Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/35/e49ae7-a51a-4764-85c8-a7810e3a1beb/1/1VjQoZc10lerLTuv0g4YHMLtXf4.roa
File:                     1VjQoZc10lerLTuv0g4YHMLtXf4.roa (raw, json)
Hash identifier:          IN8Xed87+TwZ0pVib4LiLY2cu5Cx22VcMoeEWlN76yU=
Subject key identifier:   D5:58:D0:A1:97:35:D2:57:AB:2D:3B:AF:D2:0E:18:1C:C2:ED:5D:FE
Certificate issuer:       /CN=086438e9889389829fa5f51b6a210731082eac22
Certificate serial:       01942669EF8D3A8D772017EECC400E09E7DE
Authority key identifier: 08:64:38:E9:88:93:89:82:9F:A5:F5:1B:6A:21:07:31:08:2E:AC:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CGQ46YiTiYKfpfUbaiEHMQgurCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/35/e49ae7-a51a-4764-85c8-a7810e3a1beb/1/1VjQoZc10lerLTuv0g4YHMLtXf4.roa
Signing time:             Thu 02 Jan 2025 09:47:44 +0000
ROA not before:           Thu 02 Jan 2025 09:47:44 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     16509
IP address blocks:        194.165.37.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/35/e49ae7-a51a-4764-85c8-a7810e3a1beb/1/CGQ46YiTiYKfpfUbaiEHMQgurCI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/35/e49ae7-a51a-4764-85c8-a7810e3a1beb/1/CGQ46YiTiYKfpfUbaiEHMQgurCI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CGQ46YiTiYKfpfUbaiEHMQgurCI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:69:ef:8d:3a:8d:77:20:17:ee:cc:40:0e:09:e7:de
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=086438e9889389829fa5f51b6a210731082eac22
        Validity
            Not Before: Jan  2 09:47:44 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d558d0a19735d257ab2d3bafd20e181cc2ed5dfe
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:df:e1:32:ad:2f:fa:9d:33:46:01:2d:50:d7:a3:
                    42:4d:73:d2:a6:07:be:a8:c4:33:60:7b:02:b7:23:
                    39:da:7d:3e:29:4c:25:05:27:dc:fe:13:97:b1:f7:
                    1e:6c:93:b7:87:d0:fd:32:13:6a:4c:fc:98:82:93:
                    8c:98:57:5c:33:f1:ae:bb:fe:27:59:bc:8a:67:a0:
                    ac:79:95:8b:33:4b:16:06:28:d2:59:64:d9:fa:7d:
                    92:60:ee:7e:40:b0:0a:0a:2b:46:d9:25:cc:1a:96:
                    db:7f:3a:53:b5:36:6e:a8:07:d7:cc:2f:3d:64:b6:
                    12:0d:ba:90:6b:bc:5b:63:97:0f:c9:a1:72:e7:3b:
                    e4:76:3a:2f:fe:ad:09:df:13:ef:77:46:ff:61:68:
                    49:45:da:5e:d6:cb:d0:31:2b:f9:1f:96:40:ee:61:
                    bb:dc:b1:4f:32:0f:82:9c:67:0e:3d:d9:e6:8d:a7:
                    af:19:c0:84:ee:fc:8f:d9:f8:80:63:0e:59:fa:53:
                    61:31:1d:cd:f1:77:87:77:77:bc:06:03:61:7f:22:
                    66:f0:57:5f:5b:69:50:f3:5b:7e:72:2c:c4:ff:22:
                    32:e3:a6:5e:bc:eb:4f:fc:6f:4e:09:6b:94:29:65:
                    71:24:71:54:6b:2f:a6:b7:bb:80:ea:ec:7c:62:31:
                    9e:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D5:58:D0:A1:97:35:D2:57:AB:2D:3B:AF:D2:0E:18:1C:C2:ED:5D:FE
            X509v3 Authority Key Identifier:
                keyid:08:64:38:E9:88:93:89:82:9F:A5:F5:1B:6A:21:07:31:08:2E:AC:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CGQ46YiTiYKfpfUbaiEHMQgurCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/35/e49ae7-a51a-4764-85c8-a7810e3a1beb/1/1VjQoZc10lerLTuv0g4YHMLtXf4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/35/e49ae7-a51a-4764-85c8-a7810e3a1beb/1/CGQ46YiTiYKfpfUbaiEHMQgurCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.165.37.0/24

    Signature Algorithm: sha256WithRSAEncryption
         54:05:76:35:43:14:ec:51:8c:2e:15:a6:28:8e:48:80:e8:de:
         02:51:7b:fa:08:48:1a:69:28:e1:3d:24:ab:f8:a7:f6:a6:2e:
         84:56:bf:af:9a:2d:16:fe:a5:b2:ed:9f:71:aa:58:7d:a9:c1:
         1e:2f:86:3d:7c:1b:24:ac:00:6f:c1:0d:15:c0:d2:69:d3:7c:
         94:77:2f:86:ad:b4:d8:46:2e:b9:72:49:50:b1:8b:c2:1e:8d:
         8a:25:95:5e:31:54:2f:69:17:df:b2:ce:0b:87:0b:fd:ff:1d:
         49:b2:34:45:e2:a4:55:b6:d9:aa:87:6f:44:a7:0d:28:3e:fb:
         38:65:dd:d7:c1:dd:e0:89:ca:2b:25:df:59:c5:5c:0a:c5:52:
         68:79:95:b1:7a:c3:29:9b:25:0f:fc:09:63:05:bd:21:50:ef:
         4e:9c:f8:26:28:db:a2:16:a7:5e:f5:62:18:a2:ea:0a:10:b2:
         30:d7:26:93:48:af:99:de:3c:d9:55:d2:ed:7f:1d:6a:4d:0b:
         a8:4c:16:02:41:2a:0b:c6:79:79:65:c4:9c:0a:24:bb:9d:62:
         44:21:76:96:ba:8e:21:23:5f:fc:c9:86:67:8a:be:3c:ea:6f:
         1a:06:de:42:60:1d:a7:89:43:a2:bb:06:fa:58:63:81:a5:49:
         62:ac:48:72
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQmae+NOo13IBfuzEAOCefeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA4NjQzOGU5ODg5Mzg5ODI5ZmE1ZjUxYjZhMjEwNzMxMDgy
ZWFjMjIwHhcNMjUwMTAyMDk0NzQ0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNTU4ZDBhMTk3MzVkMjU3YWIyZDNiYWZkMjBlMTgxY2MyZWQ1ZGZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3+EyrS/6nTNGAS1Q16NCTXPSpge+
qMQzYHsCtyM52n0+KUwlBSfc/hOXsfcebJO3h9D9MhNqTPyYgpOMmFdcM/Guu/4n
WbyKZ6CseZWLM0sWBijSWWTZ+n2SYO5+QLAKCitG2SXMGpbbfzpTtTZuqAfXzC89
ZLYSDbqQa7xbY5cPyaFy5zvkdjov/q0J3xPvd0b/YWhJRdpe1svQMSv5H5ZA7mG7
3LFPMg+CnGcOPdnmjaevGcCE7vyP2fiAYw5Z+lNhMR3N8XeHd3e8BgNhfyJm8Fdf
W2lQ81t+cizE/yIy46ZevOtP/G9OCWuUKWVxJHFUay+mt7uA6ux8YjGeBQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNVY0KGXNdJXqy07r9IOGBzC7V3+MB8GA1UdIwQY
MBaAFAhkOOmIk4mCn6X1G2ohBzEILqwiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ0dRNDZZaVRpWUtmcGZVYmFpRUhNUWd1ckNJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNS9lNDlhZTctYTUxYS00NzY0LTg1Yzgt
YTc4MTBlM2ExYmViLzEvMVZqUW9aYzEwbGVyTFR1djBnNFlITUx0WGY0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNS9lNDlhZTctYTUxYS00NzY0LTg1YzgtYTc4MTBlM2ExYmVi
LzEvQ0dRNDZZaVRpWUtmcGZVYmFpRUhNUWd1ckNJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwqUlMA0G
CSqGSIb3DQEBCwUAA4IBAQBUBXY1QxTsUYwuFaYojkiA6N4CUXv6CEgaaSjhPSSr
+Kf2pi6EVr+vmi0W/qWy7Z9xqlh9qcEeL4Y9fBskrABvwQ0VwNJp03yUdy+GrbTY
Ri65cklQsYvCHo2KJZVeMVQvaRffss4Lhwv9/x1JsjRF4qRVttmqh29Epw0oPvs4
Zd3Xwd3gicorJd9ZxVwKxVJoeZWxesMpmyUP/AljBb0hUO9OnPgmKNuiFqde9WIY
ouoKELIw1yaTSK+Z3jzZVdLtfx1qTQuoTBYCQSoLxnl5ZcScCiS7nWJEIXaWuo4h
I1/8yYZnir486m8aBt5CYB2niUOiuwb6WGOBpUlirEhy
-----END CERTIFICATE-----