Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c2/64cdbd-c851-4b35-bb79-753d969a0702/1/MErMEgT0Mlg4NzXbifAxY_vYJ18.roa
File:                     MErMEgT0Mlg4NzXbifAxY_vYJ18.roa (raw, json)
Hash identifier:          kZo3foZgB/DZe3VgEb3C47cfvC/YSEn388ZX35kgFPI=
Subject key identifier:   30:4A:CC:12:04:F4:32:58:38:37:35:DB:89:F0:31:63:FB:D8:27:5F
Certificate issuer:       /CN=49b2444644c43348d7c50f4e50e74356e9896dbf
Certificate serial:       0194228D884D52F2B9D2398BDB420044AF36
Authority key identifier: 49:B2:44:46:44:C4:33:48:D7:C5:0F:4E:50:E7:43:56:E9:89:6D:BF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/SbJERkTEM0jXxQ9OUOdDVumJbb8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c2/64cdbd-c851-4b35-bb79-753d969a0702/1/MErMEgT0Mlg4NzXbifAxY_vYJ18.roa
Signing time:             Wed 01 Jan 2025 15:48:08 +0000
ROA not before:           Wed 01 Jan 2025 15:48:08 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     30781
IP address blocks:        185.85.234.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c2/64cdbd-c851-4b35-bb79-753d969a0702/1/SbJERkTEM0jXxQ9OUOdDVumJbb8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c2/64cdbd-c851-4b35-bb79-753d969a0702/1/SbJERkTEM0jXxQ9OUOdDVumJbb8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/SbJERkTEM0jXxQ9OUOdDVumJbb8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 22:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:8d:88:4d:52:f2:b9:d2:39:8b:db:42:00:44:af:36
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=49b2444644c43348d7c50f4e50e74356e9896dbf
        Validity
            Not Before: Jan  1 15:48:08 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=304acc1204f43258383735db89f03163fbd8275f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:42:0b:93:ea:a4:e4:f2:31:39:24:ee:62:a8:
                    4d:7f:10:ef:f3:53:f3:be:df:9b:10:30:76:1a:73:
                    df:83:06:2c:04:00:4e:5e:98:5a:2e:fe:57:bd:9f:
                    56:71:d3:ac:a3:85:5d:2d:7a:a9:53:73:9e:a4:3f:
                    fe:34:2e:c8:dd:58:69:3e:23:8a:0b:9e:3a:06:50:
                    07:55:05:33:dc:2c:65:2c:50:c3:c1:ee:20:a7:24:
                    06:44:c9:8b:74:9f:cb:2f:c6:01:f2:47:63:9b:98:
                    2e:8f:d8:76:cb:06:17:ca:0a:a4:70:ef:1d:69:cb:
                    13:3f:00:0a:c7:68:56:f3:ec:85:74:b8:60:71:1f:
                    2d:4e:d6:ed:1b:33:77:b1:51:9d:1c:e5:13:97:d4:
                    de:41:a3:5b:36:9c:c0:db:d4:2e:4b:69:22:50:6e:
                    01:0e:ac:4a:ae:21:d9:cd:43:d6:a6:21:a9:c0:90:
                    57:fc:d0:f9:ca:02:3f:f4:fb:0c:33:9d:6e:e6:d4:
                    fa:c9:be:44:b8:b3:93:6a:e6:48:4a:5d:4f:b0:80:
                    c3:e0:92:20:ee:29:47:c1:74:30:0d:ce:c6:83:50:
                    0c:b4:c9:87:4b:f3:99:93:73:50:26:30:82:37:e6:
                    da:ec:57:bf:73:7b:32:eb:4c:ce:a8:6c:63:4e:79:
                    97:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                30:4A:CC:12:04:F4:32:58:38:37:35:DB:89:F0:31:63:FB:D8:27:5F
            X509v3 Authority Key Identifier:
                keyid:49:B2:44:46:44:C4:33:48:D7:C5:0F:4E:50:E7:43:56:E9:89:6D:BF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SbJERkTEM0jXxQ9OUOdDVumJbb8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c2/64cdbd-c851-4b35-bb79-753d969a0702/1/MErMEgT0Mlg4NzXbifAxY_vYJ18.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c2/64cdbd-c851-4b35-bb79-753d969a0702/1/SbJERkTEM0jXxQ9OUOdDVumJbb8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.85.234.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b4:de:1d:60:e6:17:cb:11:74:5d:ed:f3:48:7c:2b:c7:d2:22:
         ea:4f:e2:15:b3:38:fd:15:af:a7:67:33:23:50:18:ec:5f:cc:
         90:e7:ba:60:9b:64:13:75:68:8a:c0:ad:75:d4:f7:da:ff:12:
         80:49:94:2e:05:12:a4:26:b2:74:1a:00:ac:c0:f7:2e:f3:f2:
         7f:f3:88:55:81:1e:01:0d:0a:d3:70:f3:6b:cf:dc:ce:19:6d:
         b1:f8:71:be:41:10:22:46:ba:1a:71:93:7b:e6:24:fa:b5:a4:
         92:21:f7:a2:09:41:ed:b7:bc:cf:4d:f4:b7:78:d9:ff:e9:c9:
         a9:6e:74:06:40:a5:1c:53:ca:d8:8e:61:63:2c:21:fa:a5:1f:
         50:dc:24:17:af:41:68:45:68:e3:68:d8:60:d1:38:1a:fd:79:
         5a:33:26:f0:18:f6:55:15:c1:ae:ab:ec:0b:f7:b5:0c:0c:ed:
         ca:2b:41:d1:e8:21:15:78:64:2d:24:55:44:6b:75:49:97:01:
         78:3c:45:d6:fd:bb:fd:d8:0b:7d:c0:d3:14:79:e4:b8:32:5e:
         8f:0c:15:91:cc:05:83:c4:36:89:9b:9f:55:91:54:94:08:e0:
         be:fb:fa:97:1b:02:4b:a2:a3:79:15:f6:d9:c3:dc:77:32:1f:
         63:89:cf:ee
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQijYhNUvK50jmL20IARK82MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ5YjI0NDQ2NDRjNDMzNDhkN2M1MGY0ZTUwZTc0MzU2ZTk4
OTZkYmYwHhcNMjUwMTAxMTU0ODA4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMDRhY2MxMjA0ZjQzMjU4MzgzNzM1ZGI4OWYwMzE2M2ZiZDgyNzVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqEILk+qk5PIxOSTuYqhNfxDv81Pz
vt+bEDB2GnPfgwYsBABOXphaLv5XvZ9WcdOso4VdLXqpU3OepD/+NC7I3VhpPiOK
C546BlAHVQUz3CxlLFDDwe4gpyQGRMmLdJ/LL8YB8kdjm5guj9h2ywYXygqkcO8d
acsTPwAKx2hW8+yFdLhgcR8tTtbtGzN3sVGdHOUTl9TeQaNbNpzA29QuS2kiUG4B
DqxKriHZzUPWpiGpwJBX/ND5ygI/9PsMM51u5tT6yb5EuLOTauZISl1PsIDD4JIg
7ilHwXQwDc7Gg1AMtMmHS/OZk3NQJjCCN+ba7Fe/c3sy60zOqGxjTnmXHwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDBKzBIE9DJYODc124nwMWP72CdfMB8GA1UdIwQY
MBaAFEmyREZExDNI18UPTlDnQ1bpiW2/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU2JKRVJrVEVNMGpYeFE5T1VPZERWdW1KYmI4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMi82NGNkYmQtYzg1MS00YjM1LWJiNzkt
NzUzZDk2OWEwNzAyLzEvTUVyTUVnVDBNbGc0TnpYYmlmQXhZX3ZZSjE4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMi82NGNkYmQtYzg1MS00YjM1LWJiNzktNzUzZDk2OWEwNzAy
LzEvU2JKRVJrVEVNMGpYeFE5T1VPZERWdW1KYmI4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuVXqMA0G
CSqGSIb3DQEBCwUAA4IBAQC03h1g5hfLEXRd7fNIfCvH0iLqT+IVszj9Fa+nZzMj
UBjsX8yQ57pgm2QTdWiKwK111Pfa/xKASZQuBRKkJrJ0GgCswPcu8/J/84hVgR4B
DQrTcPNrz9zOGW2x+HG+QRAiRroacZN75iT6taSSIfeiCUHtt7zPTfS3eNn/6cmp
bnQGQKUcU8rYjmFjLCH6pR9Q3CQXr0FoRWjjaNhg0Tga/XlaMybwGPZVFcGuq+wL
97UMDO3KK0HR6CEVeGQtJFVEa3VJlwF4PEXW/bv92At9wNMUeeS4Ml6PDBWRzAWD
xDaJm59VkVSUCOC++/qXGwJLoqN5FfbZw9x3Mh9jic/u
-----END CERTIFICATE-----