Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2d/cdf5f6-2f18-42c7-930e-dc06dd805960/1/85QzFbnMGxJTY5LHGuo2Ciw9XIc.roa
File:                     85QzFbnMGxJTY5LHGuo2Ciw9XIc.roa (raw, json)
Hash identifier:          IxzG5S/bwgqBEnXOIi/86lsADEbT+PmU0aEP0kJ6y34=
Subject key identifier:   F3:94:33:15:B9:CC:1B:12:53:63:92:C7:1A:EA:36:0A:2C:3D:5C:87
Certificate issuer:       /CN=349cbbd5c2cf4195cc6ec7f21f607581a0224daa
Certificate serial:       0194258F89DCF69FAD5029C14DAA80515EA7
Authority key identifier: 34:9C:BB:D5:C2:CF:41:95:CC:6E:C7:F2:1F:60:75:81:A0:22:4D:AA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NJy71cLPQZXMbsfyH2B1gaAiTao.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2d/cdf5f6-2f18-42c7-930e-dc06dd805960/1/85QzFbnMGxJTY5LHGuo2Ciw9XIc.roa
Signing time:             Thu 02 Jan 2025 05:49:11 +0000
ROA not before:           Thu 02 Jan 2025 05:49:11 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     7018
IP address blocks:        81.161.2.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2d/cdf5f6-2f18-42c7-930e-dc06dd805960/1/NJy71cLPQZXMbsfyH2B1gaAiTao.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2d/cdf5f6-2f18-42c7-930e-dc06dd805960/1/NJy71cLPQZXMbsfyH2B1gaAiTao.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NJy71cLPQZXMbsfyH2B1gaAiTao.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 16:04:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:8f:89:dc:f6:9f:ad:50:29:c1:4d:aa:80:51:5e:a7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=349cbbd5c2cf4195cc6ec7f21f607581a0224daa
        Validity
            Not Before: Jan  2 05:49:11 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f3943315b9cc1b12536392c71aea360a2c3d5c87
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:21:55:f8:56:26:2e:67:8c:78:a7:0d:e4:17:
                    c4:89:c7:12:91:82:dc:96:74:c2:8e:6f:49:34:fe:
                    24:6a:ca:11:cc:36:35:7b:03:70:6b:65:a8:54:c1:
                    62:d2:52:85:bf:8e:6c:02:83:1c:c4:71:b1:e8:d5:
                    e7:f5:41:86:6f:f3:a6:b0:60:10:f4:f2:5d:e8:3d:
                    1c:15:66:87:8a:8f:11:e0:94:9f:8f:9e:82:96:4e:
                    ba:68:47:cc:36:eb:40:9b:38:92:f8:eb:34:4f:d0:
                    e8:c0:5f:82:60:93:f3:a5:7e:f4:0c:38:7f:12:46:
                    ae:5b:c9:d5:b4:62:38:d5:17:b9:69:f4:53:43:34:
                    86:c3:91:24:22:3b:21:ba:49:33:af:a5:c3:23:78:
                    8e:40:e5:7d:10:de:ed:f3:73:63:75:75:8f:eb:e8:
                    d9:c0:5e:0b:bd:69:93:3f:c1:12:44:9a:03:df:7c:
                    92:2d:7c:4d:f3:d7:7c:bc:cb:7f:cc:44:b4:04:e8:
                    61:b3:37:0e:1b:2a:1b:da:cd:1f:a4:fd:23:85:68:
                    7d:32:c8:ce:22:de:d0:1f:6b:70:2e:82:94:a3:b7:
                    89:07:3d:60:0b:ca:ba:a3:d9:0d:28:b6:87:2d:d6:
                    14:5d:90:b8:b0:29:fd:ac:1b:fa:cf:8d:69:f1:a5:
                    e0:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F3:94:33:15:B9:CC:1B:12:53:63:92:C7:1A:EA:36:0A:2C:3D:5C:87
            X509v3 Authority Key Identifier:
