Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6b/33d5d1-c450-413b-afe4-45935f506a12/1/hdvM8fUsl1ODAxVpn_5OhMHT2mA.roa
File:                     hdvM8fUsl1ODAxVpn_5OhMHT2mA.roa (raw, json)
Hash identifier:          1KgSaW30zJYi8mRrLQxAal5McydfzgPp6gBYyscw3fI=
Subject key identifier:   85:DB:CC:F1:F5:2C:97:53:83:03:15:69:9F:FE:4E:84:C1:D3:DA:60
Certificate issuer:       /CN=3af09ba33b5ae581b0d29323249314f76aa10511
Certificate serial:       019420D5ACB6F03FCF921D4988517B437901
Authority key identifier: 3A:F0:9B:A3:3B:5A:E5:81:B0:D2:93:23:24:93:14:F7:6A:A1:05:11
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OvCbozta5YGw0pMjJJMU92qhBRE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6b/33d5d1-c450-413b-afe4-45935f506a12/1/hdvM8fUsl1ODAxVpn_5OhMHT2mA.roa
Signing time:             Wed 01 Jan 2025 07:47:41 +0000
ROA not before:           Wed 01 Jan 2025 07:47:41 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     31204
IP address blocks:        92.181.0.0/17 maxlen: 24
                          92.181.128.0/19 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6b/33d5d1-c450-413b-afe4-45935f506a12/1/OvCbozta5YGw0pMjJJMU92qhBRE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6b/33d5d1-c450-413b-afe4-45935f506a12/1/OvCbozta5YGw0pMjJJMU92qhBRE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OvCbozta5YGw0pMjJJMU92qhBRE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 10 Apr 2025 07:00:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:d5:ac:b6:f0:3f:cf:92:1d:49:88:51:7b:43:79:01
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3af09ba33b5ae581b0d29323249314f76aa10511
        Validity
            Not Before: Jan  1 07:47:41 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=85dbccf1f52c9753830315699ffe4e84c1d3da60
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:8d:26:8a:3f:b1:68:be:32:cd:55:4b:0c:15:
                    23:93:ec:e0:d4:d0:7d:60:90:03:97:7a:f3:a5:78:
                    70:9a:6d:e5:d7:c8:18:17:de:7e:f5:c2:a9:f4:79:
                    b8:52:eb:23:03:17:0a:41:e2:75:75:5c:5e:a2:aa:
                    df:0a:f9:da:c4:4d:e4:16:75:16:d3:3a:af:58:cb:
                    e7:b2:99:69:c8:76:49:f6:fb:c9:27:72:64:c9:3f:
                    ba:aa:e5:2f:5c:fb:b7:62:56:26:52:c9:64:f8:00:
                    42:6e:e9:da:10:85:6f:8c:32:3a:15:e0:09:c9:58:
                    19:af:36:62:43:aa:58:b9:bf:2d:9b:7c:12:73:41:
                    ac:0f:4e:b9:f4:3c:45:52:b3:f6:20:4f:63:7e:c0:
                    f0:d6:66:21:40:77:05:dd:6d:ed:0b:23:c8:aa:b8:
                    62:43:98:96:d8:50:06:a8:de:7c:77:2d:2f:78:0c:
                    f6:4e:d9:dc:37:fe:0e:4c:60:68:22:a1:10:53:cd:
                    5d:d0:07:4c:72:4e:9c:06:64:47:60:ae:e7:5c:b5:
                    8c:7d:54:2e:7f:9f:32:30:11:07:87:15:6e:2d:22:
                    61:08:27:ae:7d:2a:29:94:ef:36:54:15:d1:a3:de:
                    43:7e:27:fe:91:9b:63:6f:eb:e9:3d:c4:f7:ec:b3:
                    aa:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                85:DB:CC:F1:F5:2C:97:53:83:03:15:69:9F:FE:4E:84:C1:D3:DA:60
            X509v3 Authority Key Identifier:
                keyid:3A:F0:9B:A3:3B:5A:E5:81:B0:D2:93:23:24:93:14:F7:6A:A1:05:11

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OvCbozta5YGw0pMjJJMU92qhBRE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6b/33d5d1-c450-413b-afe4-45935f506a12/1/hdvM8fUsl1ODAxVpn_5OhMHT2mA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6b/33d5d1-c450-413b-afe4-45935f506a12/1/OvCbozta5YGw0pMjJJMU92qhBRE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  92.181.0.0-92.181.159.255

    Signature Algorithm: sha256WithRSAEncryption
         58:db:60:e3:2d:69:e9:55:92:66:b8:09:de:f3:35:74:26:46:
         d2:66:62:d9:c1:97:03:31:d6:f5:0b:c8:d9:d1:84:0a:64:38:
         d5:95:e2:37:c7:c6:a7:a5:b5:dd:6e:52:2c:ba:2f:ec:8f:33:
         de:1b:ba:4a:de:29:c5:7e:7e:b8:36:0f:50:51:59:77:a4:bd:
         cb:90:f8:14:7d:27:6f:34:e8:bf:83:8a:5f:a1:d3:ca:94:04:
         a8:b5:86:4c:8e:0c:16:a6:45:10:4c:2e:8b:30:76:3d:72:0f:
         e1:bb:58:68:ca:3e:e0:10:fd:d5:90:31:03:b3:12:aa:1e:e7:
         8b:d2:d3:33:ae:c9:73:2f:17:26:d7:39:0e:e6:b4:11:b6:0b:
         20:5a:c5:a1:a5:e7:de:7b:9e:6d:ee:24:39:52:3e:0f:7f:d6:
         e1:8c:55:50:64:6a:da:db:c2:39:ee:ff:d7:c8:3b:f6:83:84:
         2b:c4:e1:b2:43:4a:9a:dc:82:b2:cf:26:ba:6c:3d:cb:10:76:
         73:47:d2:25:66:fe:19:b2:5e:c0:94:34:d0:70:90:e1:1b:65:
         db:77:1a:a6:48:3a:82:b7:65:14:10:58:3b:65:ef:1c:6c:9d:
         bf:e0:56:4c:5d:09:15:71:bc:ab:cc:24:84:44:cd:42:ab:8c:
         46:e3:e1:5f
-----BEGIN CERTIFICATE-----
MIIFBDCCA+ygAwIBAgISAZQg1ay28D/Pkh1JiFF7Q3kBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNhZjA5YmEzM2I1YWU1ODFiMGQyOTMyMzI0OTMxNGY3NmFh
MTA1MTEwHhcNMjUwMTAxMDc0NzQxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NWRiY2NmMWY1MmM5NzUzODMwMzE1Njk5ZmZlNGU4NGMxZDNkYTYwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvI0mij+xaL4yzVVLDBUjk+zg1NB9
YJADl3rzpXhwmm3l18gYF95+9cKp9Hm4UusjAxcKQeJ1dVxeoqrfCvnaxE3kFnUW
0zqvWMvnsplpyHZJ9vvJJ3JkyT+6quUvXPu3YlYmUslk+ABCbunaEIVvjDI6FeAJ
yVgZrzZiQ6pYub8tm3wSc0GsD0659DxFUrP2IE9jfsDw1mYhQHcF3W3tCyPIqrhi
Q5iW2FAGqN58dy0veAz2TtncN/4OTGBoIqEQU81d0AdMck6cBmRHYK7nXLWMfVQu
f58yMBEHhxVuLSJhCCeufSoplO82VBXRo95Dfif+kZtjb+vpPcT37LOquQIDAQAB
o4ICEDCCAgwwHQYDVR0OBBYEFIXbzPH1LJdTgwMVaZ/+ToTB09pgMB8GA1UdIwQY
MBaAFDrwm6M7WuWBsNKTIySTFPdqoQURMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT3ZDYm96dGE1WUd3MHBNakpKTVU5MnFoQlJFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Yi8zM2Q1ZDEtYzQ1MC00MTNiLWFmZTQt
NDU5MzVmNTA2YTEyLzEvaGR2TThmVXNsMU9EQXhWcG5fNU9oTUhUMm1BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Yi8zM2Q1ZDEtYzQ1MC00MTNiLWFmZTQtNDU5MzVmNTA2YTEy
LzEvT3ZDYm96dGE1WUd3MHBNakpKTVU5MnFoQlJFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCYGCCsGAQUFBwEHAQH/BBcwFTATBAIAATANMAsDAwBctQME
BVy1gDANBgkqhkiG9w0BAQsFAAOCAQEAWNtg4y1p6VWSZrgJ3vM1dCZG0mZi2cGX
AzHW9QvI2dGECmQ41ZXiN8fGp6W13W5SLLov7I8z3hu6St4pxX5+uDYPUFFZd6S9
y5D4FH0nbzTov4OKX6HTypQEqLWGTI4MFqZFEEwuizB2PXIP4btYaMo+4BD91ZAx
A7MSqh7ni9LTM67Jcy8XJtc5Dua0EbYLIFrFoaXn3nuebe4kOVI+D3/W4YxVUGRq
2tvCOe7/18g79oOEK8ThskNKmtyCss8mumw9yxB2c0fSJWb+GbJewJQ00HCQ4Rtl
23capkg6grdlFBBYO2XvHGydv+BWTF0JFXG8q8wkhETNQquMRuPhXw==
-----END CERTIFICATE-----