Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/7gV54LRlGijCGW9Ogel3gCUifVU.roa
File:                     7gV54LRlGijCGW9Ogel3gCUifVU.roa (raw, json)
Hash identifier:          HOG6dmdLMqt+Lo3q0yoryjk9TKITVAvfDd++PAC09QE=
Subject key identifier:   EE:05:79:E0:B4:65:1A:28:C2:19:6F:4E:81:E9:77:80:25:22:7D:55
Certificate issuer:       /CN=b1a7b0d8de8251d36d7c83faf6bc7efec73b5034
Certificate serial:       01942747E3566227F3C446F1DB19BF5CFB2E
Authority key identifier: B1:A7:B0:D8:DE:82:51:D3:6D:7C:83:FA:F6:BC:7E:FE:C7:3B:50:34
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/saew2N6CUdNtfIP69rx-_sc7UDQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/7gV54LRlGijCGW9Ogel3gCUifVU.roa
Signing time:             Thu 02 Jan 2025 13:50:10 +0000
ROA not before:           Thu 02 Jan 2025 13:50:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     208328
IP address blocks:        194.56.224.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/saew2N6CUdNtfIP69rx-_sc7UDQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/saew2N6CUdNtfIP69rx-_sc7UDQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/saew2N6CUdNtfIP69rx-_sc7UDQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 12:00:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:47:e3:56:62:27:f3:c4:46:f1:db:19:bf:5c:fb:2e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b1a7b0d8de8251d36d7c83faf6bc7efec73b5034
        Validity
            Not Before: Jan  2 13:50:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ee0579e0b4651a28c2196f4e81e9778025227d55
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:e8:d7:73:8a:bc:0f:a1:04:79:55:9a:a0:3d:
                    2f:59:0c:9c:e8:f5:d3:0e:e5:62:6b:34:6b:6f:dc:
                    13:b7:a2:c4:c8:b4:c1:5e:b2:b1:9e:8c:d6:cb:23:
                    5f:e9:09:f8:d8:47:b0:d8:36:7b:41:93:c9:dc:a7:
                    d6:41:ad:fe:ec:28:2f:8e:5e:c0:18:af:b1:51:0b:
                    9e:8a:be:0f:32:69:27:31:b4:50:9d:df:ba:6b:cb:
                    c6:dd:bf:a4:c5:d1:d6:45:68:25:e9:7e:d0:13:53:
                    8b:0d:d4:0b:20:54:4b:3f:9f:d2:42:89:fc:ee:f6:
                    fc:83:85:a8:e8:3f:26:2e:b2:d7:f5:63:61:8b:c4:
                    f6:f9:e5:d8:95:2e:dc:2d:6f:c9:9f:51:f7:16:13:
                    63:b3:73:68:dc:92:01:44:41:ea:70:ba:57:d5:d4:
                    a2:c1:9a:26:72:b3:a2:0f:1b:ce:60:bc:0e:10:5b:
                    78:cd:e5:a6:1f:d5:bf:91:e9:60:8b:2f:14:47:f6:
                    08:6a:f0:36:cd:c0:cf:6d:a1:48:41:31:62:24:c7:
                    17:5a:d6:0d:15:27:28:78:98:7a:3a:f3:a0:0b:55:
                    13:e9:60:74:3d:84:6a:ed:da:43:67:25:21:38:5e:
                    8a:be:39:14:b3:ef:1c:1c:31:fc:3b:37:9f:7c:c7:
                    ab:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EE:05:79:E0:B4:65:1A:28:C2:19:6F:4E:81:E9:77:80:25:22:7D:55
            X509v3 Authority Key Identifier:
                keyid:B1:A7:B0:D8:DE:82:51:D3:6D:7C:83:FA:F6:BC:7E:FE:C7:3B:50:34

