Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e8/5a6fda-7896-4c50-affd-30495f403784/1/D96EcvLqQ8mg6gUpgeSUDuWzoII.roa
File:                     D96EcvLqQ8mg6gUpgeSUDuWzoII.roa (raw, json)
Hash identifier:          47dUj7Yx8C1/dz36m92H2I2YJQ2HstfZCg46ryE4YRE=
Subject key identifier:   0F:DE:84:72:F2:EA:43:C9:A0:EA:05:29:81:E4:94:0E:E5:B3:A0:82
Certificate issuer:       /CN=57c670c8db32dd748df797c5c93013d8c91fa839
Certificate serial:       0194228DBD39BD01D87B39995FF99D6A4EB2
Authority key identifier: 57:C6:70:C8:DB:32:DD:74:8D:F7:97:C5:C9:30:13:D8:C9:1F:A8:39
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/V8ZwyNsy3XSN95fFyTAT2MkfqDk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e8/5a6fda-7896-4c50-affd-30495f403784/1/D96EcvLqQ8mg6gUpgeSUDuWzoII.roa
Signing time:             Wed 01 Jan 2025 15:48:21 +0000
ROA not before:           Wed 01 Jan 2025 15:48:21 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     42922
IP address blocks:        94.232.250.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e8/5a6fda-7896-4c50-affd-30495f403784/1/V8ZwyNsy3XSN95fFyTAT2MkfqDk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e8/5a6fda-7896-4c50-affd-30495f403784/1/V8ZwyNsy3XSN95fFyTAT2MkfqDk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/V8ZwyNsy3XSN95fFyTAT2MkfqDk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 14:28:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:8d:bd:39:bd:01:d8:7b:39:99:5f:f9:9d:6a:4e:b2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=57c670c8db32dd748df797c5c93013d8c91fa839
        Validity
            Not Before: Jan  1 15:48:21 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0fde8472f2ea43c9a0ea052981e4940ee5b3a082
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:0c:47:4a:1b:3e:f3:cb:67:69:c1:37:56:2c:
                    93:80:96:eb:ec:ae:3d:8f:9e:96:58:f1:23:63:af:
                    f9:00:ce:61:e3:b7:0c:42:cf:b8:9f:4e:8e:2b:d2:
                    87:4b:75:87:d5:bf:28:58:a5:c5:fb:fe:be:50:fb:
                    80:b3:cb:0b:c1:31:60:d4:88:18:cf:61:a5:b2:cc:
                    9e:71:b2:82:a9:4f:a1:32:af:1d:7e:8a:96:f5:bb:
                    98:26:06:e5:9b:10:4f:59:f7:4b:78:2f:2d:23:2a:
                    47:9a:80:a0:5a:11:d0:40:41:48:61:71:2e:dd:98:
                    a6:42:15:47:4d:76:31:18:3d:22:16:0f:a8:7c:b5:
                    e3:eb:27:94:33:fc:37:9d:2a:2c:d7:78:e0:a0:31:
                    ef:e4:22:f3:b6:ea:8d:03:0b:db:50:8a:d4:61:7c:
                    1d:d7:16:6a:9b:a3:e6:b1:f6:10:29:69:76:c4:0a:
                    36:62:33:13:34:e0:38:52:4b:54:d9:c5:44:41:0e:
                    91:f0:95:9e:1d:5d:a4:a8:f5:e2:d0:0a:17:50:7a:
                    0d:a7:26:d8:65:6e:a1:67:67:dd:df:cc:8d:c2:96:
                    92:76:06:ea:56:5f:ce:e5:90:33:e8:e8:9e:da:39:
                    1c:69:5c:10:0b:8b:19:3a:40:1e:d8:cc:e1:d5:af:
                    93:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0F:DE:84:72:F2:EA:43:C9:A0:EA:05:29:81:E4:94:0E:E5:B3:A0:82
            X509v3 Authority Key Identifier:
                keyid:57:C6:70:C8:DB:32:DD:74:8D:F7:97:C5:C9:30:13:D8:C9:1F:A8:39

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/V8ZwyNsy3XSN95fFyTAT2MkfqDk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e8/5a6fda-7896-4c50-affd-30495f403784/1/D96EcvLqQ8mg6gUpgeSUDuWzoII.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e8/5a6fda-7896-4c50-affd-30495f403784/1/V8ZwyNsy3XSN95fFyTAT2MkfqDk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.232.250.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c2:2d:27:fd:c9:dc:8f:1c:24:61:4e:e1:21:43:24:50:d3:d0:
         88:39:50:70:66:59:55:28:54:7a:cc:2e:53:4c:33:b0:1b:42:
         7c:97:8c:e2:aa:86:18:5e:77:41:78:88:bc:ed:5b:74:24:e7:
         70:35:a0:5f:b4:ce:6d:18:88:ae:03:4a:47:7c:c9:0a:f5:50:
         2a:aa:d1:29:10:f1:bb:92:c3:c1:1a:fd:94:58:47:63:97:14:
         1a:77:05:36:57:46:be:1b:d8:d7:3c:82:0f:53:99:97:d7:6d:
         37:66:8b:c0:dd:5e:03:7d:f8:87:4d:9e:af:a4:c6:0e:b1:8a:
         c0:80:8c:b8:fe:8b:b5:25:8b:4f:71:b4:47:33:c1:b3:66:43:
         9b:2b:46:c6:a4:d6:9d:8b:11:af:87:e5:26:60:66:8d:19:fd:
         68:65:29:e5:ca:e9:2c:4a:03:e7:0c:65:74:6b:f6:c8:77:3a:
         02:f8:ca:ae:58:83:b1:45:f1:05:ec:9c:a5:a3:06:91:2d:20:
         4d:e7:91:c0:d8:7f:53:94:55:76:bb:e2:01:70:fb:e1:5b:3a:
         90:70:81:a5:84:76:2b:16:e2:c0:f7:11:24:cf:ee:4a:97:23:
         b2:01:b1:75:c9:b9:7e:f4:20:03:0e:f2:20:ae:95:be:54:1f:
         27:ec:60:72
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQijb05vQHYezmZX/mdak6yMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU3YzY3MGM4ZGIzMmRkNzQ4ZGY3OTdjNWM5MzAxM2Q4Yzkx
ZmE4MzkwHhcNMjUwMTAxMTU0ODIxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZmRlODQ3MmYyZWE0M2M5YTBlYTA1Mjk4MWU0OTQwZWU1YjNhMDgyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyQxHShs+88tnacE3ViyTgJbr7K49
j56WWPEjY6/5AM5h47cMQs+4n06OK9KHS3WH1b8oWKXF+/6+UPuAs8sLwTFg1IgY
z2GlssyecbKCqU+hMq8dfoqW9buYJgblmxBPWfdLeC8tIypHmoCgWhHQQEFIYXEu
3ZimQhVHTXYxGD0iFg+ofLXj6yeUM/w3nSos13jgoDHv5CLztuqNAwvbUIrUYXwd
1xZqm6PmsfYQKWl2xAo2YjMTNOA4UktU2cVEQQ6R8JWeHV2kqPXi0AoXUHoNpybY
ZW6hZ2fd38yNwpaSdgbqVl/O5ZAz6Oie2jkcaVwQC4sZOkAe2Mzh1a+TEwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFA/ehHLy6kPJoOoFKYHklA7ls6CCMB8GA1UdIwQY
MBaAFFfGcMjbMt10jfeXxckwE9jJH6g5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVjhad3lOc3kzWFNOOTVmRnlUQVQyTWtmcURrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lOC81YTZmZGEtNzg5Ni00YzUwLWFmZmQt
MzA0OTVmNDAzNzg0LzEvRDk2RWN2THFROG1nNmdVcGdlU1VEdVd6b0lJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lOC81YTZmZGEtNzg5Ni00YzUwLWFmZmQtMzA0OTVmNDAzNzg0
LzEvVjhad3lOc3kzWFNOOTVmRnlUQVQyTWtmcURrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXuj6MA0G
CSqGSIb3DQEBCwUAA4IBAQDCLSf9ydyPHCRhTuEhQyRQ09CIOVBwZllVKFR6zC5T
TDOwG0J8l4ziqoYYXndBeIi87Vt0JOdwNaBftM5tGIiuA0pHfMkK9VAqqtEpEPG7
ksPBGv2UWEdjlxQadwU2V0a+G9jXPIIPU5mX1203ZovA3V4DffiHTZ6vpMYOsYrA
gIy4/ou1JYtPcbRHM8GzZkObK0bGpNadixGvh+UmYGaNGf1oZSnlyuksSgPnDGV0
a/bIdzoC+MquWIOxRfEF7JylowaRLSBN55HA2H9TlFV2u+IBcPvhWzqQcIGlhHYr
FuLA9xEkz+5KlyOyAbF1ybl+9CADDvIgrpW+VB8n7GBy
-----END CERTIFICATE-----