Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/ujNmHY97znzqH0GbZ-USMqnJ30E.roa
File:                     ujNmHY97znzqH0GbZ-USMqnJ30E.roa (raw, json)
Hash identifier:          ZL0nsSvy8PokOdlNV7BpPnuGRMQQ3he6NL1KQF18uyk=
Subject key identifier:   BA:33:66:1D:8F:7B:CE:7C:EA:1F:41:9B:67:E5:12:32:A9:C9:DF:41
Certificate issuer:       /CN=3183785916cd98d7c770d685145499a8a0a15722
Certificate serial:       01941F8C2EAA417C5F62034B087A4186FC0D
Authority key identifier: 31:83:78:59:16:CD:98:D7:C7:70:D6:85:14:54:99:A8:A0:A1:57:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MYN4WRbNmNfHcNaFFFSZqKChVyI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/ujNmHY97znzqH0GbZ-USMqnJ30E.roa
Signing time:             Wed 01 Jan 2025 01:47:48 +0000
ROA not before:           Wed 01 Jan 2025 01:47:48 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     56951
IP address blocks:        85.120.31.0/24 maxlen: 24
                          85.120.32.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/MYN4WRbNmNfHcNaFFFSZqKChVyI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/MYN4WRbNmNfHcNaFFFSZqKChVyI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MYN4WRbNmNfHcNaFFFSZqKChVyI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 13:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:8c:2e:aa:41:7c:5f:62:03:4b:08:7a:41:86:fc:0d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3183785916cd98d7c770d685145499a8a0a15722
        Validity
            Not Before: Jan  1 01:47:48 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ba33661d8f7bce7cea1f419b67e51232a9c9df41
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:fe:5c:e7:bb:3c:47:2d:2c:f3:9f:6b:c3:46:
                    c2:af:33:1e:37:6f:f2:06:48:b4:c3:73:61:9d:f6:
                    94:8e:30:dc:af:b3:1a:87:61:71:27:e4:57:eb:36:
                    29:14:8c:30:68:9b:5e:5a:fb:d3:96:53:e8:90:28:
                    e5:50:b4:cb:db:06:4b:bc:09:d2:16:b1:21:ca:51:
                    e9:01:bc:65:a5:81:3e:16:49:69:3a:21:b2:40:85:
                    7f:cb:64:cf:bc:0f:9c:6f:0f:fb:d4:3d:9f:92:f3:
                    bd:ce:65:ba:de:aa:bd:0e:6a:e9:07:1b:a5:20:e8:
                    33:ca:52:bf:37:3a:af:e8:48:69:7a:f8:98:a9:33:
                    43:72:d4:75:71:88:0d:b0:a8:a0:ef:1d:56:72:9e:
                    41:8d:21:7c:92:31:b7:c9:ef:7b:e0:af:00:5b:ca:
                    d0:d7:6f:c6:d1:08:98:97:14:c3:08:60:3f:32:8f:
                    1a:e8:bd:82:bf:2a:76:dc:09:b3:7d:18:8e:62:d3:
                    17:98:10:a1:bd:5c:1b:0b:09:e4:a0:3e:b0:eb:6c:
                    c1:9d:b2:1e:2a:f4:1a:5a:5c:0e:4b:28:a0:5a:b2:
                    42:67:db:a2:a9:bc:4d:2a:56:c3:0b:c8:9d:7a:2b:
                    19:d6:21:ba:f9:09:df:90:53:37:e3:95:47:12:29:
                    c5:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BA:33:66:1D:8F:7B:CE:7C:EA:1F:41:9B:67:E5:12:32:A9:C9:DF:41
            X509v3 Authority Key Identifier:
                keyid:31:83:78:59:16:CD:98:D7:C7:70:D6:85:14:54:99:A8:A0:A1:57:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MYN4WRbNmNfHcNaFFFSZqKChVyI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/ujNmHY97znzqH0GbZ-USMqnJ30E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/MYN4WRbNmNfHcNaFFFSZqKChVyI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.120.31.0-85.120.32.255

    Signature Algorithm: sha256WithRSAEncryption
         10:ed:62:d6:1a:39:4e:06:14:5d:db:ac:2f:30:e6:3c:cb:7f:
         b9:20:ed:95:62:a6:b7:a5:65:29:84:bc:dd:12:3b:64:f2:b7:
         c8:f7:46:8c:39:24:f6:82:f7:e6:0c:5a:c3:d1:cf:02:3e:44:
         d6:fc:57:51:e1:bc:36:e9:23:38:a0:4e:13:ea:9f:e9:1a:6a:
         26:e0:da:8b:8a:46:d3:d8:5d:2a:bf:d6:e4:2e:e3:4d:a5:2b:
         1b:a6:77:fa:6c:67:fd:be:70:a0:ce:40:57:11:62:f5:10:8b:
         8c:3f:8c:f8:31:75:cb:9d:31:24:3d:3a:53:b4:c1:8a:b5:70:
         25:1f:13:34:1e:e7:6f:48:df:1a:cf:e9:ec:f7:44:d0:1c:0e:
         94:6f:64:de:ab:d9:47:1b:30:69:80:7a:06:d0:db:63:5f:16:
         8f:41:4b:1d:00:69:9f:7a:3c:28:b7:77:7d:d2:66:0b:4c:51:
         87:01:d6:b8:b4:d9:6d:d9:c1:c7:ad:cd:45:75:40:13:36:3f:
         f3:8b:f1:b9:90:9d:fb:52:d1:17:4a:81:58:aa:1d:ee:45:c5:
         5f:67:39:95:50:4c:90:0b:6d:d9:b1:84:18:43:6c:85:39:9b:
         f3:71:37:d3:93:a4:31:1e:e9:83:4e:9c:1d:53:91:69:14:9d:
         91:67:1d:0d
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZQfjC6qQXxfYgNLCHpBhvwNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMxODM3ODU5MTZjZDk4ZDdjNzcwZDY4NTE0NTQ5OWE4YTBh
MTU3MjIwHhcNMjUwMTAxMDE0NzQ4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYTMzNjYxZDhmN2JjZTdjZWExZjQxOWI2N2U1MTIzMmE5YzlkZjQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArP5c57s8Ry0s859rw0bCrzMeN2/y
Bki0w3NhnfaUjjDcr7Mah2FxJ+RX6zYpFIwwaJteWvvTllPokCjlULTL2wZLvAnS
FrEhylHpAbxlpYE+FklpOiGyQIV/y2TPvA+cbw/71D2fkvO9zmW63qq9DmrpBxul
IOgzylK/Nzqv6EhpeviYqTNDctR1cYgNsKig7x1Wcp5BjSF8kjG3ye974K8AW8rQ
12/G0QiYlxTDCGA/Mo8a6L2Cvyp23AmzfRiOYtMXmBChvVwbCwnkoD6w62zBnbIe
KvQaWlwOSyigWrJCZ9uiqbxNKlbDC8ideisZ1iG6+QnfkFM345VHEinFnQIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFLozZh2Pe8586h9Bm2flEjKpyd9BMB8GA1UdIwQY
MBaAFDGDeFkWzZjXx3DWhRRUmaigoVciMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTVlONFdSYk5tTmZIY05hRkZGU1pxS0NoVnlJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNS83MTkzZGItN2Y4NS00MmJiLWIwOWEt
ZjUyYzQ3YzIyNWRiLzEvdWpObUhZOTd6bnpxSDBHYlotVVNNcW5KMzBFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNS83MTkzZGItN2Y4NS00MmJiLWIwOWEtZjUyYzQ3YzIyNWRi
LzEvTVlONFdSYk5tTmZIY05hRkZGU1pxS0NoVnlJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBABVeB8D
BABVeCAwDQYJKoZIhvcNAQELBQADggEBABDtYtYaOU4GFF3brC8w5jzLf7kg7ZVi
prelZSmEvN0SO2Tyt8j3Row5JPaC9+YMWsPRzwI+RNb8V1HhvDbpIzigThPqn+ka
aibg2ouKRtPYXSq/1uQu402lKxumd/psZ/2+cKDOQFcRYvUQi4w/jPgxdcudMSQ9
OlO0wYq1cCUfEzQe529I3xrP6ez3RNAcDpRvZN6r2UcbMGmAegbQ22NfFo9BSx0A
aZ96PCi3d33SZgtMUYcB1ri02W3ZwcetzUV1QBM2P/OL8bmQnftS0RdKgViqHe5F
xV9nOZVQTJALbdmxhBhDbIU5m/NxN9OTpDEe6YNOnB1TkWkUnZFnHQ0=
-----END CERTIFICATE-----