Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ff/3cc89e-76df-46b3-9f14-a38dda13a608/1/BU1YFwzPITRJs7Qej4xcLZpPD5M.roa
File:                     BU1YFwzPITRJs7Qej4xcLZpPD5M.roa (raw, json)
Hash identifier:          VsXDY2e9w0zN+nUNkUBmRlpbBzNwCWexC0/Pv60Tz48=
Subject key identifier:   05:4D:58:17:0C:CF:21:34:49:B3:B4:1E:8F:8C:5C:2D:9A:4F:0F:93
Certificate issuer:       /CN=25d9016727cea947bdb48b3a7de7e2071be4580a
Certificate serial:       019425FD453CF5AA9F652809E9A0CA4F8863
Authority key identifier: 25:D9:01:67:27:CE:A9:47:BD:B4:8B:3A:7D:E7:E2:07:1B:E4:58:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JdkBZyfOqUe9tIs6fefiBxvkWAo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ff/3cc89e-76df-46b3-9f14-a38dda13a608/1/BU1YFwzPITRJs7Qej4xcLZpPD5M.roa
Signing time:             Thu 02 Jan 2025 07:49:02 +0000
ROA not before:           Thu 02 Jan 2025 07:49:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     203628
IP address blocks:        185.129.32.0/22 maxlen: 22
                          195.85.227.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ff/3cc89e-76df-46b3-9f14-a38dda13a608/1/JdkBZyfOqUe9tIs6fefiBxvkWAo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ff/3cc89e-76df-46b3-9f14-a38dda13a608/1/JdkBZyfOqUe9tIs6fefiBxvkWAo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JdkBZyfOqUe9tIs6fefiBxvkWAo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 10 Mar 2025 15:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:fd:45:3c:f5:aa:9f:65:28:09:e9:a0:ca:4f:88:63
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=25d9016727cea947bdb48b3a7de7e2071be4580a
        Validity
            Not Before: Jan  2 07:49:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=054d58170ccf213449b3b41e8f8c5c2d9a4f0f93
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:a5:a3:d1:6e:16:f5:3e:e8:74:66:95:1f:f6:
                    07:23:3a:7d:f3:09:59:53:81:5e:64:ba:b4:e9:a3:
                    50:10:cc:a6:36:77:a3:7b:9a:b6:7b:59:c3:ab:03:
                    d2:55:61:88:43:db:10:aa:1c:52:b5:d9:12:9c:fb:
                    5c:6c:d9:3b:65:55:ec:c2:2d:dc:aa:1e:22:2f:66:
                    02:99:7e:52:7a:30:88:01:99:87:5a:50:f5:7f:d0:
                    31:7c:06:97:42:d6:db:73:8a:f3:0b:2f:33:d4:fc:
                    f4:9e:cc:d3:b5:28:b8:f9:1a:c0:3c:52:4b:08:2f:
                    6b:0f:9a:5f:a1:da:6d:9b:c0:db:e9:27:30:09:16:
                    13:2e:d3:a2:c2:cc:24:99:be:22:17:6f:e5:c7:f4:
                    61:d2:05:8e:26:79:7f:ff:ee:3d:8b:bb:34:76:38:
                    fb:b6:98:16:65:ea:d2:9a:89:44:15:19:b8:f5:80:
                    58:83:2f:73:de:fb:25:6d:27:ca:9b:cb:73:bf:3b:
                    a9:b3:24:e7:33:46:93:24:97:4c:30:a8:1b:13:cd:
                    62:62:c7:ca:58:ce:56:b6:12:8b:26:c0:76:89:ca:
                    be:ee:a7:93:ac:8a:25:83:e1:5e:05:fd:3b:02:72:
                    f2:9a:91:90:fa:ff:61:14:ac:db:6f:f8:8e:27:a8:
                    00:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                05:4D:58:17:0C:CF:21:34:49:B3:B4:1E:8F:8C:5C:2D:9A:4F:0F:93
            X509v3 Authority Key Identifier:
                keyid:25:D9:01:67:27:CE:A9:47:BD:B4:8B:3A:7D:E7:E2:07:1B:E4:58:0A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JdkBZyfOqUe9tIs6fefiBxvkWAo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/3cc89e-76df-46b3-9f14-a38dda13a608/1/BU1YFwzPITRJs7Qej4xcLZpPD5M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/3cc89e-76df-46b3-9f14-a38dda13a608/1/JdkBZyfOqUe9tIs6fefiBxvkWAo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.129.32.0/22
                  195.85.227.0/24

    Signature Algorithm: sha256WithRSAEncryption
         07:46:c3:fe:55:c3:7a:da:cf:c5:46:cf:91:8f:77:b5:2c:ca:
         e5:53:cd:40:55:31:4f:63:ff:67:46:fe:b6:85:00:81:be:0f:
         55:eb:54:07:84:19:c2:7b:a6:e3:e2:ad:85:e8:8b:3b:22:31:
         f8:e8:9c:0d:62:69:6e:42:21:e0:7b:a0:0f:d9:07:87:08:b1:
         ed:23:a8:c4:a8:81:ba:f4:67:d1:47:b7:bb:42:1f:91:8a:26:
         91:6d:0f:e7:5e:f3:49:b7:36:b8:eb:23:35:61:50:29:a5:7e:
         1c:93:12:4a:58:0d:ef:a4:2d:d8:bd:cc:98:27:57:07:0a:aa:
         ba:28:1a:35:db:79:69:d1:62:ae:f6:d0:40:d3:1f:8c:49:b7:
         eb:0c:0c:18:c3:5b:b3:dd:67:a1:fe:01:19:8b:c9:08:e4:db:
         66:9d:b7:b9:f1:f6:01:d9:14:3d:89:76:44:85:13:b5:9a:89:
         6a:b0:1c:91:70:85:be:55:7a:76:bc:79:37:63:8d:ef:f4:91:
         4c:82:1b:ff:8d:4b:d0:a8:2a:5c:3e:db:92:dd:27:62:31:60:
         3a:11:dc:14:6a:39:6c:34:2d:fd:94:8b:2a:8d:16:a3:e7:84:
         9f:53:ad:38:1b:13:53:94:ef:a4:f2:de:07:8e:93:9f:e0:e6:
         ce:ef:df:9e
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQl/UU89aqfZSgJ6aDKT4hjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI1ZDkwMTY3MjdjZWE5NDdiZGI0OGIzYTdkZTdlMjA3MWJl
NDU4MGEwHhcNMjUwMTAyMDc0OTAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNTRkNTgxNzBjY2YyMTM0NDliM2I0MWU4ZjhjNWMyZDlhNGYwZjkzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAraWj0W4W9T7odGaVH/YHIzp98wlZ
U4FeZLq06aNQEMymNneje5q2e1nDqwPSVWGIQ9sQqhxStdkSnPtcbNk7ZVXswi3c
qh4iL2YCmX5SejCIAZmHWlD1f9AxfAaXQtbbc4rzCy8z1Pz0nszTtSi4+RrAPFJL
CC9rD5pfodptm8Db6ScwCRYTLtOiwswkmb4iF2/lx/Rh0gWOJnl//+49i7s0djj7
tpgWZerSmolEFRm49YBYgy9z3vslbSfKm8tzvzupsyTnM0aTJJdMMKgbE81iYsfK
WM5WthKLJsB2icq+7qeTrIolg+FeBf07AnLympGQ+v9hFKzbb/iOJ6gAiwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFAVNWBcMzyE0SbO0Ho+MXC2aTw+TMB8GA1UdIwQY
MBaAFCXZAWcnzqlHvbSLOn3n4gcb5FgKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSmRrQlp5Zk9xVWU5dElzNmZlZmlCeHZrV0FvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZi8zY2M4OWUtNzZkZi00NmIzLTlmMTQt
YTM4ZGRhMTNhNjA4LzEvQlUxWUZ3elBJVFJKczdRZWo0eGNMWnBQRDVNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZi8zY2M4OWUtNzZkZi00NmIzLTlmMTQtYTM4ZGRhMTNhNjA4
LzEvSmRrQlp5Zk9xVWU5dElzNmZlZmlCeHZrV0FvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCuYEgAwQA
w1XjMA0GCSqGSIb3DQEBCwUAA4IBAQAHRsP+VcN62s/FRs+Rj3e1LMrlU81AVTFP
Y/9nRv62hQCBvg9V61QHhBnCe6bj4q2F6Is7IjH46JwNYmluQiHge6AP2QeHCLHt
I6jEqIG69GfRR7e7Qh+RiiaRbQ/nXvNJtza46yM1YVAppX4ckxJKWA3vpC3YvcyY
J1cHCqq6KBo123lp0WKu9tBA0x+MSbfrDAwYw1uz3Weh/gEZi8kI5Ntmnbe58fYB
2RQ9iXZEhRO1molqsByRcIW+VXp2vHk3Y43v9JFMghv/jUvQqCpcPtuS3SdiMWA6
EdwUajlsNC39lIsqjRaj54SfU604GxNTlO+k8t4HjpOf4ObO79+e
-----END CERTIFICATE-----