Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0f/de494f-5129-49f9-929e-970c83e96cbc/1/2Z4uWBrUsnH37u-4XuHfV5Ci7Ek.roa
File:                     2Z4uWBrUsnH37u-4XuHfV5Ci7Ek.roa (raw, json)
Hash identifier:          AkCUWRms5SxBxIsWLsuMaXD0PJyWJJHr8rOMRKJRlkE=
Subject key identifier:   D9:9E:2E:58:1A:D4:B2:71:F7:EE:EF:B8:5E:E1:DF:57:90:A2:EC:49
Certificate issuer:       /CN=f8aa7e47b91a6295cbf718c1f2ddb0a25c276eb2
Certificate serial:       019424B3DCDEBB53518C6CE8986BD345B8F4
Authority key identifier: F8:AA:7E:47:B9:1A:62:95:CB:F7:18:C1:F2:DD:B0:A2:5C:27:6E:B2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-Kp-R7kaYpXL9xjB8t2wolwnbrI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0f/de494f-5129-49f9-929e-970c83e96cbc/1/2Z4uWBrUsnH37u-4XuHfV5Ci7Ek.roa
Signing time:             Thu 02 Jan 2025 01:49:14 +0000
ROA not before:           Thu 02 Jan 2025 01:49:14 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     57926
IP address blocks:        195.46.39.0/24 maxlen: 24
                          2001:67c:2778::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0f/de494f-5129-49f9-929e-970c83e96cbc/1/1-Kp-R7kaYpXL9xjB8t2wolwnbrI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0f/de494f-5129-49f9-929e-970c83e96cbc/1/1-Kp-R7kaYpXL9xjB8t2wolwnbrI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-Kp-R7kaYpXL9xjB8t2wolwnbrI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 19:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:b3:dc:de:bb:53:51:8c:6c:e8:98:6b:d3:45:b8:f4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f8aa7e47b91a6295cbf718c1f2ddb0a25c276eb2
        Validity
            Not Before: Jan  2 01:49:14 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d99e2e581ad4b271f7eeefb85ee1df5790a2ec49
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:76:bf:22:35:a4:aa:0e:91:72:17:8f:d6:c1:
                    7a:08:1f:27:39:e0:97:ca:6e:f0:18:52:1f:f8:27:
                    75:df:cc:81:b2:5d:1a:34:33:1c:0f:bf:98:62:d3:
                    84:00:b9:90:7b:2f:47:3d:c1:71:22:89:31:02:76:
                    22:8f:c6:ea:51:d9:aa:ac:01:e8:c7:58:27:cf:a5:
                    72:cd:ff:34:94:b0:3c:1e:b3:d0:bf:f2:f0:5c:ab:
                    73:73:76:59:6c:12:ef:88:67:30:d4:c3:cf:e7:54:
                    0c:c5:5a:32:2c:cc:8b:79:7e:ac:7f:5d:cd:6d:de:
                    79:9b:9f:9b:13:c2:65:06:1c:71:dc:c1:24:16:8f:
                    c4:bf:c7:c1:58:39:17:3c:6f:1b:c5:a4:a6:87:89:
                    49:f7:2c:f0:03:df:5d:c7:3d:ad:1a:10:35:b6:4f:
                    2d:b0:c3:3c:48:d5:01:cd:85:fc:b0:78:b8:19:52:
                    5a:4c:2e:97:bd:76:d7:f3:0d:39:25:4e:1a:6b:19:
                    cb:f0:85:0e:ef:16:ba:19:df:31:24:49:5c:0f:4e:
                    1c:e7:e7:be:79:f4:a8:6a:da:ad:9d:03:3c:9b:68:
                    21:76:a3:ef:8c:78:97:f2:ef:28:e8:42:0d:1b:8e:
                    26:40:25:ae:b3:4d:86:a8:21:97:73:14:a5:cf:e5:
                    3a:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D9:9E:2E:58:1A:D4:B2:71:F7:EE:EF:B8:5E:E1:DF:57:90:A2:EC:49
            X509v3 Authority Key Identifier:
                keyid:F8:AA:7E:47:B9:1A:62:95:CB:F7:18:C1:F2:DD:B0:A2:5C:27:6E:B2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-Kp-R7kaYpXL9xjB8t2wolwnbrI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0f/de494f-5129-49f9-929e-970c83e96cbc/1/2Z4uWBrUsnH37u-4XuHfV5Ci7Ek.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0f/de494f-5129-49f9-929e-970c83e96cbc/1/1-Kp-R7kaYpXL9xjB8t2wolwnbrI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.46.39.0/24
                IPv6:
                  2001:67c:2778::/48

    Signature Algorithm: sha256WithRSAEncryption
         b8:8d:11:13:14:5d:dc:a7:42:0b:84:f8:4c:bd:2a:f8:d2:fc:
         1b:db:41:a2:40:3d:c6:de:9b:1a:58:e1:34:0c:87:86:ed:34:
         2a:46:82:c8:9f:b4:ee:66:de:9e:cd:67:1e:5f:5c:16:34:7e:
         0f:e1:e3:a3:34:67:22:2b:40:13:5e:c0:14:77:7f:83:db:4c:
         dc:51:9a:ce:6c:a9:60:9c:ef:a4:e0:1d:fd:12:2b:40:aa:d2:
         f3:0d:f1:2c:97:9e:6c:db:35:cd:cf:3c:a8:cd:7a:34:ad:08:
         5b:2c:1b:2f:1b:70:79:78:d5:1b:b8:cd:75:de:86:08:13:f9:
         37:27:03:b7:2e:26:b5:98:58:7b:ed:30:3d:70:b3:e1:16:07:
         d1:78:c3:16:25:f7:c4:87:1d:68:7d:d6:03:d8:3b:d4:78:c1:
         0b:4a:b2:47:68:b8:27:3f:c3:0d:00:38:b0:e9:04:fe:8a:98:
         b7:54:ed:48:79:87:bf:f7:99:e3:61:cd:d2:5d:0c:d1:7e:50:
         09:66:de:ea:d9:4b:eb:12:49:3a:e5:b7:0e:aa:c9:90:79:51:
         68:d8:01:59:b8:18:82:56:f8:90:90:4f:39:a2:ea:e1:0c:20:
         6a:a4:f7:70:f7:63:d8:2b:03:53:cf:c4:92:b9:2c:8b:84:cb:
         55:61:79:c3
-----BEGIN CERTIFICATE-----
MIIFEDCCA/igAwIBAgISAZQks9zeu1NRjGzomGvTRbj0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY4YWE3ZTQ3YjkxYTYyOTVjYmY3MThjMWYyZGRiMGEyNWMy
NzZlYjIwHhcNMjUwMTAyMDE0OTE0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkOTllMmU1ODFhZDRiMjcxZjdlZWVmYjg1ZWUxZGY1NzkwYTJlYzQ5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt3a/IjWkqg6RcheP1sF6CB8nOeCX
ym7wGFIf+Cd138yBsl0aNDMcD7+YYtOEALmQey9HPcFxIokxAnYij8bqUdmqrAHo
x1gnz6Vyzf80lLA8HrPQv/LwXKtzc3ZZbBLviGcw1MPP51QMxVoyLMyLeX6sf13N
bd55m5+bE8JlBhxx3MEkFo/Ev8fBWDkXPG8bxaSmh4lJ9yzwA99dxz2tGhA1tk8t
sMM8SNUBzYX8sHi4GVJaTC6XvXbX8w05JU4aaxnL8IUO7xa6Gd8xJElcD04c5+e+
efSoatqtnQM8m2ghdqPvjHiX8u8o6EING44mQCWus02GqCGXcxSlz+U6eQIDAQAB
o4ICHDCCAhgwHQYDVR0OBBYEFNmeLlga1LJx9+7vuF7h31eQouxJMB8GA1UdIwQY
MBaAFPiqfke5GmKVy/cYwfLdsKJcJ26yMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1LcC1SN2thWXBYTDl4akI4dDJ3b2x3bmJySS5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMGYvZGU0OTRmLTUxMjktNDlmOS05Mjll
LTk3MGM4M2U5NmNiYy8xLzJaNHVXQnJVc25IMzd1LTRYdUhmVjVDaTdFay5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvMGYvZGU0OTRmLTUxMjktNDlmOS05MjllLTk3MGM4M2U5NmNi
Yy8xLzEtS3AtUjdrYVlwWEw5eGpCOHQyd29sd25ickkuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwMAYIKwYBBQUHAQcBAf8EITAfMAwEAgABMAYDBADDLicw
DwQCAAIwCQMHACABBnwneDANBgkqhkiG9w0BAQsFAAOCAQEAuI0RExRd3KdCC4T4
TL0q+NL8G9tBokA9xt6bGljhNAyHhu00KkaCyJ+07mbens1nHl9cFjR+D+HjozRn
IitAE17AFHd/g9tM3FGazmypYJzvpOAd/RIrQKrS8w3xLJeebNs1zc88qM16NK0I
WywbLxtweXjVG7jNdd6GCBP5NycDty4mtZhYe+0wPXCz4RYH0XjDFiX3xIcdaH3W
A9g71HjBC0qyR2i4Jz/DDQA4sOkE/oqYt1TtSHmHv/eZ42HN0l0M0X5QCWbe6tlL
6xJJOuW3DqrJkHlRaNgBWbgYglb4kJBPOaLq4QwgaqT3cPdj2CsDU8/Ekrksi4TL
VWF5ww==
-----END CERTIFICATE-----