Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/p2eUcQFz95P6LkumqO_WZpp6Pnk.roa
File:                     p2eUcQFz95P6LkumqO_WZpp6Pnk.roa (raw, json)
Hash identifier:          NKKCu8uCB7bFNexcV50+YrTtCEt9TAYeU390+8Bhtoo=
Subject key identifier:   A7:67:94:71:01:73:F7:93:FA:2E:4B:A6:A8:EF:D6:66:9A:7A:3E:79
Certificate issuer:       /CN=3183785916cd98d7c770d685145499a8a0a15722
Certificate serial:       01941F8C2A85EADABFCA0D658EB88CE35EA2
Authority key identifier: 31:83:78:59:16:CD:98:D7:C7:70:D6:85:14:54:99:A8:A0:A1:57:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MYN4WRbNmNfHcNaFFFSZqKChVyI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/p2eUcQFz95P6LkumqO_WZpp6Pnk.roa
Signing time:             Wed 01 Jan 2025 01:47:47 +0000
ROA not before:           Wed 01 Jan 2025 01:47:47 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     49295
IP address blocks:        85.122.115.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/MYN4WRbNmNfHcNaFFFSZqKChVyI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/MYN4WRbNmNfHcNaFFFSZqKChVyI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MYN4WRbNmNfHcNaFFFSZqKChVyI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 09 Apr 2025 22:00:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:8c:2a:85:ea:da:bf:ca:0d:65:8e:b8:8c:e3:5e:a2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3183785916cd98d7c770d685145499a8a0a15722
        Validity
            Not Before: Jan  1 01:47:47 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a76794710173f793fa2e4ba6a8efd6669a7a3e79
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:10:0e:df:72:6a:35:e4:21:6e:dc:18:32:50:
                    00:01:9a:a7:48:49:cf:9b:c4:46:10:47:d2:30:73:
                    2a:a0:2a:d6:a1:82:f1:fd:e3:6b:da:05:b0:87:25:
                    9b:af:87:f5:c2:e6:cc:52:14:57:dc:ce:bf:40:63:
                    e0:1f:68:89:37:1e:78:39:8b:0a:a4:b5:29:cc:8b:
                    c3:65:84:58:0c:cd:b1:c0:c2:52:dc:8a:dc:e7:83:
                    05:99:76:d0:e8:3a:9e:1d:48:03:96:75:1d:27:af:
                    7e:42:38:db:f0:a5:9e:04:fd:59:c1:c8:31:4e:4a:
                    c9:f3:c7:e6:e3:03:67:e9:1f:5f:2a:4e:83:f2:db:
                    55:cc:4a:4b:6e:c0:58:8b:02:97:ba:cc:9d:5c:0f:
                    e8:19:a8:2a:5c:45:2a:f2:11:35:b3:71:de:08:bd:
                    d3:99:80:f5:b4:ec:28:1f:3b:8c:89:38:5f:40:83:
                    26:87:04:ad:2e:38:86:64:6c:6c:65:6e:4a:e6:ca:
                    2d:ad:69:d9:7d:a2:2d:16:6a:07:50:1b:04:43:a2:
                    e9:fb:3c:49:7c:d7:d0:83:15:aa:29:d7:4c:90:3b:
                    5b:01:75:0d:52:76:f6:94:76:53:bb:96:c2:ae:db:
                    84:be:01:94:53:77:c4:64:49:50:ec:99:61:59:bf:
                    71:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A7:67:94:71:01:73:F7:93:FA:2E:4B:A6:A8:EF:D6:66:9A:7A:3E:79
            X509v3 Authority Key Identifier:
