Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/50/3ef921-29ed-40cf-b454-4c2acb78309e/1/MjurembtvVeEftl3x1ofb2bHb8o.roa
File:                     MjurembtvVeEftl3x1ofb2bHb8o.roa (raw, json)
Hash identifier:          LMEfB1EahjyEN1vkkgX4Rq92rZ+ObZyJ1Ue8yFCn1Pk=
Subject key identifier:   32:3B:AB:7A:66:ED:BD:57:84:7E:D9:77:C7:5A:1F:6F:66:C7:6F:CA
Certificate issuer:       /CN=5e4f1a32a37e083900aba561708e52ab234e3a38
Certificate serial:       01942747AED77369FDD4DFF097EF16EC0BA4
Authority key identifier: 5E:4F:1A:32:A3:7E:08:39:00:AB:A5:61:70:8E:52:AB:23:4E:3A:38
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Xk8aMqN-CDkAq6VhcI5SqyNOOjg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/50/3ef921-29ed-40cf-b454-4c2acb78309e/1/MjurembtvVeEftl3x1ofb2bHb8o.roa
Signing time:             Thu 02 Jan 2025 13:49:56 +0000
ROA not before:           Thu 02 Jan 2025 13:49:56 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     205032
IP address blocks:        185.100.164.0/22 maxlen: 22
                          2a0d:d0c6::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/50/3ef921-29ed-40cf-b454-4c2acb78309e/1/Xk8aMqN-CDkAq6VhcI5SqyNOOjg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/50/3ef921-29ed-40cf-b454-4c2acb78309e/1/Xk8aMqN-CDkAq6VhcI5SqyNOOjg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Xk8aMqN-CDkAq6VhcI5SqyNOOjg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 21 Apr 2025 13:01:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:47:ae:d7:73:69:fd:d4:df:f0:97:ef:16:ec:0b:a4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5e4f1a32a37e083900aba561708e52ab234e3a38
        Validity
            Not Before: Jan  2 13:49:56 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=323bab7a66edbd57847ed977c75a1f6f66c76fca
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:44:51:81:1c:34:83:f7:8d:83:c4:b5:4b:a3:
                    fe:82:82:48:89:8b:7d:d1:c6:7f:fc:78:86:9a:51:
                    96:48:9a:d4:fb:84:d8:71:d6:4d:25:a3:24:93:03:
                    58:93:e2:4f:94:f4:a0:8d:59:bc:6c:65:a7:d5:fb:
                    73:0b:b7:df:f6:05:d1:62:99:87:33:5f:0a:e0:1a:
                    ee:80:fb:c7:ae:82:53:14:69:6d:6e:51:59:28:06:
                    df:15:75:8f:33:ad:45:98:fb:93:e7:5f:34:ee:48:
                    47:04:e2:1a:b5:a8:53:b4:c8:b5:5b:4c:63:92:80:
                    ea:4a:e1:a1:ee:12:0a:84:7a:24:43:f1:5d:96:02:
                    62:91:c7:10:b5:a0:71:e2:0b:dc:59:67:85:fe:84:
                    41:9c:66:61:92:5c:bc:4f:e8:c7:67:27:63:4d:78:
                    c3:04:95:5a:54:07:f9:e5:2b:08:19:d1:13:c4:05:
                    08:f2:e0:dc:25:3f:f4:53:1d:11:38:19:f8:2c:57:
                    8c:74:ac:ad:3a:a3:ae:ea:69:65:ca:2f:19:08:78:
                    fb:18:f8:a5:57:6a:9a:a4:ab:35:8d:26:76:ec:66:
                    61:4e:18:6c:d4:67:8f:36:8d:84:8d:d1:44:65:1c:
                    08:7d:ce:9f:14:6e:15:ba:de:53:74:07:ee:7f:18:
                    29:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                32:3B:AB:7A:66:ED:BD:57:84:7E:D9:77:C7:5A:1F:6F:66:C7:6F:CA
            X509v3 Authority Key Identifier:
                keyid:5E:4F:1A:32:A3:7E:08:39:00:AB:A5:61:70:8E:52:AB:23:4E:3A:38

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Xk8aMqN-CDkAq6VhcI5SqyNOOjg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/50/3ef921-29ed-40cf-b454-4c2acb78309e/1/MjurembtvVeEftl3x1ofb2bHb8o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/50/3ef921-29ed-40cf-b454-4c2acb78309e/1/Xk8aMqN-CDkAq6VhcI5SqyNOOjg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.100.164.0/22
                IPv6:
                  2a0d:d0c6::/32

    Signature Algorithm: sha256WithRSAEncryption
         73:82:b3:0d:b8:57:e8:26:64:2f:75:60:af:1c:23:13:f1:20:
         95:c1:12:b0:dd:5a:2f:39:49:54:2d:db:65:d4:cf:6c:a2:2e:
         1c:89:37:10:da:f2:f6:c4:d4:85:90:44:3a:b2:d5:60:e6:92:
         f6:bc:d6:2a:6a:d6:2c:04:a1:39:ee:a2:58:36:e3:ba:f3:29:
         ab:01:57:07:14:49:2a:e0:a3:54:6d:bd:2e:a0:b9:10:61:87:
         77:40:6b:bb:42:c8:7d:34:a2:cb:cc:5c:00:60:3b:05:b5:43:
         f7:94:51:a9:c2:d4:b7:5e:2e:d3:9f:20:c3:2b:33:ad:95:26:
         95:5d:a2:f0:1b:a7:8b:ed:6e:93:0d:23:f4:22:ad:40:17:10:
         3a:9d:31:ed:03:ee:1d:a1:24:2f:de:73:b8:58:e8:e5:7b:87:
         ad:c8:d8:f5:d4:15:7a:5e:be:8e:44:8a:50:af:96:6b:72:6b:
         b8:1f:23:04:0b:83:7f:8d:14:82:39:fa:d7:85:70:9e:7c:f4:
         a4:c7:56:1d:20:bc:fb:b6:ae:44:4c:f2:71:2a:73:af:92:64:
         ab:3f:a6:29:27:8d:0a:4e:51:47:07:06:05:93:c1:a4:ac:24:
         e0:69:87:d0:b5:e2:68:0b:d2:7c:41:01:78:e0:34:ce:49:72:
         4c:b7:09:43
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQnR67Xc2n91N/wl+8W7AukMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVlNGYxYTMyYTM3ZTA4MzkwMGFiYTU2MTcwOGU1MmFiMjM0
ZTNhMzgwHhcNMjUwMTAyMTM0OTU2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMjNiYWI3YTY2ZWRiZDU3ODQ3ZWQ5NzdjNzVhMWY2ZjY2Yzc2ZmNhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvERRgRw0g/eNg8S1S6P+goJIiYt9
0cZ//HiGmlGWSJrU+4TYcdZNJaMkkwNYk+JPlPSgjVm8bGWn1ftzC7ff9gXRYpmH
M18K4BrugPvHroJTFGltblFZKAbfFXWPM61FmPuT51807khHBOIatahTtMi1W0xj
koDqSuGh7hIKhHokQ/FdlgJikccQtaBx4gvcWWeF/oRBnGZhkly8T+jHZydjTXjD
BJVaVAf55SsIGdETxAUI8uDcJT/0Ux0ROBn4LFeMdKytOqOu6mllyi8ZCHj7GPil
V2qapKs1jSZ27GZhThhs1GePNo2EjdFEZRwIfc6fFG4Vut5TdAfufxgpFQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFDI7q3pm7b1XhH7Zd8daH29mx2/KMB8GA1UdIwQY
MBaAFF5PGjKjfgg5AKulYXCOUqsjTjo4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWGs4YU1xTi1DRGtBcTZWaGNJNVNxeU5PT2pnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MC8zZWY5MjEtMjllZC00MGNmLWI0NTQt
NGMyYWNiNzgzMDllLzEvTWp1cmVtYnR2VmVFZnRsM3gxb2ZiMmJIYjhvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MC8zZWY5MjEtMjllZC00MGNmLWI0NTQtNGMyYWNiNzgzMDll
LzEvWGs4YU1xTi1DRGtBcTZWaGNJNVNxeU5PT2pnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuWSkMA0E
AgACMAcDBQAqDdDGMA0GCSqGSIb3DQEBCwUAA4IBAQBzgrMNuFfoJmQvdWCvHCMT
8SCVwRKw3VovOUlULdtl1M9soi4ciTcQ2vL2xNSFkEQ6stVg5pL2vNYqatYsBKE5
7qJYNuO68ymrAVcHFEkq4KNUbb0uoLkQYYd3QGu7Qsh9NKLLzFwAYDsFtUP3lFGp
wtS3Xi7TnyDDKzOtlSaVXaLwG6eL7W6TDSP0Iq1AFxA6nTHtA+4doSQv3nO4WOjl
e4etyNj11BV6Xr6ORIpQr5Zrcmu4HyMEC4N/jRSCOfrXhXCefPSkx1YdILz7tq5E
TPJxKnOvkmSrP6YpJ40KTlFHBwYFk8GkrCTgaYfQteJoC9J8QQF44DTOSXJMtwlD
-----END CERTIFICATE-----