Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/lpaMJtxDphc7tQfKr4s_gB_KfuQ.roa
File:                     lpaMJtxDphc7tQfKr4s_gB_KfuQ.roa (raw, json)
Hash identifier:          D3mefn3HmqAiyiNtVcHqJZnyO+oFy3/JRW1sWa4G4z4=
Subject key identifier:   96:96:8C:26:DC:43:A6:17:3B:B5:07:CA:AF:8B:3F:80:1F:CA:7E:E4
Certificate issuer:       /CN=b9954499977278a75570b3403f4d3aa00b1b36e8
Certificate serial:       0194266BF0A15266A918F3BBFFB0BAF7BF26
Authority key identifier: B9:95:44:99:97:72:78:A7:55:70:B3:40:3F:4D:3A:A0:0B:1B:36:E8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uZVEmZdyeKdVcLNAP006oAsbNug.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/lpaMJtxDphc7tQfKr4s_gB_KfuQ.roa
Signing time:             Thu 02 Jan 2025 09:49:55 +0000
ROA not before:           Thu 02 Jan 2025 09:49:55 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     203828
IP address blocks:        85.31.248.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/uZVEmZdyeKdVcLNAP006oAsbNug.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/uZVEmZdyeKdVcLNAP006oAsbNug.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/uZVEmZdyeKdVcLNAP006oAsbNug.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 23:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:6b:f0:a1:52:66:a9:18:f3:bb:ff:b0:ba:f7:bf:26
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b9954499977278a75570b3403f4d3aa00b1b36e8
        Validity
            Not Before: Jan  2 09:49:55 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=96968c26dc43a6173bb507caaf8b3f801fca7ee4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:5f:ad:52:d7:23:9d:51:90:04:a6:f9:6f:8b:
                    ff:2b:77:e1:e6:88:5d:5f:0f:3f:a9:be:d0:d0:a2:
                    7a:dc:dd:28:96:fb:c3:b8:cd:c5:5c:06:14:9c:25:
                    42:74:37:38:4a:88:87:31:30:d8:23:9e:b1:43:dd:
                    77:24:91:3d:85:b8:46:6d:8e:3e:a1:6c:05:77:a4:
                    45:03:78:2a:a4:d4:fe:b4:7e:78:c2:f9:43:3f:77:
                    5d:9d:b2:ca:61:07:f3:80:4a:88:52:69:b7:26:0c:
                    49:1c:07:45:10:3f:39:df:4a:09:78:47:f1:1d:89:
                    b7:fa:84:96:87:90:cd:ef:fb:03:5f:68:97:4f:e9:
                    48:9b:d7:93:a0:6d:12:98:31:e6:75:e7:11:8c:d9:
                    21:64:4f:de:4e:81:80:07:48:47:24:4c:5f:a0:3a:
                    e4:14:a5:cf:e1:e3:f5:e3:56:16:28:03:13:11:35:
                    41:67:ef:96:4a:19:49:19:eb:4b:95:83:a9:53:49:
                    10:4f:da:c5:34:31:7e:e5:68:db:73:34:91:52:85:
                    07:f1:48:49:59:08:db:07:2d:3b:39:3f:8e:61:e4:
                    0c:2c:5f:6e:17:bd:36:25:81:5d:40:9c:11:af:79:
                    1c:8a:e4:2e:16:d6:7d:e5:70:43:54:b5:19:76:53:
                    c5:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                96:96:8C:26:DC:43:A6:17:3B:B5:07:CA:AF:8B:3F:80:1F:CA:7E:E4
            X509v3 Authority Key Identifier:
                keyid:B9:95:44:99:97:72:78:A7:55:70:B3:40:3F:4D:3A:A0:0B:1B:36:E8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uZVEmZdyeKdVcLNAP006oAsbNug.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/lpaMJtxDphc7tQfKr4s_gB_KfuQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/uZVEmZdyeKdVcLNAP006oAsbNug.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.31.248.0/23

    Signature Algorithm: sha256WithRSAEncryption
         57:9f:1d:d3:2d:ec:2a:55:5c:ce:e8:14:b3:a5:1e:c6:0f:8e:
         2c:54:ed:6c:16:78:2a:ae:fb:24:87:6e:e7:53:6e:73:33:7d:
         d6:bb:99:8f:de:33:63:d0:08:f9:bb:eb:9f:8c:50:67:73:c6:
         1f:0c:96:cb:3d:6d:17:54:ef:68:09:d0:67:df:01:94:e5:9c:
         a5:57:18:40:07:43:ff:a2:7d:99:50:dc:c5:9f:06:5b:e2:02:
         21:4a:1e:72:fc:9a:f0:5b:8b:8f:f1:3c:7d:37:f7:53:d7:a5:
         4b:7b:71:27:b2:61:02:b9:9b:24:c6:5e:82:a9:6d:83:b1:02:
         6b:4d:b2:a4:df:b3:50:aa:b2:27:ac:05:f8:5b:35:3e:8b:82:
         32:a2:ea:1a:da:1d:4c:6c:1b:3d:f6:76:37:63:68:80:24:af:
         b0:b3:80:3e:c2:e6:7e:79:f8:cf:f0:32:7a:a5:47:4d:ed:62:
         e7:e2:17:31:c4:b2:b2:2d:82:81:53:b5:4c:5f:82:e5:94:b7:
         ca:bc:e8:96:c1:59:db:d4:d8:53:74:51:c9:46:4f:7e:a5:5f:
         f1:0b:a0:57:f0:4b:6e:85:da:c3:3a:83:bb:59:a7:20:06:1b:
         b8:cb:f1:9a:6a:ad:20:a1:e0:a4:8b:9c:36:8a:df:95:9a:f8:
         30:bb:79:c1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQma/ChUmapGPO7/7C6978mMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI5OTU0NDk5OTc3Mjc4YTc1NTcwYjM0MDNmNGQzYWEwMGIx
YjM2ZTgwHhcNMjUwMTAyMDk0OTU1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5Njk2OGMyNmRjNDNhNjE3M2JiNTA3Y2FhZjhiM2Y4MDFmY2E3ZWU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjF+tUtcjnVGQBKb5b4v/K3fh5ohd
Xw8/qb7Q0KJ63N0olvvDuM3FXAYUnCVCdDc4SoiHMTDYI56xQ913JJE9hbhGbY4+
oWwFd6RFA3gqpNT+tH54wvlDP3ddnbLKYQfzgEqIUmm3JgxJHAdFED8530oJeEfx
HYm3+oSWh5DN7/sDX2iXT+lIm9eToG0SmDHmdecRjNkhZE/eToGAB0hHJExfoDrk
FKXP4eP141YWKAMTETVBZ++WShlJGetLlYOpU0kQT9rFNDF+5WjbczSRUoUH8UhJ
WQjbBy07OT+OYeQMLF9uF702JYFdQJwRr3kciuQuFtZ95XBDVLUZdlPFtwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJaWjCbcQ6YXO7UHyq+LP4Afyn7kMB8GA1UdIwQY
MBaAFLmVRJmXcninVXCzQD9NOqALGzboMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdVpWRW1aZHllS2RWY0xOQVAwMDZvQXNiTnVnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ny83ODg4MDMtYmUxMi00MzNmLWE4ZDAt
MDI0YjE2NTVjMjQ3LzEvbHBhTUp0eERwaGM3dFFmS3I0c19nQl9LZnVRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ny83ODg4MDMtYmUxMi00MzNmLWE4ZDAtMDI0YjE2NTVjMjQ3
LzEvdVpWRW1aZHllS2RWY0xOQVAwMDZvQXNiTnVnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBVR/4MA0G
CSqGSIb3DQEBCwUAA4IBAQBXnx3TLewqVVzO6BSzpR7GD44sVO1sFngqrvskh27n
U25zM33Wu5mP3jNj0Aj5u+ufjFBnc8YfDJbLPW0XVO9oCdBn3wGU5ZylVxhAB0P/
on2ZUNzFnwZb4gIhSh5y/JrwW4uP8Tx9N/dT16VLe3EnsmECuZskxl6CqW2DsQJr
TbKk37NQqrInrAX4WzU+i4Iyouoa2h1MbBs99nY3Y2iAJK+ws4A+wuZ+efjP8DJ6
pUdN7WLn4hcxxLKyLYKBU7VMX4LllLfKvOiWwVnb1NhTdFHJRk9+pV/xC6BX8Etu
hdrDOoO7WacgBhu4y/Gaaq0goeCki5w2it+Vmvgwu3nB
-----END CERTIFICATE-----