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/saew2N6CUdNtfIP69rx-_sc7UDQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/7gV54LRlGijCGW9Ogel3gCUifVU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/saew2N6CUdNtfIP69rx-_sc7UDQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.56.224.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8c:c3:bb:c0:e3:0d:63:2c:99:71:d9:7e:d6:38:0b:25:82:d8:
         62:6c:ba:28:81:21:47:1b:78:a8:ae:02:34:80:3e:2b:fb:08:
         3e:f3:df:10:00:5f:03:1b:77:44:26:37:fa:53:55:25:48:df:
         dc:69:64:47:9a:d7:48:41:3a:07:93:5e:57:7b:b2:39:23:ab:
         6c:35:d7:4a:45:c5:95:96:da:97:f4:75:46:1c:27:1e:87:d6:
         b2:55:05:f2:8d:cd:72:79:7e:a9:2d:92:31:18:d2:8a:6a:30:
         6a:85:79:14:01:77:56:1b:96:3c:45:5b:0a:f8:e3:54:a8:e7:
         55:16:d6:30:d7:2c:38:d3:ad:c2:d8:96:2e:46:15:d0:92:9e:
         21:8b:88:ed:94:d2:57:40:ad:a8:4b:99:21:e3:68:6c:78:be:
         f8:5e:eb:1a:b1:de:42:f4:5a:06:02:62:a9:f1:b2:cc:3d:e0:
         59:67:89:2b:96:69:fb:ba:49:23:83:36:5b:9f:17:5a:e2:6c:
         d8:14:fa:c5:44:e8:eb:ef:45:e5:bf:29:5f:a7:a9:57:1b:dc:
         c4:f4:f0:5e:b8:04:14:b4:08:fd:98:74:2c:f9:2b:ea:d5:96:
         4b:9d:18:f2:68:ca:f6:85:cf:82:97:5b:f8:3a:bf:6f:2e:57:
         75:fd:b6:bd
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQnR+NWYifzxEbx2xm/XPsuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIxYTdiMGQ4ZGU4MjUxZDM2ZDdjODNmYWY2YmM3ZWZlYzcz
YjUwMzQwHhcNMjUwMTAyMTM1MDEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZTA1NzllMGI0NjUxYTI4YzIxOTZmNGU4MWU5Nzc4MDI1MjI3ZDU1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuOjXc4q8D6EEeVWaoD0vWQyc6PXT
DuViazRrb9wTt6LEyLTBXrKxnozWyyNf6Qn42Eew2DZ7QZPJ3KfWQa3+7Cgvjl7A
GK+xUQueir4PMmknMbRQnd+6a8vG3b+kxdHWRWgl6X7QE1OLDdQLIFRLP5/SQon8
7vb8g4Wo6D8mLrLX9WNhi8T2+eXYlS7cLW/Jn1H3FhNjs3No3JIBREHqcLpX1dSi
wZomcrOiDxvOYLwOEFt4zeWmH9W/kelgiy8UR/YIavA2zcDPbaFIQTFiJMcXWtYN
FScoeJh6OvOgC1UT6WB0PYRq7dpDZyUhOF6KvjkUs+8cHDH8OzeffMer2wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFO4FeeC0ZRoowhlvToHpd4AlIn1VMB8GA1UdIwQY
MBaAFLGnsNjeglHTbXyD+va8fv7HO1A0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc2FldzJONkNVZE50ZklQNjlyeC1fc2M3VURRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNy9mMTM0YzgtZjgxNC00YjcxLTk1N2It
Mzk0YWNkMjFmMzliLzEvN2dWNTRMUmxHaWpDR1c5T2dlbDNnQ1VpZlZVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNy9mMTM0YzgtZjgxNC00YjcxLTk1N2ItMzk0YWNkMjFmMzli
LzEvc2FldzJONkNVZE50ZklQNjlyeC1fc2M3VURRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwjjgMA0G
CSqGSIb3DQEBCwUAA4IBAQCMw7vA4w1jLJlx2X7WOAslgthibLoogSFHG3iorgI0
gD4r+wg+898QAF8DG3dEJjf6U1UlSN/caWRHmtdIQToHk15Xe7I5I6tsNddKRcWV
ltqX9HVGHCceh9ayVQXyjc1yeX6pLZIxGNKKajBqhXkUAXdWG5Y8RVsK+ONUqOdV
FtYw1yw4063C2JYuRhXQkp4hi4jtlNJXQK2oS5kh42hseL74Xusasd5C9FoGAmKp
8bLMPeBZZ4krlmn7ukkjgzZbnxda4mzYFPrFROjr70Xlvylfp6lXG9zE9PBeuAQU
tAj9mHQs+Svq1ZZLnRjyaMr2hc+Cl1v4Or9vLld1/ba9
-----END CERTIFICATE-----