Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/59/86297a-d219-4567-9171-421e6bc7e2e8/1/v5F31cV6XBvE5243s4oHQBqQQDM.roa
File:                     v5F31cV6XBvE5243s4oHQBqQQDM.roa (raw, json)
Hash identifier:          +2WzyiNTSNMZQ/+SFfQYAFWtFS/6Ce5PKrWiHjJlqng=
Subject key identifier:   BF:91:77:D5:C5:7A:5C:1B:C4:E7:6E:37:B3:8A:07:40:1A:90:40:33
Certificate issuer:       /CN=e2d5bb401180e55f5c165d47908dff4fe29a0d86
Certificate serial:       019422FC3C470365B73EC9F1B9AC85D6AB6F
Authority key identifier: E2:D5:BB:40:11:80:E5:5F:5C:16:5D:47:90:8D:FF:4F:E2:9A:0D:86
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4tW7QBGA5V9cFl1HkI3_T-KaDYY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/59/86297a-d219-4567-9171-421e6bc7e2e8/1/v5F31cV6XBvE5243s4oHQBqQQDM.roa
Signing time:             Wed 01 Jan 2025 17:49:03 +0000
ROA not before:           Wed 01 Jan 2025 17:49:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     49771
IP address blocks:        94.188.144.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/59/86297a-d219-4567-9171-421e6bc7e2e8/1/4tW7QBGA5V9cFl1HkI3_T-KaDYY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/59/86297a-d219-4567-9171-421e6bc7e2e8/1/4tW7QBGA5V9cFl1HkI3_T-KaDYY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4tW7QBGA5V9cFl1HkI3_T-KaDYY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 17 Apr 2025 18:00:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:fc:3c:47:03:65:b7:3e:c9:f1:b9:ac:85:d6:ab:6f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e2d5bb401180e55f5c165d47908dff4fe29a0d86
        Validity
            Not Before: Jan  1 17:49:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=bf9177d5c57a5c1bc4e76e37b38a07401a904033
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:bc:fb:5d:2f:c9:ce:6d:35:81:bd:ba:e7:18:
                    ff:ee:0f:0f:58:e2:80:bc:4c:f4:eb:08:21:fe:91:
                    6f:7a:80:87:67:9d:6e:10:e4:ef:b8:00:9d:18:cf:
                    17:b3:c0:38:08:22:1e:02:be:11:f3:4c:1a:f3:f3:
                    57:78:69:5e:ec:14:2f:0d:b6:2f:a6:21:1a:89:45:
                    e6:7d:1a:98:3a:de:f7:7c:28:b0:b0:73:c9:a7:98:
                    2e:f0:f5:ca:e8:95:5e:58:2f:c5:39:67:e8:8e:73:
                    5e:c3:f8:6d:a2:5f:0d:2c:5e:5d:10:bf:74:0b:da:
                    80:d6:36:e1:e8:da:19:7d:97:2f:4f:a1:13:66:fa:
                    f7:a1:ba:68:70:fa:f4:8b:68:93:2b:1d:8e:77:1b:
                    5b:bc:31:60:37:dc:6c:e8:d1:df:2e:4d:be:07:17:
                    31:c7:cc:d9:bc:a9:0d:f6:7a:66:00:90:fd:51:94:
                    79:19:70:46:ca:d1:9d:a4:8b:f3:31:20:bf:c8:e3:
                    b4:10:e3:8c:80:aa:1a:f6:4b:9d:ed:f2:d8:a1:80:
                    3e:87:11:a6:a4:b8:ec:8f:a5:db:e8:f4:e1:d4:ce:
                    11:33:4a:98:fc:5a:a8:3a:87:58:d2:d1:79:b8:c9:
                    ac:ff:ec:3a:c5:98:1a:fb:ff:c7:fc:e8:b9:e6:47:
                    42:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BF:91:77:D5:C5:7A:5C:1B:C4:E7:6E:37:B3:8A:07:40:1A:90:40:33
            X509v3 Authority Key Identifier:
