Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c2/64cdbd-c851-4b35-bb79-753d969a0702/1/RUJrM9R2Q01CiiseZx6BuCkPhi8.roa
File:                     RUJrM9R2Q01CiiseZx6BuCkPhi8.roa (raw, json)
Hash identifier:          ud9fyI+JnGNFQZazgaWgNO5UTDdn2ppqyRqse6KTBD4=
Subject key identifier:   45:42:6B:33:D4:76:43:4D:42:8A:2B:1E:67:1E:81:B8:29:0F:86:2F
Certificate issuer:       /CN=49b2444644c43348d7c50f4e50e74356e9896dbf
Certificate serial:       0194228D8802E5301A12C855B354DAEB5562
Authority key identifier: 49:B2:44:46:44:C4:33:48:D7:C5:0F:4E:50:E7:43:56:E9:89:6D:BF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/SbJERkTEM0jXxQ9OUOdDVumJbb8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c2/64cdbd-c851-4b35-bb79-753d969a0702/1/RUJrM9R2Q01CiiseZx6BuCkPhi8.roa
Signing time:             Wed 01 Jan 2025 15:48:08 +0000
ROA not before:           Wed 01 Jan 2025 15:48:08 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     25540
IP address blocks:        185.85.233.0/24 maxlen: 24
                          185.85.235.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c2/64cdbd-c851-4b35-bb79-753d969a0702/1/SbJERkTEM0jXxQ9OUOdDVumJbb8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c2/64cdbd-c851-4b35-bb79-753d969a0702/1/SbJERkTEM0jXxQ9OUOdDVumJbb8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/SbJERkTEM0jXxQ9OUOdDVumJbb8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 10 Apr 2025 07:00:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:8d:88:02:e5:30:1a:12:c8:55:b3:54:da:eb:55:62
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=49b2444644c43348d7c50f4e50e74356e9896dbf
        Validity
            Not Before: Jan  1 15:48:08 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=45426b33d476434d428a2b1e671e81b8290f862f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:06:f0:52:ad:5d:26:50:d9:7d:75:86:2a:7b:
                    fa:a5:15:2e:61:34:49:4e:82:b6:a7:bb:15:7a:e8:
                    56:f8:f6:12:d7:6e:a5:bd:37:09:70:15:fb:f5:40:
                    2b:e0:ed:e7:da:3a:e2:f3:c9:59:e5:69:6e:03:bf:
                    da:29:dc:63:93:5c:31:2c:17:7e:e5:94:51:8d:86:
                    d6:66:7a:1b:75:1a:72:09:f4:f7:07:0c:fa:67:3a:
                    cd:8a:23:c0:b1:1f:88:17:b4:30:1c:66:18:da:95:
                    a6:91:84:92:da:48:89:74:2c:c0:f4:32:fd:14:55:
                    42:70:bf:42:0a:03:ee:40:af:4f:c0:d3:59:3e:b5:
                    9a:a8:ef:7a:34:61:ab:a4:fc:0a:d0:ea:23:fe:ae:
                    a6:c0:03:52:25:98:3f:b2:ca:ea:55:bb:ff:0a:7d:
                    f9:9d:63:b0:b2:f4:5a:70:8c:ff:99:9b:1c:48:b7:
                    be:aa:0e:1b:9b:e4:ac:ec:dc:45:7c:5c:56:bb:b1:
                    04:88:f4:da:75:c8:8d:ed:ed:90:27:43:0c:cf:6b:
                    50:34:56:f8:a7:af:99:01:73:1b:da:04:b1:b7:eb:
                    68:97:b2:d5:d0:d9:4c:2f:2f:bc:c0:f2:a1:47:83:
                    5f:05:5b:20:41:cb:46:3b:1e:f9:55:11:1f:f1:25:
                    bc:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                45:42:6B:33:D4:76:43:4D:42:8A:2B:1E:67:1E:81:B8:29:0F:86:2F
            X509v3 Authority Key Identifier:
                keyid:49:B2:44:46:44:C4:33:48:D7:C5:0F:4E:50:E7:43:56:E9:89:6D:BF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SbJERkTEM0jXxQ9OUOdDVumJbb8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c2/64cdbd-c851-4b35-bb79-753d969a0702/1/RUJrM9R2Q01CiiseZx6BuCkPhi8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c2/64cdbd-c851-4b35-bb79-753d969a0702/1/SbJERkTEM0jXxQ9OUOdDVumJbb8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.85.233.0/24
                  185.85.235.0/24

    Signature Algorithm: sha256WithRSAEncryption
         06:35:d0:7b:a8:29:0c:89:1f:b4:61:90:b4:3d:5f:aa:d1:0e:
         91:7a:d8:ca:ce:f4:32:20:68:a1:18:93:14:44:c1:69:aa:2b:
         15:5a:be:6e:45:14:4c:6b:45:d6:cc:3f:3e:1e:5f:64:d6:b6:
         27:41:9a:db:c6:ee:ea:f4:b6:80:16:29:3b:a6:35:76:ac:1d:
         bf:a2:bb:39:37:d3:c5:9a:d4:4c:e6:b0:b9:35:f5:90:0a:74:
         a6:30:21:fe:74:b9:5e:a9:51:93:69:e4:cd:65:06:eb:7c:df:
         83:8b:82:d2:d3:b8:e2:33:d4:17:c1:c3:24:8e:fb:12:28:cb:
         57:1b:c4:6a:78:52:c8:8f:ca:6b:32:6d:1b:b9:8a:77:c5:c6:
         3a:75:3f:56:be:55:c6:66:78:7b:b7:fa:3e:a5:b3:a6:17:88:
         42:da:10:31:4f:62:e4:d2:32:d1:6f:ab:05:f1:7a:87:61:24:
         10:69:6e:31:46:33:2f:be:fc:34:3e:30:b0:12:57:f9:54:de:
         f9:9f:b6:52:a9:b8:68:eb:bf:ef:7e:47:0d:d9:82:93:6b:c4:
         55:92:9e:54:60:e7:fc:93:e3:63:c4:c1:3a:f1:f9:1d:ff:22:
         66:e5:07:4e:87:cb:a5:4e:73:bb:63:a7:4a:0f:3f:b2:04:3a:
         52:c7:1c:9f
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQijYgC5TAaEshVs1Ta61ViMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ5YjI0NDQ2NDRjNDMzNDhkN2M1MGY0ZTUwZTc0MzU2ZTk4
OTZkYmYwHhcNMjUwMTAxMTU0ODA4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NTQyNmIzM2Q0NzY0MzRkNDI4YTJiMWU2NzFlODFiODI5MGY4NjJmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlgbwUq1dJlDZfXWGKnv6pRUuYTRJ
ToK2p7sVeuhW+PYS126lvTcJcBX79UAr4O3n2jri88lZ5WluA7/aKdxjk1wxLBd+
5ZRRjYbWZnobdRpyCfT3Bwz6ZzrNiiPAsR+IF7QwHGYY2pWmkYSS2kiJdCzA9DL9
FFVCcL9CCgPuQK9PwNNZPrWaqO96NGGrpPwK0Ooj/q6mwANSJZg/ssrqVbv/Cn35
nWOwsvRacIz/mZscSLe+qg4bm+Ss7NxFfFxWu7EEiPTadciN7e2QJ0MMz2tQNFb4
p6+ZAXMb2gSxt+tol7LV0NlMLy+8wPKhR4NfBVsgQctGOx75VREf8SW8MwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFEVCazPUdkNNQoorHmcegbgpD4YvMB8GA1UdIwQY
MBaAFEmyREZExDNI18UPTlDnQ1bpiW2/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU2JKRVJrVEVNMGpYeFE5T1VPZERWdW1KYmI4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMi82NGNkYmQtYzg1MS00YjM1LWJiNzkt
NzUzZDk2OWEwNzAyLzEvUlVKck05UjJRMDFDaWlzZVp4NkJ1Q2tQaGk4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMi82NGNkYmQtYzg1MS00YjM1LWJiNzktNzUzZDk2OWEwNzAy
LzEvU2JKRVJrVEVNMGpYeFE5T1VPZERWdW1KYmI4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAuVXpAwQA
uVXrMA0GCSqGSIb3DQEBCwUAA4IBAQAGNdB7qCkMiR+0YZC0PV+q0Q6RetjKzvQy
IGihGJMURMFpqisVWr5uRRRMa0XWzD8+Hl9k1rYnQZrbxu7q9LaAFik7pjV2rB2/
ors5N9PFmtRM5rC5NfWQCnSmMCH+dLleqVGTaeTNZQbrfN+Di4LS07jiM9QXwcMk
jvsSKMtXG8RqeFLIj8prMm0buYp3xcY6dT9WvlXGZnh7t/o+pbOmF4hC2hAxT2Lk
0jLRb6sF8XqHYSQQaW4xRjMvvvw0PjCwElf5VN75n7ZSqbho67/vfkcN2YKTa8RV
kp5UYOf8k+NjxME68fkd/yJm5QdOh8ulTnO7Y6dKDz+yBDpSxxyf
-----END CERTIFICATE-----