Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/94/db7b8f-3743-4470-a9b5-5a54169c1b5e/1/b98tIeNuwYS2XlZhqO3_1p2iGyM.roa
File:                     b98tIeNuwYS2XlZhqO3_1p2iGyM.roa (raw, json)
Hash identifier:          KEycjnHhvF/hQmL5nDtRKOEAJMQLEc4nzVMPySVKhnE=
Subject key identifier:   6F:DF:2D:21:E3:6E:C1:84:B6:5E:56:61:A8:ED:FF:D6:9D:A2:1B:23
Certificate issuer:       /CN=dff1113bfc892d1df49a166047cb8c2aaeca768e
Certificate serial:       01942521DC453B05183AB582F0EBBEF3289A
Authority key identifier: DF:F1:11:3B:FC:89:2D:1D:F4:9A:16:60:47:CB:8C:2A:AE:CA:76:8E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3_ERO_yJLR30mhZgR8uMKq7Kdo4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/94/db7b8f-3743-4470-a9b5-5a54169c1b5e/1/b98tIeNuwYS2XlZhqO3_1p2iGyM.roa
Signing time:             Thu 02 Jan 2025 03:49:23 +0000
ROA not before:           Thu 02 Jan 2025 03:49:23 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     49522
IP address blocks:        194.165.55.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/94/db7b8f-3743-4470-a9b5-5a54169c1b5e/1/3_ERO_yJLR30mhZgR8uMKq7Kdo4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/94/db7b8f-3743-4470-a9b5-5a54169c1b5e/1/3_ERO_yJLR30mhZgR8uMKq7Kdo4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3_ERO_yJLR30mhZgR8uMKq7Kdo4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 22 Apr 2025 15:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:21:dc:45:3b:05:18:3a:b5:82:f0:eb:be:f3:28:9a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dff1113bfc892d1df49a166047cb8c2aaeca768e
        Validity
            Not Before: Jan  2 03:49:23 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6fdf2d21e36ec184b65e5661a8edffd69da21b23
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:17:51:b5:9f:b3:68:94:df:88:e9:c1:f7:e1:
                    3a:ca:c4:55:df:c7:c7:20:fa:24:e0:d0:9c:63:a1:
                    6a:4d:14:28:a1:f2:9b:03:98:a7:52:ba:c8:ab:aa:
                    a1:9b:53:e1:d3:ac:22:09:76:27:63:f1:fc:f4:92:
                    ba:6b:12:20:a3:cd:aa:80:9b:0c:44:2c:35:fd:33:
                    ee:70:09:f4:6a:db:1c:c9:35:ce:ef:a1:d2:d1:4f:
                    9d:81:0d:c6:7a:24:93:58:ea:27:45:f2:47:64:f9:
                    17:b5:35:b7:82:7c:f5:6a:7f:e2:f6:0f:19:7a:0d:
                    61:bc:1e:8e:81:64:1e:78:64:f1:86:31:38:61:b6:
                    0c:a1:18:c0:1b:d1:dd:3d:f6:fe:1a:2b:6d:54:32:
                    cf:c9:bd:42:60:51:5f:3e:23:16:33:6a:cc:5d:5a:
                    ec:35:d7:7e:3c:49:8e:73:40:84:d9:3c:f1:e5:91:
                    0a:43:f5:82:d5:7e:b8:3d:66:b5:ab:a9:a3:f6:60:
                    2e:47:fb:16:0a:7f:9c:23:4e:d8:eb:df:c5:39:67:
                    2b:76:1b:79:86:a3:68:38:86:8d:de:81:06:76:c7:
                    15:4e:51:5e:16:94:22:3f:32:88:b2:dc:cf:06:42:
                    61:77:59:d1:8d:fd:ec:d3:49:86:69:94:64:7c:f9:
                    ee:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6F:DF:2D:21:E3:6E:C1:84:B6:5E:56:61:A8:ED:FF:D6:9D:A2:1B:23
            X509v3 Authority Key Identifier:
                keyid:DF:F1:11:3B:FC:89:2D:1D:F4:9A:16:60:47:CB:8C:2A:AE:CA:76:8E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3_ERO_yJLR30mhZgR8uMKq7Kdo4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/94/db7b8f-3743-4470-a9b5-5a54169c1b5e/1/b98tIeNuwYS2XlZhqO3_1p2iGyM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/94/db7b8f-3743-4470-a9b5-5a54169c1b5e/1/3_ERO_yJLR30mhZgR8uMKq7Kdo4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.165.55.0/24

    Signature Algorithm: sha256WithRSAEncryption
         63:46:cf:cf:96:61:6b:c2:e4:b9:b8:54:af:bb:9a:ce:20:6a:
         96:78:d8:18:3e:66:9e:c5:a1:63:0b:d7:fa:fe:34:4a:3a:80:
         31:79:3c:23:3c:62:b3:57:41:65:0b:db:8a:61:f7:8b:79:e5:
         a2:c8:c2:14:25:81:07:e4:76:14:32:bb:30:09:f8:b1:74:d8:
         6a:5a:0a:5c:4a:f0:7a:e1:4b:47:91:58:c7:ac:24:69:4a:bf:
         47:44:38:04:d0:76:f7:74:2c:83:41:55:52:6d:ba:15:a5:9a:
         e1:d2:22:14:fa:25:66:22:e8:e6:b3:66:57:0f:7f:73:6b:89:
         a7:a2:dc:9c:50:30:c4:30:16:21:96:82:3c:7b:fd:a9:4f:63:
         0e:19:a8:6b:02:3a:46:d5:f2:21:4a:cd:ca:07:2c:2b:b4:bb:
         80:1f:20:ed:b1:2c:7b:bb:02:87:6e:a7:16:90:55:44:e1:8a:
         c6:93:03:cb:a2:d8:aa:e9:45:85:de:e0:44:26:1c:86:b5:db:
         79:a7:ae:b8:e3:a1:b0:40:8b:83:99:e8:6e:9b:93:c4:0b:5b:
         60:86:38:39:89:b8:d5:41:d9:b1:21:c8:ea:2d:88:b3:fb:69:
         6e:04:67:d4:ec:be:e2:32:7f:30:01:fc:bf:f5:fa:15:e9:69:
         38:ef:14:65
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQlIdxFOwUYOrWC8Ou+8yiaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRmZjExMTNiZmM4OTJkMWRmNDlhMTY2MDQ3Y2I4YzJhYWVj
YTc2OGUwHhcNMjUwMTAyMDM0OTIzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZmRmMmQyMWUzNmVjMTg0YjY1ZTU2NjFhOGVkZmZkNjlkYTIxYjIzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxBdRtZ+zaJTfiOnB9+E6ysRV38fH
IPok4NCcY6FqTRQoofKbA5inUrrIq6qhm1Ph06wiCXYnY/H89JK6axIgo82qgJsM
RCw1/TPucAn0atscyTXO76HS0U+dgQ3GeiSTWOonRfJHZPkXtTW3gnz1an/i9g8Z
eg1hvB6OgWQeeGTxhjE4YbYMoRjAG9HdPfb+GittVDLPyb1CYFFfPiMWM2rMXVrs
Ndd+PEmOc0CE2Tzx5ZEKQ/WC1X64PWa1q6mj9mAuR/sWCn+cI07Y69/FOWcrdht5
hqNoOIaN3oEGdscVTlFeFpQiPzKIstzPBkJhd1nRjf3s00mGaZRkfPnuOQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFG/fLSHjbsGEtl5WYajt/9adohsjMB8GA1UdIwQY
MBaAFN/xETv8iS0d9JoWYEfLjCquynaOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM19FUk9feUpMUjMwbWhaZ1I4dU1LcTdLZG80LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85NC9kYjdiOGYtMzc0My00NDcwLWE5YjUt
NWE1NDE2OWMxYjVlLzEvYjk4dEllTnV3WVMyWGxaaHFPM18xcDJpR3lNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85NC9kYjdiOGYtMzc0My00NDcwLWE5YjUtNWE1NDE2OWMxYjVl
LzEvM19FUk9feUpMUjMwbWhaZ1I4dU1LcTdLZG80LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwqU3MA0G
CSqGSIb3DQEBCwUAA4IBAQBjRs/PlmFrwuS5uFSvu5rOIGqWeNgYPmaexaFjC9f6
/jRKOoAxeTwjPGKzV0FlC9uKYfeLeeWiyMIUJYEH5HYUMrswCfixdNhqWgpcSvB6
4UtHkVjHrCRpSr9HRDgE0Hb3dCyDQVVSbboVpZrh0iIU+iVmIujms2ZXD39za4mn
otycUDDEMBYhloI8e/2pT2MOGahrAjpG1fIhSs3KBywrtLuAHyDtsSx7uwKHbqcW
kFVE4YrGkwPLotiq6UWF3uBEJhyGtdt5p66446GwQIuDmehum5PEC1tghjg5ibjV
QdmxIcjqLYiz+2luBGfU7L7iMn8wAfy/9foV6Wk47xRl
-----END CERTIFICATE-----