Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/41/e2dfff-8ba8-4bcf-ac31-98463859ecc1/1/iWuL7EAPk1i4562WAAnpIIisfrg.roa
File:                     iWuL7EAPk1i4562WAAnpIIisfrg.roa (raw, json)
Hash identifier:          fv7JYcv7fyDkQW+tPgocP+7W+7d2yC1pX80z2ydzaJQ=
Subject key identifier:   89:6B:8B:EC:40:0F:93:58:B8:E7:AD:96:00:09:E9:20:88:AC:7E:B8
Certificate issuer:       /CN=d45bdf6eec08370ae1f67e83f99b5ac1fe26872c
Certificate serial:       0194274848A900892540B15645DBFA3BEDC5
Authority key identifier: D4:5B:DF:6E:EC:08:37:0A:E1:F6:7E:83:F9:9B:5A:C1:FE:26:87:2C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1FvfbuwINwrh9n6D-Ztawf4mhyw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/41/e2dfff-8ba8-4bcf-ac31-98463859ecc1/1/iWuL7EAPk1i4562WAAnpIIisfrg.roa
Signing time:             Thu 02 Jan 2025 13:50:36 +0000
ROA not before:           Thu 02 Jan 2025 13:50:36 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     32727
IP address blocks:        85.203.54.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/41/e2dfff-8ba8-4bcf-ac31-98463859ecc1/1/1FvfbuwINwrh9n6D-Ztawf4mhyw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/41/e2dfff-8ba8-4bcf-ac31-98463859ecc1/1/1FvfbuwINwrh9n6D-Ztawf4mhyw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1FvfbuwINwrh9n6D-Ztawf4mhyw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 05:00:47 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:48:48:a9:00:89:25:40:b1:56:45:db:fa:3b:ed:c5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d45bdf6eec08370ae1f67e83f99b5ac1fe26872c
        Validity
            Not Before: Jan  2 13:50:36 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=896b8bec400f9358b8e7ad960009e92088ac7eb8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:18:91:6c:a4:49:5d:b0:b5:a8:d1:f4:82:e8:
                    74:b3:aa:2c:6a:74:47:8a:11:db:b9:4d:6d:11:76:
                    c2:ff:5f:db:b1:fd:3b:03:62:1e:ba:78:e3:ec:5d:
                    89:9a:48:e0:f1:a1:54:24:7b:00:56:fc:42:6b:e3:
                    04:5e:9f:53:1a:46:5c:85:24:9a:ce:6f:d9:a0:da:
                    01:fa:fe:a0:a7:69:e5:b9:aa:29:8a:d9:03:fd:a0:
                    2f:73:f3:96:65:24:76:27:f4:ab:45:b5:82:c8:f7:
                    b3:25:67:39:d6:fe:29:55:1e:9e:03:c9:1b:d8:46:
                    5e:a6:ea:06:da:1a:69:1f:55:a4:2d:35:ca:45:dd:
                    be:ca:b2:39:5b:dc:0c:19:a9:af:04:6a:a6:7b:61:
                    57:a8:73:1b:23:2c:26:7d:68:65:4f:3c:46:18:fe:
                    db:b9:85:df:84:b5:57:5e:3f:00:8c:52:b8:b3:e8:
                    f5:30:7a:e2:09:d8:18:1d:5a:58:de:ab:63:89:25:
                    18:f4:c2:a5:b6:cd:57:93:b1:63:b3:83:f7:4e:69:
                    da:36:1b:5d:8d:be:30:3f:8a:27:aa:53:09:d3:36:
                    59:4e:61:92:62:06:cc:2d:7c:b7:8e:d4:21:18:8b:
                    e3:78:22:af:17:d5:51:a0:00:07:d6:1c:0a:44:93:
                    e5:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                89:6B:8B:EC:40:0F:93:58:B8:E7:AD:96:00:09:E9:20:88:AC:7E:B8
            X509v3 Authority Key Identifier:
                keyid:D4:5B:DF:6E:EC:08:37:0A:E1:F6:7E:83:F9:9B:5A:C1:FE:26:87:2C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1FvfbuwINwrh9n6D-Ztawf4mhyw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/41/e2dfff-8ba8-4bcf-ac31-98463859ecc1/1/iWuL7EAPk1i4562WAAnpIIisfrg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/41/e2dfff-8ba8-4bcf-ac31-98463859ecc1/1/1FvfbuwINwrh9n6D-Ztawf4mhyw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.203.54.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2e:53:fb:84:90:93:76:f2:35:f4:bd:32:cd:1b:a0:f8:01:6e:
         ce:1c:b4:cd:94:be:a6:3b:7d:1d:b8:35:57:96:46:e8:4f:98:
         01:9b:24:0f:00:c7:44:04:91:27:13:ba:71:f6:17:ae:96:8b:
         61:7b:91:cb:7b:dc:c3:db:bf:45:ca:14:eb:d1:2a:77:a0:38:
         86:6f:49:d3:bd:26:1f:8c:b7:89:98:5e:85:86:54:ad:e5:da:
         c7:08:6f:fc:a5:eb:32:c8:e4:46:bb:2b:8d:f6:6d:73:a2:1b:
         c5:07:f4:88:ca:74:97:48:98:39:ef:f8:9d:61:83:ce:44:b3:
         6e:68:bb:93:0f:cc:43:a9:25:b2:6a:02:5a:01:c7:c6:06:48:
         7e:ed:70:af:40:0c:34:19:a1:6f:54:ff:be:6e:2f:88:b3:da:
         16:d9:4c:34:f8:e1:c6:fb:57:96:d5:9a:c7:eb:3e:30:50:73:
         57:72:2a:36:c6:30:cf:ca:fc:cc:df:21:06:14:c4:36:22:2f:
         29:1d:ff:8b:85:f5:5f:4b:7b:40:e3:43:8a:27:c9:03:e4:ed:
         f7:10:c2:5c:76:b0:70:e7:d5:bb:3d:a1:69:57:81:ec:0b:80:
         06:7b:af:c7:11:91:59:2f:ef:40:c9:41:37:61:81:ae:7b:56:
         57:75:61:cc
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQnSEipAIklQLFWRdv6O+3FMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ0NWJkZjZlZWMwODM3MGFlMWY2N2U4M2Y5OWI1YWMxZmUy
Njg3MmMwHhcNMjUwMTAyMTM1MDM2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4OTZiOGJlYzQwMGY5MzU4YjhlN2FkOTYwMDA5ZTkyMDg4YWM3ZWI4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjBiRbKRJXbC1qNH0guh0s6osanRH
ihHbuU1tEXbC/1/bsf07A2Ieunjj7F2Jmkjg8aFUJHsAVvxCa+MEXp9TGkZchSSa
zm/ZoNoB+v6gp2nluaopitkD/aAvc/OWZSR2J/SrRbWCyPezJWc51v4pVR6eA8kb
2EZepuoG2hppH1WkLTXKRd2+yrI5W9wMGamvBGqme2FXqHMbIywmfWhlTzxGGP7b
uYXfhLVXXj8AjFK4s+j1MHriCdgYHVpY3qtjiSUY9MKlts1Xk7Fjs4P3TmnaNhtd
jb4wP4onqlMJ0zZZTmGSYgbMLXy3jtQhGIvjeCKvF9VRoAAH1hwKRJPlIwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIlri+xAD5NYuOetlgAJ6SCIrH64MB8GA1UdIwQY
MBaAFNRb327sCDcK4fZ+g/mbWsH+JocsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMUZ2ZmJ1d0lOd3JoOW42RC1adGF3ZjRtaHl3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MS9lMmRmZmYtOGJhOC00YmNmLWFjMzEt
OTg0NjM4NTllY2MxLzEvaVd1TDdFQVBrMWk0NTYyV0FBbnBJSWlzZnJnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MS9lMmRmZmYtOGJhOC00YmNmLWFjMzEtOTg0NjM4NTllY2Mx
LzEvMUZ2ZmJ1d0lOd3JoOW42RC1adGF3ZjRtaHl3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVcs2MA0G
CSqGSIb3DQEBCwUAA4IBAQAuU/uEkJN28jX0vTLNG6D4AW7OHLTNlL6mO30duDVX
lkboT5gBmyQPAMdEBJEnE7px9heulothe5HLe9zD279FyhTr0Sp3oDiGb0nTvSYf
jLeJmF6FhlSt5drHCG/8pesyyORGuyuN9m1zohvFB/SIynSXSJg57/idYYPORLNu
aLuTD8xDqSWyagJaAcfGBkh+7XCvQAw0GaFvVP++bi+Is9oW2Uw0+OHG+1eW1ZrH
6z4wUHNXcio2xjDPyvzM3yEGFMQ2Ii8pHf+LhfVfS3tA40OKJ8kD5O33EMJcdrBw
59W7PaFpV4HsC4AGe6/HEZFZL+9AyUE3YYGue1ZXdWHM
-----END CERTIFICATE-----