Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/19/febef8-a0ea-4c7e-8806-20e19780cb2e/1/1U6WyMqsZGid0T3NYQ9DAZ6gJQY.roa
File:                     1U6WyMqsZGid0T3NYQ9DAZ6gJQY.roa (raw, json)
Hash identifier:          F8XNKrvuc9Q1Nu4SwuceqF3nF6Xwjfiv6CKLGF36N9o=
Subject key identifier:   D5:4E:96:C8:CA:AC:64:68:9D:D1:3D:CD:61:0F:43:01:9E:A0:25:06
Certificate issuer:       /CN=d08da9cf00d4d58b854ffc62010f235b06df354a
Certificate serial:       0194221FEC912F73C5729C83D756205CA14B
Authority key identifier: D0:8D:A9:CF:00:D4:D5:8B:85:4F:FC:62:01:0F:23:5B:06:DF:35:4A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0I2pzwDU1YuFT_xiAQ8jWwbfNUo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/19/febef8-a0ea-4c7e-8806-20e19780cb2e/1/1U6WyMqsZGid0T3NYQ9DAZ6gJQY.roa
Signing time:             Wed 01 Jan 2025 13:48:24 +0000
ROA not before:           Wed 01 Jan 2025 13:48:24 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     5511
IP address blocks:        194.38.49.0/24 maxlen: 24
                          194.38.51.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/19/febef8-a0ea-4c7e-8806-20e19780cb2e/1/0I2pzwDU1YuFT_xiAQ8jWwbfNUo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/19/febef8-a0ea-4c7e-8806-20e19780cb2e/1/0I2pzwDU1YuFT_xiAQ8jWwbfNUo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0I2pzwDU1YuFT_xiAQ8jWwbfNUo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 01:00:57 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:1f:ec:91:2f:73:c5:72:9c:83:d7:56:20:5c:a1:4b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d08da9cf00d4d58b854ffc62010f235b06df354a
        Validity
            Not Before: Jan  1 13:48:24 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d54e96c8caac64689dd13dcd610f43019ea02506
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:e0:07:41:85:63:73:3b:e6:f6:e8:d7:37:39:
                    35:6d:5b:5d:ac:a5:95:df:19:2e:98:f4:bb:6b:6d:
                    38:a6:d4:c3:2b:11:37:4d:8d:8d:fc:61:a6:a3:35:
                    76:18:16:b6:96:63:f6:63:a0:ec:bf:52:0d:ee:67:
                    88:cc:a5:31:e5:d3:50:30:25:d5:f1:99:5a:a0:31:
                    2f:c6:5f:4f:af:c9:bc:96:a7:4d:79:b7:81:55:eb:
                    fb:dc:f6:8e:be:88:94:d7:30:35:55:86:e8:ff:dd:
                    e4:29:02:ac:11:c4:d8:08:a3:c1:90:17:f0:cb:d7:
                    86:e2:af:4c:b5:39:53:c9:26:88:38:36:c2:cc:2d:
                    cb:eb:cc:38:21:f2:66:60:74:e9:82:71:c9:9f:61:
                    25:cb:bd:45:cf:8f:ac:5a:0f:55:ab:8d:89:ff:26:
                    15:fe:e2:91:84:03:b6:85:a2:74:18:11:4e:5e:07:
                    09:d6:dd:41:60:45:24:a0:63:aa:ef:58:16:93:c0:
                    d0:33:cf:f0:03:84:ae:aa:e3:1e:cf:2c:18:68:67:
                    84:96:af:5c:a7:12:2e:0f:ad:0a:1c:6e:38:30:c2:
                    33:ce:09:f9:03:fe:6c:c8:30:f2:ae:b0:e5:15:88:
                    c0:44:aa:e2:b1:3a:66:dd:92:ab:3c:a1:73:c2:37:
                    92:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D5:4E:96:C8:CA:AC:64:68:9D:D1:3D:CD:61:0F:43:01:9E:A0:25:06
            X509v3 Authority Key Identifier:
                keyid:D0:8D:A9:CF:00:D4:D5:8B:85:4F:FC:62:01:0F:23:5B:06:DF:35:4A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0I2pzwDU1YuFT_xiAQ8jWwbfNUo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/19/febef8-a0ea-4c7e-8806-20e19780cb2e/1/1U6WyMqsZGid0T3NYQ9DAZ6gJQY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/19/febef8-a0ea-4c7e-8806-20e19780cb2e/1/0I2pzwDU1YuFT_xiAQ8jWwbfNUo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.38.49.0/24
                  194.38.51.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8c:39:9a:37:d9:1c:a8:f5:ef:8b:4a:b0:55:5c:6b:89:59:be:
         ef:4e:3e:26:36:05:62:e8:8e:c4:f9:d3:1c:76:e4:c5:06:ec:
         2f:c6:b2:ff:ba:c0:c7:74:28:fd:e9:fa:c6:9d:9a:8c:a8:97:
         cd:73:8c:6b:f9:26:1a:4a:87:e0:c6:9c:09:5e:f2:d3:d6:bc:
         78:7d:89:0c:0b:85:c2:97:cb:4b:ee:e5:74:37:d5:ef:20:b1:
         87:f1:9f:96:56:8f:73:b8:13:06:cb:c1:15:e9:75:4e:a0:80:
         49:49:ff:8f:2e:32:d5:6c:e2:59:9b:d2:25:a8:15:60:3f:59:
         39:da:e5:45:d5:91:95:49:f4:cb:be:d6:3d:6e:33:94:4e:a0:
         8b:18:2e:47:77:cc:b7:d9:75:5b:86:9e:40:43:cd:44:28:31:
         1f:96:bb:cd:d9:6c:cf:c8:eb:89:06:8c:ce:75:3b:64:e1:52:
         1c:f1:98:67:78:b3:b5:53:2c:5d:bc:12:2a:5f:4e:d8:07:4a:
         5d:10:23:40:f8:30:7f:1d:43:1c:eb:95:9e:be:a8:98:48:5f:
         e3:55:66:a2:1f:c6:12:14:df:44:7b:0c:74:50:b5:21:a8:78:
         5b:88:51:9a:5c:b6:85:98:fc:67:20:53:57:dd:92:4c:51:5c:
         2b:ab:6b:e0
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQiH+yRL3PFcpyD11YgXKFLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQwOGRhOWNmMDBkNGQ1OGI4NTRmZmM2MjAxMGYyMzViMDZk
ZjM1NGEwHhcNMjUwMTAxMTM0ODI0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNTRlOTZjOGNhYWM2NDY4OWRkMTNkY2Q2MTBmNDMwMTllYTAyNTA2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw+AHQYVjczvm9ujXNzk1bVtdrKWV
3xkumPS7a204ptTDKxE3TY2N/GGmozV2GBa2lmP2Y6Dsv1IN7meIzKUx5dNQMCXV
8ZlaoDEvxl9Pr8m8lqdNebeBVev73PaOvoiU1zA1VYbo/93kKQKsEcTYCKPBkBfw
y9eG4q9MtTlTySaIODbCzC3L68w4IfJmYHTpgnHJn2Ely71Fz4+sWg9Vq42J/yYV
/uKRhAO2haJ0GBFOXgcJ1t1BYEUkoGOq71gWk8DQM8/wA4SuquMezywYaGeElq9c
pxIuD60KHG44MMIzzgn5A/5syDDyrrDlFYjARKrisTpm3ZKrPKFzwjeSswIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFNVOlsjKrGRondE9zWEPQwGeoCUGMB8GA1UdIwQY
MBaAFNCNqc8A1NWLhU/8YgEPI1sG3zVKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMEkycHp3RFUxWXVGVF94aUFROGpXd2JmTlVvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xOS9mZWJlZjgtYTBlYS00YzdlLTg4MDYt
MjBlMTk3ODBjYjJlLzEvMVU2V3lNcXNaR2lkMFQzTllROURBWjZnSlFZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xOS9mZWJlZjgtYTBlYS00YzdlLTg4MDYtMjBlMTk3ODBjYjJl
LzEvMEkycHp3RFUxWXVGVF94aUFROGpXd2JmTlVvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAwiYxAwQA
wiYzMA0GCSqGSIb3DQEBCwUAA4IBAQCMOZo32Ryo9e+LSrBVXGuJWb7vTj4mNgVi
6I7E+dMcduTFBuwvxrL/usDHdCj96frGnZqMqJfNc4xr+SYaSofgxpwJXvLT1rx4
fYkMC4XCl8tL7uV0N9XvILGH8Z+WVo9zuBMGy8EV6XVOoIBJSf+PLjLVbOJZm9Il
qBVgP1k52uVF1ZGVSfTLvtY9bjOUTqCLGC5Hd8y32XVbhp5AQ81EKDEflrvN2WzP
yOuJBozOdTtk4VIc8ZhneLO1UyxdvBIqX07YB0pdECNA+DB/HUMc65WevqiYSF/j
VWaiH8YSFN9Eewx0ULUhqHhbiFGaXLaFmPxnIFNX3ZJMUVwrq2vg
-----END CERTIFICATE-----