Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/702b28-e158-40c0-8330-24fddc6d147b/1/1-cqQGhXn60MgU2VUeNpjveMW2qk.roa
File:                     1-cqQGhXn60MgU2VUeNpjveMW2qk.roa (raw, json)
Hash identifier:          feFbGoFtjwOyIRFeQAOSoVibJ96/Lb0iYRt2u/rBKMg=
Subject key identifier:   F9:CA:90:1A:15:E7:EB:43:20:53:65:54:78:DA:63:BD:E3:16:DA:A9
Certificate issuer:       /CN=1c7b06bf41300dc4d30f3d0e180c9b95d2bcddff
Certificate serial:       019421442B8EE47AEEE76BA03A4AB62E77F0
Authority key identifier: 1C:7B:06:BF:41:30:0D:C4:D3:0F:3D:0E:18:0C:9B:95:D2:BC:DD:FF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HHsGv0EwDcTTDz0OGAybldK83f8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/702b28-e158-40c0-8330-24fddc6d147b/1/1-cqQGhXn60MgU2VUeNpjveMW2qk.roa
Signing time:             Wed 01 Jan 2025 09:48:23 +0000
ROA not before:           Wed 01 Jan 2025 09:48:23 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     135158
IP address blocks:        194.49.55.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5a/702b28-e158-40c0-8330-24fddc6d147b/1/HHsGv0EwDcTTDz0OGAybldK83f8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5a/702b28-e158-40c0-8330-24fddc6d147b/1/HHsGv0EwDcTTDz0OGAybldK83f8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HHsGv0EwDcTTDz0OGAybldK83f8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 09:01:14 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:44:2b:8e:e4:7a:ee:e7:6b:a0:3a:4a:b6:2e:77:f0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1c7b06bf41300dc4d30f3d0e180c9b95d2bcddff
        Validity
            Not Before: Jan  1 09:48:23 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f9ca901a15e7eb432053655478da63bde316daa9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e4:cd:dc:a6:b4:c2:09:bd:49:3f:c1:09:9c:bc:
                    51:f1:fe:70:67:e9:db:fc:9c:75:bc:f6:1e:fd:fb:
                    8d:0e:6b:70:b9:4c:46:e5:82:a6:dd:16:dd:a5:d3:
                    cf:32:34:6b:c1:8f:2a:78:e8:05:f5:7f:7e:9b:8f:
                    89:40:1d:6a:74:77:59:00:b0:e6:bb:9c:b2:76:cd:
                    84:cd:44:1d:83:f6:cd:49:af:d7:01:69:dc:46:ab:
                    74:32:00:df:41:6f:47:41:41:fe:87:b3:c0:16:20:
                    58:a2:69:b9:6a:5c:13:84:c8:04:bb:60:55:e3:e8:
                    40:11:ff:ac:98:4f:61:00:84:47:f3:d8:1a:b1:6f:
                    72:e0:68:5b:ed:b7:31:18:6d:be:db:55:08:86:3f:
                    d8:46:91:cc:ba:ee:25:aa:9c:16:12:ed:f8:8a:72:
                    68:ee:47:e3:ef:5c:c4:50:1c:d9:36:96:62:bd:89:
                    1c:55:94:6f:64:13:33:a2:bc:06:c0:0a:df:33:82:
                    81:18:1a:ae:c3:29:08:3d:b4:61:27:ff:b0:cd:98:
                    ef:7e:88:4b:3d:7c:22:14:b4:70:df:93:4a:6d:a4:
                    78:cf:6a:84:0d:33:bf:bf:70:05:70:b9:b2:f5:9f:
                    de:47:d8:5d:e8:d3:76:6a:e3:7c:cb:51:50:7c:67:
                    68:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F9:CA:90:1A:15:E7:EB:43:20:53:65:54:78:DA:63:BD:E3:16:DA:A9
            X509v3 Authority Key Identifier:
                keyid:1C:7B:06:BF:41:30:0D:C4:D3:0F:3D:0E:18:0C:9B:95:D2:BC:DD:FF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HHsGv0EwDcTTDz0OGAybldK83f8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/702b28-e158-40c0-8330-24fddc6d147b/1/1-cqQGhXn60MgU2VUeNpjveMW2qk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/702b28-e158-40c0-8330-24fddc6d147b/1/HHsGv0EwDcTTDz0OGAybldK83f8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.49.55.0/24

    Signature Algorithm: sha256WithRSAEncryption
         49:cd:ac:3b:b8:79:ed:5b:20:35:2d:33:ea:5d:d1:7d:ea:14:
         21:e5:b1:50:fb:35:2f:54:b6:3c:52:90:88:76:4f:38:aa:ce:
         cc:fa:c7:00:93:1d:81:85:01:0a:5f:83:c5:7e:24:46:d2:19:
         3f:a3:17:19:d3:8b:c8:c0:64:ae:78:c9:67:39:65:a1:ca:c2:
         16:24:2d:8e:ba:cd:43:d5:95:cc:0a:cc:bb:49:4c:83:36:8f:
         13:10:a0:aa:04:a0:ec:ce:da:68:d2:c0:e0:4b:45:fc:c2:4a:
         be:97:4b:8e:60:9f:38:1b:2d:67:dd:71:ec:dd:10:b8:0c:cf:
         8b:52:4a:25:65:66:81:85:1d:7c:3e:fe:9a:43:67:9e:31:33:
         1e:59:61:f5:d4:3d:c6:cc:80:57:7f:39:5b:59:ec:a2:4f:26:
         86:9a:1e:1d:20:35:33:91:21:f9:7f:5e:31:b2:c9:f1:84:2c:
         ad:2d:1b:04:51:03:33:3b:7f:85:58:aa:a0:2a:48:cb:9d:11:
         96:5f:d5:8b:5c:5d:1a:b6:32:b6:b3:7f:4f:f7:e9:aa:62:bc:
         a0:9f:35:4e:62:a2:18:cb:90:cf:99:d8:d6:cb:a1:b4:35:26:
         2c:79:67:17:c9:80:d1:59:ee:a9:e9:55:30:07:4e:a8:84:ca:
         76:8f:11:31
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZQhRCuO5Hru52ugOkq2LnfwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjN2IwNmJmNDEzMDBkYzRkMzBmM2QwZTE4MGM5Yjk1ZDJi
Y2RkZmYwHhcNMjUwMTAxMDk0ODIzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmOWNhOTAxYTE1ZTdlYjQzMjA1MzY1NTQ3OGRhNjNiZGUzMTZkYWE5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5M3cprTCCb1JP8EJnLxR8f5wZ+nb
/Jx1vPYe/fuNDmtwuUxG5YKm3RbdpdPPMjRrwY8qeOgF9X9+m4+JQB1qdHdZALDm
u5yyds2EzUQdg/bNSa/XAWncRqt0MgDfQW9HQUH+h7PAFiBYomm5alwThMgEu2BV
4+hAEf+smE9hAIRH89gasW9y4Ghb7bcxGG2+21UIhj/YRpHMuu4lqpwWEu34inJo
7kfj71zEUBzZNpZivYkcVZRvZBMzorwGwArfM4KBGBquwykIPbRhJ/+wzZjvfohL
PXwiFLRw35NKbaR4z2qEDTO/v3AFcLmy9Z/eR9hd6NN2auN8y1FQfGdodQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFPnKkBoV5+tDIFNlVHjaY73jFtqpMB8GA1UdIwQY
MBaAFBx7Br9BMA3E0w89DhgMm5XSvN3/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEhzR3YwRXdEY1RURHowT0dBeWJsZEs4M2Y4LmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS83MDJiMjgtZTE1OC00MGMwLTgzMzAt
MjRmZGRjNmQxNDdiLzEvMS1jcVFHaFhuNjBNZ1UyVlVlTnBqdmVNVzJxay5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNWEvNzAyYjI4LWUxNTgtNDBjMC04MzMwLTI0ZmRkYzZkMTQ3
Yi8xL0hIc0d2MEV3RGNUVER6ME9HQXlibGRLODNmOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAMIxNzAN
BgkqhkiG9w0BAQsFAAOCAQEASc2sO7h57VsgNS0z6l3RfeoUIeWxUPs1L1S2PFKQ
iHZPOKrOzPrHAJMdgYUBCl+DxX4kRtIZP6MXGdOLyMBkrnjJZzllocrCFiQtjrrN
Q9WVzArMu0lMgzaPExCgqgSg7M7aaNLA4EtF/MJKvpdLjmCfOBstZ91x7N0QuAzP
i1JKJWVmgYUdfD7+mkNnnjEzHllh9dQ9xsyAV385W1nsok8mhpoeHSA1M5Eh+X9e
MbLJ8YQsrS0bBFEDMzt/hViqoCpIy50Rll/Vi1xdGrYytrN/T/fpqmK8oJ81TmKi
GMuQz5nY1suhtDUmLHlnF8mA0VnuqelVMAdOqITKdo8RMQ==
-----END CERTIFICATE-----