Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/zrYBef1QK-dLallM9PjcSjGpymI.roa
File:                     zrYBef1QK-dLallM9PjcSjGpymI.roa (raw, json)
Hash identifier:          cRsj5gQpAcfkjpl2JMJWNvqgYv7eA6VvFL+ielOPLC4=
Subject key identifier:   CE:B6:01:79:FD:50:2B:E7:4B:6A:59:4C:F4:F8:DC:4A:31:A9:CA:62
Certificate issuer:       /CN=4f14112d05e9d876149d2778d48edaaa324db0a5
Certificate serial:       01942369F46A0117BB9DC2D6099A567ABCA6
Authority key identifier: 4F:14:11:2D:05:E9:D8:76:14:9D:27:78:D4:8E:DA:AA:32:4D:B0:A5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/zrYBef1QK-dLallM9PjcSjGpymI.roa
Signing time:             Wed 01 Jan 2025 19:48:53 +0000
ROA not before:           Wed 01 Jan 2025 19:48:53 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     135391
IP address blocks:        194.26.215.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 09:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:69:f4:6a:01:17:bb:9d:c2:d6:09:9a:56:7a:bc:a6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f14112d05e9d876149d2778d48edaaa324db0a5
        Validity
            Not Before: Jan  1 19:48:53 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ceb60179fd502be74b6a594cf4f8dc4a31a9ca62
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:e7:17:f0:58:96:f8:9c:42:dd:22:4e:0a:a3:
                    94:ee:24:4e:c2:01:d5:40:3b:fc:be:d0:57:79:2b:
                    67:10:5a:b6:87:ba:52:32:ff:7c:99:2c:8f:05:e6:
                    be:86:f9:88:2c:8a:83:35:ff:ba:36:d6:be:95:d8:
                    e1:3c:e7:e2:30:51:26:f3:b1:15:6f:45:96:d7:d0:
                    6d:62:e8:79:aa:11:a1:0b:58:8b:af:eb:69:8d:29:
                    40:4e:3d:94:b2:7d:47:70:47:07:a3:8d:27:1c:8f:
                    32:57:b4:c9:6c:7d:d5:d9:74:67:99:f1:ab:66:08:
                    61:8b:ba:fc:43:b7:62:dc:8a:44:b7:8b:a0:97:0e:
                    21:c5:6e:9a:21:2a:66:03:2e:b0:3f:af:5c:18:48:
                    25:16:9b:89:96:16:a3:a4:2d:1c:b8:8c:b1:20:09:
                    70:b1:a7:87:70:67:f6:c5:b2:ba:00:a2:8e:3b:97:
                    04:00:9e:ce:34:8a:5b:89:ae:d4:05:59:3b:5a:ec:
                    9a:fa:5a:4e:73:b6:5a:f1:ba:96:a5:2e:cf:ce:cb:
                    df:46:05:a2:dc:f5:5a:d6:13:09:c0:76:b6:7e:83:
                    63:4d:d9:1f:c0:e0:2d:48:93:b7:0e:da:f2:20:f3:
                    26:0c:3b:10:38:df:6d:d0:51:4a:83:3d:48:20:ad:
                    50:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CE:B6:01:79:FD:50:2B:E7:4B:6A:59:4C:F4:F8:DC:4A:31:A9:CA:62
            X509v3 Authority Key Identifier:
                keyid:4F:14:11:2D:05:E9:D8:76:14:9D:27:78:D4:8E:DA:AA:32:4D:B0:A5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/zrYBef1QK-dLallM9PjcSjGpymI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.26.215.0/24

