Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c0/e92c49-bd4a-4e8d-bbf6-4e223917b860/1/0egOCEDjjfjwdPmizCh3Cu6NbrQ.roa
File:                     0egOCEDjjfjwdPmizCh3Cu6NbrQ.roa (raw, json)
Hash identifier:          RjxfFq3fmsFbepGKowirBDzmyu+RZ3fSC5NUINYgMYU=
Subject key identifier:   D1:E8:0E:08:40:E3:8D:F8:F0:74:F9:A2:CC:28:77:0A:EE:8D:6E:B4
Certificate issuer:       /CN=2719412918a6627f99cce55c7aca139057b8574e
Certificate serial:       019423D71E12D2977F847B756CC4D0187E59
Authority key identifier: 27:19:41:29:18:A6:62:7F:99:CC:E5:5C:7A:CA:13:90:57:B8:57:4E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JxlBKRimYn-ZzOVcesoTkFe4V04.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c0/e92c49-bd4a-4e8d-bbf6-4e223917b860/1/0egOCEDjjfjwdPmizCh3Cu6NbrQ.roa
Signing time:             Wed 01 Jan 2025 21:48:08 +0000
ROA not before:           Wed 01 Jan 2025 21:48:08 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     140885
IP address blocks:        194.50.5.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c0/e92c49-bd4a-4e8d-bbf6-4e223917b860/1/JxlBKRimYn-ZzOVcesoTkFe4V04.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c0/e92c49-bd4a-4e8d-bbf6-4e223917b860/1/JxlBKRimYn-ZzOVcesoTkFe4V04.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JxlBKRimYn-ZzOVcesoTkFe4V04.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 05:01:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:d7:1e:12:d2:97:7f:84:7b:75:6c:c4:d0:18:7e:59
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2719412918a6627f99cce55c7aca139057b8574e
        Validity
            Not Before: Jan  1 21:48:08 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d1e80e0840e38df8f074f9a2cc28770aee8d6eb4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:be:df:53:21:03:cb:b6:d9:ee:a0:2c:ab:a7:
                    23:a1:31:0a:50:f1:5c:c5:2a:d5:05:ef:57:55:89:
                    4c:a3:42:6d:a2:95:12:b8:3b:de:6c:29:07:0d:e8:
                    6b:53:bf:9e:bf:82:5c:e5:24:29:3c:16:3f:76:50:
                    d0:e9:0f:17:41:1f:78:df:9c:17:86:f8:79:e7:21:
                    eb:ff:b0:18:4a:6f:43:3c:6d:09:03:72:ab:eb:06:
                    51:a4:94:a8:9f:9d:36:87:1b:5d:dd:a2:bc:4f:8f:
                    9e:a6:83:29:d6:36:35:d7:31:0a:59:1f:ab:12:a2:
                    63:b9:df:b6:3d:3e:df:88:e5:0e:f7:f7:51:6e:f4:
                    b3:e1:58:38:8c:dc:d6:a3:ed:ef:82:f5:3b:a3:91:
                    28:91:94:8e:7a:6e:3a:c9:10:1f:8e:76:87:29:cd:
                    b0:b7:75:5c:48:70:6b:a5:5d:30:f5:b2:7a:41:bc:
                    cf:f6:19:10:2d:44:67:36:c7:c2:c0:15:e7:78:69:
                    de:06:cd:53:f2:d5:a1:c3:dc:2e:c4:f4:ce:53:fb:
                    a9:2a:68:54:f5:f4:3f:ef:1a:65:ec:bb:c4:d9:42:
                    8e:4b:1a:7c:02:58:02:30:bc:7f:b5:cd:b4:22:97:
                    0d:90:aa:26:3c:8d:3a:7b:ff:13:69:68:f6:1c:6d:
                    b9:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D1:E8:0E:08:40:E3:8D:F8:F0:74:F9:A2:CC:28:77:0A:EE:8D:6E:B4
            X509v3 Authority Key Identifier:
                keyid:27:19:41:29:18:A6:62:7F:99:CC:E5:5C:7A:CA:13:90:57:B8:57:4E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JxlBKRimYn-ZzOVcesoTkFe4V04.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/e92c49-bd4a-4e8d-bbf6-4e223917b860/1/0egOCEDjjfjwdPmizCh3Cu6NbrQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/e92c49-bd4a-4e8d-bbf6-4e223917b860/1/JxlBKRimYn-ZzOVcesoTkFe4V04.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.50.5.0/24

    Signature Algorithm: sha256WithRSAEncryption
         74:29:05:96:10:ec:70:5a:33:f4:fa:0c:17:75:df:b0:ed:5d:
         20:f1:e5:79:23:e4:2c:ee:89:3d:c4:d9:41:c8:ae:d2:68:95:
         af:df:9a:4a:ce:7a:c3:81:65:40:5e:73:af:d7:32:1b:2f:4a:
         30:db:d1:03:99:06:07:ce:cb:a8:ab:fb:19:4e:54:c7:76:77:
         3f:5f:42:4e:13:af:5c:8d:65:93:36:c2:40:42:f6:b4:ef:3c:
         b2:aa:8c:7a:64:67:a0:cf:5a:7d:0d:fd:18:fb:02:a6:22:fe:
         c7:ef:28:1a:b6:2e:e0:46:2c:42:67:9a:bc:1d:e4:5c:bd:99:
         18:06:50:34:15:ad:e9:5c:76:fe:2f:26:7b:88:a0:92:55:86:
         8b:da:04:04:4c:38:d7:bb:5f:d7:4f:e6:ea:85:ad:03:c1:ef:
         05:9c:e8:b0:46:b9:05:55:dc:8a:ad:37:2d:0d:ac:39:dd:52:
         d2:d9:2a:79:d8:a3:cc:5c:a9:18:7f:c0:b6:0e:68:8b:15:1f:
         0c:6b:97:ff:8c:1c:06:2d:f1:f0:d8:7f:6b:c1:ae:42:c5:e5:
         2c:a0:56:e1:df:3b:d0:bf:05:6b:ec:fe:26:ed:c5:6c:85:5b:
         1a:68:f8:be:80:e3:3f:6a:94:68:83:8a:7c:1c:8d:31:7c:2d:
         c2:80:ae:70
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQj1x4S0pd/hHt1bMTQGH5ZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI3MTk0MTI5MThhNjYyN2Y5OWNjZTU1YzdhY2ExMzkwNTdi
ODU3NGUwHhcNMjUwMTAxMjE0ODA4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMWU4MGUwODQwZTM4ZGY4ZjA3NGY5YTJjYzI4NzcwYWVlOGQ2ZWI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtb7fUyEDy7bZ7qAsq6cjoTEKUPFc
xSrVBe9XVYlMo0JtopUSuDvebCkHDehrU7+ev4Jc5SQpPBY/dlDQ6Q8XQR9435wX
hvh55yHr/7AYSm9DPG0JA3Kr6wZRpJSon502hxtd3aK8T4+epoMp1jY11zEKWR+r
EqJjud+2PT7fiOUO9/dRbvSz4Vg4jNzWo+3vgvU7o5EokZSOem46yRAfjnaHKc2w
t3VcSHBrpV0w9bJ6QbzP9hkQLURnNsfCwBXneGneBs1T8tWhw9wuxPTOU/upKmhU
9fQ/7xpl7LvE2UKOSxp8AlgCMLx/tc20IpcNkKomPI06e/8TaWj2HG25uQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNHoDghA44348HT5oswodwrujW60MB8GA1UdIwQY
MBaAFCcZQSkYpmJ/mczlXHrKE5BXuFdOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSnhsQktSaW1Zbi1aek9WY2Vzb1RrRmU0VjA0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMC9lOTJjNDktYmQ0YS00ZThkLWJiZjYt
NGUyMjM5MTdiODYwLzEvMGVnT0NFRGpqZmp3ZFBtaXpDaDNDdTZOYnJRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMC9lOTJjNDktYmQ0YS00ZThkLWJiZjYtNGUyMjM5MTdiODYw
LzEvSnhsQktSaW1Zbi1aek9WY2Vzb1RrRmU0VjA0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwjIFMA0G
CSqGSIb3DQEBCwUAA4IBAQB0KQWWEOxwWjP0+gwXdd+w7V0g8eV5I+Qs7ok9xNlB
yK7SaJWv35pKznrDgWVAXnOv1zIbL0ow29EDmQYHzsuoq/sZTlTHdnc/X0JOE69c
jWWTNsJAQva07zyyqox6ZGegz1p9Df0Y+wKmIv7H7ygati7gRixCZ5q8HeRcvZkY
BlA0Fa3pXHb+LyZ7iKCSVYaL2gQETDjXu1/XT+bqha0Dwe8FnOiwRrkFVdyKrTct
Daw53VLS2Sp52KPMXKkYf8C2DmiLFR8Ma5f/jBwGLfHw2H9rwa5CxeUsoFbh3zvQ
vwVr7P4m7cVshVsaaPi+gOM/apRog4p8HI0xfC3CgK5w
-----END CERTIFICATE-----