Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b1/7916cd-4d2f-4f52-aeac-f1e9bc41d92f/1/1UnYoe8trzW_GgSpfZGfv_JmHSs.roa
File:                     1UnYoe8trzW_GgSpfZGfv_JmHSs.roa (raw, json)
Hash identifier:          GL46oY9ft0jCbwWPIAjk8KgYcddvUrm4Q8zoPC/vajY=
Subject key identifier:   D5:49:D8:A1:EF:2D:AF:35:BF:1A:04:A9:7D:91:9F:BF:F2:66:1D:2B
Certificate issuer:       /CN=32ed67002dc7307e8563b6e4934ccd5723a44f3e
Certificate serial:       019421B1E6C54CB068CEC3B247B824A3B441
Authority key identifier: 32:ED:67:00:2D:C7:30:7E:85:63:B6:E4:93:4C:CD:57:23:A4:4F:3E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Mu1nAC3HMH6FY7bkk0zNVyOkTz4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b1/7916cd-4d2f-4f52-aeac-f1e9bc41d92f/1/1UnYoe8trzW_GgSpfZGfv_JmHSs.roa
Signing time:             Wed 01 Jan 2025 11:48:14 +0000
ROA not before:           Wed 01 Jan 2025 11:48:14 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     204457
IP address blocks:        185.34.129.0/24 maxlen: 24
                          185.34.130.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b1/7916cd-4d2f-4f52-aeac-f1e9bc41d92f/1/Mu1nAC3HMH6FY7bkk0zNVyOkTz4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b1/7916cd-4d2f-4f52-aeac-f1e9bc41d92f/1/Mu1nAC3HMH6FY7bkk0zNVyOkTz4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Mu1nAC3HMH6FY7bkk0zNVyOkTz4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 07:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:b1:e6:c5:4c:b0:68:ce:c3:b2:47:b8:24:a3:b4:41
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=32ed67002dc7307e8563b6e4934ccd5723a44f3e
        Validity
            Not Before: Jan  1 11:48:14 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d549d8a1ef2daf35bf1a04a97d919fbff2661d2b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:7d:cc:2f:ed:80:b2:53:0a:cd:5a:e1:07:97:
                    3a:ef:44:d9:75:94:a9:53:8f:fe:26:37:f0:d6:6a:
                    75:82:c2:d6:2e:ac:9c:3f:01:65:c0:bf:fe:9f:cb:
                    20:b2:08:e5:5e:a3:e4:29:82:ee:58:6e:11:f7:57:
                    c4:e5:3f:72:c9:14:8e:36:99:17:9c:a4:41:29:a4:
                    f0:bb:f3:42:3f:b7:af:ae:f4:fd:ca:84:e6:4d:46:
                    da:57:79:02:ef:15:5a:b9:e7:fa:86:37:6f:f2:f8:
                    20:ed:cb:5b:88:6a:7c:2c:8f:a0:9e:7a:7a:11:02:
                    ee:25:dc:d9:7e:6b:38:3b:d1:a2:db:ad:ac:98:d1:
                    56:f9:f5:1b:e4:7c:86:1b:f9:13:eb:33:a3:33:c2:
                    6c:95:56:e5:37:1c:98:11:10:be:6f:53:7e:3a:88:
                    d5:0c:2d:26:9c:64:ae:60:32:77:81:ad:ea:09:da:
                    8e:22:ee:72:15:15:b3:05:5e:cb:31:5f:75:4b:af:
                    68:b6:49:bf:9f:df:cc:79:6a:c8:fe:a5:8d:ec:02:
                    64:1f:56:0e:39:61:93:da:e7:03:17:8e:f1:73:ef:
                    7f:e3:80:64:71:f2:3b:3d:9c:16:ec:27:8b:c3:20:
                    d4:18:21:9d:3b:a1:23:d3:31:08:56:fb:66:f7:a0:
                    55:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D5:49:D8:A1:EF:2D:AF:35:BF:1A:04:A9:7D:91:9F:BF:F2:66:1D:2B
            X509v3 Authority Key Identifier:
                keyid:32:ED:67:00:2D:C7:30:7E:85:63:B6:E4:93:4C:CD:57:23:A4:4F:3E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Mu1nAC3HMH6FY7bkk0zNVyOkTz4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/7916cd-4d2f-4f52-aeac-f1e9bc41d92f/1/1UnYoe8trzW_GgSpfZGfv_JmHSs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/7916cd-4d2f-4f52-aeac-f1e9bc41d92f/1/Mu1nAC3HMH6FY7bkk0zNVyOkTz4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.34.129.0-185.34.130.255

    Signature Algorithm: sha256WithRSAEncryption
         4f:39:59:28:f9:e2:1b:c9:c6:51:5d:9e:59:85:7b:fc:0d:07:
         c0:b2:85:64:8c:a7:c9:22:3f:d1:59:76:79:9f:f6:5e:c9:c8:
         58:cb:72:9e:be:47:ee:10:9c:95:e7:15:34:f8:89:f2:d6:bf:
         f2:07:e2:2b:5b:6f:79:2b:c8:b0:b4:2e:49:54:63:99:04:96:
         44:eb:db:7c:8e:91:60:0e:e8:d1:01:dc:c8:e7:34:ea:ff:a4:
         a2:3c:0b:7f:ba:39:e6:c3:fb:ef:ba:66:37:fb:1a:24:91:0f:
         4a:27:1a:e2:0c:bb:19:91:05:3c:a1:d3:1a:49:a2:08:de:e1:
         1d:54:6a:da:1b:c0:bf:29:61:9f:cb:16:0a:a4:8e:bf:38:17:
         c0:db:b9:44:af:3f:83:74:a7:c1:5a:94:42:50:3a:02:d9:16:
         ef:85:49:07:28:26:1d:84:0a:d1:5e:0c:5d:34:fe:c1:af:45:
         5f:fb:f6:fe:bd:36:82:9b:ec:d7:8a:4e:df:21:8e:d8:bd:9f:
         61:96:0d:66:36:51:ba:01:66:2f:cd:37:a3:80:b0:d1:8a:9e:
         5e:63:69:b0:ca:ad:d5:7f:5d:86:bc:94:2a:32:81:4c:d7:b0:
         f1:53:84:11:83:16:a6:15:cc:bc:b9:b0:5f:29:23:b6:29:5e:
         14:df:a8:d1
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZQhsebFTLBozsOyR7gko7RBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMyZWQ2NzAwMmRjNzMwN2U4NTYzYjZlNDkzNGNjZDU3MjNh
NDRmM2UwHhcNMjUwMTAxMTE0ODE0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNTQ5ZDhhMWVmMmRhZjM1YmYxYTA0YTk3ZDkxOWZiZmYyNjYxZDJiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApX3ML+2AslMKzVrhB5c670TZdZSp
U4/+Jjfw1mp1gsLWLqycPwFlwL/+n8sgsgjlXqPkKYLuWG4R91fE5T9yyRSONpkX
nKRBKaTwu/NCP7evrvT9yoTmTUbaV3kC7xVauef6hjdv8vgg7ctbiGp8LI+gnnp6
EQLuJdzZfms4O9Gi262smNFW+fUb5HyGG/kT6zOjM8JslVblNxyYERC+b1N+OojV
DC0mnGSuYDJ3ga3qCdqOIu5yFRWzBV7LMV91S69otkm/n9/MeWrI/qWN7AJkH1YO
OWGT2ucDF47xc+9/44BkcfI7PZwW7CeLwyDUGCGdO6Ej0zEIVvtm96BVIwIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFNVJ2KHvLa81vxoEqX2Rn7/yZh0rMB8GA1UdIwQY
MBaAFDLtZwAtxzB+hWO25JNMzVcjpE8+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTXUxbkFDM0hNSDZGWTdia2swek5WeU9rVHo0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMS83OTE2Y2QtNGQyZi00ZjUyLWFlYWMt
ZjFlOWJjNDFkOTJmLzEvMVVuWW9lOHRyeldfR2dTcGZaR2Z2X0ptSFNzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMS83OTE2Y2QtNGQyZi00ZjUyLWFlYWMtZjFlOWJjNDFkOTJm
LzEvTXUxbkFDM0hNSDZGWTdia2swek5WeU9rVHo0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBAC5IoED
BAC5IoIwDQYJKoZIhvcNAQELBQADggEBAE85WSj54hvJxlFdnlmFe/wNB8CyhWSM
p8kiP9FZdnmf9l7JyFjLcp6+R+4QnJXnFTT4ifLWv/IH4itbb3kryLC0LklUY5kE
lkTr23yOkWAO6NEB3MjnNOr/pKI8C3+6OebD+++6Zjf7GiSRD0onGuIMuxmRBTyh
0xpJogje4R1UatobwL8pYZ/LFgqkjr84F8DbuUSvP4N0p8FalEJQOgLZFu+FSQco
Jh2ECtFeDF00/sGvRV/79v69NoKb7NeKTt8hjti9n2GWDWY2UboBZi/NN6OAsNGK
nl5jabDKrdV/XYa8lCoygUzXsPFThBGDFqYVzLy5sF8pI7YpXhTfqNE=
-----END CERTIFICATE-----