Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/081c6e-1d65-4ccd-96f5-1dcc86c11e74/1/SuAwx53ztZ8nH6iQDl-exiTpB9U.roa
File:                     SuAwx53ztZ8nH6iQDl-exiTpB9U.roa (raw, json)
Hash identifier:          OW4UNz0fPDN3E3BkjgDIvFCnQ13CpXoOp18yw+GY/do=
Subject key identifier:   4A:E0:30:C7:9D:F3:B5:9F:27:1F:A8:90:0E:5F:9E:C6:24:E9:07:D5
Certificate issuer:       /CN=31a185d0eb0ca7811c586425de0e960e1cfeb61b
Certificate serial:       0194266C3DED5DAC80D8021FE74658EBF8CC
Authority key identifier: 31:A1:85:D0:EB:0C:A7:81:1C:58:64:25:DE:0E:96:0E:1C:FE:B6:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MaGF0OsMp4EcWGQl3g6WDhz-ths.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/87/081c6e-1d65-4ccd-96f5-1dcc86c11e74/1/SuAwx53ztZ8nH6iQDl-exiTpB9U.roa
Signing time:             Thu 02 Jan 2025 09:50:15 +0000
ROA not before:           Thu 02 Jan 2025 09:50:15 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     34984
IP address blocks:        85.153.11.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/87/081c6e-1d65-4ccd-96f5-1dcc86c11e74/1/MaGF0OsMp4EcWGQl3g6WDhz-ths.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/87/081c6e-1d65-4ccd-96f5-1dcc86c11e74/1/MaGF0OsMp4EcWGQl3g6WDhz-ths.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MaGF0OsMp4EcWGQl3g6WDhz-ths.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 21:01:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:6c:3d:ed:5d:ac:80:d8:02:1f:e7:46:58:eb:f8:cc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=31a185d0eb0ca7811c586425de0e960e1cfeb61b
        Validity
            Not Before: Jan  2 09:50:15 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4ae030c79df3b59f271fa8900e5f9ec624e907d5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:ea:fd:98:54:af:1f:01:69:06:9f:e0:a9:ea:
                    6c:a5:ec:a9:89:86:05:48:85:04:aa:da:af:3e:0f:
                    72:51:53:13:f7:62:52:da:cd:7b:59:c2:d0:5a:58:
                    cc:ae:f9:db:5e:cf:0e:5c:69:70:5b:d8:f0:d4:82:
                    2d:c3:21:3e:c7:7f:4c:ae:55:d9:cb:8f:15:83:d5:
                    e3:57:74:6c:b5:e4:90:64:9d:d1:7b:09:80:5b:13:
                    6d:9c:6c:44:4e:1f:1b:bd:ef:15:34:d4:b0:9b:7e:
                    1b:e6:97:cb:f3:b7:b8:c2:43:98:c4:36:f3:9f:41:
                    f6:55:e3:cc:e3:0a:40:aa:29:64:a5:23:55:35:a2:
                    4c:05:cf:67:2f:2e:d0:cf:ac:7e:4d:ee:a8:75:ac:
                    4c:bf:00:f7:96:79:a1:0b:5f:5b:39:1b:f5:b9:12:
                    52:1f:d3:2a:d1:8e:87:2f:48:2b:91:51:d6:df:45:
                    37:be:5d:cc:80:c7:b1:37:a8:35:ff:16:c7:4b:ed:
                    62:24:b8:ec:b6:d7:42:69:94:ae:83:0f:20:47:11:
                    ff:f3:2d:88:b3:da:e2:88:22:99:eb:1f:b8:c4:7a:
                    c9:3d:50:64:23:20:75:c8:f2:52:6d:6a:a3:ae:1a:
                    c3:95:5b:73:61:33:f7:0a:d3:2a:4a:52:db:b1:96:
                    d7:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4A:E0:30:C7:9D:F3:B5:9F:27:1F:A8:90:0E:5F:9E:C6:24:E9:07:D5
            X509v3 Authority Key Identifier:
                keyid:31:A1:85:D0:EB:0C:A7:81:1C:58:64:25:DE:0E:96:0E:1C:FE:B6:1B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MaGF0OsMp4EcWGQl3g6WDhz-ths.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/081c6e-1d65-4ccd-96f5-1dcc86c11e74/1/SuAwx53ztZ8nH6iQDl-exiTpB9U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/87/081c6e-1d65-4ccd-96f5-1dcc86c11e74/1/MaGF0OsMp4EcWGQl3g6WDhz-ths.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.153.11.0/24

    Signature Algorithm: sha256WithRSAEncryption
         92:4e:0a:05:80:64:e2:68:75:45:f8:26:02:a6:f5:e8:5b:cd:
         21:9d:6b:1e:47:3b:5c:35:f4:c7:a6:c7:16:28:37:e7:ef:98:
         fc:07:9c:71:2b:04:c4:be:fa:54:35:32:a5:ce:22:1e:8a:ba:
         9d:3a:f5:86:b5:3b:4b:77:30:db:92:ea:43:c5:5a:00:02:d1:
         41:f0:ce:3c:27:f6:96:5f:b8:79:5a:81:c1:a5:e9:a8:62:42:
         17:f0:87:06:e3:7f:75:a4:58:24:85:1f:41:8c:9e:56:cd:7b:
         8f:17:16:3f:ed:7e:e0:d5:fd:8a:1b:5f:98:6f:a6:29:ce:98:
         3f:e2:bc:4d:29:ea:09:b6:9c:30:a3:41:3c:27:31:56:cd:5f:
         1d:67:e6:28:ee:41:30:00:e2:14:c3:71:42:38:02:de:88:85:
         5d:92:17:a4:7d:c0:c3:f5:04:50:aa:43:24:b9:e1:0c:06:c0:
         17:de:81:9b:e5:ba:20:48:f3:54:54:ad:fd:83:3a:dd:55:6a:
         53:c2:ef:b5:54:9a:dd:cd:bb:84:b8:25:3d:d5:ad:5a:67:9b:
         35:0d:c9:64:e7:fc:b8:a2:1d:14:5f:3c:84:27:a8:b6:11:26:
         21:8e:18:1e:71:85:9f:3b:ee:32:15:5e:6e:dc:9d:5b:01:c1:
         53:c3:a6:58
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQmbD3tXayA2AIf50ZY6/jMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMxYTE4NWQwZWIwY2E3ODExYzU4NjQyNWRlMGU5NjBlMWNm
ZWI2MWIwHhcNMjUwMTAyMDk1MDE1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YWUwMzBjNzlkZjNiNTlmMjcxZmE4OTAwZTVmOWVjNjI0ZTkwN2Q1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsOr9mFSvHwFpBp/gqepspeypiYYF
SIUEqtqvPg9yUVMT92JS2s17WcLQWljMrvnbXs8OXGlwW9jw1IItwyE+x39MrlXZ
y48Vg9XjV3RsteSQZJ3RewmAWxNtnGxETh8bve8VNNSwm34b5pfL87e4wkOYxDbz
n0H2VePM4wpAqilkpSNVNaJMBc9nLy7Qz6x+Te6odaxMvwD3lnmhC19bORv1uRJS
H9Mq0Y6HL0grkVHW30U3vl3MgMexN6g1/xbHS+1iJLjsttdCaZSugw8gRxH/8y2I
s9riiCKZ6x+4xHrJPVBkIyB1yPJSbWqjrhrDlVtzYTP3CtMqSlLbsZbX2wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFErgMMed87WfJx+okA5fnsYk6QfVMB8GA1UdIwQY
MBaAFDGhhdDrDKeBHFhkJd4Olg4c/rYbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTWFHRjBPc01wNEVjV0dRbDNnNldEaHotdGhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny8wODFjNmUtMWQ2NS00Y2NkLTk2ZjUt
MWRjYzg2YzExZTc0LzEvU3VBd3g1M3p0WjhuSDZpUURsLWV4aVRwQjlVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ny8wODFjNmUtMWQ2NS00Y2NkLTk2ZjUtMWRjYzg2YzExZTc0
LzEvTWFHRjBPc01wNEVjV0dRbDNnNldEaHotdGhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVZkLMA0G
CSqGSIb3DQEBCwUAA4IBAQCSTgoFgGTiaHVF+CYCpvXoW80hnWseRztcNfTHpscW
KDfn75j8B5xxKwTEvvpUNTKlziIeirqdOvWGtTtLdzDbkupDxVoAAtFB8M48J/aW
X7h5WoHBpemoYkIX8IcG4391pFgkhR9BjJ5WzXuPFxY/7X7g1f2KG1+Yb6Ypzpg/
4rxNKeoJtpwwo0E8JzFWzV8dZ+Yo7kEwAOIUw3FCOALeiIVdkhekfcDD9QRQqkMk
ueEMBsAX3oGb5bogSPNUVK39gzrdVWpTwu+1VJrdzbuEuCU91a1aZ5s1Dclk5/y4
oh0UXzyEJ6i2ESYhjhgecYWfO+4yFV5u3J1bAcFTw6ZY
-----END CERTIFICATE-----