Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/41/ad603f-8fea-4849-9edb-c3668b503a1c/1/xJg857yIwhyEdYeIjcGRADD28jk.roa
File:                     xJg857yIwhyEdYeIjcGRADD28jk.roa (raw, json)
Hash identifier:          5mboHsfsR9FT8/O1wonNqgc6c/V/+s+AZdj8ipNclaM=
Subject key identifier:   C4:98:3C:E7:BC:88:C2:1C:84:75:87:88:8D:C1:91:00:30:F6:F2:39
Certificate issuer:       /CN=41251342e05d58b3b7fc93a15cba1eb71e542385
Certificate serial:       019425FDD09DBCD5B454C3064C9812EB9BB8
Authority key identifier: 41:25:13:42:E0:5D:58:B3:B7:FC:93:A1:5C:BA:1E:B7:1E:54:23:85
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/QSUTQuBdWLO3_JOhXLoetx5UI4U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/41/ad603f-8fea-4849-9edb-c3668b503a1c/1/xJg857yIwhyEdYeIjcGRADD28jk.roa
Signing time:             Thu 02 Jan 2025 07:49:38 +0000
ROA not before:           Thu 02 Jan 2025 07:49:38 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     201691
IP address blocks:        185.165.31.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/41/ad603f-8fea-4849-9edb-c3668b503a1c/1/QSUTQuBdWLO3_JOhXLoetx5UI4U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/41/ad603f-8fea-4849-9edb-c3668b503a1c/1/QSUTQuBdWLO3_JOhXLoetx5UI4U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/QSUTQuBdWLO3_JOhXLoetx5UI4U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 12 Apr 2025 14:34:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:fd:d0:9d:bc:d5:b4:54:c3:06:4c:98:12:eb:9b:b8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=41251342e05d58b3b7fc93a15cba1eb71e542385
        Validity
            Not Before: Jan  2 07:49:38 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c4983ce7bc88c21c847587888dc1910030f6f239
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:1f:0c:07:bd:bf:9c:44:d1:b9:e0:92:9a:57:
                    3f:9e:d0:43:76:39:0b:74:33:16:72:64:c5:49:5d:
                    8e:f3:c2:7e:34:df:4f:d3:b7:c7:a1:31:f7:d2:7a:
                    32:10:f2:ed:8e:68:fa:08:d4:43:72:40:3a:c2:90:
                    5b:c9:f4:03:68:80:25:a0:42:1f:79:98:1d:f5:63:
                    82:14:1c:15:66:f0:47:71:21:97:4d:ff:fe:f8:4a:
                    ba:d5:48:98:fc:8a:aa:98:b7:a6:f2:67:5f:17:fa:
                    82:b4:73:7b:7c:a1:5b:5c:68:6a:f3:9d:16:ed:9f:
                    e7:16:0a:f3:0c:e5:66:d2:25:6e:de:ed:6d:7f:83:
                    d3:6e:17:41:7a:32:8e:06:37:53:b2:18:80:a4:69:
                    7e:14:45:bb:ff:2a:5e:3e:93:f0:6f:33:eb:1c:55:
                    61:eb:ae:01:c4:15:5a:19:97:47:9e:e6:1c:a5:05:
                    93:fa:c4:5b:27:99:02:58:1d:d7:54:57:a9:c9:5a:
                    94:f5:5d:fd:c7:c6:58:09:d9:e3:35:aa:07:59:30:
                    d7:5a:95:c5:b6:1b:dc:bf:9d:b2:0a:ab:c6:1f:e9:
                    18:39:e5:8b:22:40:d6:33:14:04:08:0f:c0:0c:b4:
                    64:ca:7e:fc:89:e2:9b:b4:30:97:c7:84:79:c8:db:
                    8d:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C4:98:3C:E7:BC:88:C2:1C:84:75:87:88:8D:C1:91:00:30:F6:F2:39
            X509v3 Authority Key Identifier:
