Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/18/ba2362-0cc5-49bd-a522-4f0e8ce11a7d/1/Jv8CRfjds1b_ZfNR_DA8H4cnRe4.roa
File:                     Jv8CRfjds1b_ZfNR_DA8H4cnRe4.roa (raw, json)
Hash identifier:          73nQMY7oUme6InpZuiFQ8pzh3gvcuZ+jCA6e3CNfQE4=
Subject key identifier:   26:FF:02:45:F8:DD:B3:56:FF:65:F3:51:FC:30:3C:1F:87:27:45:EE
Certificate issuer:       /CN=d747017564c711bcbd57680a0dfd00f2a5d099db
Certificate serial:       01942746F45817E1EAD9F57AB3786A9D37DD
Authority key identifier: D7:47:01:75:64:C7:11:BC:BD:57:68:0A:0D:FD:00:F2:A5:D0:99:DB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/10cBdWTHEby9V2gKDf0A8qXQmds.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/18/ba2362-0cc5-49bd-a522-4f0e8ce11a7d/1/Jv8CRfjds1b_ZfNR_DA8H4cnRe4.roa
Signing time:             Thu 02 Jan 2025 13:49:09 +0000
ROA not before:           Thu 02 Jan 2025 13:49:09 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     140947
IP address blocks:        194.163.94.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/18/ba2362-0cc5-49bd-a522-4f0e8ce11a7d/1/10cBdWTHEby9V2gKDf0A8qXQmds.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/18/ba2362-0cc5-49bd-a522-4f0e8ce11a7d/1/10cBdWTHEby9V2gKDf0A8qXQmds.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/10cBdWTHEby9V2gKDf0A8qXQmds.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:46:f4:58:17:e1:ea:d9:f5:7a:b3:78:6a:9d:37:dd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d747017564c711bcbd57680a0dfd00f2a5d099db
        Validity
            Not Before: Jan  2 13:49:09 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=26ff0245f8ddb356ff65f351fc303c1f872745ee
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:df:8a:94:6e:1a:5c:f7:33:89:a6:a3:f5:60:87:
                    14:40:47:66:bb:ff:9c:40:0b:52:99:8a:26:79:95:
                    c6:ab:15:28:3d:01:f3:66:c6:d7:75:0a:a1:82:7a:
                    9d:4f:f4:66:fd:af:ec:32:45:8d:97:a3:75:cd:e8:
                    a2:ff:93:40:a5:79:37:78:21:da:6a:a3:0e:0a:ec:
                    d3:a1:50:59:fc:f0:3f:17:fc:ec:cb:2f:46:16:29:
                    68:58:a0:f8:48:a7:1c:ce:f8:2b:5f:2e:a1:8b:9a:
                    54:1d:3b:0d:9a:fc:6a:3c:98:67:79:38:bf:19:bc:
                    ce:1b:17:13:be:95:89:71:42:c2:19:4f:f0:c0:b2:
                    fa:bb:72:7a:c1:69:c5:1f:6b:71:42:db:23:c2:c4:
                    15:af:e2:7c:b4:1d:3b:98:a3:64:67:76:3c:08:8d:
                    43:3e:ef:85:08:b7:aa:8a:61:cf:57:c5:8f:59:03:
                    4c:8d:ee:5d:b1:c0:49:ee:0d:08:ac:62:a3:f7:ca:
                    4a:24:04:4c:1b:14:41:bb:40:20:56:75:1f:b6:51:
                    a5:22:da:d2:a6:98:dc:1b:b2:c3:2d:f2:18:eb:1e:
                    62:d9:0d:05:4e:fa:18:f1:de:b0:3d:2c:bc:41:f2:
                    9d:8f:92:4a:95:7a:05:17:99:53:3a:d2:11:2e:1e:
                    1c:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                26:FF:02:45:F8:DD:B3:56:FF:65:F3:51:FC:30:3C:1F:87:27:45:EE
            X509v3 Authority Key Identifier:
                keyid:D7:47:01:75:64:C7:11:BC:BD:57:68:0A:0D:FD:00:F2:A5:D0:99:DB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/10cBdWTHEby9V2gKDf0A8qXQmds.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/18/ba2362-0cc5-49bd-a522-4f0e8ce11a7d/1/Jv8CRfjds1b_ZfNR_DA8H4cnRe4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/18/ba2362-0cc5-49bd-a522-4f0e8ce11a7d/1/10cBdWTHEby9V2gKDf0A8qXQmds.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.163.94.0/24

    Signature Algorithm: sha256WithRSAEncryption
         22:9d:7b:83:ee:8f:a9:6d:2c:19:ed:5e:7d:c5:2a:fe:8e:dd:
         3b:95:a4:19:8d:b3:51:35:83:ef:ce:4d:3e:94:e1:e5:9b:f9:
         87:92:95:f5:a7:26:38:e1:d6:b1:16:9f:00:9c:9a:4a:de:e0:
         06:2c:83:5c:d4:2f:af:28:a9:c1:8b:5c:bc:ed:35:40:c9:48:
         a7:bf:82:12:d2:85:5d:dd:6d:c1:f6:be:a6:63:e6:00:22:bd:
         d0:25:4c:25:fc:24:15:71:b7:72:4b:49:d8:88:bd:67:3a:9a:
         45:fa:b7:6a:08:cd:47:69:5e:da:77:42:9f:a7:93:4b:16:7c:
         6a:71:a0:6e:11:c6:45:74:e9:ed:e9:35:d2:ca:3a:91:5a:8b:
         28:d1:3c:fc:77:a9:92:95:5d:d1:37:7d:2c:f7:25:cc:75:26:
         ec:ef:80:c3:e0:b8:8d:cc:e9:98:5b:2e:97:8b:a5:e3:bc:94:
         ec:be:66:6c:db:f7:dd:3b:d9:a8:8b:bc:08:56:85:c5:55:b5:
         9d:71:c1:39:00:c7:2c:86:13:7d:f2:9a:a6:06:7b:66:a8:3c:
         f6:a7:19:60:70:86:1b:16:1c:b9:ee:c9:58:de:5a:e0:8d:25:
         0a:d1:77:dc:5e:a7:60:e6:d0:b2:30:58:5b:fd:45:b5:fe:fa:
         82:06:cd:5a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQnRvRYF+Hq2fV6s3hqnTfdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ3NDcwMTc1NjRjNzExYmNiZDU3NjgwYTBkZmQwMGYyYTVk
MDk5ZGIwHhcNMjUwMTAyMTM0OTA5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNmZmMDI0NWY4ZGRiMzU2ZmY2NWYzNTFmYzMwM2MxZjg3Mjc0NWVlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA34qUbhpc9zOJpqP1YIcUQEdmu/+c
QAtSmYomeZXGqxUoPQHzZsbXdQqhgnqdT/Rm/a/sMkWNl6N1zeii/5NApXk3eCHa
aqMOCuzToVBZ/PA/F/zsyy9GFiloWKD4SKcczvgrXy6hi5pUHTsNmvxqPJhneTi/
GbzOGxcTvpWJcULCGU/wwLL6u3J6wWnFH2txQtsjwsQVr+J8tB07mKNkZ3Y8CI1D
Pu+FCLeqimHPV8WPWQNMje5dscBJ7g0IrGKj98pKJARMGxRBu0AgVnUftlGlItrS
ppjcG7LDLfIY6x5i2Q0FTvoY8d6wPSy8QfKdj5JKlXoFF5lTOtIRLh4cewIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCb/AkX43bNW/2XzUfwwPB+HJ0XuMB8GA1UdIwQY
MBaAFNdHAXVkxxG8vVdoCg39APKl0JnbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMTBjQmRXVEhFYnk5VjJnS0RmMEE4cVhRbWRzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xOC9iYTIzNjItMGNjNS00OWJkLWE1MjIt
NGYwZThjZTExYTdkLzEvSnY4Q1JmamRzMWJfWmZOUl9EQThINGNuUmU0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xOC9iYTIzNjItMGNjNS00OWJkLWE1MjItNGYwZThjZTExYTdk
LzEvMTBjQmRXVEhFYnk5VjJnS0RmMEE4cVhRbWRzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwqNeMA0G
CSqGSIb3DQEBCwUAA4IBAQAinXuD7o+pbSwZ7V59xSr+jt07laQZjbNRNYPvzk0+
lOHlm/mHkpX1pyY44daxFp8AnJpK3uAGLINc1C+vKKnBi1y87TVAyUinv4IS0oVd
3W3B9r6mY+YAIr3QJUwl/CQVcbdyS0nYiL1nOppF+rdqCM1HaV7ad0Kfp5NLFnxq
caBuEcZFdOnt6TXSyjqRWoso0Tz8d6mSlV3RN30s9yXMdSbs74DD4LiNzOmYWy6X
i6XjvJTsvmZs2/fdO9moi7wIVoXFVbWdccE5AMcshhN98pqmBntmqDz2pxlgcIYb
Fhy57slY3lrgjSUK0XfcXqdg5tCyMFhb/UW1/vqCBs1a
-----END CERTIFICATE-----