Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/32/bbba88-1344-4d89-8f52-6df7bf59e326/1/5ustdSbbm9ST-2wIKJ8CEQFm9uA.roa
File:                     5ustdSbbm9ST-2wIKJ8CEQFm9uA.roa (raw, json)
Hash identifier:          yKpgpIHIG2BTdF1Lf8tbsgQ4B2uw7L1E3SOAOBNc6b4=
Subject key identifier:   E6:EB:2D:75:26:DB:9B:D4:93:FB:6C:08:28:9F:02:11:01:66:F6:E0
Certificate issuer:       /CN=252c4e2bf5f2138462ef4a5d9e0f6e7a763530fe
Certificate serial:       0195A32B777F3E8A5D25FD201D81D0C6751C
Authority key identifier: 25:2C:4E:2B:F5:F2:13:84:62:EF:4A:5D:9E:0F:6E:7A:76:35:30:FE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JSxOK_XyE4Ri70pdng9uenY1MP4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/32/bbba88-1344-4d89-8f52-6df7bf59e326/1/5ustdSbbm9ST-2wIKJ8CEQFm9uA.roa
Signing time:             Mon 17 Mar 2025 08:14:49 +0000
ROA not before:           Mon 17 Mar 2025 08:14:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     207701
IP address blocks:        185.234.102.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/32/bbba88-1344-4d89-8f52-6df7bf59e326/1/JSxOK_XyE4Ri70pdng9uenY1MP4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/32/bbba88-1344-4d89-8f52-6df7bf59e326/1/JSxOK_XyE4Ri70pdng9uenY1MP4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JSxOK_XyE4Ri70pdng9uenY1MP4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 16 Apr 2025 14:00:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:a3:2b:77:7f:3e:8a:5d:25:fd:20:1d:81:d0:c6:75:1c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=252c4e2bf5f2138462ef4a5d9e0f6e7a763530fe
        Validity
            Not Before: Mar 17 08:14:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e6eb2d7526db9bd493fb6c08289f02110166f6e0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:a7:cb:1b:81:60:b2:95:87:50:82:ea:00:ff:
                    37:99:b0:8e:eb:b8:1f:b7:e7:01:7c:91:51:0d:61:
                    2a:fd:15:26:8a:79:e3:4c:85:fc:31:c9:32:de:7c:
                    aa:50:78:79:57:c7:f4:6f:b9:45:89:2e:41:e8:38:
                    40:c9:cd:1b:9f:a3:da:f8:02:af:1a:a1:1f:ce:eb:
                    87:d8:b2:d8:69:8f:3c:3d:a1:2c:d6:20:68:32:b2:
                    dc:ab:9e:ba:bd:5a:c4:b4:78:aa:87:2e:97:79:e8:
                    9d:07:68:95:b9:27:e9:bc:97:0b:2e:19:16:ad:52:
                    1c:54:37:73:cd:5a:30:c8:2c:0b:99:1f:50:53:59:
                    f5:8d:ec:47:f2:c7:d5:66:fd:4b:59:5e:f5:23:79:
                    72:08:82:f1:33:f5:96:c0:23:53:d0:1b:eb:6d:6e:
                    97:ef:7a:53:d0:e1:b9:19:23:f7:c7:82:80:55:ac:
                    9e:5e:86:62:1c:65:c1:2a:98:e8:47:b5:ac:06:72:
                    ad:2b:28:e0:fa:28:43:3a:14:ec:fc:19:66:72:ab:
                    e3:83:01:11:02:2b:bf:d0:b7:33:a5:02:f9:ef:95:
                    c2:e7:5d:75:77:19:86:07:52:9e:43:a1:4c:f7:6b:
                    d9:8c:cd:0e:43:2c:29:ca:ff:dc:d8:20:10:54:ae:
                    5a:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E6:EB:2D:75:26:DB:9B:D4:93:FB:6C:08:28:9F:02:11:01:66:F6:E0
            X509v3 Authority Key Identifier:
                keyid:25:2C:4E:2B:F5:F2:13:84:62:EF:4A:5D:9E:0F:6E:7A:76:35:30:FE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JSxOK_XyE4Ri70pdng9uenY1MP4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/32/bbba88-1344-4d89-8f52-6df7bf59e326/1/5ustdSbbm9ST-2wIKJ8CEQFm9uA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/32/bbba88-1344-4d89-8f52-6df7bf59e326/1/JSxOK_XyE4Ri70pdng9uenY1MP4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.234.102.0/24

    Signature Algorithm: sha256WithRSAEncryption
         11:22:1b:df:23:cb:06:07:d2:00:60:8e:65:51:53:86:2c:75:
         62:13:e3:d3:20:27:7b:42:1d:24:f9:c5:bb:3e:73:2f:d0:c9:
         83:16:e6:fd:e8:d1:1c:1b:d0:83:23:2a:e0:03:e0:79:aa:f2:
         8d:31:37:03:ad:82:c4:51:af:ce:19:d1:e8:04:57:8f:05:24:
         84:af:9f:32:0b:f7:f7:a3:fd:36:5e:b0:f6:5f:b6:b3:e3:d8:
         46:0e:28:83:2e:f6:a4:76:71:5f:4f:1c:66:8c:02:fb:b7:a3:
         ee:09:68:19:b1:7d:38:bb:01:7c:fd:57:3e:a0:14:f3:26:1f:
         7a:78:c2:5f:73:4f:c2:90:0a:9b:5e:8f:a3:7c:45:15:3c:26:
         08:1e:06:33:e6:5c:3f:29:e0:78:02:b6:c9:c0:0e:8a:70:13:
         bc:5f:2c:13:cc:cd:2e:9f:be:b0:0e:fa:b1:59:50:93:c0:e3:
         6a:14:5a:7b:ff:00:dd:21:2a:e3:cb:e3:8b:e8:7b:2c:4f:98:
         99:11:7c:81:9e:fa:c7:05:14:53:a0:42:4b:b3:7c:20:2f:e3:
         3f:a4:4e:fd:3e:f8:c3:c6:24:27:7b:ac:e7:0f:d9:31:0b:25:
         56:3f:74:06:90:d6:09:a9:9e:d4:13:cc:83:0d:98:ba:89:1f:
         c4:bb:c9:d8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZWjK3d/PopdJf0gHYHQxnUcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI1MmM0ZTJiZjVmMjEzODQ2MmVmNGE1ZDllMGY2ZTdhNzYz
NTMwZmUwHhcNMjUwMzE3MDgxNDQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNmViMmQ3NTI2ZGI5YmQ0OTNmYjZjMDgyODlmMDIxMTAxNjZmNmUwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv6fLG4FgspWHUILqAP83mbCO67gf
t+cBfJFRDWEq/RUminnjTIX8Mcky3nyqUHh5V8f0b7lFiS5B6DhAyc0bn6Pa+AKv
GqEfzuuH2LLYaY88PaEs1iBoMrLcq566vVrEtHiqhy6XeeidB2iVuSfpvJcLLhkW
rVIcVDdzzVowyCwLmR9QU1n1jexH8sfVZv1LWV71I3lyCILxM/WWwCNT0BvrbW6X
73pT0OG5GSP3x4KAVayeXoZiHGXBKpjoR7WsBnKtKyjg+ihDOhTs/BlmcqvjgwER
Aiu/0LczpQL575XC5111dxmGB1KeQ6FM92vZjM0OQywpyv/c2CAQVK5aVwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFObrLXUm25vUk/tsCCifAhEBZvbgMB8GA1UdIwQY
MBaAFCUsTiv18hOEYu9KXZ4Pbnp2NTD+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSlN4T0tfWHlFNFJpNzBwZG5nOXVlblkxTVA0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMi9iYmJhODgtMTM0NC00ZDg5LThmNTIt
NmRmN2JmNTllMzI2LzEvNXVzdGRTYmJtOVNULTJ3SUtKOENFUUZtOXVBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMi9iYmJhODgtMTM0NC00ZDg5LThmNTItNmRmN2JmNTllMzI2
LzEvSlN4T0tfWHlFNFJpNzBwZG5nOXVlblkxTVA0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuepmMA0G
CSqGSIb3DQEBCwUAA4IBAQARIhvfI8sGB9IAYI5lUVOGLHViE+PTICd7Qh0k+cW7
PnMv0MmDFub96NEcG9CDIyrgA+B5qvKNMTcDrYLEUa/OGdHoBFePBSSEr58yC/f3
o/02XrD2X7az49hGDiiDLvakdnFfTxxmjAL7t6PuCWgZsX04uwF8/Vc+oBTzJh96
eMJfc0/CkAqbXo+jfEUVPCYIHgYz5lw/KeB4ArbJwA6KcBO8XywTzM0un76wDvqx
WVCTwONqFFp7/wDdISrjy+OL6HssT5iZEXyBnvrHBRRToEJLs3wgL+M/pE79PvjD
xiQne6znD9kxCyVWP3QGkNYJqZ7UE8yDDZi6iR/Eu8nY
-----END CERTIFICATE-----