Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e7/954ade-84b7-446d-a6e2-fd3b3002c0bb/1/4jPyPZw3fj3g3jxwKw2HWrojQOs.roa
File:                     4jPyPZw3fj3g3jxwKw2HWrojQOs.roa (raw, json)
Hash identifier:          KPFbCHVHeUU2XRC/hJ8YuwMme8By/aerz2iNVWzWJ/Y=
Subject key identifier:   E2:33:F2:3D:9C:37:7E:3D:E0:DE:3C:70:2B:0D:87:5A:BA:23:40:EB
Certificate issuer:       /CN=3517c9de927fa75beaef7885f0d88f6f4d2a0ed6
Certificate serial:       019424458A0F7A0450005C6387E930DF2950
Authority key identifier: 35:17:C9:DE:92:7F:A7:5B:EA:EF:78:85:F0:D8:8F:6F:4D:2A:0E:D6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NRfJ3pJ_p1vq73iF8NiPb00qDtY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e7/954ade-84b7-446d-a6e2-fd3b3002c0bb/1/4jPyPZw3fj3g3jxwKw2HWrojQOs.roa
Signing time:             Wed 01 Jan 2025 23:48:44 +0000
ROA not before:           Wed 01 Jan 2025 23:48:44 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     5065
IP address blocks:        185.155.234.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e7/954ade-84b7-446d-a6e2-fd3b3002c0bb/1/NRfJ3pJ_p1vq73iF8NiPb00qDtY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e7/954ade-84b7-446d-a6e2-fd3b3002c0bb/1/NRfJ3pJ_p1vq73iF8NiPb00qDtY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NRfJ3pJ_p1vq73iF8NiPb00qDtY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 12 Apr 2025 14:34:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:45:8a:0f:7a:04:50:00:5c:63:87:e9:30:df:29:50
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3517c9de927fa75beaef7885f0d88f6f4d2a0ed6
        Validity
            Not Before: Jan  1 23:48:44 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e233f23d9c377e3de0de3c702b0d875aba2340eb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:22:fd:03:21:78:ed:b9:e2:b8:28:af:7d:77:
                    fa:f2:c7:eb:10:e3:01:52:3a:c8:57:36:73:1a:a6:
                    22:75:bb:ea:f8:05:84:c7:0e:bd:17:09:f5:03:2f:
                    f4:da:89:3d:83:c2:9b:d2:c2:85:8a:3f:2c:6d:72:
                    9d:3e:2d:c7:0e:61:28:39:ff:ef:e6:69:2e:ec:95:
                    12:e5:b7:ad:ad:ae:fc:8e:bc:4d:2c:2a:62:0d:a7:
                    15:84:5c:49:26:d7:75:27:1d:99:13:75:17:89:6a:
                    ae:3a:55:58:9d:f3:c1:dd:89:6b:5d:08:f5:d3:18:
                    78:3a:c0:df:8f:57:f9:b6:7d:3e:69:e8:a6:d0:0b:
                    83:e2:06:54:d4:8e:f9:f7:ea:df:00:64:8e:b7:28:
                    92:fc:cc:89:31:a7:56:77:8e:ca:a4:ff:68:ed:e6:
                    3f:d9:e8:33:d6:ef:06:99:8d:4e:3e:c5:d9:88:f0:
                    c9:8d:27:d7:20:8e:1f:28:d0:f5:d7:3a:b7:af:fe:
                    f0:13:c1:0e:b3:bc:ee:5a:2f:da:a0:45:db:a9:36:
                    7d:ef:01:9e:0c:91:d5:6d:f6:f6:94:a8:d2:0b:97:
                    e8:ff:24:4d:6e:8e:50:ef:09:ae:7e:1d:39:cb:0e:
                    95:33:94:b9:14:27:f3:42:5a:f2:1d:c7:28:fd:74:
                    06:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E2:33:F2:3D:9C:37:7E:3D:E0:DE:3C:70:2B:0D:87:5A:BA:23:40:EB
            X509v3 Authority Key Identifier:
                keyid:35:17:C9:DE:92:7F:A7:5B:EA:EF:78:85:F0:D8:8F:6F:4D:2A:0E:D6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NRfJ3pJ_p1vq73iF8NiPb00qDtY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/954ade-84b7-446d-a6e2-fd3b3002c0bb/1/4jPyPZw3fj3g3jxwKw2HWrojQOs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/954ade-84b7-446d-a6e2-fd3b3002c0bb/1/NRfJ3pJ_p1vq73iF8NiPb00qDtY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.155.234.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3f:6a:5f:1f:07:16:c8:9a:10:9c:a8:03:00:7e:ef:4c:e2:4d:
         bb:2d:20:ad:1d:20:dc:c3:36:c9:85:d9:9f:55:84:6e:c9:02:
         1b:8e:40:57:12:d7:71:34:3a:07:25:39:e9:e6:60:dd:9b:cd:
         c2:43:6c:b4:9d:06:2c:de:9b:7c:8f:b4:81:91:0e:50:ed:bf:
         f2:2a:be:13:6c:18:42:bb:75:99:9e:5d:d6:10:31:b5:0f:94:
         c4:4b:6e:25:fd:5b:6c:02:58:33:e7:bd:34:91:5a:7d:5d:15:
         2b:52:5e:a4:86:82:ae:21:00:18:f3:3c:0e:1d:3f:a6:5c:2d:
         33:d6:4e:2f:d7:22:f5:b6:8f:68:43:08:8e:c7:b2:13:a5:c5:
         d4:3d:85:f4:8c:88:97:5a:5e:cd:82:0e:df:62:89:a2:22:20:
         33:7a:cc:60:f6:63:e6:c5:54:79:90:19:74:fd:79:d3:90:7c:
         e6:13:85:cb:7c:a4:eb:66:da:a8:d0:f8:0e:08:ba:21:0f:15:
         94:67:40:76:7b:bc:02:bb:06:03:1c:55:f8:0b:5c:15:7b:a2:
         7d:3a:74:0e:32:a0:d3:fe:2d:dd:3f:97:ad:a2:74:d1:b9:b1:
         36:7b:75:d2:60:01:44:4f:40:30:df:7b:c1:69:a6:5d:03:9f:
         f8:34:85:f4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQkRYoPegRQAFxjh+kw3ylQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1MTdjOWRlOTI3ZmE3NWJlYWVmNzg4NWYwZDg4ZjZmNGQy
YTBlZDYwHhcNMjUwMTAxMjM0ODQ0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMjMzZjIzZDljMzc3ZTNkZTBkZTNjNzAyYjBkODc1YWJhMjM0MGViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtyL9AyF47bniuCivfXf68sfrEOMB
UjrIVzZzGqYidbvq+AWExw69Fwn1Ay/02ok9g8Kb0sKFij8sbXKdPi3HDmEoOf/v
5mku7JUS5betra78jrxNLCpiDacVhFxJJtd1Jx2ZE3UXiWquOlVYnfPB3YlrXQj1
0xh4OsDfj1f5tn0+aeim0AuD4gZU1I759+rfAGSOtyiS/MyJMadWd47KpP9o7eY/
2egz1u8GmY1OPsXZiPDJjSfXII4fKND11zq3r/7wE8EOs7zuWi/aoEXbqTZ97wGe
DJHVbfb2lKjSC5fo/yRNbo5Q7wmufh05yw6VM5S5FCfzQlryHcco/XQGkwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOIz8j2cN3494N48cCsNh1q6I0DrMB8GA1UdIwQY
MBaAFDUXyd6Sf6db6u94hfDYj29NKg7WMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTlJmSjNwSl9wMXZxNzNpRjhOaVBiMDBxRHRZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNy85NTRhZGUtODRiNy00NDZkLWE2ZTIt
ZmQzYjMwMDJjMGJiLzEvNGpQeVBadzNmajNnM2p4d0t3MkhXcm9qUU9zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNy85NTRhZGUtODRiNy00NDZkLWE2ZTItZmQzYjMwMDJjMGJi
LzEvTlJmSjNwSl9wMXZxNzNpRjhOaVBiMDBxRHRZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuZvqMA0G
CSqGSIb3DQEBCwUAA4IBAQA/al8fBxbImhCcqAMAfu9M4k27LSCtHSDcwzbJhdmf
VYRuyQIbjkBXEtdxNDoHJTnp5mDdm83CQ2y0nQYs3pt8j7SBkQ5Q7b/yKr4TbBhC
u3WZnl3WEDG1D5TES24l/VtsAlgz5700kVp9XRUrUl6khoKuIQAY8zwOHT+mXC0z
1k4v1yL1to9oQwiOx7ITpcXUPYX0jIiXWl7Ngg7fYomiIiAzesxg9mPmxVR5kBl0
/XnTkHzmE4XLfKTrZtqo0PgOCLohDxWUZ0B2e7wCuwYDHFX4C1wVe6J9OnQOMqDT
/i3dP5etonTRubE2e3XSYAFET0Aw33vBaaZdA5/4NIX0
-----END CERTIFICATE-----