Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/04/1994da-fbd0-4333-b419-e56fbe3a512a/1/7UEKjAJ-eKTudJQyuXWgCFktqsA.roa
File:                     7UEKjAJ-eKTudJQyuXWgCFktqsA.roa (raw, json)
Hash identifier:          gaq+lb0RudHl3QvY5UiuCQ4eRNvI0ap5p1xdT8g8a5U=
Subject key identifier:   ED:41:0A:8C:02:7E:78:A4:EE:74:94:32:B9:75:A0:08:59:2D:AA:C0
Certificate issuer:       /CN=ad4955f1cdbde7ed9e69de11dea5c560f60456a9
Certificate serial:       018CC6B8A2AEAD54F12756933677493FE28D
Authority key identifier: AD:49:55:F1:CD:BD:E7:ED:9E:69:DE:11:DE:A5:C5:60:F6:04:56:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/rUlV8c295-2ead4R3qXFYPYEVqk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/04/1994da-fbd0-4333-b419-e56fbe3a512a/1/7UEKjAJ-eKTudJQyuXWgCFktqsA.roa
Signing time:             Mon 01 Jan 2024 20:30:38 +0000
ROA not before:           Mon 01 Jan 2024 20:30:38 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     213122
IP address blocks:        194.49.68.0/24 maxlen: 24
                          194.49.69.0/24 maxlen: 24
                          194.49.78.0/24 maxlen: 24
                          194.49.79.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/04/1994da-fbd0-4333-b419-e56fbe3a512a/1/rUlV8c295-2ead4R3qXFYPYEVqk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/04/1994da-fbd0-4333-b419-e56fbe3a512a/1/rUlV8c295-2ead4R3qXFYPYEVqk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/rUlV8c295-2ead4R3qXFYPYEVqk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 23 May 2024 14:15:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b8:a2:ae:ad:54:f1:27:56:93:36:77:49:3f:e2:8d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ad4955f1cdbde7ed9e69de11dea5c560f60456a9
        Validity
            Not Before: Jan  1 20:30:38 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ed410a8c027e78a4ee749432b975a008592daac0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:e4:32:e5:39:f9:44:9c:43:c8:d5:78:85:1c:
                    f7:cc:86:7d:26:ff:22:63:3b:c2:4c:0b:78:b9:b9:
                    34:02:79:c6:93:98:e4:33:72:73:59:0b:8e:11:aa:
                    ff:3b:f6:fe:66:f2:1c:60:41:38:fb:7c:fe:f7:d4:
                    fd:6d:20:fc:ab:c8:da:5c:29:0f:0a:eb:6a:8e:49:
                    b3:8e:82:eb:15:c0:d7:58:c2:89:64:4a:7d:d2:d4:
                    12:a4:31:42:c6:92:c0:31:9e:89:5a:e5:bd:9a:f3:
                    26:bb:af:f1:8c:4f:10:68:2b:df:f9:e0:40:91:7c:
                    5d:a0:2a:0e:4c:77:9f:26:58:7a:1a:55:b5:fc:f8:
                    25:0e:ba:e7:49:d9:4f:cb:53:cf:d7:75:ee:3e:ba:
                    cc:0e:69:a7:f3:56:4c:14:22:05:d6:81:0c:ff:8e:
                    6e:5d:86:3c:bb:9f:4e:2b:26:57:1c:6d:3c:85:d1:
                    59:df:d2:0f:0d:4c:6e:53:c8:f5:75:8a:61:73:f4:
                    18:06:e4:ec:0c:08:b9:66:f1:af:16:3a:84:6b:28:
                    24:59:a6:db:3f:82:a1:d9:52:af:47:32:e5:55:26:
                    f2:9b:b9:7a:86:11:11:26:07:f8:61:92:e4:ae:28:
                    7c:e3:cc:27:54:1d:37:98:fa:3b:83:10:a2:50:15:
                    e6:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                ED:41:0A:8C:02:7E:78:A4:EE:74:94:32:B9:75:A0:08:59:2D:AA:C0
