Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/18/a7e850-00be-4dc2-8c41-3866b95f485f/1/nYXV0oeOr7H1U28AOUuilcsp0nU.roa
File:                     nYXV0oeOr7H1U28AOUuilcsp0nU.roa (raw, json)
Hash identifier:          le0as7/dQRPjlA2JPpfjCeLlBJxV/pSf9ynVav6lgxs=
Subject key identifier:   9D:85:D5:D2:87:8E:AF:B1:F5:53:6F:00:39:4B:A2:95:CB:29:D2:75
Certificate issuer:       /CN=5df40ee7489e95c57f104271919da268bc513f9b
Certificate serial:       0194221F49AFABC50A088DC351FF04ABEDA6
Authority key identifier: 5D:F4:0E:E7:48:9E:95:C5:7F:10:42:71:91:9D:A2:68:BC:51:3F:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XfQO50ielcV_EEJxkZ2iaLxRP5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/18/a7e850-00be-4dc2-8c41-3866b95f485f/1/nYXV0oeOr7H1U28AOUuilcsp0nU.roa
Signing time:             Wed 01 Jan 2025 13:47:43 +0000
ROA not before:           Wed 01 Jan 2025 13:47:43 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     207673
IP address blocks:        194.76.58.0/23 maxlen: 23
                          194.76.104.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/18/a7e850-00be-4dc2-8c41-3866b95f485f/1/XfQO50ielcV_EEJxkZ2iaLxRP5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/18/a7e850-00be-4dc2-8c41-3866b95f485f/1/XfQO50ielcV_EEJxkZ2iaLxRP5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XfQO50ielcV_EEJxkZ2iaLxRP5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 13 Apr 2025 18:34:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:1f:49:af:ab:c5:0a:08:8d:c3:51:ff:04:ab:ed:a6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5df40ee7489e95c57f104271919da268bc513f9b
        Validity
            Not Before: Jan  1 13:47:43 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9d85d5d2878eafb1f5536f00394ba295cb29d275
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:0e:bd:fb:03:39:bb:85:ce:ca:f0:44:0e:d4:
                    39:60:33:59:ab:18:a9:39:21:79:50:e6:95:5e:36:
                    4a:9b:14:e7:05:4f:61:de:e5:35:5a:fe:61:c2:55:
                    e7:99:49:5b:67:81:c6:6c:fa:a2:8f:99:50:b3:6d:
                    ee:6d:2b:df:26:e9:d4:88:ad:6d:ce:68:66:ef:81:
                    18:bc:34:fe:5e:c8:76:e5:40:16:12:e6:68:55:76:
                    7b:24:ac:29:2a:ec:b0:59:d5:3e:4f:7e:b2:02:a2:
                    e3:98:48:6a:fb:99:53:99:3e:2b:bb:6f:de:e8:52:
                    bc:0b:13:f2:d3:91:b0:b6:17:9d:a8:e2:66:ee:e4:
                    45:06:64:93:99:92:aa:3f:5d:91:9c:dc:62:ae:ea:
                    19:91:79:3a:69:07:ed:dc:2d:ca:0f:ad:c3:b0:64:
                    c8:f2:e1:59:4a:99:d8:f7:76:24:07:e7:e8:87:a6:
                    27:68:93:d1:33:4e:a8:5a:ad:e4:75:5a:a4:89:8f:
                    5b:ff:5e:34:45:dd:45:9d:77:0d:c1:71:93:ca:5c:
                    18:72:3a:92:cb:82:3a:e3:21:2e:fd:75:6f:44:5f:
                    31:e6:b5:6a:0e:bf:66:fe:c5:ff:d9:45:a5:fb:d7:
                    3c:be:f9:c9:37:0a:94:5e:00:e1:f5:46:92:d1:6a:
                    01:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9D:85:D5:D2:87:8E:AF:B1:F5:53:6F:00:39:4B:A2:95:CB:29:D2:75
            X509v3 Authority Key Identifier:
                keyid:5D:F4:0E:E7:48:9E:95:C5:7F:10:42:71:91:9D:A2:68:BC:51:3F:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XfQO50ielcV_EEJxkZ2iaLxRP5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/18/a7e850-00be-4dc2-8c41-3866b95f485f/1/nYXV0oeOr7H1U28AOUuilcsp0nU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/18/a7e850-00be-4dc2-8c41-3866b95f485f/1/XfQO50ielcV_EEJxkZ2iaLxRP5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.76.58.0/23
                  194.76.104.0/23

    Signature Algorithm: sha256WithRSAEncryption
         13:d2:8b:8c:61:94:21:86:74:29:79:48:6e:a5:12:13:97:c2:
         fd:64:90:ee:af:09:46:f5:ff:4e:98:6a:af:a4:8f:05:0c:b0:
         62:a6:9b:f4:20:57:ca:f7:b9:90:49:82:2a:cf:19:c4:8e:5a:
         d4:a4:5f:bd:d6:21:f4:11:50:07:06:b7:a2:2d:ec:a5:ac:a0:
         48:11:2f:81:d7:cc:13:e2:fb:4f:36:a5:71:63:5d:0e:5d:40:
         24:20:81:a3:5f:ce:4e:95:f1:6c:f8:98:0e:ed:7a:d3:80:76:
         1f:f5:a4:44:50:bf:8f:d2:42:58:d0:d1:44:c8:1b:7c:51:03:
         30:2a:b2:83:83:2f:a9:46:d0:00:07:f6:d4:96:8f:c8:ed:f9:
         42:00:19:68:6d:2e:19:de:db:9e:60:d7:64:de:18:f0:37:92:
         4c:bd:cd:84:e5:0a:a9:1e:b4:e1:a0:55:dc:43:6e:a0:32:6e:
         19:bc:e1:16:70:89:c5:7b:52:94:aa:26:9f:26:01:0d:e6:dc:
         2e:e7:c6:e9:23:84:e3:c5:e5:37:c9:04:11:87:ee:2a:d4:1e:
         65:02:72:5c:cc:1f:a2:65:f2:a5:95:7d:ec:76:66:59:f2:f4:
         c2:13:6c:a5:e0:86:b5:07:82:c2:f2:0e:f1:4c:f4:5a:2b:6a:
         b9:71:00:1c
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQiH0mvq8UKCI3DUf8Eq+2mMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVkZjQwZWU3NDg5ZTk1YzU3ZjEwNDI3MTkxOWRhMjY4YmM1
MTNmOWIwHhcNMjUwMTAxMTM0NzQzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZDg1ZDVkMjg3OGVhZmIxZjU1MzZmMDAzOTRiYTI5NWNiMjlkMjc1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsw69+wM5u4XOyvBEDtQ5YDNZqxip
OSF5UOaVXjZKmxTnBU9h3uU1Wv5hwlXnmUlbZ4HGbPqij5lQs23ubSvfJunUiK1t
zmhm74EYvDT+Xsh25UAWEuZoVXZ7JKwpKuywWdU+T36yAqLjmEhq+5lTmT4ru2/e
6FK8CxPy05GwthedqOJm7uRFBmSTmZKqP12RnNxiruoZkXk6aQft3C3KD63DsGTI
8uFZSpnY93YkB+foh6YnaJPRM06oWq3kdVqkiY9b/140Rd1FnXcNwXGTylwYcjqS
y4I64yEu/XVvRF8x5rVqDr9m/sX/2UWl+9c8vvnJNwqUXgDh9UaS0WoBWwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFJ2F1dKHjq+x9VNvADlLopXLKdJ1MB8GA1UdIwQY
MBaAFF30DudInpXFfxBCcZGdomi8UT+bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWGZRTzUwaWVsY1ZfRUVKeGtaMmlhTHhSUDVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xOC9hN2U4NTAtMDBiZS00ZGMyLThjNDEt
Mzg2NmI5NWY0ODVmLzEvbllYVjBvZU9yN0gxVTI4QU9VdWlsY3NwMG5VLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xOC9hN2U4NTAtMDBiZS00ZGMyLThjNDEtMzg2NmI5NWY0ODVm
LzEvWGZRTzUwaWVsY1ZfRUVKeGtaMmlhTHhSUDVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBwkw6AwQB
wkxoMA0GCSqGSIb3DQEBCwUAA4IBAQAT0ouMYZQhhnQpeUhupRITl8L9ZJDurwlG
9f9OmGqvpI8FDLBippv0IFfK97mQSYIqzxnEjlrUpF+91iH0EVAHBreiLeylrKBI
ES+B18wT4vtPNqVxY10OXUAkIIGjX85OlfFs+JgO7XrTgHYf9aREUL+P0kJY0NFE
yBt8UQMwKrKDgy+pRtAAB/bUlo/I7flCABlobS4Z3tueYNdk3hjwN5JMvc2E5Qqp
HrThoFXcQ26gMm4ZvOEWcInFe1KUqiafJgEN5twu58bpI4TjxeU3yQQRh+4q1B5l
AnJczB+iZfKllX3sdmZZ8vTCE2yl4Ia1B4LC8g7xTPRaK2q5cQAc
-----END CERTIFICATE-----