Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fd/5a7731-ef54-4501-86f4-98e9e2510bb6/1/hXGA3CK9ZAwFYqBy6sH4BYfgPYI.roa
File:                     hXGA3CK9ZAwFYqBy6sH4BYfgPYI.roa (raw, json)
Hash identifier:          Va1I6zrYlRY0/ml2dWrjPscW8W1PrtSAiqy07YNUOfk=
Subject key identifier:   85:71:80:DC:22:BD:64:0C:05:62:A0:72:EA:C1:F8:05:87:E0:3D:82
Certificate issuer:       /CN=505e2f2d5e7093ff8d4003a02b7d3e131ce70a12
Certificate serial:       0194266B9FD7D04BE03BFBA32AFB406E171B
Authority key identifier: 50:5E:2F:2D:5E:70:93:FF:8D:40:03:A0:2B:7D:3E:13:1C:E7:0A:12
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/UF4vLV5wk_-NQAOgK30-ExznChI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fd/5a7731-ef54-4501-86f4-98e9e2510bb6/1/hXGA3CK9ZAwFYqBy6sH4BYfgPYI.roa
Signing time:             Thu 02 Jan 2025 09:49:34 +0000
ROA not before:           Thu 02 Jan 2025 09:49:34 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     31034
IP address blocks:        178.255.241.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fd/5a7731-ef54-4501-86f4-98e9e2510bb6/1/UF4vLV5wk_-NQAOgK30-ExznChI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fd/5a7731-ef54-4501-86f4-98e9e2510bb6/1/UF4vLV5wk_-NQAOgK30-ExznChI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/UF4vLV5wk_-NQAOgK30-ExznChI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 22:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:6b:9f:d7:d0:4b:e0:3b:fb:a3:2a:fb:40:6e:17:1b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=505e2f2d5e7093ff8d4003a02b7d3e131ce70a12
        Validity
            Not Before: Jan  2 09:49:34 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=857180dc22bd640c0562a072eac1f80587e03d82
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:ee:c7:48:1b:0c:04:10:ec:52:e2:a0:1f:06:
                    51:f2:7b:4e:23:ff:3f:51:9e:2f:04:eb:c3:a8:a9:
                    1a:ae:a0:cf:c3:db:7f:6b:a1:ee:97:cd:84:7d:6c:
                    c3:be:51:87:a9:6e:6c:75:fa:1a:2f:88:5e:31:63:
                    60:a5:b9:24:d2:72:ee:59:fd:bf:e9:1e:b3:ad:9d:
                    a9:e0:8d:db:f0:a2:44:0a:eb:2b:34:e4:f9:3c:94:
                    8f:22:be:8a:f5:46:c4:50:7e:01:f3:be:b0:09:1c:
                    4d:8a:b7:90:a7:eb:ab:63:88:9a:d1:b6:97:92:72:
                    e3:b7:20:40:bf:73:9c:df:08:90:33:d9:c1:ca:2c:
                    f5:0c:8a:bc:ab:b0:41:71:47:d3:b6:f1:35:c3:2c:
                    ee:e4:70:aa:4e:87:a8:de:5f:a2:9e:8f:24:e2:e1:
                    50:e1:24:ba:20:1b:bc:89:5e:24:64:a1:63:51:b6:
                    fd:0a:fd:96:44:a9:51:79:f3:25:0c:ba:a8:ec:ec:
                    90:81:8e:51:1b:66:c2:d0:75:0e:1f:bb:1b:a2:9a:
                    cf:52:c4:da:75:d8:29:60:30:30:3d:48:82:e1:c6:
                    48:98:62:f4:5a:e4:1f:90:0a:5a:c2:dc:23:47:d2:
                    04:5e:16:55:9c:87:f8:ee:85:8c:3f:4f:d6:66:d5:
                    b4:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                85:71:80:DC:22:BD:64:0C:05:62:A0:72:EA:C1:F8:05:87:E0:3D:82
            X509v3 Authority Key Identifier:
                keyid:50:5E:2F:2D:5E:70:93:FF:8D:40:03:A0:2B:7D:3E:13:1C:E7:0A:12

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UF4vLV5wk_-NQAOgK30-ExznChI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/5a7731-ef54-4501-86f4-98e9e2510bb6/1/hXGA3CK9ZAwFYqBy6sH4BYfgPYI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/5a7731-ef54-4501-86f4-98e9e2510bb6/1/UF4vLV5wk_-NQAOgK30-ExznChI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.255.241.0/24

    Signature Algorithm: sha256WithRSAEncryption
         03:cf:d1:12:64:9e:16:23:68:aa:2d:c9:79:84:9c:b6:ab:56:
         b2:eb:64:7c:ad:78:35:c5:0e:87:45:0b:88:e5:ed:08:79:2c:
         a8:c3:c7:cd:6b:db:ec:b0:24:f4:50:67:66:8b:cd:2c:24:84:
         90:bd:a3:56:3b:50:af:a4:d5:32:a6:07:ad:d9:ff:7c:60:da:
         5b:75:54:ab:09:6b:47:d8:9a:7b:e0:cb:3f:cf:9a:3c:4e:23:
         7a:3a:8d:20:40:05:99:9d:90:02:4a:f3:e1:8a:b5:08:bc:ea:
         ad:98:d2:bd:4f:00:1c:e9:b4:b1:f8:2b:12:b1:d5:ee:a6:2a:
         fd:24:df:ef:ea:ef:18:9f:e5:f3:a5:7b:eb:df:02:35:0b:31:
         5e:6d:68:28:c6:30:41:6c:e9:44:6a:08:24:db:80:44:e6:97:
         36:2a:2b:04:83:ff:25:18:62:56:b7:a5:7b:7c:5b:58:3a:2b:
         1e:7f:d2:7c:4c:1c:17:1e:8c:36:7b:81:b5:3c:f4:78:62:40:
         a6:ca:a6:55:30:03:67:9e:5a:7a:95:05:6c:7a:af:d7:a0:57:
         19:dd:4e:45:46:1f:b5:3a:75:63:43:f0:f9:69:d0:b9:11:b9:
         3a:d8:b8:d0:da:1b:cd:c6:fc:cb:25:2c:86:c9:19:81:14:47:
         05:a1:24:0b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQma5/X0EvgO/ujKvtAbhcbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUwNWUyZjJkNWU3MDkzZmY4ZDQwMDNhMDJiN2QzZTEzMWNl
NzBhMTIwHhcNMjUwMTAyMDk0OTM0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NTcxODBkYzIyYmQ2NDBjMDU2MmEwNzJlYWMxZjgwNTg3ZTAzZDgyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr+7HSBsMBBDsUuKgHwZR8ntOI/8/
UZ4vBOvDqKkarqDPw9t/a6Hul82EfWzDvlGHqW5sdfoaL4heMWNgpbkk0nLuWf2/
6R6zrZ2p4I3b8KJECusrNOT5PJSPIr6K9UbEUH4B876wCRxNireQp+urY4ia0baX
knLjtyBAv3Oc3wiQM9nByiz1DIq8q7BBcUfTtvE1wyzu5HCqToeo3l+ino8k4uFQ
4SS6IBu8iV4kZKFjUbb9Cv2WRKlRefMlDLqo7OyQgY5RG2bC0HUOH7sboprPUsTa
ddgpYDAwPUiC4cZImGL0WuQfkApawtwjR9IEXhZVnIf47oWMP0/WZtW0PQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIVxgNwivWQMBWKgcurB+AWH4D2CMB8GA1UdIwQY
MBaAFFBeLy1ecJP/jUADoCt9PhMc5woSMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVUY0dkxWNXdrXy1OUUFPZ0szMC1FeHpuQ2hJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZC81YTc3MzEtZWY1NC00NTAxLTg2ZjQt
OThlOWUyNTEwYmI2LzEvaFhHQTNDSzlaQXdGWXFCeTZzSDRCWWZnUFlJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZC81YTc3MzEtZWY1NC00NTAxLTg2ZjQtOThlOWUyNTEwYmI2
LzEvVUY0dkxWNXdrXy1OUUFPZ0szMC1FeHpuQ2hJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsv/xMA0G
CSqGSIb3DQEBCwUAA4IBAQADz9ESZJ4WI2iqLcl5hJy2q1ay62R8rXg1xQ6HRQuI
5e0IeSyow8fNa9vssCT0UGdmi80sJISQvaNWO1CvpNUypget2f98YNpbdVSrCWtH
2Jp74Ms/z5o8TiN6Oo0gQAWZnZACSvPhirUIvOqtmNK9TwAc6bSx+CsSsdXupir9
JN/v6u8Yn+XzpXvr3wI1CzFebWgoxjBBbOlEaggk24BE5pc2KisEg/8lGGJWt6V7
fFtYOisef9J8TBwXHow2e4G1PPR4YkCmyqZVMANnnlp6lQVseq/XoFcZ3U5FRh+1
OnVjQ/D5adC5Ebk62LjQ2hvNxvzLJSyGyRmBFEcFoSQL
-----END CERTIFICATE-----