Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0b/c32ed5-7a1b-4f26-ad3f-2d2b4f70c3a3/1/1-POC2nfhxokaO34U4IxxrQdEyHg.roa
File:                     1-POC2nfhxokaO34U4IxxrQdEyHg.roa (raw, json)
Hash identifier:          HGa5ESI5zwwldA7SOJhQSh4vTo8C4LN7Ht6oX1cZupU=
Subject key identifier:   F8:F3:82:DA:77:E1:C6:89:1A:3B:7E:14:E0:8C:71:AD:07:44:C8:78
Certificate issuer:       /CN=6893188ebfce20e5bc53f3acf57f407d9e57ac17
Certificate serial:       01942521906FBB0EA9671ADFBE1541569677
Authority key identifier: 68:93:18:8E:BF:CE:20:E5:BC:53:F3:AC:F5:7F:40:7D:9E:57:AC:17
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/aJMYjr_OIOW8U_Os9X9AfZ5XrBc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0b/c32ed5-7a1b-4f26-ad3f-2d2b4f70c3a3/1/1-POC2nfhxokaO34U4IxxrQdEyHg.roa
Signing time:             Thu 02 Jan 2025 03:49:04 +0000
ROA not before:           Thu 02 Jan 2025 03:49:04 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     29236
IP address blocks:        194.55.159.0/24 maxlen: 24
                          2001:67c:2d28::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0b/c32ed5-7a1b-4f26-ad3f-2d2b4f70c3a3/1/aJMYjr_OIOW8U_Os9X9AfZ5XrBc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0b/c32ed5-7a1b-4f26-ad3f-2d2b4f70c3a3/1/aJMYjr_OIOW8U_Os9X9AfZ5XrBc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/aJMYjr_OIOW8U_Os9X9AfZ5XrBc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 21:00:21 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:21:90:6f:bb:0e:a9:67:1a:df:be:15:41:56:96:77
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6893188ebfce20e5bc53f3acf57f407d9e57ac17
        Validity
            Not Before: Jan  2 03:49:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f8f382da77e1c6891a3b7e14e08c71ad0744c878
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:e2:92:24:ba:93:5f:7d:cd:10:04:4f:96:37:
                    f3:86:6d:c5:89:4d:4d:67:48:eb:e2:7a:39:c4:e4:
                    5d:94:9f:dd:f5:37:7a:af:10:91:6c:e2:aa:53:4e:
                    4e:8c:c4:1a:11:76:20:cf:87:0c:ea:93:f3:53:23:
                    c2:fe:13:98:b0:11:b5:6b:5f:90:73:ff:91:e7:59:
                    a8:18:73:ad:01:1e:b3:42:ff:02:30:4d:5a:d4:df:
                    01:cd:67:ff:71:4a:5e:ea:39:27:f9:92:b2:97:cf:
                    3e:68:30:c2:52:8c:9c:43:37:03:e9:4c:c1:00:ff:
                    30:cb:bc:1f:a6:0e:1c:fc:a2:a3:ca:9f:2b:7b:52:
                    34:b0:9a:0f:6e:52:e4:dc:7c:ca:50:d8:3d:47:43:
                    5c:de:44:c8:5b:6f:ce:2b:25:1d:ff:49:41:ac:e4:
                    c5:95:72:1a:3a:3a:f0:47:58:fa:39:12:b6:75:0d:
                    94:0f:85:ac:b0:18:18:f9:6a:0a:d8:fd:13:fd:6e:
                    74:1d:06:15:00:08:2b:02:b4:e1:17:76:a7:9a:ca:
                    d1:78:30:55:2a:dc:0c:fc:93:80:b8:69:02:ec:fd:
                    c0:ff:17:61:cd:89:54:00:92:55:80:96:be:c4:f2:
                    30:1a:f4:65:70:bc:c5:e7:54:16:f0:74:41:b7:d9:
                    ef:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F8:F3:82:DA:77:E1:C6:89:1A:3B:7E:14:E0:8C:71:AD:07:44:C8:78
            X509v3 Authority Key Identifier:
                keyid:68:93:18:8E:BF:CE:20:E5:BC:53:F3:AC:F5:7F:40:7D:9E:57:AC:17

