Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f0/82c0a2-804b-446d-ab24-4f38c656b256/1/b70gq43k-MaL0OefVDOPR8ZVhZI.roa
File:                     b70gq43k-MaL0OefVDOPR8ZVhZI.roa (raw, json)
Hash identifier:          EQ+oXDITAZSbFhbC1cKPjbmkr2vmgnQcU0NvbLzpBf0=
Subject key identifier:   6F:BD:20:AB:8D:E4:F8:C6:8B:D0:E7:9F:54:33:8F:47:C6:55:85:92
Certificate issuer:       /CN=133cd7c1a9c79c82eee5c86a423c17c1d63c3413
Certificate serial:       01942521DE27CF8361416A0D675A33B7E95F
Authority key identifier: 13:3C:D7:C1:A9:C7:9C:82:EE:E5:C8:6A:42:3C:17:C1:D6:3C:34:13
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/EzzXwanHnILu5chqQjwXwdY8NBM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f0/82c0a2-804b-446d-ab24-4f38c656b256/1/b70gq43k-MaL0OefVDOPR8ZVhZI.roa
Signing time:             Thu 02 Jan 2025 03:49:24 +0000
ROA not before:           Thu 02 Jan 2025 03:49:24 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     30058
IP address blocks:        185.5.47.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f0/82c0a2-804b-446d-ab24-4f38c656b256/1/EzzXwanHnILu5chqQjwXwdY8NBM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f0/82c0a2-804b-446d-ab24-4f38c656b256/1/EzzXwanHnILu5chqQjwXwdY8NBM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/EzzXwanHnILu5chqQjwXwdY8NBM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 12:00:57 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:21:de:27:cf:83:61:41:6a:0d:67:5a:33:b7:e9:5f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=133cd7c1a9c79c82eee5c86a423c17c1d63c3413
        Validity
            Not Before: Jan  2 03:49:24 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6fbd20ab8de4f8c68bd0e79f54338f47c6558592
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:4b:dd:7e:9a:bc:ac:a7:03:f5:fc:bf:68:64:
                    28:1d:5b:3a:eb:8b:4d:4d:6a:dc:d9:cb:cc:d3:81:
                    f5:e9:2c:ae:61:44:69:f3:dc:83:09:79:ba:b8:4e:
                    62:1c:74:57:69:79:3d:99:5d:0d:4e:bb:ee:b2:21:
                    eb:63:8b:ec:fd:63:d6:1d:8a:f5:3d:cc:64:91:1f:
                    ed:44:96:49:c1:0d:11:4a:cb:d2:d0:a7:84:ed:2c:
                    84:31:13:93:8e:8e:3c:db:97:70:05:47:d0:d3:73:
                    0c:60:52:50:7a:08:91:40:2d:f7:c0:b6:a1:3b:5b:
                    93:40:f1:bf:a6:ac:17:cf:5a:36:61:4a:5b:69:6d:
                    63:1b:1b:31:54:2b:32:37:4a:f0:bf:65:93:2c:a1:
                    24:2d:5e:bf:3b:58:09:0e:09:6e:b3:f7:d6:94:85:
                    96:df:4d:a2:8f:96:78:06:d1:1f:d1:0b:60:c0:07:
                    95:09:f9:85:9f:5d:f4:c5:85:da:d6:88:15:0a:65:
                    a9:7b:a5:c9:ad:93:68:43:89:b3:d3:2b:6a:ed:93:
                    30:6c:f6:dc:bb:0f:f8:e8:20:d8:d9:8d:54:9f:65:
                    e9:3a:29:ea:17:e7:98:20:f6:8b:9d:a9:bd:d0:90:
                    d4:bd:6c:d1:d9:43:62:25:90:18:92:29:11:2a:4d:
                    f7:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6F:BD:20:AB:8D:E4:F8:C6:8B:D0:E7:9F:54:33:8F:47:C6:55:85:92
            X509v3 Authority Key Identifier:
                keyid:13:3C:D7:C1:A9:C7:9C:82:EE:E5:C8:6A:42:3C:17:C1:D6:3C:34:13

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EzzXwanHnILu5chqQjwXwdY8NBM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/82c0a2-804b-446d-ab24-4f38c656b256/1/b70gq43k-MaL0OefVDOPR8ZVhZI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/82c0a2-804b-446d-ab24-4f38c656b256/1/EzzXwanHnILu5chqQjwXwdY8NBM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.5.47.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6d:ce:7b:62:84:34:36:29:b4:75:03:fa:c6:35:1f:55:c3:1b:
         68:69:1c:79:87:35:c8:bf:f2:95:6a:40:24:65:8d:24:d7:1a:
         af:83:b8:0f:5d:f0:b5:d7:7d:66:8e:90:d8:d2:77:06:ca:ac:
         6c:7c:d7:32:8c:77:fd:a6:5d:d1:8e:97:7a:78:d7:89:65:95:
         29:2c:d9:a7:be:75:35:15:cf:ea:23:52:d9:d7:c0:8e:f2:5d:
         e4:6a:ff:a8:a8:0f:41:ec:d1:75:72:8b:eb:5b:e3:ab:d3:38:
         cb:13:54:79:0e:41:da:fe:2c:91:0d:21:cc:3d:a7:cf:6e:72:
         ce:f0:57:1d:52:80:dd:13:77:3c:77:05:8f:a2:95:e6:66:ed:
         a5:00:dc:67:74:36:6a:e4:49:88:b0:7e:7c:a9:95:ce:72:95:
         20:68:db:18:eb:89:67:9d:a2:a0:19:f3:ba:3f:e6:8a:ea:75:
         ce:12:08:25:82:cb:6f:06:86:06:20:81:64:11:83:81:19:1a:
         72:92:35:60:88:c6:73:eb:9e:45:38:12:8e:30:f8:cf:06:bc:
         df:ad:a6:22:a9:7f:b3:0e:3c:af:11:71:71:6e:b7:eb:d2:c1:
         fa:a1:e5:a5:7e:2a:54:a4:1c:a2:8a:90:b4:17:26:9f:15:b4:
         cc:f7:1b:48
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQlId4nz4NhQWoNZ1ozt+lfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEzM2NkN2MxYTljNzljODJlZWU1Yzg2YTQyM2MxN2MxZDYz
YzM0MTMwHhcNMjUwMTAyMDM0OTI0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZmJkMjBhYjhkZTRmOGM2OGJkMGU3OWY1NDMzOGY0N2M2NTU4NTkyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApkvdfpq8rKcD9fy/aGQoHVs664tN
TWrc2cvM04H16SyuYURp89yDCXm6uE5iHHRXaXk9mV0NTrvusiHrY4vs/WPWHYr1
PcxkkR/tRJZJwQ0RSsvS0KeE7SyEMROTjo4825dwBUfQ03MMYFJQegiRQC33wLah
O1uTQPG/pqwXz1o2YUpbaW1jGxsxVCsyN0rwv2WTLKEkLV6/O1gJDglus/fWlIWW
302ij5Z4BtEf0QtgwAeVCfmFn130xYXa1ogVCmWpe6XJrZNoQ4mz0ytq7ZMwbPbc
uw/46CDY2Y1Un2XpOinqF+eYIPaLnam90JDUvWzR2UNiJZAYkikRKk33qwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFG+9IKuN5PjGi9Dnn1Qzj0fGVYWSMB8GA1UdIwQY
MBaAFBM818Gpx5yC7uXIakI8F8HWPDQTMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRXp6WHdhbkhuSUx1NWNocVFqd1h3ZFk4TkJNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMC84MmMwYTItODA0Yi00NDZkLWFiMjQt
NGYzOGM2NTZiMjU2LzEvYjcwZ3E0M2stTWFMME9lZlZET1BSOFpWaFpJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMC84MmMwYTItODA0Yi00NDZkLWFiMjQtNGYzOGM2NTZiMjU2
LzEvRXp6WHdhbkhuSUx1NWNocVFqd1h3ZFk4TkJNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuQUvMA0G
CSqGSIb3DQEBCwUAA4IBAQBtzntihDQ2KbR1A/rGNR9VwxtoaRx5hzXIv/KVakAk
ZY0k1xqvg7gPXfC1131mjpDY0ncGyqxsfNcyjHf9pl3Rjpd6eNeJZZUpLNmnvnU1
Fc/qI1LZ18CO8l3kav+oqA9B7NF1covrW+Or0zjLE1R5DkHa/iyRDSHMPafPbnLO
8FcdUoDdE3c8dwWPopXmZu2lANxndDZq5EmIsH58qZXOcpUgaNsY64lnnaKgGfO6
P+aK6nXOEgglgstvBoYGIIFkEYOBGRpykjVgiMZz655FOBKOMPjPBrzfraYiqX+z
DjyvEXFxbrfr0sH6oeWlfipUpByiipC0FyafFbTM9xtI
-----END CERTIFICATE-----