Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/54/487962-8588-4f0a-bb7d-aaa8d3a940ac/1/BuhLOhQsyBTsy289mKisTf0E47Q.roa
File:                     BuhLOhQsyBTsy289mKisTf0E47Q.roa (raw, json)
Hash identifier:          aKuhf01k9TU7vUcFwfvkZL/qxoA5uBGJCmVJQlfg6tY=
Subject key identifier:   06:E8:4B:3A:14:2C:C8:14:EC:CB:6F:3D:98:A8:AC:4D:FD:04:E3:B4
Certificate issuer:       /CN=452e7d87922129df90c4870da2a7738404724858
Certificate serial:       019425215F9CE4687C0EC5BA1C79EE0C2634
Authority key identifier: 45:2E:7D:87:92:21:29:DF:90:C4:87:0D:A2:A7:73:84:04:72:48:58
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RS59h5IhKd-QxIcNoqdzhARySFg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/54/487962-8588-4f0a-bb7d-aaa8d3a940ac/1/BuhLOhQsyBTsy289mKisTf0E47Q.roa
Signing time:             Thu 02 Jan 2025 03:48:51 +0000
ROA not before:           Thu 02 Jan 2025 03:48:51 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     8075
IP address blocks:        185.34.250.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/54/487962-8588-4f0a-bb7d-aaa8d3a940ac/1/RS59h5IhKd-QxIcNoqdzhARySFg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/54/487962-8588-4f0a-bb7d-aaa8d3a940ac/1/RS59h5IhKd-QxIcNoqdzhARySFg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RS59h5IhKd-QxIcNoqdzhARySFg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 18:01:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:21:5f:9c:e4:68:7c:0e:c5:ba:1c:79:ee:0c:26:34
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=452e7d87922129df90c4870da2a7738404724858
        Validity
            Not Before: Jan  2 03:48:51 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=06e84b3a142cc814eccb6f3d98a8ac4dfd04e3b4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dd:48:2f:02:51:0a:c8:bc:9a:2b:f9:e7:2b:af:
                    eb:8c:04:75:d9:aa:93:2c:c0:41:cd:cc:04:c7:7a:
                    56:97:c0:99:9f:33:ad:d2:6c:6f:d8:2e:29:25:03:
                    ae:79:28:81:dc:d5:68:e1:42:16:bd:46:56:27:1c:
                    6a:ca:4d:33:26:0b:25:25:41:d4:84:5a:61:9b:a9:
                    71:1a:79:3c:5e:4f:b0:3b:d4:7f:87:35:ef:6e:fb:
                    b6:a0:9a:cf:4a:18:21:03:d7:14:61:38:b6:04:ac:
                    80:4d:c5:d9:e2:ef:27:28:59:cd:c4:90:34:15:fd:
                    d7:97:be:fa:66:1c:11:f3:d0:70:cf:c7:77:3f:f8:
                    37:c0:e2:63:bc:35:d8:1e:99:b2:4f:db:cb:a8:1b:
                    5c:0b:ed:31:5c:ff:a1:82:4d:21:cd:50:b1:10:93:
                    a4:f8:ce:ae:a0:54:9d:fd:23:ef:2e:ee:98:7c:5c:
                    cf:f3:63:f3:e6:d6:d5:0f:ef:34:26:c5:1b:83:e7:
                    c6:70:b3:9f:c6:ec:8c:23:65:cf:82:0c:b9:38:4a:
                    82:85:d8:7c:27:07:53:5d:bd:ef:8f:87:0d:da:19:
                    a0:c9:60:e7:94:63:6b:57:bf:45:06:e7:e6:0f:e6:
                    7e:14:d3:51:ac:00:2d:f3:b3:f3:62:ba:49:fa:4a:
                    c0:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                06:E8:4B:3A:14:2C:C8:14:EC:CB:6F:3D:98:A8:AC:4D:FD:04:E3:B4
            X509v3 Authority Key Identifier:
                keyid:45:2E:7D:87:92:21:29:DF:90:C4:87:0D:A2:A7:73:84:04:72:48:58

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RS59h5IhKd-QxIcNoqdzhARySFg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/54/487962-8588-4f0a-bb7d-aaa8d3a940ac/1/BuhLOhQsyBTsy289mKisTf0E47Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/54/487962-8588-4f0a-bb7d-aaa8d3a940ac/1/RS59h5IhKd-QxIcNoqdzhARySFg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.34.250.0/24

    Signature Algorithm: sha256WithRSAEncryption
         af:d6:e2:43:d7:6c:d5:0c:0d:ef:ff:2f:b6:4e:60:75:24:4e:
         21:12:a9:d8:ba:f1:cf:0e:d2:2c:ea:31:84:9f:1a:c3:5d:51:
         9a:50:03:64:be:33:d5:24:26:b6:dc:bc:7e:60:bf:03:5f:71:
         5f:bc:69:9d:0c:9d:39:fc:7a:8d:e6:e1:a0:30:78:52:24:55:
         b0:22:7f:97:28:71:79:86:a2:ac:f6:8b:66:ff:be:3f:8b:10:
         80:23:02:f2:a7:cf:3c:50:3c:b9:d8:f4:86:54:12:03:1a:8d:
         52:f5:0c:5b:98:48:44:3a:9a:15:4c:40:1b:6f:64:e3:74:65:
         32:da:a5:b1:2d:94:1a:b2:ab:83:92:39:ea:cd:59:d8:38:94:
         48:33:99:f9:72:4e:10:cb:7b:12:2e:16:6d:28:59:3a:a4:cd:
         2e:17:68:03:06:aa:64:dc:0a:2e:7e:d5:a4:02:78:ba:5f:14:
         0b:1a:53:cf:95:6b:c0:26:ac:17:4c:8a:7d:82:65:56:f1:38:
         48:b6:40:03:08:26:55:f4:26:e0:98:51:c1:6d:5f:07:c8:3b:
         11:35:41:92:b5:2d:21:c2:03:8a:58:4e:88:08:9e:71:d1:e6:
         6b:94:36:2e:bf:bf:3c:1d:fe:37:bb:be:ce:10:e7:36:b8:66:
         39:35:ff:0b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQlIV+c5Gh8DsW6HHnuDCY0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ1MmU3ZDg3OTIyMTI5ZGY5MGM0ODcwZGEyYTc3Mzg0MDQ3
MjQ4NTgwHhcNMjUwMTAyMDM0ODUxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNmU4NGIzYTE0MmNjODE0ZWNjYjZmM2Q5OGE4YWM0ZGZkMDRlM2I0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3UgvAlEKyLyaK/nnK6/rjAR12aqT
LMBBzcwEx3pWl8CZnzOt0mxv2C4pJQOueSiB3NVo4UIWvUZWJxxqyk0zJgslJUHU
hFphm6lxGnk8Xk+wO9R/hzXvbvu2oJrPShghA9cUYTi2BKyATcXZ4u8nKFnNxJA0
Ff3Xl776ZhwR89Bwz8d3P/g3wOJjvDXYHpmyT9vLqBtcC+0xXP+hgk0hzVCxEJOk
+M6uoFSd/SPvLu6YfFzP82Pz5tbVD+80JsUbg+fGcLOfxuyMI2XPggy5OEqChdh8
JwdTXb3vj4cN2hmgyWDnlGNrV79FBufmD+Z+FNNRrAAt87PzYrpJ+krAoQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAboSzoULMgU7MtvPZiorE39BOO0MB8GA1UdIwQY
MBaAFEUufYeSISnfkMSHDaKnc4QEckhYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUlM1OWg1SWhLZC1ReEljTm9xZHpoQVJ5U0ZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81NC80ODc5NjItODU4OC00ZjBhLWJiN2Qt
YWFhOGQzYTk0MGFjLzEvQnVoTE9oUXN5QlRzeTI4OW1LaXNUZjBFNDdRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81NC80ODc5NjItODU4OC00ZjBhLWJiN2QtYWFhOGQzYTk0MGFj
LzEvUlM1OWg1SWhLZC1ReEljTm9xZHpoQVJ5U0ZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuSL6MA0G
CSqGSIb3DQEBCwUAA4IBAQCv1uJD12zVDA3v/y+2TmB1JE4hEqnYuvHPDtIs6jGE
nxrDXVGaUANkvjPVJCa23Lx+YL8DX3FfvGmdDJ05/HqN5uGgMHhSJFWwIn+XKHF5
hqKs9otm/74/ixCAIwLyp888UDy52PSGVBIDGo1S9QxbmEhEOpoVTEAbb2TjdGUy
2qWxLZQasquDkjnqzVnYOJRIM5n5ck4Qy3sSLhZtKFk6pM0uF2gDBqpk3AouftWk
Ani6XxQLGlPPlWvAJqwXTIp9gmVW8ThItkADCCZV9CbgmFHBbV8HyDsRNUGStS0h
wgOKWE6ICJ5x0eZrlDYuv788Hf43u77OEOc2uGY5Nf8L
-----END CERTIFICATE-----