Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/27/348ce5-ca20-4848-8844-ae50273681a7/1/jNNBKwU2mAjLQ1w3Ok95aTQxyPw.roa
File:                     jNNBKwU2mAjLQ1w3Ok95aTQxyPw.roa (raw, json)
Hash identifier:          r1u8fTThBA818KHS3KubsjlhZxB1UdV+hCt2v0ZIYsY=
Subject key identifier:   8C:D3:41:2B:05:36:98:08:CB:43:5C:37:3A:4F:79:69:34:31:C8:FC
Certificate issuer:       /CN=cd108c225f2478cd4230179890d07284be1636cd
Certificate serial:       01942825515751DEBE156B1E542435657FD7
Authority key identifier: CD:10:8C:22:5F:24:78:CD:42:30:17:98:90:D0:72:84:BE:16:36:CD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zRCMIl8keM1CMBeYkNByhL4WNs0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/27/348ce5-ca20-4848-8844-ae50273681a7/1/jNNBKwU2mAjLQ1w3Ok95aTQxyPw.roa
Signing time:             Thu 02 Jan 2025 17:52:01 +0000
ROA not before:           Thu 02 Jan 2025 17:52:01 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     142270
IP address blocks:        194.126.227.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/27/348ce5-ca20-4848-8844-ae50273681a7/1/zRCMIl8keM1CMBeYkNByhL4WNs0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/27/348ce5-ca20-4848-8844-ae50273681a7/1/zRCMIl8keM1CMBeYkNByhL4WNs0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zRCMIl8keM1CMBeYkNByhL4WNs0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 07:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:28:25:51:57:51:de:be:15:6b:1e:54:24:35:65:7f:d7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cd108c225f2478cd4230179890d07284be1636cd
        Validity
            Not Before: Jan  2 17:52:01 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8cd3412b05369808cb435c373a4f79693431c8fc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:ff:2a:ee:6d:e9:8f:a3:70:4c:ca:0b:17:16:
                    49:e3:0c:87:df:2b:10:4d:0b:82:49:34:71:61:e6:
                    f4:98:78:89:16:e1:14:8f:61:22:bd:54:e6:40:8f:
                    a6:26:7f:e1:32:20:e5:df:56:d3:b4:44:14:a2:55:
                    a6:cf:5a:7e:22:64:72:bd:79:b0:69:a4:7b:58:6d:
                    e9:cd:0f:bc:d8:74:87:c8:91:31:46:7d:2a:d5:13:
                    75:22:d7:0d:23:48:12:b1:f9:fa:2c:9a:93:f3:0a:
                    f5:c2:e1:68:35:7e:f1:50:2f:08:7b:61:37:49:da:
                    4b:c0:8f:4e:23:29:66:cc:88:98:07:8d:87:3c:03:
                    1e:e9:d9:19:04:ca:01:d6:b4:62:0c:20:f3:66:5d:
                    d3:6b:e1:4b:e9:d2:9f:43:9a:b9:5b:4e:5f:c9:65:
                    de:98:ae:4f:a9:dc:68:04:a4:ce:97:e7:94:95:77:
                    7b:40:37:d6:18:0f:d9:72:27:17:ef:79:73:a6:6d:
                    bb:1f:54:7b:c6:4d:2d:b6:c3:ee:0d:97:46:7c:91:
                    b5:76:0c:c3:2d:42:cf:8f:0c:b0:66:7f:01:fd:90:
                    6d:bd:fc:63:1f:53:e5:93:fa:6a:f2:ab:7d:2a:94:
                    46:4d:5f:1e:cc:11:c7:e1:60:0f:c2:c2:33:1b:4b:
                    79:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8C:D3:41:2B:05:36:98:08:CB:43:5C:37:3A:4F:79:69:34:31:C8:FC
            X509v3 Authority Key Identifier:
                keyid:CD:10:8C:22:5F:24:78:CD:42:30:17:98:90:D0:72:84:BE:16:36:CD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zRCMIl8keM1CMBeYkNByhL4WNs0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/27/348ce5-ca20-4848-8844-ae50273681a7/1/jNNBKwU2mAjLQ1w3Ok95aTQxyPw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/27/348ce5-ca20-4848-8844-ae50273681a7/1/zRCMIl8keM1CMBeYkNByhL4WNs0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.126.227.0/24

    Signature Algorithm: sha256WithRSAEncryption
         59:2e:4d:89:44:86:58:75:18:c6:65:7e:9a:f4:c2:8c:d2:46:
         62:38:d9:7c:8b:cd:58:1e:cd:a9:88:b5:ef:aa:d6:87:03:51:
         81:34:52:bc:4e:52:06:cf:26:8b:85:bb:a7:5f:0d:27:93:46:
         7f:96:87:cc:8e:8b:2c:6a:66:10:ec:5c:b5:b2:ea:4b:43:04:
         86:a5:0d:b5:06:50:63:46:09:dd:52:91:b9:b2:e0:95:01:35:
         7a:d2:8a:e6:be:04:04:4e:c8:ea:0c:78:35:0f:aa:fe:dc:49:
         52:85:5d:4d:27:fe:eb:be:11:10:19:99:11:d6:31:b8:d9:9e:
         64:f3:0e:f0:38:f8:07:e0:6b:fc:56:22:eb:ce:2f:f7:50:91:
         da:55:ee:28:33:38:f8:58:e3:b3:4c:51:28:33:f9:00:04:2a:
         24:a6:71:63:c3:ee:e6:6e:4f:b2:c2:fe:2e:73:02:44:07:39:
         6f:0f:ce:85:29:90:6f:94:be:cb:c3:5d:7c:88:c1:5b:f2:cc:
         84:ff:88:82:c1:43:36:b9:d8:66:68:e6:98:90:b1:c6:3b:ca:
         b7:4a:6e:ce:3c:28:aa:4a:44:28:4d:6f:70:80:fc:e6:c2:b9:
         d7:30:20:4a:85:c2:d5:2b:01:0b:8e:cc:7c:f3:52:23:73:97:
         c0:f0:32:81
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQoJVFXUd6+FWseVCQ1ZX/XMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkMTA4YzIyNWYyNDc4Y2Q0MjMwMTc5ODkwZDA3Mjg0YmUx
NjM2Y2QwHhcNMjUwMTAyMTc1MjAxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4Y2QzNDEyYjA1MzY5ODA4Y2I0MzVjMzczYTRmNzk2OTM0MzFjOGZjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnv8q7m3pj6NwTMoLFxZJ4wyH3ysQ
TQuCSTRxYeb0mHiJFuEUj2EivVTmQI+mJn/hMiDl31bTtEQUolWmz1p+ImRyvXmw
aaR7WG3pzQ+82HSHyJExRn0q1RN1ItcNI0gSsfn6LJqT8wr1wuFoNX7xUC8Ie2E3
SdpLwI9OIylmzIiYB42HPAMe6dkZBMoB1rRiDCDzZl3Ta+FL6dKfQ5q5W05fyWXe
mK5PqdxoBKTOl+eUlXd7QDfWGA/ZcicX73lzpm27H1R7xk0ttsPuDZdGfJG1dgzD
LULPjwywZn8B/ZBtvfxjH1Plk/pq8qt9KpRGTV8ezBHH4WAPwsIzG0t5JQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIzTQSsFNpgIy0NcNzpPeWk0Mcj8MB8GA1UdIwQY
MBaAFM0QjCJfJHjNQjAXmJDQcoS+FjbNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvelJDTUlsOGtlTTFDTUJlWWtOQnloTDRXTnMwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNy8zNDhjZTUtY2EyMC00ODQ4LTg4NDQt
YWU1MDI3MzY4MWE3LzEvak5OQkt3VTJtQWpMUTF3M09rOTVhVFF4eVB3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNy8zNDhjZTUtY2EyMC00ODQ4LTg4NDQtYWU1MDI3MzY4MWE3
LzEvelJDTUlsOGtlTTFDTUJlWWtOQnloTDRXTnMwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwn7jMA0G
CSqGSIb3DQEBCwUAA4IBAQBZLk2JRIZYdRjGZX6a9MKM0kZiONl8i81YHs2piLXv
qtaHA1GBNFK8TlIGzyaLhbunXw0nk0Z/lofMjossamYQ7Fy1supLQwSGpQ21BlBj
RgndUpG5suCVATV60ormvgQETsjqDHg1D6r+3ElShV1NJ/7rvhEQGZkR1jG42Z5k
8w7wOPgH4Gv8ViLrzi/3UJHaVe4oMzj4WOOzTFEoM/kABCokpnFjw+7mbk+ywv4u
cwJEBzlvD86FKZBvlL7Lw118iMFb8syE/4iCwUM2udhmaOaYkLHGO8q3Sm7OPCiq
SkQoTW9wgPzmwrnXMCBKhcLVKwELjsx881Ijc5fA8DKB
-----END CERTIFICATE-----