Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/81/c37c16-0603-4845-b4d4-95ddb0974e4b/1/BUuoPdUgpRssN_8s1xD5RE2knSk.roa
File:                     BUuoPdUgpRssN_8s1xD5RE2knSk.roa (raw, json)
Hash identifier:          i3w2fhY/oY9rEDtPXwfXHRtgj9nEgJpg1E4G0VvBSNE=
Subject key identifier:   05:4B:A8:3D:D5:20:A5:1B:2C:37:FF:2C:D7:10:F9:44:4D:A4:9D:29
Certificate issuer:       /CN=841f36fcbf7334eff6b91e80297ea5b25c4ecfd2
Certificate serial:       019426D9F42C92EE21881AD0A249EF2ECCE1
Authority key identifier: 84:1F:36:FC:BF:73:34:EF:F6:B9:1E:80:29:7E:A5:B2:5C:4E:CF:D2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hB82_L9zNO_2uR6AKX6lslxOz9I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/81/c37c16-0603-4845-b4d4-95ddb0974e4b/1/BUuoPdUgpRssN_8s1xD5RE2knSk.roa
Signing time:             Thu 02 Jan 2025 11:50:05 +0000
ROA not before:           Thu 02 Jan 2025 11:50:05 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     52013
IP address blocks:        46.183.224.0/21 maxlen: 24
                          185.106.135.0/24 maxlen: 24
                          188.94.4.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/81/c37c16-0603-4845-b4d4-95ddb0974e4b/1/hB82_L9zNO_2uR6AKX6lslxOz9I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/81/c37c16-0603-4845-b4d4-95ddb0974e4b/1/hB82_L9zNO_2uR6AKX6lslxOz9I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hB82_L9zNO_2uR6AKX6lslxOz9I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 13 Apr 2025 14:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:d9:f4:2c:92:ee:21:88:1a:d0:a2:49:ef:2e:cc:e1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=841f36fcbf7334eff6b91e80297ea5b25c4ecfd2
        Validity
            Not Before: Jan  2 11:50:05 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=054ba83dd520a51b2c37ff2cd710f9444da49d29
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:30:65:49:8c:6b:06:82:a7:9a:4b:d4:21:ed:
                    a8:19:a7:92:b0:db:c3:d9:28:1f:5c:2b:ed:8b:5f:
                    9a:6e:e6:74:84:51:ce:b6:84:cc:08:9a:b6:a0:78:
                    a9:4d:69:f8:f1:fc:fa:d1:49:6f:7e:86:e7:7d:e4:
                    78:f6:3e:de:9e:85:7d:2e:0e:4f:04:c6:a6:68:30:
                    2a:9a:77:c6:da:7e:a1:ce:ac:f6:2c:7e:d5:29:05:
                    a3:dd:27:23:3b:59:96:32:7f:1a:0b:3d:d9:a9:58:
                    65:71:66:97:fc:dd:ac:6d:43:b6:4a:ab:70:ae:99:
                    79:88:08:94:24:c7:de:e5:55:0f:a7:4a:70:0e:5c:
                    71:f0:6b:7f:e1:d6:3e:6e:01:c6:e5:35:6c:f9:1f:
                    44:74:a9:25:ed:a1:e3:42:72:1e:25:8d:e2:ea:da:
                    21:00:8b:22:d8:74:7e:2e:e4:f9:63:d2:13:76:d0:
                    01:84:57:9d:64:89:98:23:bc:4f:f7:30:dd:8a:3f:
                    71:86:fd:f1:74:21:e9:e3:2e:b1:ec:e9:22:b6:34:
                    45:a5:97:da:82:82:12:97:24:cf:f9:8c:78:a6:1d:
                    e9:7e:7c:81:1c:25:37:18:96:81:0a:58:54:e0:11:
                    85:de:f9:e1:f9:a1:3d:d1:cf:a3:df:eb:0c:8b:63:
                    9a:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                05:4B:A8:3D:D5:20:A5:1B:2C:37:FF:2C:D7:10:F9:44:4D:A4:9D:29
            X509v3 Authority Key Identifier:
                keyid:84:1F:36:FC:BF:73:34:EF:F6:B9:1E:80:29:7E:A5:B2:5C:4E:CF:D2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hB82_L9zNO_2uR6AKX6lslxOz9I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/81/c37c16-0603-4845-b4d4-95ddb0974e4b/1/BUuoPdUgpRssN_8s1xD5RE2knSk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/81/c37c16-0603-4845-b4d4-95ddb0974e4b/1/hB82_L9zNO_2uR6AKX6lslxOz9I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.183.224.0/21
                  185.106.135.0/24
                  188.94.4.0/22

    Signature Algorithm: sha256WithRSAEncryption
         76:3e:47:17:10:9b:34:7d:6c:e1:95:11:e0:37:00:33:d8:5e:
         0b:a4:81:d3:b3:30:03:bb:59:f5:c5:4a:71:d2:47:82:5b:d3:
         eb:ae:03:d6:3c:85:d6:8f:4a:16:e0:6d:70:38:31:ae:47:e6:
         a3:d8:fa:59:45:fc:cb:86:c0:c8:68:3a:6d:51:2c:28:3e:76:
         20:ad:79:8c:ad:51:cc:06:88:d6:a5:f3:36:32:26:b9:ef:36:
         50:96:4b:56:47:08:69:3f:f1:29:2e:8a:92:f4:d1:56:34:1a:
         5b:9f:74:61:9e:54:93:68:94:b5:0e:2a:fc:05:d9:92:42:c4:
         ed:d3:60:87:f2:77:73:9c:e6:78:ab:02:77:c3:89:f8:5d:55:
         11:32:36:fb:86:44:69:45:3c:8e:5f:ff:51:e3:98:28:32:3c:
         12:dd:d0:4a:fc:98:0f:b4:0e:58:e3:ef:6f:8e:41:6a:e0:91:
         5f:c0:5a:fa:d4:8f:2a:b7:fd:3b:dd:28:d2:ce:52:1c:05:66:
         3d:9d:db:a4:17:44:7b:3e:64:a7:a8:22:ab:52:26:72:d8:bd:
         38:89:3c:79:bc:98:0c:a7:c8:90:cb:08:a9:68:58:9f:d3:a2:
         84:cc:0d:7d:4a:c5:78:de:e3:c5:01:a0:df:6e:34:ce:9e:44:
         c3:78:3d:88
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZQm2fQsku4hiBrQoknvLszhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg0MWYzNmZjYmY3MzM0ZWZmNmI5MWU4MDI5N2VhNWIyNWM0
ZWNmZDIwHhcNMjUwMTAyMTE1MDA1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNTRiYTgzZGQ1MjBhNTFiMmMzN2ZmMmNkNzEwZjk0NDRkYTQ5ZDI5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArzBlSYxrBoKnmkvUIe2oGaeSsNvD
2SgfXCvti1+abuZ0hFHOtoTMCJq2oHipTWn48fz60UlvfobnfeR49j7enoV9Lg5P
BMamaDAqmnfG2n6hzqz2LH7VKQWj3ScjO1mWMn8aCz3ZqVhlcWaX/N2sbUO2Sqtw
rpl5iAiUJMfe5VUPp0pwDlxx8Gt/4dY+bgHG5TVs+R9EdKkl7aHjQnIeJY3i6toh
AIsi2HR+LuT5Y9ITdtABhFedZImYI7xP9zDdij9xhv3xdCHp4y6x7OkitjRFpZfa
goISlyTP+Yx4ph3pfnyBHCU3GJaBClhU4BGF3vnh+aE90c+j3+sMi2OaIwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFAVLqD3VIKUbLDf/LNcQ+URNpJ0pMB8GA1UdIwQY
MBaAFIQfNvy/czTv9rkegCl+pbJcTs/SMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaEI4Ml9MOXpOT18ydVI2QUtYNmxzbHhPejlJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MS9jMzdjMTYtMDYwMy00ODQ1LWI0ZDQt
OTVkZGIwOTc0ZTRiLzEvQlV1b1BkVWdwUnNzTl84czF4RDVSRTJrblNrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MS9jMzdjMTYtMDYwMy00ODQ1LWI0ZDQtOTVkZGIwOTc0ZTRi
LzEvaEI4Ml9MOXpOT18ydVI2QUtYNmxzbHhPejlJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQDLrfgAwQA
uWqHAwQCvF4EMA0GCSqGSIb3DQEBCwUAA4IBAQB2PkcXEJs0fWzhlRHgNwAz2F4L
pIHTszADu1n1xUpx0keCW9PrrgPWPIXWj0oW4G1wODGuR+aj2PpZRfzLhsDIaDpt
USwoPnYgrXmMrVHMBojWpfM2Mia57zZQlktWRwhpP/EpLoqS9NFWNBpbn3RhnlST
aJS1Dir8BdmSQsTt02CH8ndznOZ4qwJ3w4n4XVURMjb7hkRpRTyOX/9R45goMjwS
3dBK/JgPtA5Y4+9vjkFq4JFfwFr61I8qt/073SjSzlIcBWY9ndukF0R7PmSnqCKr
UiZy2L04iTx5vJgMp8iQywipaFif06KEzA19SsV43uPFAaDfbjTOnkTDeD2I
-----END CERTIFICATE-----