMC45QQWh99Yi/icH3xnaduFOfa
FIqO/q8r1/FFQydULzPbvtIPEiJYkPkDHnLKFKjDtf77KSBGo9I4dUz0ZbtGBWKU
S5LlhJQobThmYBzypp28gHOIN1MzzPnkX3HWXipJo1ypVa3FxP3MAiW5wpUMnZtf
6pzJfVjD6wX8jQTqTuvQD7dMPz5vLimBVh/6ksI9rJtfa5eo9VUT0lrAw3JCLZsb
I147WTlpYhi2/ex1rgfBFrVnRiwKMHM8RJbdcMPV04PjOroItAa+1h+p0Aund/SP
o6BTq3Kjm8NO24yilnbPqDVTLhjVqVzbet1sQMpDC7Ij8eqTZfU4pvR3wwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFAXbqvsh70A/kA9V5uyLcVPGOPk9MB8GA1UdIwQY
MBaAFIr8MfNsl3d/kGuT6DrmV/AK6zCZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaXZ3eDgyeVhkMy1RYTVQb091Wlg4QXJyTUprLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNy9kOWEwMDQtYjk1My00YzczLTgxZTQt
MDcxMTY5NDAwMGEwLzEvQmR1cS15SHZRRC1RRDFYbTdJdHhVOFk0LVQwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNy9kOWEwMDQtYjk1My00YzczLTgxZTQtMDcxMTY5NDAwMGEw
LzEvaXZ3eDgyeVhkMy1RYTVQb091Wlg4QXJyTUprLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCudbAMA0E
AgACMAcDBQMqDPYAMA0GCSqGSIb3DQEBCwUAA4IBAQA5a0NbQ9GS5WuewuVzu/1n
+9gbyEqAC7Sfjf+/oXimH1kZa/JynSzzZJepCi0ovLvKS6adQ8cbH2uj1WFXf36r
JSn+tuLNZS3lqNiveNS5YZGx5he4FfBWcqh3QhspGVjozhv/idJ9Jn7uAWMGf4Fq
uD6lEwSMbS5DdmGgb9OsCkM1pANFDZpGABfIXt53Q+6dG1V/E2clBM4owpQ+VLBv
j0mZDSigtd0HhNTQ3lyoqO8AZdGEWDk5EZMTdDUqLquVVKPpaDjop6uTGR11AhHV
jAGMFaSwMQkcvcQfYXS0Toyy1ceFfEIehqUY21kKkVqlmnpfG0LFT7kJZXaYsdJ7
-----END CERTIFICATE-----