                keyid:E2:D5:BB:40:11:80:E5:5F:5C:16:5D:47:90:8D:FF:4F:E2:9A:0D:86

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4tW7QBGA5V9cFl1HkI3_T-KaDYY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/59/86297a-d219-4567-9171-421e6bc7e2e8/1/v5F31cV6XBvE5243s4oHQBqQQDM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/59/86297a-d219-4567-9171-421e6bc7e2e8/1/4tW7QBGA5V9cFl1HkI3_T-KaDYY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.188.144.0/24

    Signature Algorithm: sha256WithRSAEncryption
         69:c4:37:84:e4:9d:f9:21:aa:a5:42:b0:55:40:41:32:ed:e3:
         b9:aa:da:b3:b2:12:49:ed:41:36:6c:0d:cc:2a:bc:00:06:0b:
         cf:06:ee:4b:03:ce:44:54:27:30:b9:6f:1e:a5:1f:31:ca:d3:
         46:13:97:c9:1d:60:78:8c:f6:53:2b:a8:55:4c:d3:95:f3:9a:
         10:21:f6:67:a7:33:1d:b0:c7:9f:5c:08:5e:c0:c3:59:b2:88:
         7c:0a:fd:7e:aa:c6:d6:8e:b5:d5:a0:9e:90:a5:ca:33:43:5f:
         e1:51:a5:88:49:1d:1f:37:2a:9d:8e:e1:73:db:32:6a:19:51:
         33:6c:3d:70:3b:07:89:2c:41:52:dc:14:a4:b8:39:54:a8:96:
         e6:e5:c1:f1:4c:3e:15:de:ed:45:55:96:f1:39:c5:21:94:40:
         0f:09:6f:8f:a9:90:4e:05:b6:f0:48:3c:ad:b0:be:fd:70:f2:
         69:c9:c8:15:8a:29:69:37:0a:01:1c:25:f7:52:91:a3:23:8a:
         86:da:5d:0e:5a:51:00:af:04:fb:5e:aa:e1:b6:6e:6f:2f:5f:
         b0:c5:62:d5:1e:24:9b:cd:c2:f5:f0:cf:04:f2:b5:8d:d5:5f:
         52:12:06:9f:c6:de:dc:c3:cd:d3:e7:7a:62:36:68:f6:f6:d6:
         c6:4e:a5:f8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQi/DxHA2W3PsnxuayF1qtvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUyZDViYjQwMTE4MGU1NWY1YzE2NWQ0NzkwOGRmZjRmZTI5
YTBkODYwHhcNMjUwMTAxMTc0OTAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZjkxNzdkNWM1N2E1YzFiYzRlNzZlMzdiMzhhMDc0MDFhOTA0MDMzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2Lz7XS/Jzm01gb265xj/7g8PWOKA
vEz06wgh/pFveoCHZ51uEOTvuACdGM8Xs8A4CCIeAr4R80wa8/NXeGle7BQvDbYv
piEaiUXmfRqYOt73fCiwsHPJp5gu8PXK6JVeWC/FOWfojnNew/htol8NLF5dEL90
C9qA1jbh6NoZfZcvT6ETZvr3obpocPr0i2iTKx2OdxtbvDFgN9xs6NHfLk2+Bxcx
x8zZvKkN9npmAJD9UZR5GXBGytGdpIvzMSC/yOO0EOOMgKoa9kud7fLYoYA+hxGm
pLjsj6Xb6PTh1M4RM0qY/FqoOodY0tF5uMms/+w6xZga+//H/Oi55kdCVwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFL+Rd9XFelwbxOduN7OKB0AakEAzMB8GA1UdIwQY
MBaAFOLVu0ARgOVfXBZdR5CN/0/img2GMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNHRXN1FCR0E1VjljRmwxSGtJM19ULUthRFlZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OS84NjI5N2EtZDIxOS00NTY3LTkxNzEt
NDIxZTZiYzdlMmU4LzEvdjVGMzFjVjZYQnZFNTI0M3M0b0hRQnFRUURNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OS84NjI5N2EtZDIxOS00NTY3LTkxNzEtNDIxZTZiYzdlMmU4
LzEvNHRXN1FCR0E1VjljRmwxSGtJM19ULUthRFlZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXryQMA0G
CSqGSIb3DQEBCwUAA4IBAQBpxDeE5J35IaqlQrBVQEEy7eO5qtqzshJJ7UE2bA3M
KrwABgvPBu5LA85EVCcwuW8epR8xytNGE5fJHWB4jPZTK6hVTNOV85oQIfZnpzMd
sMefXAhewMNZsoh8Cv1+qsbWjrXVoJ6QpcozQ1/hUaWISR0fNyqdjuFz2zJqGVEz
bD1wOweJLEFS3BSkuDlUqJbm5cHxTD4V3u1FVZbxOcUhlEAPCW+PqZBOBbbwSDyt
sL79cPJpycgViilpNwoBHCX3UpGjI4qG2l0OWlEArwT7Xqrhtm5vL1+wxWLVHiSb
zcL18M8E8rWN1V9SEgafxt7cw83T53piNmj29tbGTqX4
-----END CERTIFICATE-----