                keyid:31:83:78:59:16:CD:98:D7:C7:70:D6:85:14:54:99:A8:A0:A1:57:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MYN4WRbNmNfHcNaFFFSZqKChVyI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/p2eUcQFz95P6LkumqO_WZpp6Pnk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/MYN4WRbNmNfHcNaFFFSZqKChVyI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.122.115.0/24

    Signature Algorithm: sha256WithRSAEncryption
         85:93:f3:96:9e:f0:d6:70:31:de:47:62:8f:a6:23:81:ab:8d:
         2f:37:59:05:4a:f9:58:ad:8d:d6:ef:9f:a8:28:d3:e0:8f:fd:
         47:84:3f:97:a6:92:15:62:c6:da:9b:86:31:fb:3e:57:1b:6b:
         7a:22:42:64:9a:fc:6d:6a:3b:06:14:eb:2a:e1:f2:31:72:ec:
         92:5d:e0:8d:36:be:33:0d:28:0f:7f:47:95:4f:7a:3f:89:3f:
         d8:8f:98:8f:83:86:87:53:46:24:4e:5a:a4:f0:02:5f:57:03:
         b5:80:e2:2d:7a:34:aa:ee:e6:00:b7:26:77:b3:d1:88:a2:64:
         9e:b8:a8:f5:77:05:19:ce:33:f2:96:51:4f:5d:92:73:ca:c2:
         13:7f:1f:43:09:aa:df:09:87:9b:57:44:6f:38:af:91:81:92:
         ba:6a:2b:a4:eb:ff:ec:75:47:a8:02:47:d0:e6:df:d3:64:2b:
         1c:28:61:df:b9:c1:1a:b8:d5:93:3a:e9:71:23:5f:7a:7e:88:
         df:5e:29:67:d3:3e:52:95:37:54:fc:49:2d:d2:b4:dd:b0:26:
         96:e0:5a:ad:7c:4c:e1:d4:4b:c2:ba:e7:23:2b:93:8c:85:30:
         53:ba:f8:d9:95:59:72:92:7c:88:0b:ea:f1:89:5f:9a:59:12:
         f7:62:19:a5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQfjCqF6tq/yg1ljriM416iMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMxODM3ODU5MTZjZDk4ZDdjNzcwZDY4NTE0NTQ5OWE4YTBh
MTU3MjIwHhcNMjUwMTAxMDE0NzQ3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNzY3OTQ3MTAxNzNmNzkzZmEyZTRiYTZhOGVmZDY2NjlhN2EzZTc5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvhAO33JqNeQhbtwYMlAAAZqnSEnP
m8RGEEfSMHMqoCrWoYLx/eNr2gWwhyWbr4f1wubMUhRX3M6/QGPgH2iJNx54OYsK
pLUpzIvDZYRYDM2xwMJS3Irc54MFmXbQ6DqeHUgDlnUdJ69+Qjjb8KWeBP1Zwcgx
TkrJ88fm4wNn6R9fKk6D8ttVzEpLbsBYiwKXusydXA/oGagqXEUq8hE1s3HeCL3T
mYD1tOwoHzuMiThfQIMmhwStLjiGZGxsZW5K5sotrWnZfaItFmoHUBsEQ6Lp+zxJ
fNfQgxWqKddMkDtbAXUNUnb2lHZTu5bCrtuEvgGUU3fEZElQ7JlhWb9xJwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKdnlHEBc/eT+i5Lpqjv1maaej55MB8GA1UdIwQY
MBaAFDGDeFkWzZjXx3DWhRRUmaigoVciMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTVlONFdSYk5tTmZIY05hRkZGU1pxS0NoVnlJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNS83MTkzZGItN2Y4NS00MmJiLWIwOWEt
ZjUyYzQ3YzIyNWRiLzEvcDJlVWNRRno5NVA2TGt1bXFPX1dacHA2UG5rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNS83MTkzZGItN2Y4NS00MmJiLWIwOWEtZjUyYzQ3YzIyNWRi
LzEvTVlONFdSYk5tTmZIY05hRkZGU1pxS0NoVnlJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVXpzMA0G
CSqGSIb3DQEBCwUAA4IBAQCFk/OWnvDWcDHeR2KPpiOBq40vN1kFSvlYrY3W75+o
KNPgj/1HhD+XppIVYsbam4Yx+z5XG2t6IkJkmvxtajsGFOsq4fIxcuySXeCNNr4z
DSgPf0eVT3o/iT/Yj5iPg4aHU0YkTlqk8AJfVwO1gOItejSq7uYAtyZ3s9GIomSe
uKj1dwUZzjPyllFPXZJzysITfx9DCarfCYebV0RvOK+RgZK6aiuk6//sdUeoAkfQ
5t/TZCscKGHfucEauNWTOulxI196fojfXiln0z5SlTdU/Ekt0rTdsCaW4FqtfEzh
1EvCuucjK5OMhTBTuvjZlVlyknyIC+rxiV+aWRL3Yhml
-----END CERTIFICATE-----