Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/f153dc-cbfb-4a4f-80d2-745e08fe58c6/1/jU-enqBlwHSK5LFQUkQMv3mnQ3c.roa
File:                     jU-enqBlwHSK5LFQUkQMv3mnQ3c.roa (raw, json)
Hash identifier:          XGjlZdDrp7Q05Es+vT4dQhjxGrAgZ9KHZykl/3VpHuk=
Subject key identifier:   8D:4F:9E:9E:A0:65:C0:74:8A:E4:B1:50:52:44:0C:BF:79:A7:43:77
Certificate issuer:       /CN=b0b5a80a7106e0a4b8545c8150bb72c699fcc9a0
Certificate serial:       019425214464481A929181215F34EFB140ED
Authority key identifier: B0:B5:A8:0A:71:06:E0:A4:B8:54:5C:81:50:BB:72:C6:99:FC:C9:A0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sLWoCnEG4KS4VFyBULtyxpn8yaA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/f153dc-cbfb-4a4f-80d2-745e08fe58c6/1/jU-enqBlwHSK5LFQUkQMv3mnQ3c.roa
Signing time:             Thu 02 Jan 2025 03:48:44 +0000
ROA not before:           Thu 02 Jan 2025 03:48:44 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     199964
IP address blocks:        185.93.71.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/f153dc-cbfb-4a4f-80d2-745e08fe58c6/1/sLWoCnEG4KS4VFyBULtyxpn8yaA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/f153dc-cbfb-4a4f-80d2-745e08fe58c6/1/sLWoCnEG4KS4VFyBULtyxpn8yaA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/sLWoCnEG4KS4VFyBULtyxpn8yaA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 09 Apr 2025 11:01:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:21:44:64:48:1a:92:91:81:21:5f:34:ef:b1:40:ed
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b0b5a80a7106e0a4b8545c8150bb72c699fcc9a0
        Validity
            Not Before: Jan  2 03:48:44 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8d4f9e9ea065c0748ae4b15052440cbf79a74377
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:ff:07:82:b1:0a:a0:77:b5:23:1d:18:72:90:
                    35:50:91:5e:5f:c0:c7:f0:cb:d3:db:9c:92:f5:ec:
                    05:9c:f8:0a:8a:67:15:cd:ff:f1:4c:6e:cd:8d:f2:
                    62:e7:40:af:44:23:16:5b:9b:87:66:c6:6d:14:e8:
                    68:2e:28:a2:f3:bf:b6:8f:c7:f9:b5:ff:54:19:09:
                    fa:03:06:9e:7e:03:16:4b:55:4c:73:57:1f:4c:88:
                    b8:b1:e4:47:80:de:ff:8a:d1:4b:61:26:69:b6:68:
                    6e:44:ec:20:46:a5:6e:c4:22:53:1e:ed:6e:af:9c:
                    15:f0:cf:6a:6c:af:be:44:98:66:94:bd:c6:8f:a1:
                    5f:c2:36:f8:73:ba:af:b6:1a:dc:c0:c9:fa:67:f3:
                    88:99:60:e7:f7:a9:e8:b2:17:33:30:c7:e7:b3:fc:
                    5c:ae:03:ca:8b:92:5f:7b:37:ce:35:de:0f:b2:32:
                    5f:d5:c2:dd:b4:b7:7b:a4:2c:7d:15:cd:71:f7:27:
                    ea:5b:a7:8f:98:79:3d:ae:19:47:67:f9:a5:b9:f0:
                    22:98:1b:0f:bf:60:74:86:af:5a:06:15:9e:7d:8e:
                    97:ee:40:c5:43:83:99:95:33:34:9f:47:6b:f0:b3:
                    6d:7a:33:32:1d:3e:9c:87:a6:b4:55:6e:b0:e4:07:
                    f2:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8D:4F:9E:9E:A0:65:C0:74:8A:E4:B1:50:52:44:0C:BF:79:A7:43:77
            X509v3 Authority Key Identifier:
