Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/c8e214-8e45-4c96-8a79-de6187b7298a/1/hfOIiDf5LSUuZcT1PUl10jObmSE.roa
File:                     hfOIiDf5LSUuZcT1PUl10jObmSE.roa (raw, json)
Hash identifier:          4rpFhpKYXZ4q/RScibgPwKMUZ18cthvaLWxbyNlA6YU=
Subject key identifier:   85:F3:88:88:37:F9:2D:25:2E:65:C4:F5:3D:49:75:D2:33:9B:99:21
Certificate issuer:       /CN=633e752ca0dc423c74f508405ba5228a8c2e5157
Certificate serial:       019420D63622D9F66F02CC760CD0DF87F7E8
Authority key identifier: 63:3E:75:2C:A0:DC:42:3C:74:F5:08:40:5B:A5:22:8A:8C:2E:51:57
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Yz51LKDcQjx09QhAW6UiiowuUVc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/13/c8e214-8e45-4c96-8a79-de6187b7298a/1/hfOIiDf5LSUuZcT1PUl10jObmSE.roa
Signing time:             Wed 01 Jan 2025 07:48:16 +0000
ROA not before:           Wed 01 Jan 2025 07:48:16 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     15694
IP address blocks:        194.49.124.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/13/c8e214-8e45-4c96-8a79-de6187b7298a/1/Yz51LKDcQjx09QhAW6UiiowuUVc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/13/c8e214-8e45-4c96-8a79-de6187b7298a/1/Yz51LKDcQjx09QhAW6UiiowuUVc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Yz51LKDcQjx09QhAW6UiiowuUVc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 15 Apr 2025 23:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:d6:36:22:d9:f6:6f:02:cc:76:0c:d0:df:87:f7:e8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=633e752ca0dc423c74f508405ba5228a8c2e5157
        Validity
            Not Before: Jan  1 07:48:16 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=85f3888837f92d252e65c4f53d4975d2339b9921
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:e3:17:ae:7c:23:d6:6e:ba:20:03:9e:30:f5:
                    18:5f:28:18:c5:96:ec:84:f0:d1:7b:46:95:08:74:
                    59:50:e6:3f:3f:99:2d:79:69:a1:a9:50:5a:79:73:
                    14:58:b7:2f:0d:9b:5e:fa:81:94:f2:1f:ed:98:ce:
                    c6:d6:27:48:00:fb:ae:2f:05:54:7e:c8:fb:46:4d:
                    b7:e4:f2:dc:d2:01:80:80:0b:75:a6:f1:3e:78:e8:
                    30:b0:21:be:f9:05:c5:b7:33:71:0f:0f:22:f3:64:
                    cf:1f:35:16:21:53:d3:83:d6:46:1f:05:38:b8:06:
                    13:58:ed:f6:a3:af:60:0a:79:07:c0:77:23:aa:79:
                    2f:e0:da:2c:26:7e:fb:d7:1e:ff:85:4e:fb:16:d3:
                    eb:14:e8:6b:b7:d9:eb:af:54:73:fe:3a:ad:c8:e8:
                    bd:51:e3:c9:f2:d8:b2:16:cc:78:32:3c:25:8e:33:
                    72:71:ad:e9:9b:e8:fc:95:5a:51:6f:f4:21:58:4a:
                    ed:03:87:3c:87:83:fe:ab:72:ab:53:ec:07:69:59:
                    a4:f4:ac:88:ac:15:85:72:1b:b7:f8:5c:a0:ff:59:
                    d8:30:78:74:92:03:79:20:2f:e7:04:a8:31:92:18:
                    92:0d:14:d1:b7:c0:a8:43:d4:8d:5b:d7:8d:7f:a2:
                    31:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                85:F3:88:88:37:F9:2D:25:2E:65:C4:F5:3D:49:75:D2:33:9B:99:21
            X509v3 Authority Key Identifier:
                keyid:63:3E:75:2C:A0:DC:42:3C:74:F5:08:40:5B:A5:22:8A:8C:2E:51:57

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Yz51LKDcQjx09QhAW6UiiowuUVc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/c8e214-8e45-4c96-8a79-de6187b7298a/1/hfOIiDf5LSUuZcT1PUl10jObmSE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/13/c8e214-8e45-4c96-8a79-de6187b7298a/1/Yz51LKDcQjx09QhAW6UiiowuUVc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.49.124.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ab:58:3a:9c:c9:1d:5b:fb:c9:93:a8:41:83:46:a2:3d:d8:95:
         e5:58:fa:87:59:5d:ad:05:7f:7f:49:62:ed:e5:8d:21:77:e2:
         4b:44:d2:75:59:69:51:53:33:fd:d5:9b:fe:17:6d:66:94:45:
         32:6e:ed:4a:6b:fe:43:9e:5b:89:3d:94:25:b4:9c:3e:3b:7c:
         a2:57:fb:df:17:8c:2c:52:7e:5e:d7:60:41:db:9f:0a:2b:d6:
         1b:8e:3b:db:e0:73:ee:a7:35:20:89:c1:69:21:a7:33:9f:70:
         08:cc:5d:5d:95:7e:10:48:c8:ba:39:5f:b1:ba:c8:fc:24:12:
         f4:6b:de:64:1f:6f:fe:1a:38:3a:ac:98:10:93:d3:f4:b0:dc:
         ef:d7:fa:82:31:3a:fa:0e:d9:98:d4:47:88:0c:dc:90:0a:5a:
         65:db:13:6e:2d:08:90:a8:b9:24:86:65:6a:d5:29:b4:a5:0b:
         0e:6b:c6:09:e4:75:d5:b5:df:4d:9c:80:cb:78:ca:7c:77:ad:
         78:c1:10:ab:2c:98:64:e2:22:6a:b1:62:05:f7:cb:70:80:93:
         c4:27:ae:db:56:6a:36:ae:38:e6:23:f6:e9:f6:0d:5e:c8:f7:
         60:8d:60:b6:e7:a3:8d:bc:03:40:5f:e7:11:12:ee:27:3b:88:
         c0:b4:2f:e6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQg1jYi2fZvAsx2DNDfh/foMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzM2U3NTJjYTBkYzQyM2M3NGY1MDg0MDViYTUyMjhhOGMy
ZTUxNTcwHhcNMjUwMTAxMDc0ODE2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NWYzODg4ODM3ZjkyZDI1MmU2NWM0ZjUzZDQ5NzVkMjMzOWI5OTIxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1uMXrnwj1m66IAOeMPUYXygYxZbs
hPDRe0aVCHRZUOY/P5kteWmhqVBaeXMUWLcvDZte+oGU8h/tmM7G1idIAPuuLwVU
fsj7Rk235PLc0gGAgAt1pvE+eOgwsCG++QXFtzNxDw8i82TPHzUWIVPTg9ZGHwU4
uAYTWO32o69gCnkHwHcjqnkv4NosJn771x7/hU77FtPrFOhrt9nrr1Rz/jqtyOi9
UePJ8tiyFsx4MjwljjNyca3pm+j8lVpRb/QhWErtA4c8h4P+q3KrU+wHaVmk9KyI
rBWFchu3+Fyg/1nYMHh0kgN5IC/nBKgxkhiSDRTRt8CoQ9SNW9eNf6IxOQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIXziIg3+S0lLmXE9T1JddIzm5khMB8GA1UdIwQY
MBaAFGM+dSyg3EI8dPUIQFulIoqMLlFXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWXo1MUxLRGNRangwOVFoQVc2VWlpb3d1VVZjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy9jOGUyMTQtOGU0NS00Yzk2LThhNzkt
ZGU2MTg3YjcyOThhLzEvaGZPSWlEZjVMU1V1WmNUMVBVbDEwak9ibVNFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMy9jOGUyMTQtOGU0NS00Yzk2LThhNzktZGU2MTg3YjcyOThh
LzEvWXo1MUxLRGNRangwOVFoQVc2VWlpb3d1VVZjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwjF8MA0G
CSqGSIb3DQEBCwUAA4IBAQCrWDqcyR1b+8mTqEGDRqI92JXlWPqHWV2tBX9/SWLt
5Y0hd+JLRNJ1WWlRUzP91Zv+F21mlEUybu1Ka/5DnluJPZQltJw+O3yiV/vfF4ws
Un5e12BB258KK9Ybjjvb4HPupzUgicFpIaczn3AIzF1dlX4QSMi6OV+xusj8JBL0
a95kH2/+Gjg6rJgQk9P0sNzv1/qCMTr6DtmY1EeIDNyQClpl2xNuLQiQqLkkhmVq
1Sm0pQsOa8YJ5HXVtd9NnIDLeMp8d614wRCrLJhk4iJqsWIF98twgJPEJ67bVmo2
rjjmI/bp9g1eyPdgjWC256ONvANAX+cREu4nO4jAtC/m
-----END CERTIFICATE-----