Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/14/747113-591d-4808-92d9-7a794d5ced3d/1/OUb4f2kMek4JWOT-2hKVrK3yUkc.roa
File:                     OUb4f2kMek4JWOT-2hKVrK3yUkc.roa (raw, json)
Hash identifier:          BGMCH6XtBbK3ErSxfRu28beFp+9P5g1GIIEgyGFXRQQ=
Subject key identifier:   39:46:F8:7F:69:0C:7A:4E:09:58:E4:FE:DA:12:95:AC:AD:F2:52:47
Certificate issuer:       /CN=8df51d0670715eb69efa2fbff1998c3bdbd8a9f5
Certificate serial:       0194228D3387E42B3083AD819EAAC8C937C4
Authority key identifier: 8D:F5:1D:06:70:71:5E:B6:9E:FA:2F:BF:F1:99:8C:3B:DB:D8:A9:F5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jfUdBnBxXrae-i-_8ZmMO9vYqfU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/14/747113-591d-4808-92d9-7a794d5ced3d/1/OUb4f2kMek4JWOT-2hKVrK3yUkc.roa
Signing time:             Wed 01 Jan 2025 15:47:46 +0000
ROA not before:           Wed 01 Jan 2025 15:47:46 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     8838
IP address blocks:        194.50.108.0/24 maxlen: 24
                          212.42.0.0/19 maxlen: 19
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/14/747113-591d-4808-92d9-7a794d5ced3d/1/jfUdBnBxXrae-i-_8ZmMO9vYqfU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/14/747113-591d-4808-92d9-7a794d5ced3d/1/jfUdBnBxXrae-i-_8ZmMO9vYqfU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jfUdBnBxXrae-i-_8ZmMO9vYqfU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 18:00:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:8d:33:87:e4:2b:30:83:ad:81:9e:aa:c8:c9:37:c4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8df51d0670715eb69efa2fbff1998c3bdbd8a9f5
        Validity
            Not Before: Jan  1 15:47:46 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3946f87f690c7a4e0958e4feda1295acadf25247
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:b0:c7:4a:d6:4d:ab:90:98:b2:8e:d9:84:02:
                    d1:07:b3:c7:d4:fe:9c:08:2f:ef:65:a5:bc:4b:ee:
                    1a:64:22:55:2c:d4:6a:61:45:4f:31:0c:5e:68:f0:
                    b4:36:ac:7a:f7:db:89:f2:fa:4b:4c:bf:88:b2:18:
                    66:fb:0a:5d:86:c4:d2:6e:9d:92:f0:66:bb:cd:98:
                    e8:97:0e:0e:13:e0:d8:4d:e7:20:cd:fe:d5:ac:54:
                    0e:03:1b:3d:d2:1f:84:9e:82:6a:df:b3:67:b1:cd:
                    b8:50:b5:ac:e0:95:32:e6:43:38:d1:8c:57:e6:9f:
                    33:2c:84:43:4d:28:a6:12:4f:64:ce:23:56:95:bf:
                    9c:be:c7:0e:ac:f3:c1:2b:99:11:ff:c5:62:e0:67:
                    5f:7f:46:ce:db:0f:16:d7:1c:fe:80:fe:e5:ae:60:
                    0d:81:ca:7e:f2:7c:d7:a3:95:c6:e0:1a:93:39:b8:
                    76:d2:86:5a:71:a2:4e:3a:69:99:a6:1c:e5:68:8e:
                    c1:b0:8c:3b:cc:a4:e3:52:8a:73:da:2a:51:c2:81:
                    57:0d:eb:2c:a1:18:c0:78:7f:78:86:37:2c:d7:7e:
                    eb:66:b9:a0:33:cb:51:25:69:88:72:08:e1:da:03:
                    87:70:97:67:76:ea:0b:e7:36:a5:e9:7e:6e:22:18:
                    1c:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                39:46:F8:7F:69:0C:7A:4E:09:58:E4:FE:DA:12:95:AC:AD:F2:52:47
            X509v3 Authority Key Identifier:
                keyid:8D:F5:1D:06:70:71:5E:B6:9E:FA:2F:BF:F1:99:8C:3B:DB:D8:A9:F5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jfUdBnBxXrae-i-_8ZmMO9vYqfU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/14/747113-591d-4808-92d9-7a794d5ced3d/1/OUb4f2kMek4JWOT-2hKVrK3yUkc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/14/747113-591d-4808-92d9-7a794d5ced3d/1/jfUdBnBxXrae-i-_8ZmMO9vYqfU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.50.108.0/24
                  212.42.0.0/19

    Signature Algorithm: sha256WithRSAEncryption
         5b:04:e5:09:4c:ff:b8:51:d6:80:9f:87:34:92:49:1f:62:cf:
         a6:fd:21:70:6d:e1:0c:26:7a:81:3a:59:3e:f3:4c:ee:a4:f3:
         20:f7:bd:c4:b1:92:22:ff:d6:e6:2a:ae:55:eb:63:4e:12:c4:
         12:1b:41:67:4e:1d:5a:af:a1:1e:b4:48:d1:aa:12:84:a3:34:
         34:d5:7a:ba:e2:c4:0e:90:9b:48:99:00:e6:c6:8c:11:ed:5f:
         33:63:ef:04:d1:5d:d1:85:69:40:a4:ac:c6:36:66:09:bb:50:
         fe:9f:5e:fd:d0:90:24:13:e6:3b:45:9d:58:3c:9b:23:e2:5f:
         0a:eb:b0:60:2d:7d:2b:04:d0:6c:61:00:6f:6d:15:58:b1:4b:
         99:3d:14:02:19:31:68:81:d1:83:4c:66:2a:54:8d:ab:3e:db:
         f3:f2:36:46:a5:d7:e4:3d:21:c3:1e:48:b6:59:92:98:da:68:
         bb:fe:f6:aa:62:d4:af:82:33:6b:f0:ee:38:01:b7:8a:5f:a1:
         52:4d:76:0a:5f:86:aa:1f:7e:21:97:b4:97:5f:1b:c2:27:4c:
         db:48:16:bb:2e:0d:a4:ad:a6:6a:84:91:8e:ba:c3:3e:ba:76:
         b5:06:f0:ea:86:92:a3:3b:fa:d4:2c:cf:1a:df:38:7a:28:d5:
         30:c5:ed:b4
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQijTOH5Cswg62BnqrIyTfEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhkZjUxZDA2NzA3MTVlYjY5ZWZhMmZiZmYxOTk4YzNiZGJk
OGE5ZjUwHhcNMjUwMTAxMTU0NzQ2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzOTQ2Zjg3ZjY5MGM3YTRlMDk1OGU0ZmVkYTEyOTVhY2FkZjI1MjQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA17DHStZNq5CYso7ZhALRB7PH1P6c
CC/vZaW8S+4aZCJVLNRqYUVPMQxeaPC0Nqx699uJ8vpLTL+Ishhm+wpdhsTSbp2S
8Ga7zZjolw4OE+DYTecgzf7VrFQOAxs90h+EnoJq37Nnsc24ULWs4JUy5kM40YxX
5p8zLIRDTSimEk9kziNWlb+cvscOrPPBK5kR/8Vi4Gdff0bO2w8W1xz+gP7lrmAN
gcp+8nzXo5XG4BqTObh20oZacaJOOmmZphzlaI7BsIw7zKTjUopz2ipRwoFXDess
oRjAeH94hjcs137rZrmgM8tRJWmIcgjh2gOHcJdnduoL5zal6X5uIhgc4wIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFDlG+H9pDHpOCVjk/toSlayt8lJHMB8GA1UdIwQY
MBaAFI31HQZwcV62nvovv/GZjDvb2Kn1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvamZVZEJuQnhYcmFlLWktXzhabU1POXZZcWZVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNC83NDcxMTMtNTkxZC00ODA4LTkyZDkt
N2E3OTRkNWNlZDNkLzEvT1ViNGYya01lazRKV09ULTJoS1ZySzN5VWtjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNC83NDcxMTMtNTkxZC00ODA4LTkyZDktN2E3OTRkNWNlZDNk
LzEvamZVZEJuQnhYcmFlLWktXzhabU1POXZZcWZVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAwjJsAwQF
1CoAMA0GCSqGSIb3DQEBCwUAA4IBAQBbBOUJTP+4UdaAn4c0kkkfYs+m/SFwbeEM
JnqBOlk+80zupPMg973EsZIi/9bmKq5V62NOEsQSG0FnTh1ar6EetEjRqhKEozQ0
1Xq64sQOkJtImQDmxowR7V8zY+8E0V3RhWlApKzGNmYJu1D+n1790JAkE+Y7RZ1Y
PJsj4l8K67BgLX0rBNBsYQBvbRVYsUuZPRQCGTFogdGDTGYqVI2rPtvz8jZGpdfk
PSHDHki2WZKY2mi7/vaqYtSvgjNr8O44AbeKX6FSTXYKX4aqH34hl7SXXxvCJ0zb
SBa7Lg2kraZqhJGOusM+una1BvDqhpKjO/rULM8a3zh6KNUwxe20
-----END CERTIFICATE-----