Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/05/2d2570-ab91-4c27-9cb3-5fd716d67e4c/1/iCr5oYGEZyOApm19IeGXneZ8Nck.roa
File:                     iCr5oYGEZyOApm19IeGXneZ8Nck.roa (raw, json)
Hash identifier:          J3nYb+wykQAlDMqhpN3eQPaOUzevZQuJ9bBWTRwBP/Q=
Subject key identifier:   88:2A:F9:A1:81:84:67:23:80:A6:6D:7D:21:E1:97:9D:E6:7C:35:C9
Certificate issuer:       /CN=fee1be40bd4c10a02c78371af313d4e7da3d44a1
Certificate serial:       019426D9973DA27BCABF4376AB32861BF2B4
Authority key identifier: FE:E1:BE:40:BD:4C:10:A0:2C:78:37:1A:F3:13:D4:E7:DA:3D:44:A1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_uG-QL1MEKAseDca8xPU59o9RKE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/05/2d2570-ab91-4c27-9cb3-5fd716d67e4c/1/iCr5oYGEZyOApm19IeGXneZ8Nck.roa
Signing time:             Thu 02 Jan 2025 11:49:41 +0000
ROA not before:           Thu 02 Jan 2025 11:49:41 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     48652
IP address blocks:        194.146.95.0/24 maxlen: 24
                          2a13:d080::/29 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/05/2d2570-ab91-4c27-9cb3-5fd716d67e4c/1/_uG-QL1MEKAseDca8xPU59o9RKE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/05/2d2570-ab91-4c27-9cb3-5fd716d67e4c/1/_uG-QL1MEKAseDca8xPU59o9RKE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_uG-QL1MEKAseDca8xPU59o9RKE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 18 Apr 2025 16:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:d9:97:3d:a2:7b:ca:bf:43:76:ab:32:86:1b:f2:b4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fee1be40bd4c10a02c78371af313d4e7da3d44a1
        Validity
            Not Before: Jan  2 11:49:41 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=882af9a18184672380a66d7d21e1979de67c35c9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:4e:4a:a7:59:85:ae:65:c7:7a:45:87:b1:e8:
                    4b:6b:27:08:37:1a:22:43:4a:1b:21:96:cf:f1:b5:
                    f3:42:4e:7c:69:d3:ea:88:3e:5b:78:d1:30:28:f0:
                    59:69:3e:e0:a5:56:67:7d:18:a0:bb:a8:ee:18:19:
                    31:4c:82:43:b5:c8:95:87:b4:d7:f4:50:ea:8b:88:
                    ee:70:21:d6:1c:13:68:2a:19:99:61:ad:52:62:0d:
                    68:f1:9a:f0:a3:5a:de:17:a2:b8:05:aa:d1:7a:8d:
                    79:f6:68:49:5a:9e:7a:b2:2e:55:0b:e7:8f:ce:86:
                    41:46:04:42:66:59:02:10:8c:1f:6f:46:4a:17:29:
                    c8:ea:ce:b8:2e:28:42:ac:63:51:e0:e6:3d:71:bc:
                    ed:ab:60:99:b8:6e:1b:4c:65:17:27:b5:3c:13:f4:
                    53:08:bf:d9:33:ca:ef:be:ff:69:21:df:9f:11:8e:
                    a4:62:96:f0:21:6f:34:b5:75:10:e7:4a:9a:f7:b9:
                    55:78:56:bc:9b:0a:89:e0:74:97:67:43:6e:a0:de:
                    7f:ec:93:13:81:c7:b7:2f:6e:21:fe:2f:d5:33:2d:
                    14:17:75:b7:c2:99:b5:de:e7:c8:60:5a:a4:4b:34:
                    0f:52:ab:65:09:36:8b:a5:b9:bb:41:fe:df:d9:6e:
                    c4:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                88:2A:F9:A1:81:84:67:23:80:A6:6D:7D:21:E1:97:9D:E6:7C:35:C9
            X509v3 Authority Key Identifier:
                keyid:FE:E1:BE:40:BD:4C:10:A0:2C:78:37:1A:F3:13:D4:E7:DA:3D:44:A1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_uG-QL1MEKAseDca8xPU59o9RKE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/05/2d2570-ab91-4c27-9cb3-5fd716d67e4c/1/iCr5oYGEZyOApm19IeGXneZ8Nck.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/05/2d2570-ab91-4c27-9cb3-5fd716d67e4c/1/_uG-QL1MEKAseDca8xPU59o9RKE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.146.95.0/24
                IPv6:
                  2a13:d080::/29

    Signature Algorithm: sha256WithRSAEncryption
         9b:25:00:01:0e:12:fc:d2:56:8f:c6:57:5b:aa:de:fe:69:e2:
         ea:0d:c0:44:42:e1:ec:a3:05:6c:85:5d:d0:66:55:2e:a5:ec:
         32:51:c7:f4:95:91:79:87:bc:78:54:32:67:da:0d:fd:8e:85:
         b1:8a:54:64:84:26:d3:0a:68:bb:46:95:d7:3f:b1:1c:aa:20:
         1b:a8:30:40:a5:33:c7:63:9f:d5:56:23:90:75:8c:60:75:e0:
         a5:be:8f:c2:9b:a3:f8:93:5b:cd:a7:55:5c:ab:87:2f:08:1c:
         e5:7c:a5:b8:e6:0d:e3:db:d3:33:8d:a8:2a:7b:00:ad:48:ed:
         27:78:4c:64:cf:2c:7b:93:67:7f:59:56:e6:38:20:43:e0:f2:
         07:bd:44:3a:0b:2b:20:c7:cd:f5:94:2c:fb:58:39:ef:8b:f8:
         85:b0:2b:df:0a:85:2b:f2:97:cf:16:c3:f4:61:86:e0:21:39:
         99:32:50:e7:5a:2d:6f:fc:df:cd:39:8e:3e:0a:2f:11:9d:81:
         55:09:47:35:75:a9:5a:3b:51:71:aa:7a:26:2f:74:1f:b3:81:
         3c:d8:25:21:3c:2e:62:9d:72:a8:a4:71:b6:88:3d:cd:57:54:
         94:db:c1:56:68:74:c5:df:ef:25:cc:7f:42:16:7b:1a:1d:95:
         cb:2e:64:fe
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQm2Zc9onvKv0N2qzKGG/K0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZlZTFiZTQwYmQ0YzEwYTAyYzc4MzcxYWYzMTNkNGU3ZGEz
ZDQ0YTEwHhcNMjUwMTAyMTE0OTQxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ODJhZjlhMTgxODQ2NzIzODBhNjZkN2QyMWUxOTc5ZGU2N2MzNWM5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsk5Kp1mFrmXHekWHsehLaycINxoi
Q0obIZbP8bXzQk58adPqiD5beNEwKPBZaT7gpVZnfRigu6juGBkxTIJDtciVh7TX
9FDqi4jucCHWHBNoKhmZYa1SYg1o8Zrwo1reF6K4BarReo159mhJWp56si5VC+eP
zoZBRgRCZlkCEIwfb0ZKFynI6s64LihCrGNR4OY9cbztq2CZuG4bTGUXJ7U8E/RT
CL/ZM8rvvv9pId+fEY6kYpbwIW80tXUQ50qa97lVeFa8mwqJ4HSXZ0NuoN5/7JMT
gce3L24h/i/VMy0UF3W3wpm13ufIYFqkSzQPUqtlCTaLpbm7Qf7f2W7EjQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFIgq+aGBhGcjgKZtfSHhl53mfDXJMB8GA1UdIwQY
MBaAFP7hvkC9TBCgLHg3GvMT1OfaPUShMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX3VHLVFMMU1FS0FzZURjYTh4UFU1OW85UktFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNS8yZDI1NzAtYWI5MS00YzI3LTljYjMt
NWZkNzE2ZDY3ZTRjLzEvaUNyNW9ZR0VaeU9BcG0xOUllR1huZVo4TmNrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNS8yZDI1NzAtYWI5MS00YzI3LTljYjMtNWZkNzE2ZDY3ZTRj
LzEvX3VHLVFMMU1FS0FzZURjYTh4UFU1OW85UktFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAwpJfMA0E
AgACMAcDBQMqE9CAMA0GCSqGSIb3DQEBCwUAA4IBAQCbJQABDhL80laPxldbqt7+
aeLqDcBEQuHsowVshV3QZlUupewyUcf0lZF5h7x4VDJn2g39joWxilRkhCbTCmi7
RpXXP7EcqiAbqDBApTPHY5/VViOQdYxgdeClvo/Cm6P4k1vNp1Vcq4cvCBzlfKW4
5g3j29MzjagqewCtSO0neExkzyx7k2d/WVbmOCBD4PIHvUQ6Cysgx831lCz7WDnv
i/iFsCvfCoUr8pfPFsP0YYbgITmZMlDnWi1v/N/NOY4+Ci8RnYFVCUc1dalaO1Fx
qnomL3Qfs4E82CUhPC5inXKopHG2iD3NV1SU28FWaHTF3+8lzH9CFnsaHZXLLmT+
-----END CERTIFICATE-----