                keyid:41:25:13:42:E0:5D:58:B3:B7:FC:93:A1:5C:BA:1E:B7:1E:54:23:85

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QSUTQuBdWLO3_JOhXLoetx5UI4U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/41/ad603f-8fea-4849-9edb-c3668b503a1c/1/xJg857yIwhyEdYeIjcGRADD28jk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/41/ad603f-8fea-4849-9edb-c3668b503a1c/1/QSUTQuBdWLO3_JOhXLoetx5UI4U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.165.31.0/24

    Signature Algorithm: sha256WithRSAEncryption
         53:3b:42:2a:50:97:66:64:40:13:59:1b:bc:46:13:2b:48:b5:
         4a:6a:38:34:e1:b9:b5:06:5e:9f:30:e8:7f:5b:c0:7b:1b:28:
         82:a0:1b:c4:d6:e3:5c:ec:fc:ed:44:13:f2:2b:10:15:e8:a7:
         4c:62:fb:ec:7c:ee:67:dd:54:e9:a9:17:d6:31:20:38:ce:23:
         f1:d4:22:26:f7:0f:58:70:ee:d3:7d:24:f9:7e:48:c5:f1:64:
         47:8e:5a:95:99:b1:67:b8:09:33:d5:3a:00:71:aa:80:9e:a7:
         cb:92:4a:c5:3f:1e:26:6d:7c:b1:f0:6e:d1:4d:c5:1b:77:ef:
         53:70:c3:75:61:82:6b:6f:2d:c5:ba:fb:2b:da:7f:1b:48:24:
         99:6d:0c:b7:f3:c7:2e:7a:28:25:f4:c7:a1:44:d5:d5:fd:a0:
         d6:12:bf:29:23:30:2c:8d:d7:bc:02:96:62:6a:39:1b:1d:f9:
         6a:1f:c7:b2:69:b8:76:b2:9c:19:8b:b3:ec:1c:57:74:b6:c4:
         d8:f5:53:25:dd:ca:82:98:60:4e:99:ce:78:0a:d0:26:21:a0:
         03:91:05:6d:23:ee:94:b9:83:8f:63:be:ea:67:73:b3:46:db:
         34:9a:60:c0:7f:33:99:7a:b2:f3:6d:2a:ec:82:ea:97:8a:1f:
         01:2a:34:94
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQl/dCdvNW0VMMGTJgS65u4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQxMjUxMzQyZTA1ZDU4YjNiN2ZjOTNhMTVjYmExZWI3MWU1
NDIzODUwHhcNMjUwMTAyMDc0OTM4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNDk4M2NlN2JjODhjMjFjODQ3NTg3ODg4ZGMxOTEwMDMwZjZmMjM5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjx8MB72/nETRueCSmlc/ntBDdjkL
dDMWcmTFSV2O88J+NN9P07fHoTH30noyEPLtjmj6CNRDckA6wpBbyfQDaIAloEIf
eZgd9WOCFBwVZvBHcSGXTf/++Eq61UiY/IqqmLem8mdfF/qCtHN7fKFbXGhq850W
7Z/nFgrzDOVm0iVu3u1tf4PTbhdBejKOBjdTshiApGl+FEW7/ypePpPwbzPrHFVh
664BxBVaGZdHnuYcpQWT+sRbJ5kCWB3XVFepyVqU9V39x8ZYCdnjNaoHWTDXWpXF
thvcv52yCqvGH+kYOeWLIkDWMxQECA/ADLRkyn78ieKbtDCXx4R5yNuN5QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMSYPOe8iMIchHWHiI3BkQAw9vI5MB8GA1UdIwQY
MBaAFEElE0LgXVizt/yToVy6HrceVCOFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUVNVVFF1QmRXTE8zX0pPaFhMb2V0eDVVSTRVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MS9hZDYwM2YtOGZlYS00ODQ5LTllZGIt
YzM2NjhiNTAzYTFjLzEveEpnODU3eUl3aHlFZFllSWpjR1JBREQyOGprLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MS9hZDYwM2YtOGZlYS00ODQ5LTllZGItYzM2NjhiNTAzYTFj
LzEvUVNVVFF1QmRXTE8zX0pPaFhMb2V0eDVVSTRVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuaUfMA0G
CSqGSIb3DQEBCwUAA4IBAQBTO0IqUJdmZEATWRu8RhMrSLVKajg04bm1Bl6fMOh/
W8B7GyiCoBvE1uNc7PztRBPyKxAV6KdMYvvsfO5n3VTpqRfWMSA4ziPx1CIm9w9Y
cO7TfST5fkjF8WRHjlqVmbFnuAkz1ToAcaqAnqfLkkrFPx4mbXyx8G7RTcUbd+9T
cMN1YYJrby3Fuvsr2n8bSCSZbQy388cueigl9MehRNXV/aDWEr8pIzAsjde8ApZi
ajkbHflqH8eyabh2spwZi7PsHFd0tsTY9VMl3cqCmGBOmc54CtAmIaADkQVtI+6U
uYOPY77qZ3OzRts0mmDAfzOZerLzbSrsguqXih8BKjSU
-----END CERTIFICATE-----