Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/09/814ec5-9e41-4b5a-a6fe-477231191a35/1/CREMqHNRtZMAgL_3QQz8QbKg6EI.roa
File:                     CREMqHNRtZMAgL_3QQz8QbKg6EI.roa (raw, json)
Hash identifier:          ad2n+lNuuymsjsALF9GRHKc/gIh74hGgXC7FhHl2DRA=
Subject key identifier:   09:11:0C:A8:73:51:B5:93:00:80:BF:F7:41:0C:FC:41:B2:A0:E8:42
Certificate issuer:       /CN=71bddeaf0f30fbdaf9e75b92ac7d5bd13f285de7
Certificate serial:       01949D5AE2706D023F198203D959011CF1FE
Authority key identifier: 71:BD:DE:AF:0F:30:FB:DA:F9:E7:5B:92:AC:7D:5B:D1:3F:28:5D:E7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cb3erw8w-9r551uSrH1b0T8oXec.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/09/814ec5-9e41-4b5a-a6fe-477231191a35/1/CREMqHNRtZMAgL_3QQz8QbKg6EI.roa
Signing time:             Sat 25 Jan 2025 12:06:06 +0000
ROA not before:           Sat 25 Jan 2025 12:06:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213578
IP address blocks:        194.40.240.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/09/814ec5-9e41-4b5a-a6fe-477231191a35/1/cb3erw8w-9r551uSrH1b0T8oXec.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/09/814ec5-9e41-4b5a-a6fe-477231191a35/1/cb3erw8w-9r551uSrH1b0T8oXec.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cb3erw8w-9r551uSrH1b0T8oXec.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 09 Apr 2025 13:43:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:9d:5a:e2:70:6d:02:3f:19:82:03:d9:59:01:1c:f1:fe
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=71bddeaf0f30fbdaf9e75b92ac7d5bd13f285de7
        Validity
            Not Before: Jan 25 12:06:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=09110ca87351b5930080bff7410cfc41b2a0e842
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:4a:41:b8:8f:71:ef:06:23:9b:d0:cc:17:ce:
                    ff:7e:b6:89:58:23:d4:72:c2:0e:1d:13:35:02:ea:
                    7a:60:58:0b:1a:56:6f:d0:ab:e7:16:0c:3d:b5:2e:
                    2e:08:48:14:9e:db:64:76:0a:c0:39:5a:d2:b1:47:
                    32:4a:97:ec:a2:b6:db:e7:7c:7d:9c:3c:56:00:0e:
                    c7:76:60:f4:a8:e0:84:bc:63:20:e5:39:1a:c8:cd:
                    2e:77:f3:99:01:71:9f:24:28:26:96:4f:e9:62:f3:
                    a0:28:3b:86:0c:b2:bd:a0:56:da:3a:bf:ef:0b:b5:
                    c5:63:13:6c:47:70:87:dc:8b:70:11:f6:d9:06:23:
                    56:9a:43:03:95:ea:79:51:f5:2b:64:ec:d8:2e:b0:
                    44:c3:e6:9e:00:bd:a4:df:e2:4e:4b:07:ef:a6:cf:
                    6b:a5:23:d7:85:68:54:76:ec:5c:8e:c0:39:8a:68:
                    2e:e7:29:2a:a4:ac:be:c2:ba:eb:91:a2:62:23:5f:
                    d5:90:e8:0e:f3:98:c4:21:60:e6:34:57:4c:11:66:
                    86:a8:f9:94:41:1d:cb:1e:70:32:f3:cc:d3:10:4d:
                    aa:22:49:4a:e6:5e:13:c3:2f:5f:3e:9b:c3:21:8e:
                    16:db:04:26:e7:a7:46:08:d1:a7:cf:3c:f7:98:fe:
                    0f:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                09:11:0C:A8:73:51:B5:93:00:80:BF:F7:41:0C:FC:41:B2:A0:E8:42
            X509v3 Authority Key Identifier:
                keyid:71:BD:DE:AF:0F:30:FB:DA:F9:E7:5B:92:AC:7D:5B:D1:3F:28:5D:E7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cb3erw8w-9r551uSrH1b0T8oXec.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/09/814ec5-9e41-4b5a-a6fe-477231191a35/1/CREMqHNRtZMAgL_3QQz8QbKg6EI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/09/814ec5-9e41-4b5a-a6fe-477231191a35/1/cb3erw8w-9r551uSrH1b0T8oXec.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.40.240.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5b:7f:08:53:10:b2:75:80:e1:24:81:93:e3:e0:78:6e:38:7c:
         9f:fa:48:5c:4f:c4:64:ab:07:4f:92:5c:85:37:5f:11:c7:4d:
         d6:aa:dc:75:e7:ba:b8:17:a1:b0:a0:b2:44:c5:28:d9:eb:93:
         0a:a6:6f:27:37:2f:26:c1:fc:f9:b0:85:ac:e9:f2:79:42:22:
         38:15:a8:b1:c3:ca:8c:77:57:38:43:43:2e:cd:03:bc:2e:fa:
         69:06:a0:95:bb:50:e7:87:27:4e:f0:6b:84:04:97:52:2a:34:
         09:d3:c4:fb:e7:5b:78:26:1e:f8:db:4f:37:47:09:e0:20:58:
         fd:43:81:e3:57:39:b0:2b:c2:f2:24:16:33:ad:47:6d:aa:2e:
         01:df:6a:b4:ce:60:29:31:0e:5e:b1:4c:de:76:60:f0:91:f8:
         a9:5f:bf:67:45:c0:4c:09:63:fc:f5:99:75:e8:03:3b:02:fe:
         d7:03:8d:47:c3:75:4c:5e:97:87:31:6a:bf:1b:00:1a:57:e9:
         1a:4a:31:e8:50:bf:98:a6:32:ee:7b:17:22:aa:83:89:6b:57:
         c3:ce:bf:05:43:66:bb:26:4d:a9:aa:91:8a:e1:27:71:8a:e1:
         9e:b1:6c:16:26:f9:b4:59:7e:f0:96:8f:3e:62:10:42:47:34:
         ff:ed:63:62
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZSdWuJwbQI/GYID2VkBHPH+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcxYmRkZWFmMGYzMGZiZGFmOWU3NWI5MmFjN2Q1YmQxM2Yy
ODVkZTcwHhcNMjUwMTI1MTIwNjA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwOTExMGNhODczNTFiNTkzMDA4MGJmZjc0MTBjZmM0MWIyYTBlODQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv0pBuI9x7wYjm9DMF87/fraJWCPU
csIOHRM1Aup6YFgLGlZv0KvnFgw9tS4uCEgUnttkdgrAOVrSsUcySpfsorbb53x9
nDxWAA7HdmD0qOCEvGMg5TkayM0ud/OZAXGfJCgmlk/pYvOgKDuGDLK9oFbaOr/v
C7XFYxNsR3CH3ItwEfbZBiNWmkMDlep5UfUrZOzYLrBEw+aeAL2k3+JOSwfvps9r
pSPXhWhUduxcjsA5imgu5ykqpKy+wrrrkaJiI1/VkOgO85jEIWDmNFdMEWaGqPmU
QR3LHnAy88zTEE2qIklK5l4Twy9fPpvDIY4W2wQm56dGCNGnzzz3mP4PCwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAkRDKhzUbWTAIC/90EM/EGyoOhCMB8GA1UdIwQY
MBaAFHG93q8PMPva+edbkqx9W9E/KF3nMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2IzZXJ3OHctOXI1NTF1U3JIMWIwVDhvWGVjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOS84MTRlYzUtOWU0MS00YjVhLWE2ZmUt
NDc3MjMxMTkxYTM1LzEvQ1JFTXFITlJ0Wk1BZ0xfM1FRejhRYktnNkVJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOS84MTRlYzUtOWU0MS00YjVhLWE2ZmUtNDc3MjMxMTkxYTM1
LzEvY2IzZXJ3OHctOXI1NTF1U3JIMWIwVDhvWGVjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwijwMA0G
CSqGSIb3DQEBCwUAA4IBAQBbfwhTELJ1gOEkgZPj4HhuOHyf+khcT8RkqwdPklyF
N18Rx03Wqtx157q4F6GwoLJExSjZ65MKpm8nNy8mwfz5sIWs6fJ5QiI4Faixw8qM
d1c4Q0MuzQO8LvppBqCVu1DnhydO8GuEBJdSKjQJ08T751t4Jh742083RwngIFj9
Q4HjVzmwK8LyJBYzrUdtqi4B32q0zmApMQ5esUzedmDwkfipX79nRcBMCWP89Zl1
6AM7Av7XA41Hw3VMXpeHMWq/GwAaV+kaSjHoUL+YpjLuexciqoOJa1fDzr8FQ2a7
Jk2pqpGK4SdxiuGesWwWJvm0WX7wlo8+YhBCRzT/7WNi
-----END CERTIFICATE-----