    Signature Algorithm: sha256WithRSAEncryption
         d3:6c:8c:4c:cb:f4:e8:8a:33:b6:9c:3f:d3:d1:dc:0c:48:ac:
         37:40:0b:fc:4f:ae:90:6a:20:0c:69:b6:5f:41:0d:db:05:65:
         43:15:b6:be:33:f6:ec:0f:f9:88:4e:9b:a9:d3:42:b5:c1:a0:
         f6:c9:85:be:1a:7c:97:f6:4d:b8:70:4a:af:c8:2a:cd:cc:39:
         6c:89:5c:03:dc:81:d3:c3:83:c0:7c:5e:71:b6:12:a7:a8:2d:
         e5:2a:e6:1a:cd:01:ef:48:e8:e6:05:fc:fd:20:01:1d:1f:89:
         6c:80:71:de:b0:bd:73:70:86:43:49:9c:2e:8b:c0:dc:c5:88:
         b2:50:ae:72:d7:e2:fa:25:91:87:65:fd:2c:81:f4:b4:bf:84:
         de:f2:a2:f8:a5:6f:51:f3:9f:e6:38:6c:8d:db:28:38:95:76:
         d6:e9:df:0f:19:aa:8a:c1:87:a1:99:fe:29:ad:f5:d9:70:9f:
         79:d0:5a:07:bd:7b:16:8b:ec:ae:9a:65:e5:88:94:b6:22:03:
         88:6c:49:25:1a:d5:67:24:65:44:29:65:96:8f:23:27:f2:22:
         a8:fc:77:b8:d3:fa:a9:cc:9e:c8:c9:ca:8a:38:b4:b6:95:52:
         08:0b:2d:c2:93:c4:9e:89:30:f3:5c:09:e5:a8:6b:5b:89:a3:
         09:a3:77:8a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQjafRqARe7ncLWCZpWerymMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMTQxMTJkMDVlOWQ4NzYxNDlkMjc3OGQ0OGVkYWFhMzI0
ZGIwYTUwHhcNMjUwMTAxMTk0ODUzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZWI2MDE3OWZkNTAyYmU3NGI2YTU5NGNmNGY4ZGM0YTMxYTljYTYyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoOcX8FiW+JxC3SJOCqOU7iROwgHV
QDv8vtBXeStnEFq2h7pSMv98mSyPBea+hvmILIqDNf+6Nta+ldjhPOfiMFEm87EV
b0WW19BtYuh5qhGhC1iLr+tpjSlATj2Usn1HcEcHo40nHI8yV7TJbH3V2XRnmfGr
Zghhi7r8Q7di3IpEt4uglw4hxW6aISpmAy6wP69cGEglFpuJlhajpC0cuIyxIAlw
saeHcGf2xbK6AKKOO5cEAJ7ONIpbia7UBVk7Wuya+lpOc7Za8bqWpS7PzsvfRgWi
3PVa1hMJwHa2foNjTdkfwOAtSJO3DtryIPMmDDsQON9t0FFKgz1IIK1Q9QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFM62AXn9UCvnS2pZTPT43EoxqcpiMB8GA1UdIwQY
MBaAFE8UES0F6dh2FJ0neNSO2qoyTbClMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhRUkxRWHAySFlVblNkNDFJN2FxakpOc0tVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZS8zY2FhNTEtN2EyMS00OTlkLWE1NDUt
YmFmYmRmYzgxMzJhLzEvenJZQmVmMVFLLWRMYWxsTTlQamNTakdweW1JLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZS8zY2FhNTEtN2EyMS00OTlkLWE1NDUtYmFmYmRmYzgxMzJh
LzEvVHhRUkxRWHAySFlVblNkNDFJN2FxakpOc0tVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwhrXMA0G
CSqGSIb3DQEBCwUAA4IBAQDTbIxMy/ToijO2nD/T0dwMSKw3QAv8T66QaiAMabZf
QQ3bBWVDFba+M/bsD/mITpup00K1waD2yYW+GnyX9k24cEqvyCrNzDlsiVwD3IHT
w4PAfF5xthKnqC3lKuYazQHvSOjmBfz9IAEdH4lsgHHesL1zcIZDSZwui8DcxYiy
UK5y1+L6JZGHZf0sgfS0v4Te8qL4pW9R85/mOGyN2yg4lXbW6d8PGaqKwYehmf4p
rfXZcJ950FoHvXsWi+yummXliJS2IgOIbEklGtVnJGVEKWWWjyMn8iKo/He40/qp
zJ7IycqKOLS2lVIICy3Ck8SeiTDzXAnlqGtbiaMJo3eK
-----END CERTIFICATE-----