            X509v3 Authority Key Identifier:
                keyid:AD:49:55:F1:CD:BD:E7:ED:9E:69:DE:11:DE:A5:C5:60:F6:04:56:A9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rUlV8c295-2ead4R3qXFYPYEVqk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/04/1994da-fbd0-4333-b419-e56fbe3a512a/1/7UEKjAJ-eKTudJQyuXWgCFktqsA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/04/1994da-fbd0-4333-b419-e56fbe3a512a/1/rUlV8c295-2ead4R3qXFYPYEVqk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.49.68.0/23
                  194.49.78.0/23

    Signature Algorithm: sha256WithRSAEncryption
         6f:35:5a:44:90:7f:b5:77:91:83:fa:14:2c:7d:cd:93:70:a6:
         b3:15:e4:bd:e5:2e:cc:bc:83:46:27:be:d2:37:e0:32:2e:cd:
         02:d0:ee:ac:b4:12:1b:2d:03:ec:3a:e0:ec:c3:51:33:6e:0c:
         9d:e2:2a:7e:5b:5c:7f:80:96:d6:ea:2d:2d:4c:75:a8:92:98:
         ef:b6:f4:57:2a:b6:7c:f5:1d:96:4f:b6:47:00:0a:42:31:64:
         c5:cc:65:4c:da:92:0f:43:79:c3:fa:b1:76:dd:43:91:53:b1:
         44:d3:86:c4:5c:61:bf:08:1a:ce:06:8c:84:8f:12:3a:c2:2b:
         f6:b4:8b:5e:bd:bc:2d:0f:76:6e:cb:95:5d:dd:ee:9b:c1:f1:
         1a:29:0d:0b:01:8f:b2:91:ce:c5:55:ee:c4:7b:52:e3:02:3e:
         32:68:33:85:93:69:fb:2f:41:e4:8a:1b:01:08:0a:b4:a4:a4:
         32:3b:76:16:3a:69:16:7d:dc:f9:1d:d8:02:a8:a1:8d:a3:ce:
         2f:9a:3c:44:f9:46:17:db:89:d8:17:7a:a4:25:51:eb:0d:9e:
         97:df:26:07:2d:8d:bd:41:7c:b4:1b:44:48:d3:39:5d:37:12:
         a2:44:c0:00:3f:6a:c1:45:7b:a0:03:9d:fc:7a:9f:16:e8:8e:
         e9:e5:f3:e5
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzGuKKurVTxJ1aTNndJP+KNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFkNDk1NWYxY2RiZGU3ZWQ5ZTY5ZGUxMWRlYTVjNTYwZjYw
NDU2YTkwHhcNMjQwMTAxMjAzMDM4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZDQxMGE4YzAyN2U3OGE0ZWU3NDk0MzJiOTc1YTAwODU5MmRhYWMwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAluQy5Tn5RJxDyNV4hRz3zIZ9Jv8i
YzvCTAt4ubk0AnnGk5jkM3JzWQuOEar/O/b+ZvIcYEE4+3z+99T9bSD8q8jaXCkP
CutqjkmzjoLrFcDXWMKJZEp90tQSpDFCxpLAMZ6JWuW9mvMmu6/xjE8QaCvf+eBA
kXxdoCoOTHefJlh6GlW1/PglDrrnSdlPy1PP13XuPrrMDmmn81ZMFCIF1oEM/45u
XYY8u59OKyZXHG08hdFZ39IPDUxuU8j1dYphc/QYBuTsDAi5ZvGvFjqEaygkWabb
P4Kh2VKvRzLlVSbym7l6hhERJgf4YZLkrih848wnVB03mPo7gxCiUBXmnQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFO1BCowCfnik7nSUMrl1oAhZLarAMB8GA1UdIwQY
MBaAFK1JVfHNveftnmneEd6lxWD2BFapMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvclVsVjhjMjk1LTJlYWQ0UjNxWEZZUFlFVnFrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNC8xOTk0ZGEtZmJkMC00MzMzLWI0MTkt
ZTU2ZmJlM2E1MTJhLzEvN1VFS2pBSi1lS1R1ZEpReXVYV2dDRmt0cXNBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNC8xOTk0ZGEtZmJkMC00MzMzLWI0MTktZTU2ZmJlM2E1MTJh
LzEvclVsVjhjMjk1LTJlYWQ0UjNxWEZZUFlFVnFrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBwjFEAwQB
wjFOMA0GCSqGSIb3DQEBCwUAA4IBAQBvNVpEkH+1d5GD+hQsfc2TcKazFeS95S7M
vINGJ77SN+AyLs0C0O6stBIbLQPsOuDsw1Ezbgyd4ip+W1x/gJbW6i0tTHWokpjv
tvRXKrZ89R2WT7ZHAApCMWTFzGVM2pIPQ3nD+rF23UORU7FE04bEXGG/CBrOBoyE
jxI6wiv2tItevbwtD3Zuy5Vd3e6bwfEaKQ0LAY+ykc7FVe7Ee1LjAj4yaDOFk2n7
L0HkihsBCAq0pKQyO3YWOmkWfdz5HdgCqKGNo84vmjxE+UYX24nYF3qkJVHrDZ6X
3yYHLY29QXy0G0RI0zldNxKiRMAAP2rBRXugA538ep8W6I7p5fPl
-----END CERTIFICATE-----