Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/26/3de8cc-db79-4a9b-b79a-4ef488dc6dc4/1/JuGf7pzc4HCrM3We2--OeQqSX4U.roa
File:                     JuGf7pzc4HCrM3We2--OeQqSX4U.roa (raw, json)
Hash identifier:          H4A47OUP6tLe0HcSGtfbX99Pdjm0iQtczsTWsqdmMN8=
Subject key identifier:   26:E1:9F:EE:9C:DC:E0:70:AB:33:75:9E:DB:EF:8E:79:0A:92:5F:85
Certificate issuer:       /CN=234d9395a2ba239cb9d278eb589b72ed5c9672d1
Certificate serial:       01942067C9E17B4AF4062F01477F773AA68D
Authority key identifier: 23:4D:93:95:A2:BA:23:9C:B9:D2:78:EB:58:9B:72:ED:5C:96:72:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/I02TlaK6I5y50njrWJty7VyWctE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/26/3de8cc-db79-4a9b-b79a-4ef488dc6dc4/1/JuGf7pzc4HCrM3We2--OeQqSX4U.roa
Signing time:             Wed 01 Jan 2025 05:47:40 +0000
ROA not before:           Wed 01 Jan 2025 05:47:40 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     48314
IP address blocks:        185.135.55.0/24 maxlen: 24
                          2a02:faa0:3::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/26/3de8cc-db79-4a9b-b79a-4ef488dc6dc4/1/I02TlaK6I5y50njrWJty7VyWctE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/26/3de8cc-db79-4a9b-b79a-4ef488dc6dc4/1/I02TlaK6I5y50njrWJty7VyWctE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/I02TlaK6I5y50njrWJty7VyWctE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 02:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:67:c9:e1:7b:4a:f4:06:2f:01:47:7f:77:3a:a6:8d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=234d9395a2ba239cb9d278eb589b72ed5c9672d1
        Validity
            Not Before: Jan  1 05:47:40 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=26e19fee9cdce070ab33759edbef8e790a925f85
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:b1:38:74:d3:bf:99:c6:2e:3c:ad:c2:38:5f:
                    b6:63:64:96:ce:98:89:73:fc:b3:a3:44:40:e0:76:
                    88:aa:d2:33:66:cd:6f:f0:c3:d2:19:aa:ba:5a:9a:
                    e6:33:19:07:5a:49:1b:99:0a:bd:a7:6f:ac:8f:43:
                    72:75:05:50:83:a6:e2:cd:6e:29:48:6c:da:50:91:
                    a7:57:d1:a9:cd:f6:2d:9c:a8:1d:a8:f6:de:c0:aa:
                    f1:31:89:1e:f7:ac:54:b0:15:4b:a7:65:36:0e:48:
                    15:11:05:de:62:91:04:fc:5b:a9:99:bf:ea:79:69:
                    40:21:55:39:55:ac:56:72:24:2a:36:f6:9b:db:90:
                    58:63:4c:f8:c6:70:b9:45:98:0b:00:9c:20:8a:78:
                    4f:2e:7c:f8:7d:8a:1c:e5:0f:05:d0:f9:7a:1e:a7:
                    ca:11:29:4b:47:3a:50:96:1b:3b:24:bf:c8:40:a5:
                    f2:a9:37:36:71:f0:46:0b:44:b5:f0:e2:c1:e9:7f:
                    06:c9:4d:af:50:b6:44:ea:ae:76:88:6d:61:0c:5d:
                    29:9b:65:25:14:f3:12:58:c5:fc:96:ea:d0:7a:c8:
                    ee:c9:f4:40:0b:0b:d9:2c:de:a0:68:26:23:c7:92:
                    be:c8:33:14:58:29:7b:7c:9f:91:ab:a4:20:67:2c:
                    4e:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                26:E1:9F:EE:9C:DC:E0:70:AB:33:75:9E:DB:EF:8E:79:0A:92:5F:85
            X509v3 Authority Key Identifier:
                keyid:23:4D:93:95:A2:BA:23:9C:B9:D2:78:EB:58:9B:72:ED:5C:96:72:D1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/I02TlaK6I5y50njrWJty7VyWctE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/26/3de8cc-db79-4a9b-b79a-4ef488dc6dc4/1/JuGf7pzc4HCrM3We2--OeQqSX4U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/26/3de8cc-db79-4a9b-b79a-4ef488dc6dc4/1/I02TlaK6I5y50njrWJty7VyWctE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.135.55.0/24
                IPv6:
                  2a02:faa0:3::/48

    Signature Algorithm: sha256WithRSAEncryption
         50:b9:39:05:5a:2b:78:8f:10:36:fa:96:df:89:ed:22:78:f1:
         e6:7b:b3:28:6e:93:10:48:09:61:3c:14:89:2a:d6:c9:0b:6c:
         99:68:14:9d:65:ae:bd:eb:40:d0:b2:5a:e2:77:3c:65:ad:b3:
         7c:97:df:63:43:45:83:0e:03:db:08:fa:2c:12:0a:18:6c:55:
         20:26:98:a8:23:7a:9b:5e:ee:8a:d1:35:e2:53:04:39:be:92:
         04:3e:87:1d:85:12:f9:2c:cc:6d:a2:cd:34:e2:a5:25:9a:e3:
         82:12:8c:0b:92:24:41:bf:59:15:21:71:c4:83:d4:60:29:69:
         82:ef:d7:47:15:fd:fe:98:13:2c:2e:9d:fc:d7:5c:12:19:81:
         ec:bb:43:8f:59:d8:63:14:9c:5a:1d:e9:57:d6:c3:4f:97:36:
         ba:f4:8f:d4:ff:05:24:06:aa:ad:34:59:70:ba:97:31:af:21:
         a5:32:cd:f6:cf:ba:ea:cf:b6:2a:8d:9f:11:95:8f:53:77:7d:
         c2:b5:8a:8d:f2:c8:1c:97:c0:d6:94:ec:14:57:58:56:ef:a1:
         87:0b:79:34:eb:f0:ff:94:e9:cf:83:58:1c:98:7c:47:9d:f2:
         b0:2b:22:0b:5a:a9:ba:d2:10:98:e5:95:e1:70:8f:00:20:c7:
         97:b8:58:ec
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZQgZ8nhe0r0Bi8BR393OqaNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIzNGQ5Mzk1YTJiYTIzOWNiOWQyNzhlYjU4OWI3MmVkNWM5
NjcyZDEwHhcNMjUwMTAxMDU0NzQwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNmUxOWZlZTljZGNlMDcwYWIzMzc1OWVkYmVmOGU3OTBhOTI1Zjg1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsrE4dNO/mcYuPK3COF+2Y2SWzpiJ
c/yzo0RA4HaIqtIzZs1v8MPSGaq6WprmMxkHWkkbmQq9p2+sj0NydQVQg6bizW4p
SGzaUJGnV9GpzfYtnKgdqPbewKrxMYke96xUsBVLp2U2DkgVEQXeYpEE/Fupmb/q
eWlAIVU5VaxWciQqNvab25BYY0z4xnC5RZgLAJwginhPLnz4fYoc5Q8F0Pl6HqfK
ESlLRzpQlhs7JL/IQKXyqTc2cfBGC0S18OLB6X8GyU2vULZE6q52iG1hDF0pm2Ul
FPMSWMX8lurQesjuyfRACwvZLN6gaCYjx5K+yDMUWCl7fJ+Rq6QgZyxOCwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFCbhn+6c3OBwqzN1ntvvjnkKkl+FMB8GA1UdIwQY
MBaAFCNNk5WiuiOcudJ461ibcu1clnLRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSTAyVGxhSzZJNXk1MG5qcldKdHk3VnlXY3RFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNi8zZGU4Y2MtZGI3OS00YTliLWI3OWEt
NGVmNDg4ZGM2ZGM0LzEvSnVHZjdwemM0SENyTTNXZTItLU9lUXFTWDRVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNi8zZGU4Y2MtZGI3OS00YTliLWI3OWEtNGVmNDg4ZGM2ZGM0
LzEvSTAyVGxhSzZJNXk1MG5qcldKdHk3VnlXY3RFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAuYc3MA8E
AgACMAkDBwAqAvqgAAMwDQYJKoZIhvcNAQELBQADggEBAFC5OQVaK3iPEDb6lt+J
7SJ48eZ7syhukxBICWE8FIkq1skLbJloFJ1lrr3rQNCyWuJ3PGWts3yX32NDRYMO
A9sI+iwSChhsVSAmmKgjepte7orRNeJTBDm+kgQ+hx2FEvkszG2izTTipSWa44IS
jAuSJEG/WRUhccSD1GApaYLv10cV/f6YEywunfzXXBIZgey7Q49Z2GMUnFod6VfW
w0+XNrr0j9T/BSQGqq00WXC6lzGvIaUyzfbPuurPtiqNnxGVj1N3fcK1io3yyByX
wNaU7BRXWFbvoYcLeTTr8P+U6c+DWByYfEed8rArIgtaqbrSEJjlleFwjwAgx5e4
WOw=
-----END CERTIFICATE-----