Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/16/a30360-0329-4cf1-a37f-db7498dade0c/1/5LKnYfYeN0M1IwSjOCfaAZydc0E.roa
File:                     5LKnYfYeN0M1IwSjOCfaAZydc0E.roa (raw, json)
Hash identifier:          R6rY8mHoFXXwwf30CLdp4brLxdq1SUoGP6TPbyDWGN8=
Subject key identifier:   E4:B2:A7:61:F6:1E:37:43:35:23:04:A3:38:27:DA:01:9C:9D:73:41
Certificate issuer:       /CN=9e56980d489e9c53bc829f3e8d63d383f38d0de3
Certificate serial:       0194228D341E3CB8C44C3E1583A31753EA54
Authority key identifier: 9E:56:98:0D:48:9E:9C:53:BC:82:9F:3E:8D:63:D3:83:F3:8D:0D:E3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nlaYDUienFO8gp8-jWPTg_ONDeM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/16/a30360-0329-4cf1-a37f-db7498dade0c/1/5LKnYfYeN0M1IwSjOCfaAZydc0E.roa
Signing time:             Wed 01 Jan 2025 15:47:46 +0000
ROA not before:           Wed 01 Jan 2025 15:47:46 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     48394
IP address blocks:        94.247.8.0/21 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/16/a30360-0329-4cf1-a37f-db7498dade0c/1/nlaYDUienFO8gp8-jWPTg_ONDeM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/16/a30360-0329-4cf1-a37f-db7498dade0c/1/nlaYDUienFO8gp8-jWPTg_ONDeM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nlaYDUienFO8gp8-jWPTg_ONDeM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:8d:34:1e:3c:b8:c4:4c:3e:15:83:a3:17:53:ea:54
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9e56980d489e9c53bc829f3e8d63d383f38d0de3
        Validity
            Not Before: Jan  1 15:47:46 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e4b2a761f61e3743352304a33827da019c9d7341
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:22:23:21:13:fa:c6:c5:f1:e9:69:43:bc:ef:
                    8a:b3:c4:27:04:6f:4f:45:a2:e6:33:dc:cd:80:dd:
                    f7:da:e4:c3:7c:18:ab:77:4d:9e:51:fe:89:30:bf:
                    41:9a:42:bc:79:d7:75:9d:53:6f:91:e4:60:3a:4a:
                    9e:25:53:ce:a3:69:99:8a:a2:78:76:57:a6:8e:8b:
                    23:95:13:e2:ae:af:7a:12:20:aa:7c:e0:3e:c4:88:
                    4a:ab:3d:93:98:c0:34:18:cd:ed:7d:62:6e:cb:bc:
                    ec:ac:1e:87:a4:0f:10:dc:42:9c:ed:50:96:28:ec:
                    ec:cf:b7:53:ef:cf:94:c9:8a:15:83:15:ee:ad:d7:
                    8e:da:e7:a9:d6:cb:11:7a:9a:8f:02:a8:7b:4c:8d:
                    cc:e0:b5:78:a6:b9:6e:f6:01:44:31:30:10:d9:d9:
                    a7:20:43:84:82:89:d1:38:c7:4e:89:16:9e:9b:ea:
                    da:ad:d0:f9:46:c6:f1:45:8f:36:f0:2b:6e:00:ab:
                    64:5c:c6:09:f2:3f:bf:ce:f9:d0:00:8c:09:bb:5c:
                    37:73:09:61:c9:12:b7:4e:28:97:58:58:8c:60:95:
                    33:f7:e1:27:88:53:c6:ed:39:af:1e:3f:68:dc:79:
                    72:1a:31:c8:64:76:83:08:ee:a9:58:79:3d:4d:f6:
                    30:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E4:B2:A7:61:F6:1E:37:43:35:23:04:A3:38:27:DA:01:9C:9D:73:41
            X509v3 Authority Key Identifier:
                keyid:9E:56:98:0D:48:9E:9C:53:BC:82:9F:3E:8D:63:D3:83:F3:8D:0D:E3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nlaYDUienFO8gp8-jWPTg_ONDeM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/a30360-0329-4cf1-a37f-db7498dade0c/1/5LKnYfYeN0M1IwSjOCfaAZydc0E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/16/a30360-0329-4cf1-a37f-db7498dade0c/1/nlaYDUienFO8gp8-jWPTg_ONDeM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.247.8.0/21

    Signature Algorithm: sha256WithRSAEncryption
         3a:71:a4:bf:97:2c:83:0b:f6:05:7c:3a:0e:2a:ed:5b:a3:a6:
         a0:e0:f4:e1:e6:5e:63:99:f5:97:4a:e6:71:f8:d1:be:de:5d:
         89:f1:16:92:0b:e6:e4:91:6b:ed:47:7f:03:22:89:f7:aa:d3:
         bc:c4:a4:b3:7e:c0:35:25:f7:d3:81:87:06:02:3e:2e:c5:67:
         0a:ea:3d:70:2a:ed:67:7c:82:f4:b8:d4:b4:9f:84:3f:1f:56:
         52:3b:1a:c7:14:38:ab:d0:ca:84:e8:14:07:a7:0d:95:95:03:
         6b:c6:89:89:d6:67:c4:c5:77:7e:1d:68:c3:96:2c:f4:ea:13:
         9d:ad:05:f0:cd:d4:4f:a5:32:a6:4b:0b:28:b1:18:9c:6a:da:
         e2:ca:9b:93:21:71:b1:79:46:19:35:eb:b4:b5:6c:57:42:1e:
         07:93:eb:cb:2a:69:ef:23:c1:19:23:45:a9:47:6c:2b:73:73:
         98:40:4e:b9:4d:7e:9a:30:a2:7c:21:b6:c6:c7:64:c0:63:9a:
         bd:63:17:62:1c:15:f7:2f:ba:94:62:2a:de:bb:e1:ac:f9:f7:
         ba:ad:35:ac:26:d3:a8:05:2a:33:84:32:d1:7c:98:41:48:94:
         8e:e9:1c:e8:f4:d4:36:f1:5a:95:41:18:79:cf:a6:99:a4:54:
         3a:54:bb:8a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQijTQePLjETD4Vg6MXU+pUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDllNTY5ODBkNDg5ZTljNTNiYzgyOWYzZThkNjNkMzgzZjM4
ZDBkZTMwHhcNMjUwMTAxMTU0NzQ2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNGIyYTc2MWY2MWUzNzQzMzUyMzA0YTMzODI3ZGEwMTljOWQ3MzQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAriIjIRP6xsXx6WlDvO+Ks8QnBG9P
RaLmM9zNgN332uTDfBird02eUf6JML9BmkK8edd1nVNvkeRgOkqeJVPOo2mZiqJ4
dlemjosjlRPirq96EiCqfOA+xIhKqz2TmMA0GM3tfWJuy7zsrB6HpA8Q3EKc7VCW
KOzsz7dT78+UyYoVgxXurdeO2uep1ssRepqPAqh7TI3M4LV4prlu9gFEMTAQ2dmn
IEOEgonROMdOiRaem+rardD5RsbxRY828CtuAKtkXMYJ8j+/zvnQAIwJu1w3cwlh
yRK3TiiXWFiMYJUz9+EniFPG7TmvHj9o3HlyGjHIZHaDCO6pWHk9TfYwjwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOSyp2H2HjdDNSMEozgn2gGcnXNBMB8GA1UdIwQY
MBaAFJ5WmA1InpxTvIKfPo1j04PzjQ3jMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbmxhWURVaWVuRk84Z3A4LWpXUFRnX09ORGVNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNi9hMzAzNjAtMDMyOS00Y2YxLWEzN2Yt
ZGI3NDk4ZGFkZTBjLzEvNUxLbllmWWVOME0xSXdTak9DZmFBWnlkYzBFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNi9hMzAzNjAtMDMyOS00Y2YxLWEzN2YtZGI3NDk4ZGFkZTBj
LzEvbmxhWURVaWVuRk84Z3A4LWpXUFRnX09ORGVNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDXvcIMA0G
CSqGSIb3DQEBCwUAA4IBAQA6caS/lyyDC/YFfDoOKu1bo6ag4PTh5l5jmfWXSuZx
+NG+3l2J8RaSC+bkkWvtR38DIon3qtO8xKSzfsA1JffTgYcGAj4uxWcK6j1wKu1n
fIL0uNS0n4Q/H1ZSOxrHFDir0MqE6BQHpw2VlQNrxomJ1mfExXd+HWjDliz06hOd
rQXwzdRPpTKmSwsosRicatriypuTIXGxeUYZNeu0tWxXQh4Hk+vLKmnvI8EZI0Wp
R2wrc3OYQE65TX6aMKJ8IbbGx2TAY5q9YxdiHBX3L7qUYireu+Gs+fe6rTWsJtOo
BSozhDLRfJhBSJSO6Rzo9NQ28VqVQRh5z6aZpFQ6VLuK
-----END CERTIFICATE-----