Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/DQvnB8g8ydfr1eRuAPBU05IBCSY.roa
File:                     DQvnB8g8ydfr1eRuAPBU05IBCSY.roa (raw, json)
Hash identifier:          3PoHiqHAODeR+6H4KfoCCFru1dqX91tPZMvp0yS6YsQ=
Subject key identifier:   0D:0B:E7:07:C8:3C:C9:D7:EB:D5:E4:6E:00:F0:54:D3:92:01:09:26
Certificate issuer:       /CN=b4f96345d3f22edb395d247f7b86d2d73e4a0091
Certificate serial:       019423D73091AECF0008B0B0F260D1E02A53
Authority key identifier: B4:F9:63:45:D3:F2:2E:DB:39:5D:24:7F:7B:86:D2:D7:3E:4A:00:91
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/DQvnB8g8ydfr1eRuAPBU05IBCSY.roa
Signing time:             Wed 01 Jan 2025 21:48:12 +0000
ROA not before:           Wed 01 Jan 2025 21:48:12 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215646
IP address blocks:        185.114.75.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/tPljRdPyLts5XSR_e4bS1z5KAJE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/tPljRdPyLts5XSR_e4bS1z5KAJE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 10:07:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:d7:30:91:ae:cf:00:08:b0:b0:f2:60:d1:e0:2a:53
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b4f96345d3f22edb395d247f7b86d2d73e4a0091
        Validity
            Not Before: Jan  1 21:48:12 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0d0be707c83cc9d7ebd5e46e00f054d392010926
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:28:61:4d:4a:6a:38:b1:24:b9:2d:ac:79:e2:
                    e5:04:52:02:1f:91:a8:63:5d:af:c7:00:cb:c6:e7:
                    14:22:83:55:72:79:2e:f9:56:8c:85:aa:d5:ae:33:
                    5d:7b:1d:08:64:15:95:d4:4e:99:3d:2c:77:e2:44:
                    9e:55:c5:92:11:4b:8c:e8:3f:97:97:b7:ee:4a:71:
                    28:ee:c9:a8:46:eb:72:88:64:e2:4b:72:93:e3:95:
                    2e:15:0c:4c:89:08:73:d8:71:1a:b7:7b:44:4e:ae:
                    6b:ee:85:a0:44:0b:19:be:5c:68:ec:24:a5:2d:bb:
                    b0:d0:0e:cf:36:17:35:ba:31:73:09:8e:2b:9c:02:
                    f1:f5:b6:d3:53:32:a2:51:60:7f:17:db:e1:02:7d:
                    76:41:4d:ff:37:47:b6:b7:2b:26:23:89:f6:d0:78:
                    be:50:2a:da:93:69:d7:ff:17:5d:ba:2b:4b:04:e3:
                    c9:60:08:e7:07:18:9a:7f:31:83:70:f3:42:16:2f:
                    3d:57:36:82:3e:2a:a5:31:e3:c5:12:88:76:c1:4d:
                    c9:1a:68:61:80:62:cb:37:c9:31:f7:5e:03:24:ea:
                    0c:dc:a9:27:06:2f:e7:10:a1:d4:4a:5b:d9:3d:a9:
                    a5:f3:f3:35:0a:8f:6c:78:de:75:b1:11:aa:a6:90:
                    8c:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0D:0B:E7:07:C8:3C:C9:D7:EB:D5:E4:6E:00:F0:54:D3:92:01:09:26
            X509v3 Authority Key Identifier:
                keyid:B4:F9:63:45:D3:F2:2E:DB:39:5D:24:7F:7B:86:D2:D7:3E:4A:00:91