                keyid:34:9C:BB:D5:C2:CF:41:95:CC:6E:C7:F2:1F:60:75:81:A0:22:4D:AA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NJy71cLPQZXMbsfyH2B1gaAiTao.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/cdf5f6-2f18-42c7-930e-dc06dd805960/1/85QzFbnMGxJTY5LHGuo2Ciw9XIc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/cdf5f6-2f18-42c7-930e-dc06dd805960/1/NJy71cLPQZXMbsfyH2B1gaAiTao.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.161.2.0/23

    Signature Algorithm: sha256WithRSAEncryption
         31:0e:d6:31:d5:3c:2b:b2:12:07:3e:91:f4:47:1c:7f:b7:4f:
         9b:32:75:a9:96:71:61:12:04:5a:eb:26:cc:42:4b:89:e7:05:
         00:69:1b:44:f9:fd:d9:33:4f:cd:cd:b1:d0:ca:39:56:03:75:
         a7:9a:57:ee:79:22:af:72:b5:58:7e:d6:c0:54:fd:d3:5b:be:
         54:32:c3:5a:3d:c1:d9:10:61:fd:48:48:29:37:fa:c0:0a:67:
         4d:fb:c7:fd:4a:15:c5:5a:b1:fd:84:cc:ab:0f:65:46:cd:f1:
         25:4c:3a:59:72:30:b5:8c:77:33:30:33:a1:4b:cb:44:b5:fc:
         2a:7b:fd:38:a8:37:58:c7:75:f3:a7:f8:1b:cd:8d:dd:33:f1:
         d3:8a:17:f9:ca:99:6a:34:7b:42:7a:10:77:68:f6:15:f9:72:
         df:81:c0:10:dc:44:5e:a8:ae:79:82:8c:97:41:2b:00:ce:e3:
         53:77:81:c9:e1:66:fb:10:63:d0:5d:45:66:17:dc:04:1f:f7:
         8a:b4:f8:f7:63:42:7b:8f:ad:cd:69:80:4e:31:89:22:ec:54:
         7e:4d:2e:54:72:e8:4e:3a:b1:6d:64:d8:cb:f4:55:49:04:dc:
         c5:c7:fd:f1:3d:8e:f0:ea:10:37:f5:65:de:4f:7f:1f:b3:36:
         92:5f:68:3f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQlj4nc9p+tUCnBTaqAUV6nMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM0OWNiYmQ1YzJjZjQxOTVjYzZlYzdmMjFmNjA3NTgxYTAy
MjRkYWEwHhcNMjUwMTAyMDU0OTExWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMzk0MzMxNWI5Y2MxYjEyNTM2MzkyYzcxYWVhMzYwYTJjM2Q1Yzg3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2CFV+FYmLmeMeKcN5BfEiccSkYLc
lnTCjm9JNP4kasoRzDY1ewNwa2WoVMFi0lKFv45sAoMcxHGx6NXn9UGGb/OmsGAQ
9PJd6D0cFWaHio8R4JSfj56Clk66aEfMNutAmziS+Os0T9DowF+CYJPzpX70DDh/
EkauW8nVtGI41Re5afRTQzSGw5EkIjshukkzr6XDI3iOQOV9EN7t83NjdXWP6+jZ
wF4LvWmTP8ESRJoD33ySLXxN89d8vMt/zES0BOhhszcOGyob2s0fpP0jhWh9MsjO
It7QH2twLoKUo7eJBz1gC8q6o9kNKLaHLdYUXZC4sCn9rBv6z41p8aXgPQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPOUMxW5zBsSU2OSxxrqNgosPVyHMB8GA1UdIwQY
MBaAFDScu9XCz0GVzG7H8h9gdYGgIk2qMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTkp5NzFjTFBRWlhNYnNmeUgyQjFnYUFpVGFvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZC9jZGY1ZjYtMmYxOC00MmM3LTkzMGUt
ZGMwNmRkODA1OTYwLzEvODVRekZibk1HeEpUWTVMSEd1bzJDaXc5WEljLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZC9jZGY1ZjYtMmYxOC00MmM3LTkzMGUtZGMwNmRkODA1OTYw
LzEvTkp5NzFjTFBRWlhNYnNmeUgyQjFnYUFpVGFvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBUaECMA0G
CSqGSIb3DQEBCwUAA4IBAQAxDtYx1TwrshIHPpH0Rxx/t0+bMnWplnFhEgRa6ybM
QkuJ5wUAaRtE+f3ZM0/NzbHQyjlWA3WnmlfueSKvcrVYftbAVP3TW75UMsNaPcHZ
EGH9SEgpN/rACmdN+8f9ShXFWrH9hMyrD2VGzfElTDpZcjC1jHczMDOhS8tEtfwq
e/04qDdYx3Xzp/gbzY3dM/HTihf5yplqNHtCehB3aPYV+XLfgcAQ3EReqK55goyX
QSsAzuNTd4HJ4Wb7EGPQXUVmF9wEH/eKtPj3Y0J7j63NaYBOMYki7FR+TS5UcuhO
OrFtZNjL9FVJBNzFx/3xPY7w6hA39WXeT38fszaSX2g/
-----END CERTIFICATE-----