Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/82/0ccab6-d837-4c18-82f9-940ae454cb85/1/I1YCEfbbjRZSc_xIUFyDblYriwE.roa
File:                     I1YCEfbbjRZSc_xIUFyDblYriwE.roa (raw, json)
Hash identifier:          eOZKe0lo11jreas9XGaAS+8tYDTXuTVMymwF1+Z+Yug=
Subject key identifier:   23:56:02:11:F6:DB:8D:16:52:73:FC:48:50:5C:83:6E:56:2B:8B:01
Certificate issuer:       /CN=90814dd39dd3925cff88bf34d4307fd6c62165eb
Certificate serial:       0194258F0296E03B0BE4A0CE9A365FD9FEA9
Authority key identifier: 90:81:4D:D3:9D:D3:92:5C:FF:88:BF:34:D4:30:7F:D6:C6:21:65:EB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/kIFN053Tklz_iL801DB_1sYhZes.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/82/0ccab6-d837-4c18-82f9-940ae454cb85/1/I1YCEfbbjRZSc_xIUFyDblYriwE.roa
Signing time:             Thu 02 Jan 2025 05:48:36 +0000
ROA not before:           Thu 02 Jan 2025 05:48:36 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     49558
IP address blocks:        194.242.127.0/24 maxlen: 24
                          195.178.16.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/82/0ccab6-d837-4c18-82f9-940ae454cb85/1/kIFN053Tklz_iL801DB_1sYhZes.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/82/0ccab6-d837-4c18-82f9-940ae454cb85/1/kIFN053Tklz_iL801DB_1sYhZes.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/kIFN053Tklz_iL801DB_1sYhZes.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 07:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:8f:02:96:e0:3b:0b:e4:a0:ce:9a:36:5f:d9:fe:a9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=90814dd39dd3925cff88bf34d4307fd6c62165eb
        Validity
            Not Before: Jan  2 05:48:36 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=23560211f6db8d165273fc48505c836e562b8b01
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:a3:87:7a:d8:22:34:95:4c:4f:ce:dc:34:6d:
                    6a:51:75:f3:5f:e5:17:a9:17:7d:19:35:68:a1:2c:
                    57:93:24:08:e0:04:f4:d9:7a:07:39:de:22:b8:26:
                    17:69:bd:5c:91:ce:ad:f7:07:e1:5e:07:26:d1:61:
                    61:c8:84:84:87:d7:92:0d:8a:11:6f:78:d7:68:01:
                    8a:8a:01:90:5f:3c:27:2a:72:34:93:1a:d2:02:8d:
                    84:a4:e0:9b:eb:10:df:50:a1:8a:31:2d:93:a4:ad:
                    15:21:b9:ac:12:06:70:28:6e:e4:15:b3:0e:38:8b:
                    09:23:4c:b9:24:2c:ca:49:dd:0c:9f:8f:62:43:42:
                    3f:3f:56:af:20:1f:a8:a3:07:df:f8:ef:38:64:65:
                    41:88:10:ae:a1:df:40:44:e0:ac:e9:ed:c3:23:76:
                    aa:44:64:8b:6f:a7:f4:2d:ef:84:bd:3d:ec:69:54:
                    c6:ac:23:2b:52:83:59:12:94:55:fa:cf:ae:96:f6:
                    28:01:62:d1:55:ad:00:c8:67:cf:89:fb:00:3d:c3:
                    ae:6c:d1:7c:88:65:72:21:64:47:0d:ab:4b:79:77:
                    79:ca:82:8a:cf:bb:2c:52:55:64:e5:68:98:09:db:
                    c3:25:2e:8a:75:94:ac:b4:85:6c:26:86:59:06:dd:
                    2d:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                23:56:02:11:F6:DB:8D:16:52:73:FC:48:50:5C:83:6E:56:2B:8B:01
            X509v3 Authority Key Identifier:
                keyid:90:81:4D:D3:9D:D3:92:5C:FF:88:BF:34:D4:30:7F:D6:C6:21:65:EB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/kIFN053Tklz_iL801DB_1sYhZes.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/82/0ccab6-d837-4c18-82f9-940ae454cb85/1/I1YCEfbbjRZSc_xIUFyDblYriwE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/82/0ccab6-d837-4c18-82f9-940ae454cb85/1/kIFN053Tklz_iL801DB_1sYhZes.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.242.127.0/24
                  195.178.16.0/24

    Signature Algorithm: sha256WithRSAEncryption
         cc:8b:15:b0:28:5d:54:cb:72:22:66:44:94:5b:59:b5:68:08:
         56:77:a5:4c:b2:89:ae:6e:68:b2:13:8f:a6:bc:26:91:e3:ff:
         52:9e:29:75:e7:7f:ec:4f:0f:db:c0:1b:6b:57:36:3b:e4:9c:
         20:88:ab:c4:c0:73:49:d4:88:d6:09:68:49:58:e5:e3:61:dc:
         17:24:0a:98:83:14:b5:34:3b:2c:e7:c4:6a:22:b8:4c:69:30:
         04:bd:cb:69:51:c1:e1:b0:7a:5b:33:0d:e7:a2:4a:b9:0d:a0:
         9c:c5:0f:03:95:a3:aa:3a:0c:6e:fe:76:92:a3:99:2f:0d:67:
         a4:67:2b:7d:61:eb:36:a2:24:af:33:29:4d:0f:0e:d1:17:e9:
         37:69:65:de:a5:31:4c:f2:c9:db:24:59:a8:5f:fe:d8:78:2f:
         50:76:b4:3e:ce:8d:d0:7e:fd:81:70:ec:bb:d3:dd:04:1e:c0:
         83:f7:23:2f:3a:ef:66:1f:db:b2:bb:d5:70:0c:ee:0e:13:71:
         16:44:18:56:d4:00:cc:4a:4b:e9:21:b8:6a:5e:2c:69:06:cc:
         41:fd:4f:68:d3:17:6f:dc:bd:90:62:d9:57:d5:39:8d:42:06:
         90:e5:b3:45:3b:4b:e9:a1:b8:8d:a8:2e:0f:01:70:82:9e:5b:
         75:32:a4:89
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQljwKW4DsL5KDOmjZf2f6pMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkwODE0ZGQzOWRkMzkyNWNmZjg4YmYzNGQ0MzA3ZmQ2YzYy
MTY1ZWIwHhcNMjUwMTAyMDU0ODM2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMzU2MDIxMWY2ZGI4ZDE2NTI3M2ZjNDg1MDVjODM2ZTU2MmI4YjAxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtKOHetgiNJVMT87cNG1qUXXzX+UX
qRd9GTVooSxXkyQI4AT02XoHOd4iuCYXab1ckc6t9wfhXgcm0WFhyISEh9eSDYoR
b3jXaAGKigGQXzwnKnI0kxrSAo2EpOCb6xDfUKGKMS2TpK0VIbmsEgZwKG7kFbMO
OIsJI0y5JCzKSd0Mn49iQ0I/P1avIB+oowff+O84ZGVBiBCuod9AROCs6e3DI3aq
RGSLb6f0Le+EvT3saVTGrCMrUoNZEpRV+s+ulvYoAWLRVa0AyGfPifsAPcOubNF8
iGVyIWRHDatLeXd5yoKKz7ssUlVk5WiYCdvDJS6KdZSstIVsJoZZBt0tGQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFCNWAhH2240WUnP8SFBcg25WK4sBMB8GA1UdIwQY
MBaAFJCBTdOd05Jc/4i/NNQwf9bGIWXrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva0lGTjA1M1RrbHpfaUw4MDFEQl8xc1loWmVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Mi8wY2NhYjYtZDgzNy00YzE4LTgyZjkt
OTQwYWU0NTRjYjg1LzEvSTFZQ0VmYmJqUlpTY194SVVGeURibFlyaXdFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Mi8wY2NhYjYtZDgzNy00YzE4LTgyZjktOTQwYWU0NTRjYjg1
LzEva0lGTjA1M1RrbHpfaUw4MDFEQl8xc1loWmVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAwvJ/AwQA
w7IQMA0GCSqGSIb3DQEBCwUAA4IBAQDMixWwKF1Uy3IiZkSUW1m1aAhWd6VMsomu
bmiyE4+mvCaR4/9Snil153/sTw/bwBtrVzY75JwgiKvEwHNJ1IjWCWhJWOXjYdwX
JAqYgxS1NDss58RqIrhMaTAEvctpUcHhsHpbMw3nokq5DaCcxQ8DlaOqOgxu/naS
o5kvDWekZyt9Yes2oiSvMylNDw7RF+k3aWXepTFM8snbJFmoX/7YeC9QdrQ+zo3Q
fv2BcOy7090EHsCD9yMvOu9mH9uyu9VwDO4OE3EWRBhW1ADMSkvpIbhqXixpBsxB
/U9o0xdv3L2QYtlX1TmNQgaQ5bNFO0vpobiNqC4PAXCCnlt1MqSJ
-----END CERTIFICATE-----