Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ef/498a6b-8512-493b-86c3-40f8a8cd1bdd/1/xd9VA_78P1dLBFhm7sOrW_QXFZU.roa
File:                     xd9VA_78P1dLBFhm7sOrW_QXFZU.roa (raw, json)
Hash identifier:          QyqCAQo5qDHygqeA0Lpsx+fr8JK0CEsNpPX8qkqt2z0=
Subject key identifier:   C5:DF:55:03:FE:FC:3F:57:4B:04:58:66:EE:C3:AB:5B:F4:17:15:95
Certificate issuer:       /CN=8ed98c0570afe9f1aaebd0d9ea2fc28c1dfd9889
Certificate serial:       0194221FFFBF60912ADAA08B6130956FEC22
Authority key identifier: 8E:D9:8C:05:70:AF:E9:F1:AA:EB:D0:D9:EA:2F:C2:8C:1D:FD:98:89
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jtmMBXCv6fGq69DZ6i_CjB39mIk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ef/498a6b-8512-493b-86c3-40f8a8cd1bdd/1/xd9VA_78P1dLBFhm7sOrW_QXFZU.roa
Signing time:             Wed 01 Jan 2025 13:48:29 +0000
ROA not before:           Wed 01 Jan 2025 13:48:29 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     211028
IP address blocks:        194.39.108.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ef/498a6b-8512-493b-86c3-40f8a8cd1bdd/1/jtmMBXCv6fGq69DZ6i_CjB39mIk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ef/498a6b-8512-493b-86c3-40f8a8cd1bdd/1/jtmMBXCv6fGq69DZ6i_CjB39mIk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jtmMBXCv6fGq69DZ6i_CjB39mIk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 22:01:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:1f:ff:bf:60:91:2a:da:a0:8b:61:30:95:6f:ec:22
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8ed98c0570afe9f1aaebd0d9ea2fc28c1dfd9889
        Validity
            Not Before: Jan  1 13:48:29 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c5df5503fefc3f574b045866eec3ab5bf4171595
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:27:b4:a6:7d:d0:ab:34:aa:87:8b:f7:31:74:
                    92:db:21:6e:ac:b8:27:e2:2e:57:31:dd:e3:cf:18:
                    af:0b:7e:d3:fc:98:bc:f8:aa:8e:14:a3:5b:f0:27:
                    ba:d9:19:90:14:73:21:7a:f8:5a:5e:c8:07:8f:b7:
                    b2:0b:20:08:52:10:cb:3e:78:8a:8b:a5:7b:c8:b1:
                    5a:94:dc:48:05:3e:20:e7:df:96:60:4f:bb:90:bc:
                    9c:cc:fe:7f:b3:5d:5f:9a:15:f6:2b:63:fb:7e:1e:
                    0a:59:76:c0:d7:5b:2c:88:4c:09:c3:55:a5:40:ed:
                    53:39:40:b5:3c:22:9f:71:26:f5:96:49:b3:1d:d9:
                    fc:9c:75:57:41:32:70:32:c0:89:4d:2a:eb:4b:92:
                    fe:98:5f:d0:b7:a5:5a:14:0f:cf:1f:d0:88:02:16:
                    ff:04:b2:a8:48:15:ab:83:08:e4:e2:89:83:0c:c0:
                    33:4b:80:7f:7e:18:37:69:22:a2:75:96:03:fb:2d:
                    ec:12:5e:76:0f:20:07:e3:21:21:9a:8d:6a:07:df:
                    e7:a3:32:dd:75:4e:d2:2d:54:2f:2e:72:6c:40:c6:
                    ec:98:91:ea:dc:d0:36:fb:4d:8c:bc:05:4b:b3:3c:
                    97:3f:56:bd:e4:e7:aa:88:fd:dc:81:e8:2a:38:09:
                    0d:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C5:DF:55:03:FE:FC:3F:57:4B:04:58:66:EE:C3:AB:5B:F4:17:15:95
            X509v3 Authority Key Identifier:
                keyid:8E:D9:8C:05:70:AF:E9:F1:AA:EB:D0:D9:EA:2F:C2:8C:1D:FD:98:89

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jtmMBXCv6fGq69DZ6i_CjB39mIk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ef/498a6b-8512-493b-86c3-40f8a8cd1bdd/1/xd9VA_78P1dLBFhm7sOrW_QXFZU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ef/498a6b-8512-493b-86c3-40f8a8cd1bdd/1/jtmMBXCv6fGq69DZ6i_CjB39mIk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.39.108.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5b:80:7f:0b:3f:84:b0:74:7c:47:c0:11:8b:98:3d:29:de:4d:
         fb:7d:a3:17:53:3c:fb:ad:61:ff:c4:db:82:75:d4:8c:3e:ca:
         90:16:c7:9f:c4:45:a7:11:42:54:32:33:fe:86:af:65:6b:5a:
         0a:1b:fb:dc:6a:8b:64:72:fc:ca:61:68:e0:1c:55:20:ef:19:
         4e:ff:26:63:a4:2c:56:69:de:d4:7d:f5:b1:21:55:95:7e:6f:
         4e:d7:89:ea:87:13:31:32:d3:90:2c:16:4a:01:f5:48:5f:fe:
         5a:8b:90:30:c8:53:c0:ce:7b:48:df:b8:bb:60:73:46:cc:1d:
         cd:4f:e4:71:5e:cb:08:bf:ff:ab:4c:da:dd:af:ec:c9:7b:34:
         af:d4:d2:5d:01:73:6b:5a:59:2a:47:d9:6c:2a:d7:26:27:7a:
         20:88:b3:b8:0c:2c:75:f0:1b:7f:e4:ad:af:69:35:dc:43:9e:
         b3:db:09:0a:56:49:0b:6f:bd:e4:a6:3f:2a:c1:4b:42:fd:c8:
         18:13:3a:58:8d:3b:74:e5:50:42:6f:f5:9f:e8:28:19:f8:15:
         46:62:2f:a1:ba:a7:29:27:b2:0a:ea:4e:ac:d2:8e:ea:be:12:
         7e:f0:9b:3e:1e:7b:7f:4c:de:17:95:9a:fe:85:88:18:c4:ed:
         19:0f:6a:58
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQiH/+/YJEq2qCLYTCVb+wiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhlZDk4YzA1NzBhZmU5ZjFhYWViZDBkOWVhMmZjMjhjMWRm
ZDk4ODkwHhcNMjUwMTAxMTM0ODI5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNWRmNTUwM2ZlZmMzZjU3NGIwNDU4NjZlZWMzYWI1YmY0MTcxNTk1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwCe0pn3QqzSqh4v3MXSS2yFurLgn
4i5XMd3jzxivC37T/Ji8+KqOFKNb8Ce62RmQFHMhevhaXsgHj7eyCyAIUhDLPniK
i6V7yLFalNxIBT4g59+WYE+7kLyczP5/s11fmhX2K2P7fh4KWXbA11ssiEwJw1Wl
QO1TOUC1PCKfcSb1lkmzHdn8nHVXQTJwMsCJTSrrS5L+mF/Qt6VaFA/PH9CIAhb/
BLKoSBWrgwjk4omDDMAzS4B/fhg3aSKidZYD+y3sEl52DyAH4yEhmo1qB9/nozLd
dU7SLVQvLnJsQMbsmJHq3NA2+02MvAVLszyXP1a95OeqiP3cgegqOAkN+wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMXfVQP+/D9XSwRYZu7Dq1v0FxWVMB8GA1UdIwQY
MBaAFI7ZjAVwr+nxquvQ2eovwowd/ZiJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvanRtTUJYQ3Y2ZkdxNjlEWjZpX0NqQjM5bUlrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZi80OThhNmItODUxMi00OTNiLTg2YzMt
NDBmOGE4Y2QxYmRkLzEveGQ5VkFfNzhQMWRMQkZobTdzT3JXX1FYRlpVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZi80OThhNmItODUxMi00OTNiLTg2YzMtNDBmOGE4Y2QxYmRk
LzEvanRtTUJYQ3Y2ZkdxNjlEWjZpX0NqQjM5bUlrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwidsMA0G
CSqGSIb3DQEBCwUAA4IBAQBbgH8LP4SwdHxHwBGLmD0p3k37faMXUzz7rWH/xNuC
ddSMPsqQFsefxEWnEUJUMjP+hq9la1oKG/vcaotkcvzKYWjgHFUg7xlO/yZjpCxW
ad7UffWxIVWVfm9O14nqhxMxMtOQLBZKAfVIX/5ai5AwyFPAzntI37i7YHNGzB3N
T+RxXssIv/+rTNrdr+zJezSv1NJdAXNrWlkqR9lsKtcmJ3ogiLO4DCx18Bt/5K2v
aTXcQ56z2wkKVkkLb73kpj8qwUtC/cgYEzpYjTt05VBCb/Wf6CgZ+BVGYi+huqcp
J7IK6k6s0o7qvhJ+8Js+Hnt/TN4XlZr+hYgYxO0ZD2pY
-----END CERTIFICATE-----