Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1d/799e5c-1594-409f-8c54-3fec58614c4b/1/n1LYpQBp74CBUc1iCkyyz1kpuDI.roa
File:                     n1LYpQBp74CBUc1iCkyyz1kpuDI.roa (raw, json)
Hash identifier:          dntlfrX6kYRLASagUJhBDGwAMZaEo7XW+NU8zsgCpzQ=
Subject key identifier:   9F:52:D8:A5:00:69:EF:80:81:51:CD:62:0A:4C:B2:CF:59:29:B8:32
Certificate issuer:       /CN=19a6046e37c7e2075b41d6fef70d2312303c5f39
Certificate serial:       0194236A42ED0B1BD800FE1AEB56EAF78819
Authority key identifier: 19:A6:04:6E:37:C7:E2:07:5B:41:D6:FE:F7:0D:23:12:30:3C:5F:39
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GaYEbjfH4gdbQdb-9w0jEjA8Xzk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1d/799e5c-1594-409f-8c54-3fec58614c4b/1/n1LYpQBp74CBUc1iCkyyz1kpuDI.roa
Signing time:             Wed 01 Jan 2025 19:49:14 +0000
ROA not before:           Wed 01 Jan 2025 19:49:14 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     61371
IP address blocks:        109.95.41.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1d/799e5c-1594-409f-8c54-3fec58614c4b/1/GaYEbjfH4gdbQdb-9w0jEjA8Xzk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1d/799e5c-1594-409f-8c54-3fec58614c4b/1/GaYEbjfH4gdbQdb-9w0jEjA8Xzk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GaYEbjfH4gdbQdb-9w0jEjA8Xzk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 13 Apr 2025 16:01:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:6a:42:ed:0b:1b:d8:00:fe:1a:eb:56:ea:f7:88:19
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=19a6046e37c7e2075b41d6fef70d2312303c5f39
        Validity
            Not Before: Jan  1 19:49:14 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9f52d8a50069ef808151cd620a4cb2cf5929b832
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:5d:8f:ab:ee:b6:d3:65:5c:e1:27:26:7a:86:
                    dc:c7:c3:a9:18:e6:4c:89:3d:65:b7:7f:e8:35:35:
                    71:70:bd:80:ec:27:1e:cc:fd:eb:7b:eb:b8:5b:8c:
                    c7:5e:6c:12:bc:7b:b6:07:50:05:e9:20:46:a8:22:
                    b1:c5:a2:00:ff:e7:f5:59:b8:a4:b4:62:c1:12:2f:
                    1a:be:a6:07:46:21:40:51:62:0c:ff:46:6b:4b:3c:
                    78:72:f1:8c:a9:eb:47:c3:d6:02:c4:b7:77:94:48:
                    63:ec:1b:38:c8:9d:d3:4d:14:fe:64:16:01:b3:7c:
                    a0:5f:36:b7:36:66:27:a4:1f:eb:1c:89:e7:88:aa:
                    f2:db:ac:79:a8:dd:08:41:1f:00:2b:da:32:4d:81:
                    7d:b6:fc:3b:83:79:eb:01:5b:a2:1c:84:c1:c0:d3:
                    df:dc:aa:82:f6:47:6f:31:b8:47:23:c9:2b:45:68:
                    4a:9b:3b:fd:c6:de:11:1b:52:34:a7:8d:b0:49:a8:
                    3e:83:97:5f:f7:cc:c9:b9:b0:16:34:65:8d:f2:4c:
                    c6:cf:b9:6e:cf:b5:1a:7f:4c:63:3d:0f:0c:16:10:
                    f7:11:61:c0:4c:7b:83:b9:ea:07:85:81:d4:21:67:
                    64:0e:11:1b:90:eb:3e:8c:9c:40:85:b4:c6:78:07:
                    db:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9F:52:D8:A5:00:69:EF:80:81:51:CD:62:0A:4C:B2:CF:59:29:B8:32
            X509v3 Authority Key Identifier:
                keyid:19:A6:04:6E:37:C7:E2:07:5B:41:D6:FE:F7:0D:23:12:30:3C:5F:39

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GaYEbjfH4gdbQdb-9w0jEjA8Xzk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1d/799e5c-1594-409f-8c54-3fec58614c4b/1/n1LYpQBp74CBUc1iCkyyz1kpuDI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1d/799e5c-1594-409f-8c54-3fec58614c4b/1/GaYEbjfH4gdbQdb-9w0jEjA8Xzk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.95.41.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8b:7e:70:c9:22:31:2a:6b:19:fb:8e:f5:8a:ff:d7:a6:1e:d0:
         e0:4f:1b:e4:a0:d7:c8:af:de:e7:86:f6:62:b6:de:af:29:20:
         b3:b8:8c:b9:49:83:ae:68:70:99:66:6b:da:f1:4e:02:17:c5:
         51:2b:a5:1e:79:1b:6a:40:49:09:40:e1:f4:1b:e3:54:5d:59:
         2f:cc:8d:13:cd:63:51:8c:2e:0c:e2:f0:11:f5:f3:5f:dd:46:
         81:b0:80:a6:62:60:03:54:9b:61:12:90:15:64:b7:30:cd:c2:
         81:d8:78:f9:9d:38:5e:8e:06:80:94:80:36:30:36:2d:44:e0:
         a6:3e:f0:32:7d:f2:cf:11:e2:ca:7e:6b:97:6c:ea:12:18:7a:
         97:ab:9b:07:9b:04:57:7f:ec:83:77:e2:e7:f1:f2:a5:ba:c7:
         79:e2:c2:8d:14:c2:1c:a0:8b:0b:ea:ce:63:4f:20:1d:fe:56:
         f4:47:7c:76:84:9d:f5:5e:6b:76:9b:32:4a:bc:c8:60:4f:01:
         48:fb:0d:01:51:fd:d9:9c:d3:68:35:f5:3e:34:ae:66:7f:1e:
         73:dd:bc:3e:1c:28:38:c2:21:96:3b:86:7e:16:6d:b1:47:01:
         7a:1f:2e:6e:72:a0:fc:d0:d4:57:4a:7e:76:ae:82:4f:e7:89:
         ef:4e:72:a0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQjakLtCxvYAP4a61bq94gZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE5YTYwNDZlMzdjN2UyMDc1YjQxZDZmZWY3MGQyMzEyMzAz
YzVmMzkwHhcNMjUwMTAxMTk0OTE0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZjUyZDhhNTAwNjllZjgwODE1MWNkNjIwYTRjYjJjZjU5MjliODMyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs12Pq+6202Vc4Scmeobcx8OpGOZM
iT1lt3/oNTVxcL2A7CcezP3re+u4W4zHXmwSvHu2B1AF6SBGqCKxxaIA/+f1Wbik
tGLBEi8avqYHRiFAUWIM/0ZrSzx4cvGMqetHw9YCxLd3lEhj7Bs4yJ3TTRT+ZBYB
s3ygXza3NmYnpB/rHInniKry26x5qN0IQR8AK9oyTYF9tvw7g3nrAVuiHITBwNPf
3KqC9kdvMbhHI8krRWhKmzv9xt4RG1I0p42wSag+g5df98zJubAWNGWN8kzGz7lu
z7Uaf0xjPQ8MFhD3EWHATHuDueoHhYHUIWdkDhEbkOs+jJxAhbTGeAfbMQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJ9S2KUAae+AgVHNYgpMss9ZKbgyMB8GA1UdIwQY
MBaAFBmmBG43x+IHW0HW/vcNIxIwPF85MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR2FZRWJqZkg0Z2RiUWRiLTl3MGpFakE4WHprLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZC83OTllNWMtMTU5NC00MDlmLThjNTQt
M2ZlYzU4NjE0YzRiLzEvbjFMWXBRQnA3NENCVWMxaUNreXl6MWtwdURJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZC83OTllNWMtMTU5NC00MDlmLThjNTQtM2ZlYzU4NjE0YzRi
LzEvR2FZRWJqZkg0Z2RiUWRiLTl3MGpFakE4WHprLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAbV8pMA0G
CSqGSIb3DQEBCwUAA4IBAQCLfnDJIjEqaxn7jvWK/9emHtDgTxvkoNfIr97nhvZi
tt6vKSCzuIy5SYOuaHCZZmva8U4CF8VRK6UeeRtqQEkJQOH0G+NUXVkvzI0TzWNR
jC4M4vAR9fNf3UaBsICmYmADVJthEpAVZLcwzcKB2Hj5nThejgaAlIA2MDYtROCm
PvAyffLPEeLKfmuXbOoSGHqXq5sHmwRXf+yDd+Ln8fKlusd54sKNFMIcoIsL6s5j
TyAd/lb0R3x2hJ31Xmt2mzJKvMhgTwFI+w0BUf3ZnNNoNfU+NK5mfx5z3bw+HCg4
wiGWO4Z+Fm2xRwF6Hy5ucqD80NRXSn52roJP54nvTnKg
-----END CERTIFICATE-----