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/aJMYjr_OIOW8U_Os9X9AfZ5XrBc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0b/c32ed5-7a1b-4f26-ad3f-2d2b4f70c3a3/1/1-POC2nfhxokaO34U4IxxrQdEyHg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0b/c32ed5-7a1b-4f26-ad3f-2d2b4f70c3a3/1/aJMYjr_OIOW8U_Os9X9AfZ5XrBc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.55.159.0/24
                IPv6:
                  2001:67c:2d28::/48

    Signature Algorithm: sha256WithRSAEncryption
         a6:bc:bb:57:db:73:3b:15:9a:4a:56:9d:bf:dd:d4:1d:20:d9:
         a2:78:2f:bf:ee:83:7f:d7:fe:00:76:d7:b6:ea:d4:cd:60:4e:
         9f:3a:e8:18:2c:28:3f:2f:92:19:bb:e6:e6:5c:13:0e:ee:c1:
         d3:70:47:54:2e:7d:2a:eb:c4:a5:15:af:59:13:ab:65:23:d3:
         f7:a0:c4:1e:22:e9:9a:8c:27:4a:fa:68:ec:f6:5b:73:62:98:
         d7:f1:48:f1:a5:99:f7:cf:13:a3:04:4d:60:79:8f:b6:c8:eb:
         c4:5c:3f:f0:39:a6:60:86:ef:6b:07:31:11:78:68:9d:95:16:
         aa:35:50:71:2b:c8:33:20:97:98:cd:f4:ff:a2:00:9c:06:92:
         7c:62:fa:c6:c3:6b:57:9e:fb:cb:84:1d:cb:47:6d:f0:f6:e6:
         e0:52:c5:7f:7b:d3:6c:e0:66:22:ba:ce:5d:f8:0c:5c:53:57:
         62:e0:44:4b:a7:a8:28:2b:a1:04:f1:d7:88:01:4e:fc:40:7a:
         64:bf:34:98:0f:f3:df:e2:5d:80:bc:d2:91:5c:26:15:20:af:
         d7:23:ef:83:7f:89:fa:12:de:43:75:35:2e:fc:41:88:e3:44:
         96:9b:df:fe:49:bf:29:a2:66:c4:f7:14:84:35:a1:ef:fa:d3:
         cb:de:6b:45
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAZQlIZBvuw6pZxrfvhVBVpZ3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY4OTMxODhlYmZjZTIwZTViYzUzZjNhY2Y1N2Y0MDdkOWU1
N2FjMTcwHhcNMjUwMTAyMDM0OTA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmOGYzODJkYTc3ZTFjNjg5MWEzYjdlMTRlMDhjNzFhZDA3NDRjODc4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvOKSJLqTX33NEARPljfzhm3FiU1N
Z0jr4no5xORdlJ/d9Td6rxCRbOKqU05OjMQaEXYgz4cM6pPzUyPC/hOYsBG1a1+Q
c/+R51moGHOtAR6zQv8CME1a1N8BzWf/cUpe6jkn+ZKyl88+aDDCUoycQzcD6UzB
AP8wy7wfpg4c/KKjyp8re1I0sJoPblLk3HzKUNg9R0Nc3kTIW2/OKyUd/0lBrOTF
lXIaOjrwR1j6ORK2dQ2UD4WssBgY+WoK2P0T/W50HQYVAAgrArThF3anmsrReDBV
KtwM/JOAuGkC7P3A/xdhzYlUAJJVgJa+xPIwGvRlcLzF51QW8HRBt9nvkQIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFPjzgtp34caJGjt+FOCMca0HRMh4MB8GA1UdIwQY
MBaAFGiTGI6/ziDlvFPzrPV/QH2eV6wXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYUpNWWpyX09JT1c4VV9PczlYOUFmWjVYckJjLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYi9jMzJlZDUtN2ExYi00ZjI2LWFkM2Yt
MmQyYjRmNzBjM2EzLzEvMS1QT0MybmZoeG9rYU8zNFU0SXh4clFkRXlIZy5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvMGIvYzMyZWQ1LTdhMWItNGYyNi1hZDNmLTJkMmI0ZjcwYzNh
My8xL2FKTVlqcl9PSU9XOFVfT3M5WDlBZlo1WHJCYy5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAwBggrBgEFBQcBBwEB/wQhMB8wDAQCAAEwBgMEAMI3nzAP
BAIAAjAJAwcAIAEGfC0oMA0GCSqGSIb3DQEBCwUAA4IBAQCmvLtX23M7FZpKVp2/
3dQdINmieC+/7oN/1/4Adte26tTNYE6fOugYLCg/L5IZu+bmXBMO7sHTcEdULn0q
68SlFa9ZE6tlI9P3oMQeIumajCdK+mjs9ltzYpjX8UjxpZn3zxOjBE1geY+2yOvE
XD/wOaZghu9rBzEReGidlRaqNVBxK8gzIJeYzfT/ogCcBpJ8YvrGw2tXnvvLhB3L
R23w9ubgUsV/e9Ns4GYius5d+AxcU1di4ERLp6goK6EE8deIAU78QHpkvzSYD/Pf
4l2AvNKRXCYVIK/XI++Df4n6Et5DdTUu/EGI40SWm9/+Sb8pombE9xSENaHv+tPL
3mtF
-----END CERTIFICATE-----