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/DQvnB8g8ydfr1eRuAPBU05IBCSY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/tPljRdPyLts5XSR_e4bS1z5KAJE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.114.75.0/24

    Signature Algorithm: sha256WithRSAEncryption
         38:e1:76:c4:e0:1b:c4:3a:6d:e0:a4:3b:80:b1:5e:2c:7b:20:
         7b:33:e2:d2:a8:c3:55:6c:b0:55:ae:f7:93:de:18:21:26:bc:
         c8:ea:0f:7c:6a:72:e6:33:2d:fa:56:2a:4e:91:ad:51:82:65:
         1f:e5:78:c3:70:44:49:25:a5:3c:c7:05:f5:bc:da:4a:68:09:
         e3:63:a8:ec:b6:1f:83:82:2a:53:be:34:8c:bc:6f:24:f5:ef:
         8e:aa:59:b4:1e:cd:18:6c:07:0a:ac:9e:d7:5a:db:8c:2b:e1:
         1d:96:78:1f:2d:10:c2:19:6d:be:34:fd:8f:77:5f:ee:bf:c2:
         cf:c6:17:97:d8:8c:00:7f:6c:2b:1f:d7:46:2f:bf:0a:b5:1b:
         c4:18:65:f4:57:e1:6a:0f:22:a8:ce:2f:af:81:3d:81:ba:8e:
         47:26:b9:af:fb:4f:a2:7a:19:a9:2a:71:73:ec:be:f8:b1:e5:
         99:16:f8:bf:c8:5a:0c:c2:10:b6:ae:3b:cc:3c:a3:51:36:e1:
         84:0a:62:8c:b3:3d:09:f9:ad:ae:c2:7b:a2:90:40:71:85:a8:
         bd:fa:7c:36:a9:bb:02:d9:7d:fb:fb:9e:56:6b:91:53:4c:9a:
         17:75:de:5c:cd:32:73:e4:07:80:7c:90:68:51:4c:6a:11:7b:
         0b:a8:0a:5d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQj1zCRrs8ACLCw8mDR4CpTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0Zjk2MzQ1ZDNmMjJlZGIzOTVkMjQ3ZjdiODZkMmQ3M2U0
YTAwOTEwHhcNMjUwMTAxMjE0ODEyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZDBiZTcwN2M4M2NjOWQ3ZWJkNWU0NmUwMGYwNTRkMzkyMDEwOTI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzChhTUpqOLEkuS2seeLlBFICH5Go
Y12vxwDLxucUIoNVcnku+VaMharVrjNdex0IZBWV1E6ZPSx34kSeVcWSEUuM6D+X
l7fuSnEo7smoRutyiGTiS3KT45UuFQxMiQhz2HEat3tETq5r7oWgRAsZvlxo7CSl
Lbuw0A7PNhc1ujFzCY4rnALx9bbTUzKiUWB/F9vhAn12QU3/N0e2tysmI4n20Hi+
UCrak2nX/xdduitLBOPJYAjnBxiafzGDcPNCFi89VzaCPiqlMePFEoh2wU3JGmhh
gGLLN8kx914DJOoM3KknBi/nEKHUSlvZPaml8/M1Co9seN51sRGqppCMQwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFA0L5wfIPMnX69XkbgDwVNOSAQkmMB8GA1UdIwQY
MBaAFLT5Y0XT8i7bOV0kf3uG0tc+SgCRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdFBsalJkUHlMdHM1WFNSX2U0YlMxejVLQUpFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNS84ZTEyMWQtNzNiMy00MzhhLTgzYzQt
NmZjMzQzZDc3Y2QyLzEvRFF2bkI4Zzh5ZGZyMWVSdUFQQlUwNUlCQ1NZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNS84ZTEyMWQtNzNiMy00MzhhLTgzYzQtNmZjMzQzZDc3Y2Qy
LzEvdFBsalJkUHlMdHM1WFNSX2U0YlMxejVLQUpFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuXJLMA0G
CSqGSIb3DQEBCwUAA4IBAQA44XbE4BvEOm3gpDuAsV4seyB7M+LSqMNVbLBVrveT
3hghJrzI6g98anLmMy36VipOka1RgmUf5XjDcERJJaU8xwX1vNpKaAnjY6jsth+D
gipTvjSMvG8k9e+Oqlm0Hs0YbAcKrJ7XWtuMK+EdlngfLRDCGW2+NP2Pd1/uv8LP
xheX2IwAf2wrH9dGL78KtRvEGGX0V+FqDyKozi+vgT2Buo5HJrmv+0+iehmpKnFz
7L74seWZFvi/yFoMwhC2rjvMPKNRNuGECmKMsz0J+a2uwnuikEBxhai9+nw2qbsC
2X37+55Wa5FTTJoXdd5czTJz5AeAfJBoUUxqEXsLqApd
-----END CERTIFICATE-----