Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cb/5116f3-f454-4d70-b9d4-081b179933c4/1/IUMtGwo7cTFP42D9nrk7-OpkQvQ.roa
File:                     IUMtGwo7cTFP42D9nrk7-OpkQvQ.roa (raw, json)
Hash identifier:          c6c/rj/fNAeM/ZuHFO3HQMFeZ6ws+kGa19bAnjrXmhM=
Subject key identifier:   21:43:2D:1B:0A:3B:71:31:4F:E3:60:FD:9E:B9:3B:F8:EA:64:42:F4
Certificate issuer:       /CN=05424afa4bcee7654bdf3ab791656e4445c2f95a
Certificate serial:       0194221FC47DAF72AC9EF00A318515183E0E
Authority key identifier: 05:42:4A:FA:4B:CE:E7:65:4B:DF:3A:B7:91:65:6E:44:45:C2:F9:5A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BUJK-kvO52VL3zq3kWVuREXC-Vo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cb/5116f3-f454-4d70-b9d4-081b179933c4/1/IUMtGwo7cTFP42D9nrk7-OpkQvQ.roa
Signing time:             Wed 01 Jan 2025 13:48:14 +0000
ROA not before:           Wed 01 Jan 2025 13:48:14 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     49556
IP address blocks:        185.31.8.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cb/5116f3-f454-4d70-b9d4-081b179933c4/1/BUJK-kvO52VL3zq3kWVuREXC-Vo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cb/5116f3-f454-4d70-b9d4-081b179933c4/1/BUJK-kvO52VL3zq3kWVuREXC-Vo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BUJK-kvO52VL3zq3kWVuREXC-Vo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 17 Apr 2025 13:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:1f:c4:7d:af:72:ac:9e:f0:0a:31:85:15:18:3e:0e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05424afa4bcee7654bdf3ab791656e4445c2f95a
        Validity
            Not Before: Jan  1 13:48:14 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=21432d1b0a3b71314fe360fd9eb93bf8ea6442f4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:87:7f:75:49:33:e6:1f:12:71:e7:8e:7d:20:
                    9f:dc:3e:56:88:80:2a:62:9a:44:8d:c1:c2:e2:4a:
                    69:59:17:38:d0:eb:16:b9:98:cc:dc:e3:89:e5:ce:
                    41:ad:31:8c:ba:00:ed:68:27:af:af:45:c6:35:ba:
                    b5:78:39:38:26:a4:7a:e7:91:bc:fa:7d:92:b2:cf:
                    ac:a1:24:e4:1c:ed:75:65:47:1c:b0:79:e3:94:42:
                    6f:44:b1:a2:5d:b8:f3:c6:13:c9:b2:3a:3d:0d:0e:
                    42:c1:1d:19:4e:26:24:39:bc:c2:84:a3:77:9a:b9:
                    07:2a:80:c2:fc:44:36:16:d0:27:e0:d0:46:77:16:
                    60:85:11:4d:39:c0:d3:07:77:c5:2a:e2:ca:db:16:
                    e3:8e:b1:89:3a:85:37:00:8f:d6:9b:d0:20:01:02:
                    37:4a:08:75:a7:b4:7c:25:85:e9:36:04:21:29:62:
                    4f:9e:98:5e:87:31:4a:06:8b:84:11:8c:07:aa:27:
                    3d:1f:66:69:5f:ff:80:00:98:5b:39:bd:31:6c:fa:
                    3e:68:b2:45:e1:f0:6f:9e:2d:a4:c3:0b:96:7b:2a:
                    47:39:de:b8:6a:89:c5:53:f6:d7:b6:67:52:90:66:
                    64:93:f5:48:fb:cb:04:da:18:f5:27:51:50:56:fb:
                    43:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                21:43:2D:1B:0A:3B:71:31:4F:E3:60:FD:9E:B9:3B:F8:EA:64:42:F4
            X509v3 Authority Key Identifier:
                keyid:05:42:4A:FA:4B:CE:E7:65:4B:DF:3A:B7:91:65:6E:44:45:C2:F9:5A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BUJK-kvO52VL3zq3kWVuREXC-Vo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cb/5116f3-f454-4d70-b9d4-081b179933c4/1/IUMtGwo7cTFP42D9nrk7-OpkQvQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cb/5116f3-f454-4d70-b9d4-081b179933c4/1/BUJK-kvO52VL3zq3kWVuREXC-Vo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.31.8.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b5:57:2a:5c:d6:72:b6:47:0c:fb:1b:9b:26:f5:ed:d6:5c:11:
         1c:fa:b7:bd:b3:e0:52:35:ee:a4:ef:6d:a4:f4:34:7f:24:20:
         6e:71:ca:e3:65:22:2a:3b:35:22:64:8f:f8:fd:e1:2e:f5:c4:
         2d:83:36:31:0c:4b:42:c7:de:75:f8:47:cc:d4:0e:6d:54:4e:
         9d:39:6f:b3:69:ac:2c:b4:35:70:e9:c2:97:a9:59:ab:05:2e:
         4c:82:0e:c9:c4:c2:05:5d:e9:28:d6:93:82:10:08:8c:e6:b9:
         a0:42:3a:87:5a:b8:5f:4d:76:44:6e:ba:3a:1f:24:71:7b:92:
         dc:94:f4:f8:71:1e:db:60:c4:e2:72:90:6f:c3:f0:5b:0c:ca:
         09:54:cf:65:8b:21:18:d6:b0:57:e4:b6:9d:0d:92:a3:c2:71:
         7b:8b:41:bf:df:c1:ef:27:78:0f:4a:df:da:f4:d5:37:04:82:
         0f:31:ab:79:c9:56:0c:f6:f6:51:5d:c4:e5:ed:9f:e1:cf:9e:
         10:ad:fa:e0:1f:5b:7e:52:d3:05:24:34:71:a0:65:dc:92:85:
         a0:a1:fc:97:3d:ac:5b:83:53:76:3c:97:6d:cf:1d:12:91:48:
         cc:f3:80:eb:cf:95:97:69:c8:d6:4d:1e:a3:e9:2e:2f:ac:78:
         3c:1f:28:99
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQiH8R9r3KsnvAKMYUVGD4OMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1NDI0YWZhNGJjZWU3NjU0YmRmM2FiNzkxNjU2ZTQ0NDVj
MmY5NWEwHhcNMjUwMTAxMTM0ODE0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMTQzMmQxYjBhM2I3MTMxNGZlMzYwZmQ5ZWI5M2JmOGVhNjQ0MmY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqYd/dUkz5h8SceeOfSCf3D5WiIAq
YppEjcHC4kppWRc40OsWuZjM3OOJ5c5BrTGMugDtaCevr0XGNbq1eDk4JqR655G8
+n2Sss+soSTkHO11ZUccsHnjlEJvRLGiXbjzxhPJsjo9DQ5CwR0ZTiYkObzChKN3
mrkHKoDC/EQ2FtAn4NBGdxZghRFNOcDTB3fFKuLK2xbjjrGJOoU3AI/Wm9AgAQI3
Sgh1p7R8JYXpNgQhKWJPnphehzFKBouEEYwHqic9H2ZpX/+AAJhbOb0xbPo+aLJF
4fBvni2kwwuWeypHOd64aonFU/bXtmdSkGZkk/VI+8sE2hj1J1FQVvtDxwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCFDLRsKO3ExT+Ng/Z65O/jqZEL0MB8GA1UdIwQY
MBaAFAVCSvpLzudlS986t5FlbkRFwvlaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlVKSy1rdk81MlZMM3pxM2tXVnVSRVhDLVZvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYi81MTE2ZjMtZjQ1NC00ZDcwLWI5ZDQt
MDgxYjE3OTkzM2M0LzEvSVVNdEd3bzdjVEZQNDJEOW5yazctT3BrUXZRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYi81MTE2ZjMtZjQ1NC00ZDcwLWI5ZDQtMDgxYjE3OTkzM2M0
LzEvQlVKSy1rdk81MlZMM3pxM2tXVnVSRVhDLVZvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuR8IMA0G
CSqGSIb3DQEBCwUAA4IBAQC1Vypc1nK2Rwz7G5sm9e3WXBEc+re9s+BSNe6k722k
9DR/JCBuccrjZSIqOzUiZI/4/eEu9cQtgzYxDEtCx951+EfM1A5tVE6dOW+zaaws
tDVw6cKXqVmrBS5Mgg7JxMIFXeko1pOCEAiM5rmgQjqHWrhfTXZEbro6HyRxe5Lc
lPT4cR7bYMTicpBvw/BbDMoJVM9liyEY1rBX5LadDZKjwnF7i0G/38HvJ3gPSt/a
9NU3BIIPMat5yVYM9vZRXcTl7Z/hz54QrfrgH1t+UtMFJDRxoGXckoWgofyXPaxb
g1N2PJdtzx0SkUjM84Drz5WXacjWTR6j6S4vrHg8HyiZ
-----END CERTIFICATE-----