Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/70/117ca3-b603-4db8-9626-0405234ab3f1/1/5UfcIFhlQvx0nQIWqN-kcbYuB6M.roa
File:                     5UfcIFhlQvx0nQIWqN-kcbYuB6M.roa (raw, json)
Hash identifier:          ieYtPF3lzkMexTTu5eSQ3vpQR0GCbAp7oGQtRhmM11g=
Subject key identifier:   E5:47:DC:20:58:65:42:FC:74:9D:02:16:A8:DF:A4:71:B6:2E:07:A3
Certificate issuer:       /CN=ca34b13387fab1dcf8b67f16a0a437608600c4c2
Certificate serial:       01956F9831ABBFDB0896258209DF7FF9C473
Authority key identifier: CA:34:B1:33:87:FA:B1:DC:F8:B6:7F:16:A0:A4:37:60:86:00:C4:C2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/yjSxM4f6sdz4tn8WoKQ3YIYAxMI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/70/117ca3-b603-4db8-9626-0405234ab3f1/1/5UfcIFhlQvx0nQIWqN-kcbYuB6M.roa
Signing time:             Fri 07 Mar 2025 07:53:19 +0000
ROA not before:           Fri 07 Mar 2025 07:53:19 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     14618
IP address blocks:        185.112.132.0/24 maxlen: 24
                          185.112.133.0/24 maxlen: 24
                          185.112.134.0/24 maxlen: 24
                          185.112.135.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/70/117ca3-b603-4db8-9626-0405234ab3f1/1/yjSxM4f6sdz4tn8WoKQ3YIYAxMI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/70/117ca3-b603-4db8-9626-0405234ab3f1/1/yjSxM4f6sdz4tn8WoKQ3YIYAxMI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/yjSxM4f6sdz4tn8WoKQ3YIYAxMI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 19:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:6f:98:31:ab:bf:db:08:96:25:82:09:df:7f:f9:c4:73
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ca34b13387fab1dcf8b67f16a0a437608600c4c2
        Validity
            Not Before: Mar  7 07:53:19 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e547dc20586542fc749d0216a8dfa471b62e07a3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:00:fc:bf:c1:e2:bb:02:b6:51:f7:dd:fe:23:
                    09:d5:11:15:55:07:a1:e7:46:ff:ce:77:2e:03:1e:
                    d8:af:b6:09:ef:37:6a:9b:82:0e:34:51:08:f7:4f:
                    73:31:37:7b:2e:25:0e:60:a2:3d:5b:36:a5:26:f9:
                    11:07:2f:d8:b3:3f:d1:96:4e:58:05:7c:be:32:15:
                    75:60:b9:7b:0f:d2:bb:96:6d:04:56:29:3a:ab:cf:
                    4f:21:61:6f:ef:0c:89:46:34:3d:df:3a:c7:d8:e6:
                    f4:26:24:c1:07:d1:dc:c2:7b:67:d2:33:e1:8e:b9:
                    50:af:4c:54:b4:27:71:84:d6:2d:2d:7c:c6:ea:63:
                    ee:33:91:af:58:8a:fa:b2:5d:56:e3:83:fe:fd:34:
                    4c:e4:77:1a:d3:8c:55:5d:37:e4:3e:f7:41:6e:64:
                    d9:4a:93:f6:b9:65:dd:b8:c4:1c:d8:4d:10:12:0d:
                    85:2f:2c:24:c3:af:04:74:aa:89:9a:eb:44:90:9b:
                    b7:ff:db:bc:1e:af:7d:27:11:a0:bd:22:93:ff:fe:
                    9d:aa:7d:57:d9:0e:8d:e2:6f:b8:82:a5:fc:fb:d8:
                    b0:ca:1d:26:be:7b:d9:cb:66:67:44:ae:db:53:f2:
                    97:68:9f:1d:35:6c:fc:92:a5:78:89:51:64:18:55:
                    c1:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E5:47:DC:20:58:65:42:FC:74:9D:02:16:A8:DF:A4:71:B6:2E:07:A3
