Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a5/f07b18-19d7-41f2-af6b-bc7a208a5e2e/1/pMp95DzdRf1pgBQsJLmwp0JpeXI.roa
File:                     pMp95DzdRf1pgBQsJLmwp0JpeXI.roa (raw, json)
Hash identifier:          VEU+wyERacx2v3R6jFxKp8QKArrmRvOUh8IhbniFnxs=
Subject key identifier:   A4:CA:7D:E4:3C:DD:45:FD:69:80:14:2C:24:B9:B0:A7:42:69:79:72
Certificate issuer:       /CN=b85eadc2ec70b30fa4225ed7fcd5730f0c7bc616
Certificate serial:       0194274794A8D5198B5273B554635B5B92BE
Authority key identifier: B8:5E:AD:C2:EC:70:B3:0F:A4:22:5E:D7:FC:D5:73:0F:0C:7B:C6:16
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uF6twuxwsw-kIl7X_NVzDwx7xhY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a5/f07b18-19d7-41f2-af6b-bc7a208a5e2e/1/pMp95DzdRf1pgBQsJLmwp0JpeXI.roa
Signing time:             Thu 02 Jan 2025 13:49:50 +0000
ROA not before:           Thu 02 Jan 2025 13:49:50 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     205318
IP address blocks:        31.42.57.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a5/f07b18-19d7-41f2-af6b-bc7a208a5e2e/1/uF6twuxwsw-kIl7X_NVzDwx7xhY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a5/f07b18-19d7-41f2-af6b-bc7a208a5e2e/1/uF6twuxwsw-kIl7X_NVzDwx7xhY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/uF6twuxwsw-kIl7X_NVzDwx7xhY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 18 Apr 2025 13:01:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:47:94:a8:d5:19:8b:52:73:b5:54:63:5b:5b:92:be
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b85eadc2ec70b30fa4225ed7fcd5730f0c7bc616
        Validity
            Not Before: Jan  2 13:49:50 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a4ca7de43cdd45fd6980142c24b9b0a742697972
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:dc:46:de:5f:19:6f:96:fd:22:fa:48:d3:35:
                    35:09:aa:32:d7:d3:0d:14:d6:dd:2d:a2:16:4a:86:
                    f6:5c:96:67:1c:c1:3e:e7:ab:83:9f:d9:09:e6:ad:
                    92:66:55:c3:4f:61:a9:7c:40:89:7c:4f:98:94:f9:
                    04:b2:19:a9:9b:35:6f:c2:ce:9e:12:f1:d9:4d:75:
                    2e:db:e6:ff:39:c2:e8:62:98:37:43:cd:be:b7:11:
                    cb:af:be:61:0a:96:02:b2:51:03:76:df:4f:f8:7c:
                    b6:4a:35:ba:87:b6:7b:53:31:7f:b8:bf:17:fa:bc:
                    07:dc:27:0f:94:d7:27:ad:18:c6:d2:fb:e7:f4:68:
                    04:cb:48:44:1a:71:9d:e6:be:98:bd:04:89:e3:31:
                    e9:c8:d6:37:be:a8:18:fa:57:f5:ec:f8:81:f6:e4:
                    94:0c:e5:a5:e2:cb:46:10:03:50:ab:22:c0:07:ea:
                    2c:7e:76:3f:74:2a:98:32:d7:3a:61:e0:1d:31:4c:
                    6b:20:49:0f:98:9c:ad:f6:b3:66:0f:18:a9:59:b3:
                    08:a4:77:64:9e:1d:3f:2b:dd:76:61:76:28:88:33:
                    71:47:f6:52:3f:e2:a5:e8:12:ff:95:5b:d2:79:c1:
                    eb:c3:e9:0d:d8:e6:06:e5:76:1e:5f:fd:81:23:b8:
                    ae:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A4:CA:7D:E4:3C:DD:45:FD:69:80:14:2C:24:B9:B0:A7:42:69:79:72
            X509v3 Authority Key Identifier:
                keyid:B8:5E:AD:C2:EC:70:B3:0F:A4:22:5E:D7:FC:D5:73:0F:0C:7B:C6:16

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uF6twuxwsw-kIl7X_NVzDwx7xhY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a5/f07b18-19d7-41f2-af6b-bc7a208a5e2e/1/pMp95DzdRf1pgBQsJLmwp0JpeXI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a5/f07b18-19d7-41f2-af6b-bc7a208a5e2e/1/uF6twuxwsw-kIl7X_NVzDwx7xhY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.42.57.0/24

    Signature Algorithm: sha256WithRSAEncryption
         61:1b:08:8e:58:64:c0:83:23:1c:83:5c:47:27:86:29:8d:f9:
         a6:f6:00:24:06:2b:37:75:7a:af:cf:8f:5f:d0:d9:9f:6b:3f:
         ef:27:e2:a6:c1:2a:a5:37:38:3c:ef:ba:45:1a:90:86:3e:f0:
         e0:95:3f:bd:51:28:12:44:b2:b1:96:ba:c4:f5:e3:c0:2d:0b:
         a8:bb:9c:f3:e0:c1:5f:83:4f:2e:5d:00:96:ad:45:8e:9a:54:
         26:59:57:cf:04:b5:a9:66:84:f4:2b:6c:35:23:f3:2c:3f:a7:
         ad:bb:f7:2a:df:dc:a2:35:e0:d0:20:0a:db:2d:94:22:6f:7f:
         12:76:71:e1:30:33:f0:62:b4:35:aa:4b:b9:1e:bb:b7:b7:cb:
         48:6a:dc:f6:47:72:fa:db:8c:46:a9:f0:15:15:ae:7e:45:c0:
         71:01:42:51:22:03:58:a9:c0:40:95:ac:32:c7:9c:45:d7:f3:
         71:93:30:38:71:0b:f2:7c:a1:d9:75:56:e7:b0:94:24:03:09:
         3c:cf:dc:a4:d0:92:54:e2:f0:6d:9a:ae:93:b0:85:d2:ef:b2:
         1a:fc:8c:11:14:61:66:32:27:16:fa:7c:e8:d5:00:43:94:39:
         01:56:fc:c9:34:a9:d1:33:46:e4:ce:45:b1:3e:24:1c:c4:98:
         d4:55:fb:da
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQnR5So1RmLUnO1VGNbW5K+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI4NWVhZGMyZWM3MGIzMGZhNDIyNWVkN2ZjZDU3MzBmMGM3
YmM2MTYwHhcNMjUwMTAyMTM0OTUwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNGNhN2RlNDNjZGQ0NWZkNjk4MDE0MmMyNGI5YjBhNzQyNjk3OTcyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk9xG3l8Zb5b9IvpI0zU1Caoy19MN
FNbdLaIWSob2XJZnHME+56uDn9kJ5q2SZlXDT2GpfECJfE+YlPkEshmpmzVvws6e
EvHZTXUu2+b/OcLoYpg3Q82+txHLr75hCpYCslEDdt9P+Hy2SjW6h7Z7UzF/uL8X
+rwH3CcPlNcnrRjG0vvn9GgEy0hEGnGd5r6YvQSJ4zHpyNY3vqgY+lf17PiB9uSU
DOWl4stGEANQqyLAB+osfnY/dCqYMtc6YeAdMUxrIEkPmJyt9rNmDxipWbMIpHdk
nh0/K912YXYoiDNxR/ZSP+Kl6BL/lVvSecHrw+kN2OYG5XYeX/2BI7iulwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKTKfeQ83UX9aYAULCS5sKdCaXlyMB8GA1UdIwQY
MBaAFLhercLscLMPpCJe1/zVcw8Me8YWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdUY2dHd1eHdzdy1rSWw3WF9OVnpEd3g3eGhZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNS9mMDdiMTgtMTlkNy00MWYyLWFmNmIt
YmM3YTIwOGE1ZTJlLzEvcE1wOTVEemRSZjFwZ0JRc0pMbXdwMEpwZVhJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNS9mMDdiMTgtMTlkNy00MWYyLWFmNmItYmM3YTIwOGE1ZTJl
LzEvdUY2dHd1eHdzdy1rSWw3WF9OVnpEd3g3eGhZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAHyo5MA0G
CSqGSIb3DQEBCwUAA4IBAQBhGwiOWGTAgyMcg1xHJ4Ypjfmm9gAkBis3dXqvz49f
0Nmfaz/vJ+KmwSqlNzg877pFGpCGPvDglT+9USgSRLKxlrrE9ePALQuou5zz4MFf
g08uXQCWrUWOmlQmWVfPBLWpZoT0K2w1I/MsP6etu/cq39yiNeDQIArbLZQib38S
dnHhMDPwYrQ1qku5Hru3t8tIatz2R3L624xGqfAVFa5+RcBxAUJRIgNYqcBAlawy
x5xF1/NxkzA4cQvyfKHZdVbnsJQkAwk8z9yk0JJU4vBtmq6TsIXS77Ia/IwRFGFm
MicW+nzo1QBDlDkBVvzJNKnRM0bkzkWxPiQcxJjUVfva
-----END CERTIFICATE-----