Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/10/33eccf-0ae3-4c7e-a441-08e8f0cbb840/1/r4rXXxIgSH7c9iVAaISk1mXOtHM.roa
File:                     r4rXXxIgSH7c9iVAaISk1mXOtHM.roa (raw, json)
Hash identifier:          9aYpm/du2K8gdxDZs5dvyMGCHZxZm2TnZjsij83mYnw=
Subject key identifier:   AF:8A:D7:5F:12:20:48:7E:DC:F6:25:40:68:84:A4:D6:65:CE:B4:73
Certificate issuer:       /CN=8a6024b2c27a67dff5b654efa06bf7bfc1222625
Certificate serial:       0196F1E27CC95B71A1E3C4356F0A0A2BCE66
Authority key identifier: 8A:60:24:B2:C2:7A:67:DF:F5:B6:54:EF:A0:6B:F7:BF:C1:22:26:25
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/imAkssJ6Z9_1tlTvoGv3v8EiJiU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/10/33eccf-0ae3-4c7e-a441-08e8f0cbb840/1/r4rXXxIgSH7c9iVAaISk1mXOtHM.roa
Signing time:             Wed 21 May 2025 08:07:54 +0000
ROA not before:           Wed 21 May 2025 08:07:54 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     2914
IP address blocks:        194.150.75.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/10/33eccf-0ae3-4c7e-a441-08e8f0cbb840/1/imAkssJ6Z9_1tlTvoGv3v8EiJiU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/10/33eccf-0ae3-4c7e-a441-08e8f0cbb840/1/imAkssJ6Z9_1tlTvoGv3v8EiJiU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/imAkssJ6Z9_1tlTvoGv3v8EiJiU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 06 Jun 2025 08:00:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:f1:e2:7c:c9:5b:71:a1:e3:c4:35:6f:0a:0a:2b:ce:66
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8a6024b2c27a67dff5b654efa06bf7bfc1222625
        Validity
            Not Before: May 21 08:07:54 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=af8ad75f1220487edcf625406884a4d665ceb473
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:4f:76:7e:17:73:6e:f6:a4:b2:2d:9e:da:d0:
                    fb:29:21:f1:19:2e:25:3d:5e:2d:9e:3e:5c:8e:b5:
                    43:12:47:51:fd:49:fa:49:10:af:3d:53:5f:36:ce:
                    12:9a:87:c1:be:9c:72:6d:c8:ec:de:66:d4:1f:02:
                    35:d3:d7:ad:5d:98:16:a9:7a:44:42:0c:3d:17:9f:
                    6a:a4:02:93:9f:25:eb:e0:50:52:98:b7:af:95:76:
                    a2:63:bd:c3:74:2b:66:bb:8b:93:e4:8b:31:4e:ee:
                    3c:82:8a:e5:f9:14:d3:21:80:85:cc:d7:57:7e:18:
                    e5:5f:1d:5b:17:70:f6:bd:6e:aa:77:df:f1:95:2a:
                    fe:38:39:aa:ba:ed:d8:b2:e1:33:b0:e5:f3:74:3a:
                    ba:24:64:15:17:92:32:22:09:af:01:f8:6b:c2:57:
                    6d:4e:0b:ec:6a:34:8d:ce:06:4c:ff:0a:5b:27:50:
                    0a:86:17:ba:70:dc:74:dc:1e:62:17:b5:82:52:f9:
                    53:aa:4c:34:a6:48:d4:bb:47:02:2a:13:c1:71:bf:
                    ba:ac:32:80:4a:2d:99:c4:1e:18:67:84:dc:a5:ac:
                    41:49:ac:48:b7:a8:c5:a2:37:93:e4:36:5b:68:72:
                    d9:60:cf:44:86:ef:6d:d9:77:e8:2b:b6:e1:73:51:
                    31:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AF:8A:D7:5F:12:20:48:7E:DC:F6:25:40:68:84:A4:D6:65:CE:B4:73
            X509v3 Authority Key Identifier:
                keyid:8A:60:24:B2:C2:7A:67:DF:F5:B6:54:EF:A0:6B:F7:BF:C1:22:26:25

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/imAkssJ6Z9_1tlTvoGv3v8EiJiU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/33eccf-0ae3-4c7e-a441-08e8f0cbb840/1/r4rXXxIgSH7c9iVAaISk1mXOtHM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/10/33eccf-0ae3-4c7e-a441-08e8f0cbb840/1/imAkssJ6Z9_1tlTvoGv3v8EiJiU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.150.75.0/24

    Signature Algorithm: sha256WithRSAEncryption
         79:22:4e:4e:ea:f8:87:b7:2f:0d:91:5b:18:78:a8:26:ad:29:
         69:ca:58:17:fa:68:3a:c7:94:4b:72:ac:bf:84:cf:6b:58:e3:
         69:b2:96:5f:1a:90:09:37:8a:7f:1b:84:16:10:2d:3c:b3:48:
         21:4f:71:48:7b:cb:85:eb:be:f3:c3:b2:87:85:e7:81:c2:b4:
         b3:36:f4:db:08:05:6c:75:2b:6b:c2:51:0c:7f:eb:94:bf:bd:
         6e:99:fd:48:c7:6b:b5:d2:ce:e4:e7:88:64:13:bc:d5:8e:ca:
         35:ae:33:15:94:d5:8b:27:6b:96:f9:78:2d:cd:52:6d:76:a5:
         e3:c8:2e:31:57:2e:68:a5:11:7c:31:60:ff:bf:75:ba:16:48:
         b5:ae:ab:3b:2c:d8:3e:eb:e5:73:ff:b6:2e:11:f7:7e:3c:94:
         b5:58:8e:76:cd:f7:08:95:bb:7c:9c:63:51:6d:eb:bd:53:ef:
         52:d6:c0:71:14:04:7b:7b:a7:04:5f:1e:ab:24:d4:c4:1d:bd:
         37:f3:5f:ad:ee:76:5d:31:1f:bc:23:64:63:d4:1f:04:45:fb:
         8e:f3:34:9e:bf:92:a1:e3:1d:df:5c:a6:8c:84:7f:37:1b:e0:
         b6:c0:7d:5d:1c:8d:a5:fc:fd:26:54:7d:84:62:95:a8:74:a9:
         87:a2:78:7a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZbx4nzJW3Gh48Q1bwoKK85mMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhhNjAyNGIyYzI3YTY3ZGZmNWI2NTRlZmEwNmJmN2JmYzEy
MjI2MjUwHhcNMjUwNTIxMDgwNzU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZjhhZDc1ZjEyMjA0ODdlZGNmNjI1NDA2ODg0YTRkNjY1Y2ViNDczMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzk92fhdzbvaksi2e2tD7KSHxGS4l
PV4tnj5cjrVDEkdR/Un6SRCvPVNfNs4SmofBvpxybcjs3mbUHwI109etXZgWqXpE
Qgw9F59qpAKTnyXr4FBSmLevlXaiY73DdCtmu4uT5IsxTu48gorl+RTTIYCFzNdX
fhjlXx1bF3D2vW6qd9/xlSr+ODmquu3YsuEzsOXzdDq6JGQVF5IyIgmvAfhrwldt
TgvsajSNzgZM/wpbJ1AKhhe6cNx03B5iF7WCUvlTqkw0pkjUu0cCKhPBcb+6rDKA
Si2ZxB4YZ4TcpaxBSaxIt6jFojeT5DZbaHLZYM9Ehu9t2XfoK7bhc1ExfQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFK+K118SIEh+3PYlQGiEpNZlzrRzMB8GA1UdIwQY
MBaAFIpgJLLCemff9bZU76Br97/BIiYlMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaW1Ba3NzSjZaOV8xdGxUdm9HdjN2OEVpSmlVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMC8zM2VjY2YtMGFlMy00YzdlLWE0NDEt
MDhlOGYwY2JiODQwLzEvcjRyWFh4SWdTSDdjOWlWQWFJU2sxbVhPdEhNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMC8zM2VjY2YtMGFlMy00YzdlLWE0NDEtMDhlOGYwY2JiODQw
LzEvaW1Ba3NzSjZaOV8xdGxUdm9HdjN2OEVpSmlVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwpZLMA0G
CSqGSIb3DQEBCwUAA4IBAQB5Ik5O6viHty8NkVsYeKgmrSlpylgX+mg6x5RLcqy/
hM9rWONpspZfGpAJN4p/G4QWEC08s0ghT3FIe8uF677zw7KHheeBwrSzNvTbCAVs
dStrwlEMf+uUv71umf1Ix2u10s7k54hkE7zVjso1rjMVlNWLJ2uW+XgtzVJtdqXj
yC4xVy5opRF8MWD/v3W6Fki1rqs7LNg+6+Vz/7YuEfd+PJS1WI52zfcIlbt8nGNR
beu9U+9S1sBxFAR7e6cEXx6rJNTEHb0381+t7nZdMR+8I2Rj1B8ERfuO8zSev5Kh
4x3fXKaMhH83G+C2wH1dHI2l/P0mVH2EYpWodKmHonh6
-----END CERTIFICATE-----