            X509v3 Authority Key Identifier:
                keyid:CA:34:B1:33:87:FA:B1:DC:F8:B6:7F:16:A0:A4:37:60:86:00:C4:C2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/yjSxM4f6sdz4tn8WoKQ3YIYAxMI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/70/117ca3-b603-4db8-9626-0405234ab3f1/1/5UfcIFhlQvx0nQIWqN-kcbYuB6M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/70/117ca3-b603-4db8-9626-0405234ab3f1/1/yjSxM4f6sdz4tn8WoKQ3YIYAxMI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.112.132.0/22

    Signature Algorithm: sha256WithRSAEncryption
         b5:a9:14:d6:9a:16:91:d9:ea:dc:d1:a8:1e:9e:96:f9:ca:ef:
         78:f4:93:ad:af:3d:14:35:c4:7f:a6:cd:41:8b:96:c9:ed:1d:
         34:59:f0:9e:3f:11:07:42:36:ff:c3:88:9e:b0:fc:e9:81:93:
         10:c5:69:84:d2:3d:f7:14:17:f8:f6:b1:fe:30:97:70:97:cc:
         9e:59:c0:78:ca:c6:aa:51:d7:b1:cd:08:6d:8b:75:77:a0:c9:
         56:f9:19:bb:d2:1e:55:17:35:f5:ac:a8:ca:0b:d2:e7:b2:aa:
         fb:a3:82:78:e9:39:d0:e5:16:02:10:6c:76:40:c6:46:e8:20:
         13:06:ae:8e:34:55:93:99:18:a4:ee:ba:ac:a6:cf:de:8c:f3:
         85:89:72:5a:38:c0:e9:e6:31:13:d1:d4:5a:d0:68:bc:12:00:
         83:e1:17:aa:27:7f:34:af:1a:3e:1f:9f:d8:4b:78:54:c9:bc:
         32:49:26:55:82:20:7c:1f:49:80:9f:8f:24:e2:d6:d3:19:75:
         9f:b5:ba:7a:3b:92:ca:3d:f9:29:33:4b:00:55:84:17:94:30:
         9d:eb:c3:fe:62:b8:d8:83:ff:81:1a:a4:58:f7:f4:86:fe:6b:
         a7:63:3c:3c:94:8c:cd:f4:1e:7d:7e:c9:46:60:48:4f:57:56:
         67:f2:57:88
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZVvmDGrv9sIliWCCd9/+cRzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNhMzRiMTMzODdmYWIxZGNmOGI2N2YxNmEwYTQzNzYwODYw
MGM0YzIwHhcNMjUwMzA3MDc1MzE5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNTQ3ZGMyMDU4NjU0MmZjNzQ5ZDAyMTZhOGRmYTQ3MWI2MmUwN2EzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApwD8v8HiuwK2Uffd/iMJ1REVVQeh
50b/zncuAx7Yr7YJ7zdqm4IONFEI909zMTd7LiUOYKI9WzalJvkRBy/Ysz/Rlk5Y
BXy+MhV1YLl7D9K7lm0EVik6q89PIWFv7wyJRjQ93zrH2Ob0JiTBB9Hcwntn0jPh
jrlQr0xUtCdxhNYtLXzG6mPuM5GvWIr6sl1W44P+/TRM5Hca04xVXTfkPvdBbmTZ
SpP2uWXduMQc2E0QEg2FLywkw68EdKqJmutEkJu3/9u8Hq99JxGgvSKT//6dqn1X
2Q6N4m+4gqX8+9iwyh0mvnvZy2ZnRK7bU/KXaJ8dNWz8kqV4iVFkGFXBsQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOVH3CBYZUL8dJ0CFqjfpHG2LgejMB8GA1UdIwQY
MBaAFMo0sTOH+rHc+LZ/FqCkN2CGAMTCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveWpTeE00ZjZzZHo0dG44V29LUTNZSVlBeE1JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MC8xMTdjYTMtYjYwMy00ZGI4LTk2MjYt
MDQwNTIzNGFiM2YxLzEvNVVmY0lGaGxRdngwblFJV3FOLWtjYll1QjZNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MC8xMTdjYTMtYjYwMy00ZGI4LTk2MjYtMDQwNTIzNGFiM2Yx
LzEveWpTeE00ZjZzZHo0dG44V29LUTNZSVlBeE1JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuXCEMA0G
CSqGSIb3DQEBCwUAA4IBAQC1qRTWmhaR2erc0agenpb5yu949JOtrz0UNcR/ps1B
i5bJ7R00WfCePxEHQjb/w4iesPzpgZMQxWmE0j33FBf49rH+MJdwl8yeWcB4ysaq
UdexzQhti3V3oMlW+Rm70h5VFzX1rKjKC9Lnsqr7o4J46TnQ5RYCEGx2QMZG6CAT
Bq6ONFWTmRik7rqsps/ejPOFiXJaOMDp5jET0dRa0Gi8EgCD4ReqJ380rxo+H5/Y
S3hUybwySSZVgiB8H0mAn48k4tbTGXWftbp6O5LKPfkpM0sAVYQXlDCd68P+YrjY
g/+BGqRY9/SG/munYzw8lIzN9B59fslGYEhPV1Zn8leI
-----END CERTIFICATE-----