                keyid:B0:B5:A8:0A:71:06:E0:A4:B8:54:5C:81:50:BB:72:C6:99:FC:C9:A0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sLWoCnEG4KS4VFyBULtyxpn8yaA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/f153dc-cbfb-4a4f-80d2-745e08fe58c6/1/jU-enqBlwHSK5LFQUkQMv3mnQ3c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/f153dc-cbfb-4a4f-80d2-745e08fe58c6/1/sLWoCnEG4KS4VFyBULtyxpn8yaA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.93.71.0/24

    Signature Algorithm: sha256WithRSAEncryption
         68:5f:66:b7:30:c5:e5:dc:af:6a:10:cf:d2:12:26:49:b5:3b:
         d4:07:24:e8:69:c2:53:00:7c:15:23:c8:9b:2c:1c:c3:06:51:
         c8:7e:cc:6c:a1:fa:ad:69:8d:59:32:ce:99:59:9a:0b:3f:97:
         ad:f8:7c:02:c7:51:7c:37:fb:80:f0:30:74:1d:e3:da:0d:81:
         ed:a6:de:4b:78:ab:7e:b0:09:3b:31:88:69:f8:9f:18:e1:cc:
         93:92:43:2d:6b:ba:ff:19:c6:ae:ec:c7:cd:63:40:aa:17:ea:
         12:7c:a5:51:6c:62:c0:fb:f9:6c:94:38:0d:9d:42:9f:81:a0:
         76:58:ff:3c:53:8b:4d:22:e8:72:e0:d3:70:2f:0c:57:94:5b:
         1e:35:e5:b1:49:3d:2e:bd:24:0f:2e:3d:fc:b3:37:7a:fd:89:
         cb:21:49:ba:97:88:12:05:bf:74:4b:7e:64:fd:ee:95:41:b2:
         e3:13:08:8f:5d:b5:c4:18:cf:c9:d0:5f:90:65:c6:29:02:14:
         0c:16:be:d7:de:46:f7:43:f7:aa:0d:85:83:11:39:fc:c6:b2:
         30:41:0d:a0:c9:be:30:f5:e4:70:9f:98:6c:c9:8f:be:63:ea:
         80:a9:80:ee:29:f7:7b:ab:ce:01:ae:5f:7f:17:17:40:1c:3c:
         61:a6:1b:5b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQlIURkSBqSkYEhXzTvsUDtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIwYjVhODBhNzEwNmUwYTRiODU0NWM4MTUwYmI3MmM2OTlm
Y2M5YTAwHhcNMjUwMTAyMDM0ODQ0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZDRmOWU5ZWEwNjVjMDc0OGFlNGIxNTA1MjQ0MGNiZjc5YTc0Mzc3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs/8HgrEKoHe1Ix0YcpA1UJFeX8DH
8MvT25yS9ewFnPgKimcVzf/xTG7NjfJi50CvRCMWW5uHZsZtFOhoLiii87+2j8f5
tf9UGQn6AwaefgMWS1VMc1cfTIi4seRHgN7/itFLYSZptmhuROwgRqVuxCJTHu1u
r5wV8M9qbK++RJhmlL3Gj6Ffwjb4c7qvthrcwMn6Z/OImWDn96noshczMMfns/xc
rgPKi5JfezfONd4PsjJf1cLdtLd7pCx9Fc1x9yfqW6ePmHk9rhlHZ/mlufAimBsP
v2B0hq9aBhWefY6X7kDFQ4OZlTM0n0dr8LNtejMyHT6ch6a0VW6w5Afy1QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFI1Pnp6gZcB0iuSxUFJEDL95p0N3MB8GA1UdIwQY
MBaAFLC1qApxBuCkuFRcgVC7csaZ/MmgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc0xXb0NuRUc0S1M0VkZ5QlVMdHl4cG44eWFBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi9mMTUzZGMtY2JmYi00YTRmLTgwZDIt
NzQ1ZTA4ZmU1OGM2LzEvalUtZW5xQmx3SFNLNUxGUVVrUU12M21uUTNjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi9mMTUzZGMtY2JmYi00YTRmLTgwZDItNzQ1ZTA4ZmU1OGM2
LzEvc0xXb0NuRUc0S1M0VkZ5QlVMdHl4cG44eWFBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuV1HMA0G
CSqGSIb3DQEBCwUAA4IBAQBoX2a3MMXl3K9qEM/SEiZJtTvUByToacJTAHwVI8ib
LBzDBlHIfsxsofqtaY1ZMs6ZWZoLP5et+HwCx1F8N/uA8DB0HePaDYHtpt5LeKt+
sAk7MYhp+J8Y4cyTkkMta7r/Gcau7MfNY0CqF+oSfKVRbGLA+/lslDgNnUKfgaB2
WP88U4tNIuhy4NNwLwxXlFseNeWxST0uvSQPLj38szd6/YnLIUm6l4gSBb90S35k
/e6VQbLjEwiPXbXEGM/J0F+QZcYpAhQMFr7X3kb3Q/eqDYWDETn8xrIwQQ2gyb4w
9eRwn5hsyY++Y+qAqYDuKfd7q84Brl9/FxdAHDxhphtb
-----END CERTIFICATE-----