Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ab/3dbd39-5f9f-48fb-9c01-bd6e3b026c37/1/0IHmyTelW8zpO-_QdR9UfSEkXAI.roa
File:                     0IHmyTelW8zpO-_QdR9UfSEkXAI.roa (raw, json)
Hash identifier:          UlYSOxczUbkdfKJ9miYaE+QEa9fb9mQhLOlffEgcsoY=
Subject key identifier:   D0:81:E6:C9:37:A5:5B:CC:E9:3B:EF:D0:75:1F:54:7D:21:24:5C:02
Certificate issuer:       /CN=31db847d1db1e0b2c2c25502210ff5a719967a19
Certificate serial:       019424B3F0DDDFAEF40577F30620668D9DB2
Authority key identifier: 31:DB:84:7D:1D:B1:E0:B2:C2:C2:55:02:21:0F:F5:A7:19:96:7A:19
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MduEfR2x4LLCwlUCIQ_1pxmWehk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ab/3dbd39-5f9f-48fb-9c01-bd6e3b026c37/1/0IHmyTelW8zpO-_QdR9UfSEkXAI.roa
Signing time:             Thu 02 Jan 2025 01:49:19 +0000
ROA not before:           Thu 02 Jan 2025 01:49:19 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     63902
IP address blocks:        185.238.212.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ab/3dbd39-5f9f-48fb-9c01-bd6e3b026c37/1/MduEfR2x4LLCwlUCIQ_1pxmWehk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ab/3dbd39-5f9f-48fb-9c01-bd6e3b026c37/1/MduEfR2x4LLCwlUCIQ_1pxmWehk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MduEfR2x4LLCwlUCIQ_1pxmWehk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 09 Apr 2025 08:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:b3:f0:dd:df:ae:f4:05:77:f3:06:20:66:8d:9d:b2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=31db847d1db1e0b2c2c25502210ff5a719967a19
        Validity
            Not Before: Jan  2 01:49:19 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d081e6c937a55bcce93befd0751f547d21245c02
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:52:c4:ec:9a:4d:85:74:f3:5e:3c:d2:60:e0:
                    a4:e6:85:13:e9:e7:6a:d7:85:cf:c6:5e:2f:58:3a:
                    0c:52:f9:4e:e9:89:bf:0b:96:c3:8f:26:f8:97:0a:
                    23:f3:99:6e:75:a9:4c:8e:e2:1d:60:0e:e9:97:9b:
                    90:82:1a:af:45:8a:8b:6e:2a:18:b8:12:1f:b6:d0:
                    7a:d8:8d:b4:5c:c2:6c:0c:32:13:aa:c8:ae:f0:5c:
                    57:15:ee:91:73:cf:31:bb:2a:a8:4b:cb:b3:84:7f:
                    2a:e7:08:82:fd:08:73:99:a2:86:df:47:ae:1b:e9:
                    dc:95:c6:8c:e0:56:64:68:ef:8b:44:84:c7:df:27:
                    e4:5e:ff:69:4a:40:ca:4c:86:21:c6:07:59:fb:45:
                    f0:fe:f8:4d:8d:ed:4e:56:ba:12:fa:be:2c:c1:1e:
                    08:e6:34:83:ff:de:0b:b3:a8:45:db:7c:89:aa:5f:
                    f7:36:49:0c:85:50:2a:72:41:3e:24:42:bb:75:41:
                    ee:3d:3a:a4:0f:7c:41:07:2b:18:ab:bf:a5:ed:a1:
                    33:98:09:46:ff:a3:be:57:51:a2:fc:5f:df:25:8d:
                    35:ed:77:71:08:e7:f9:3b:37:a5:8c:81:fd:30:96:
                    ba:71:c9:82:8f:c3:b0:2e:c7:2d:86:76:76:04:57:
                    71:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D0:81:E6:C9:37:A5:5B:CC:E9:3B:EF:D0:75:1F:54:7D:21:24:5C:02
            X509v3 Authority Key Identifier:
                keyid:31:DB:84:7D:1D:B1:E0:B2:C2:C2:55:02:21:0F:F5:A7:19:96:7A:19

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MduEfR2x4LLCwlUCIQ_1pxmWehk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/3dbd39-5f9f-48fb-9c01-bd6e3b026c37/1/0IHmyTelW8zpO-_QdR9UfSEkXAI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/3dbd39-5f9f-48fb-9c01-bd6e3b026c37/1/MduEfR2x4LLCwlUCIQ_1pxmWehk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.238.212.0/23

    Signature Algorithm: sha256WithRSAEncryption
         0d:40:25:3c:86:5b:b3:38:54:4c:23:6d:8b:11:90:3d:db:e8:
         74:c2:47:c9:1b:c8:8a:b0:99:28:e1:64:c1:71:fa:b3:35:ab:
         9b:23:5b:60:99:94:6e:69:0a:0b:c2:b9:55:19:48:2a:91:bd:
         dc:49:3f:9f:24:03:49:c0:d4:19:c9:00:1e:da:44:90:cf:16:
         08:81:61:ff:ac:af:55:3e:a1:5c:7b:29:de:28:a6:38:79:05:
         a0:1b:f5:4e:28:24:81:9f:3d:61:c3:b1:ee:f7:36:57:d2:0c:
         58:4e:7c:92:1e:0d:48:30:3d:a7:af:fa:b0:27:40:66:13:79:
         1e:e7:cd:85:a9:48:2d:e3:3d:3b:4d:fa:ce:a9:29:6c:bd:b2:
         2b:7d:45:75:a7:c6:58:02:d1:79:75:9e:7e:70:95:73:4c:30:
         24:ba:37:9d:db:74:07:bd:25:34:fe:56:1d:91:c9:f6:be:28:
         44:dc:ff:dc:5d:b8:da:46:62:6a:63:69:c9:d2:94:68:0e:86:
         fd:8d:17:2e:02:6b:67:15:c3:3d:ad:8e:9f:f4:bf:24:91:03:
         99:2f:49:ce:db:f1:01:36:5e:a5:01:de:08:3f:29:58:5d:06:
         d9:64:bb:d5:db:f5:c4:41:fe:4a:98:8f:05:57:4e:8e:57:81:
         06:e6:10:e1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQks/Dd3670BXfzBiBmjZ2yMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMxZGI4NDdkMWRiMWUwYjJjMmMyNTUwMjIxMGZmNWE3MTk5
NjdhMTkwHhcNMjUwMTAyMDE0OTE5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMDgxZTZjOTM3YTU1YmNjZTkzYmVmZDA3NTFmNTQ3ZDIxMjQ1YzAyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAplLE7JpNhXTzXjzSYOCk5oUT6edq
14XPxl4vWDoMUvlO6Ym/C5bDjyb4lwoj85ludalMjuIdYA7pl5uQghqvRYqLbioY
uBIfttB62I20XMJsDDITqsiu8FxXFe6Rc88xuyqoS8uzhH8q5wiC/QhzmaKG30eu
G+nclcaM4FZkaO+LRITH3yfkXv9pSkDKTIYhxgdZ+0Xw/vhNje1OVroS+r4swR4I
5jSD/94Ls6hF23yJql/3NkkMhVAqckE+JEK7dUHuPTqkD3xBBysYq7+l7aEzmAlG
/6O+V1Gi/F/fJY017XdxCOf5OzeljIH9MJa6ccmCj8OwLscthnZ2BFdxhwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNCB5sk3pVvM6Tvv0HUfVH0hJFwCMB8GA1UdIwQY
MBaAFDHbhH0dseCywsJVAiEP9acZlnoZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTWR1RWZSMng0TExDd2xVQ0lRXzFweG1XZWhrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYi8zZGJkMzktNWY5Zi00OGZiLTljMDEt
YmQ2ZTNiMDI2YzM3LzEvMElIbXlUZWxXOHpwTy1fUWRSOVVmU0VrWEFJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYi8zZGJkMzktNWY5Zi00OGZiLTljMDEtYmQ2ZTNiMDI2YzM3
LzEvTWR1RWZSMng0TExDd2xVQ0lRXzFweG1XZWhrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBue7UMA0G
CSqGSIb3DQEBCwUAA4IBAQANQCU8hluzOFRMI22LEZA92+h0wkfJG8iKsJko4WTB
cfqzNaubI1tgmZRuaQoLwrlVGUgqkb3cST+fJANJwNQZyQAe2kSQzxYIgWH/rK9V
PqFceyneKKY4eQWgG/VOKCSBnz1hw7Hu9zZX0gxYTnySHg1IMD2nr/qwJ0BmE3ke
582FqUgt4z07TfrOqSlsvbIrfUV1p8ZYAtF5dZ5+cJVzTDAkujed23QHvSU0/lYd
kcn2vihE3P/cXbjaRmJqY2nJ0pRoDob9jRcuAmtnFcM9rY6f9L8kkQOZL0nO2/EB
Nl6lAd4IPylYXQbZZLvV2/XEQf5KmI8FV06OV4EG5hDh
-----END CERTIFICATE-----