Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/04/4dc625-7c1c-4dac-899e-a9a779026f0a/1/yODzbE0zP6j_JHKYXWAzphsQNA8.roa
File:                     yODzbE0zP6j_JHKYXWAzphsQNA8.roa (raw, json)
Hash identifier:          VWJD33neAhmMaiHQw/4mg0RmMd404ON+a4BHqIO3tqo=
Subject key identifier:   C8:E0:F3:6C:4D:33:3F:A8:FF:24:72:98:5D:60:33:A6:1B:10:34:0F
Certificate issuer:       /CN=c3fb403a241883e58fced52d39d80eabd52bb36f
Certificate serial:       019425FDE51A3E4042169602419481776AA4
Authority key identifier: C3:FB:40:3A:24:18:83:E5:8F:CE:D5:2D:39:D8:0E:AB:D5:2B:B3:6F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/w_tAOiQYg-WPztUtOdgOq9Urs28.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/04/4dc625-7c1c-4dac-899e-a9a779026f0a/1/yODzbE0zP6j_JHKYXWAzphsQNA8.roa
Signing time:             Thu 02 Jan 2025 07:49:43 +0000
ROA not before:           Thu 02 Jan 2025 07:49:43 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     210353
IP address blocks:        194.44.234.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/04/4dc625-7c1c-4dac-899e-a9a779026f0a/1/w_tAOiQYg-WPztUtOdgOq9Urs28.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/04/4dc625-7c1c-4dac-899e-a9a779026f0a/1/w_tAOiQYg-WPztUtOdgOq9Urs28.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/w_tAOiQYg-WPztUtOdgOq9Urs28.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 04:01:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:fd:e5:1a:3e:40:42:16:96:02:41:94:81:77:6a:a4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c3fb403a241883e58fced52d39d80eabd52bb36f
        Validity
            Not Before: Jan  2 07:49:43 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c8e0f36c4d333fa8ff2472985d6033a61b10340f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:13:3e:85:85:35:36:a7:aa:4d:2e:8f:b4:4e:
                    ea:84:62:dc:1d:55:71:5b:cf:4e:34:fb:db:ac:3e:
                    d5:54:98:4d:a7:3e:86:a4:b2:53:23:80:5d:a9:d1:
                    eb:b0:dc:74:78:95:62:f1:e1:6d:17:f4:0e:1e:25:
                    b1:7d:ea:87:dd:fa:1d:83:81:0e:c1:73:a8:d1:71:
                    f2:d6:7a:f0:ea:d3:08:d4:b1:89:32:db:1d:e0:06:
                    a6:b9:1e:04:d8:37:e1:3d:3e:cb:16:5c:9d:12:32:
                    dd:c5:61:8a:30:40:f3:f3:1e:2d:96:ce:1c:db:4b:
                    03:0f:06:53:f4:8f:6f:15:40:ae:85:f3:bb:0e:6b:
                    b2:1c:4d:a0:28:71:33:ab:83:d2:b1:11:87:7a:50:
                    52:d3:9f:7b:20:9b:02:94:9b:11:f3:d5:e4:d2:e6:
                    ef:eb:82:3d:3b:7c:b6:01:90:a6:76:ba:1e:5e:9b:
                    b3:74:04:8a:65:b4:1f:f6:ce:47:9d:e4:c8:d4:8f:
                    76:ba:9f:67:02:73:5e:2b:27:cb:b9:65:45:12:ad:
                    df:06:2b:c2:5a:61:21:0c:bf:a7:7a:72:7f:bb:ae:
                    ba:25:e0:aa:1a:c5:d8:de:0f:d0:33:41:02:e9:b8:
                    90:ea:13:18:ad:01:4c:0e:ae:e8:f0:fb:fe:05:e9:
                    75:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C8:E0:F3:6C:4D:33:3F:A8:FF:24:72:98:5D:60:33:A6:1B:10:34:0F
            X509v3 Authority Key Identifier:
                keyid:C3:FB:40:3A:24:18:83:E5:8F:CE:D5:2D:39:D8:0E:AB:D5:2B:B3:6F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/w_tAOiQYg-WPztUtOdgOq9Urs28.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/04/4dc625-7c1c-4dac-899e-a9a779026f0a/1/yODzbE0zP6j_JHKYXWAzphsQNA8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/04/4dc625-7c1c-4dac-899e-a9a779026f0a/1/w_tAOiQYg-WPztUtOdgOq9Urs28.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.44.234.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2e:38:e4:e8:41:8f:9c:ea:33:87:42:5e:14:3e:85:a4:d8:77:
         da:78:45:f1:f6:ba:70:d5:88:68:38:d7:9b:7d:46:d2:e7:cc:
         2b:41:7b:58:c9:1b:4e:5e:b7:71:c1:76:8e:de:11:45:75:f6:
         22:da:01:62:33:cd:d3:01:2a:d0:40:12:39:a0:ac:16:82:04:
         ad:3c:4e:bd:be:23:b4:0a:87:ff:05:ab:0d:ab:31:e4:81:11:
         73:20:b2:ec:48:91:d4:04:9c:f9:69:ee:5e:0c:e4:f8:e6:35:
         57:bf:20:2e:b3:d4:66:c2:66:88:b4:c5:34:9c:b1:b7:98:c8:
         c3:e8:46:da:69:46:d2:eb:5e:c5:67:23:9c:c5:15:f7:f6:4c:
         59:17:34:df:6d:f0:ef:b9:79:79:c6:f3:80:2f:88:5d:65:04:
         74:38:90:0c:0e:09:09:5e:de:65:26:11:d7:84:08:7f:ef:a9:
         44:bd:86:44:be:05:de:30:90:6a:33:83:56:e9:0d:b7:bd:d2:
         37:cf:43:47:af:44:80:22:01:34:2b:0a:20:32:57:66:9d:7e:
         35:00:a2:d5:22:43:95:4f:06:dc:0d:fc:ba:eb:0e:63:74:e9:
         92:68:49:6a:71:07:ce:42:a1:58:b3:4e:f9:6b:b4:92:28:50:
         65:84:be:95
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQl/eUaPkBCFpYCQZSBd2qkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMzZmI0MDNhMjQxODgzZTU4ZmNlZDUyZDM5ZDgwZWFiZDUy
YmIzNmYwHhcNMjUwMTAyMDc0OTQzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjOGUwZjM2YzRkMzMzZmE4ZmYyNDcyOTg1ZDYwMzNhNjFiMTAzNDBmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlhM+hYU1NqeqTS6PtE7qhGLcHVVx
W89ONPvbrD7VVJhNpz6GpLJTI4BdqdHrsNx0eJVi8eFtF/QOHiWxfeqH3fodg4EO
wXOo0XHy1nrw6tMI1LGJMtsd4AamuR4E2DfhPT7LFlydEjLdxWGKMEDz8x4tls4c
20sDDwZT9I9vFUCuhfO7DmuyHE2gKHEzq4PSsRGHelBS0597IJsClJsR89Xk0ubv
64I9O3y2AZCmdroeXpuzdASKZbQf9s5HneTI1I92up9nAnNeKyfLuWVFEq3fBivC
WmEhDL+nenJ/u666JeCqGsXY3g/QM0EC6biQ6hMYrQFMDq7o8Pv+Bel19QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMjg82xNMz+o/yRymF1gM6YbEDQPMB8GA1UdIwQY
MBaAFMP7QDokGIPlj87VLTnYDqvVK7NvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd190QU9pUVlnLVdQenRVdE9kZ09xOVVyczI4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNC80ZGM2MjUtN2MxYy00ZGFjLTg5OWUt
YTlhNzc5MDI2ZjBhLzEveU9EemJFMHpQNmpfSkhLWVhXQXpwaHNRTkE4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNC80ZGM2MjUtN2MxYy00ZGFjLTg5OWUtYTlhNzc5MDI2ZjBh
LzEvd190QU9pUVlnLVdQenRVdE9kZ09xOVVyczI4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwizqMA0G
CSqGSIb3DQEBCwUAA4IBAQAuOOToQY+c6jOHQl4UPoWk2HfaeEXx9rpw1YhoONeb
fUbS58wrQXtYyRtOXrdxwXaO3hFFdfYi2gFiM83TASrQQBI5oKwWggStPE69viO0
Cof/BasNqzHkgRFzILLsSJHUBJz5ae5eDOT45jVXvyAus9RmwmaItMU0nLG3mMjD
6EbaaUbS617FZyOcxRX39kxZFzTfbfDvuXl5xvOAL4hdZQR0OJAMDgkJXt5lJhHX
hAh/76lEvYZEvgXeMJBqM4NW6Q23vdI3z0NHr0SAIgE0KwogMldmnX41AKLVIkOV
TwbcDfy66w5jdOmSaElqcQfOQqFYs075a7SSKFBlhL6V
-----END CERTIFICATE-----