Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/20/2bea8f-9fbc-4765-93bc-222252929873/1/cpRFayTuWEzodEO-QznXVMR-alE.roa
File:                     cpRFayTuWEzodEO-QznXVMR-alE.roa (raw, json)
Hash identifier:          wcJbOFjwwy8ZnD5yiXe5CzeprbHM7YA3HHhv8zEs++s=
Subject key identifier:   72:94:45:6B:24:EE:58:4C:E8:74:43:BE:43:39:D7:54:C4:7E:6A:51
Certificate issuer:       /CN=4ca85ad43b7b47e752878307184794d70a02766c
Certificate serial:       01955D78875E7DC4EC1CF0DB2776D004E1AC
Authority key identifier: 4C:A8:5A:D4:3B:7B:47:E7:52:87:83:07:18:47:94:D7:0A:02:76:6C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TKha1Dt7R-dSh4MHGEeU1woCdmw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/20/2bea8f-9fbc-4765-93bc-222252929873/1/cpRFayTuWEzodEO-QznXVMR-alE.roa
Signing time:             Mon 03 Mar 2025 19:25:34 +0000
ROA not before:           Mon 03 Mar 2025 19:25:34 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     29028
IP address blocks:        194.169.248.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/20/2bea8f-9fbc-4765-93bc-222252929873/1/TKha1Dt7R-dSh4MHGEeU1woCdmw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/20/2bea8f-9fbc-4765-93bc-222252929873/1/TKha1Dt7R-dSh4MHGEeU1woCdmw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TKha1Dt7R-dSh4MHGEeU1woCdmw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 17 Apr 2025 13:16:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:5d:78:87:5e:7d:c4:ec:1c:f0:db:27:76:d0:04:e1:ac
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4ca85ad43b7b47e752878307184794d70a02766c
        Validity
            Not Before: Mar  3 19:25:34 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=7294456b24ee584ce87443be4339d754c47e6a51
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:a6:c9:f9:09:fc:d3:87:94:45:c0:b2:8d:1c:
                    b9:5f:8a:d3:3a:66:f1:74:f4:c9:78:17:83:9a:22:
                    b1:03:b6:ca:0d:45:0e:ec:57:96:f6:a6:fa:02:f9:
                    17:cc:a3:04:0a:a8:da:17:00:f8:3e:d1:de:6d:3f:
                    06:9a:b0:77:c0:3d:02:b0:c5:2d:05:c3:4a:a9:51:
                    ba:13:c9:61:29:0a:c0:25:4f:81:0f:e7:d0:47:66:
                    bc:8f:f6:2c:4e:3e:17:2d:14:cf:df:51:9e:03:45:
                    5b:d2:d8:73:e1:a5:ca:db:46:ec:09:f6:40:22:84:
                    d8:92:2f:8b:ef:9c:66:a4:4e:49:fa:35:aa:ef:58:
                    56:06:70:75:ba:b4:e1:78:3c:36:c0:d5:be:b0:80:
                    9b:47:db:d3:16:8c:fc:71:58:7f:cf:94:0c:5a:1b:
                    5f:a1:7e:30:c7:ba:6a:26:05:b3:52:1f:cc:7c:54:
                    bd:b2:7f:b6:11:91:fa:8d:bf:bb:ba:93:c3:38:cb:
                    2a:09:81:a1:bb:ee:1f:42:3c:64:d7:36:ba:9a:2a:
                    08:22:ca:c0:0f:a6:f2:b6:a2:2f:09:8e:6e:29:2c:
                    7c:d4:04:7b:f7:1a:d4:6a:e2:dd:bb:fa:d0:43:d0:
                    b5:99:bf:2e:51:dd:c3:8c:70:30:7f:96:72:9f:99:
                    77:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                72:94:45:6B:24:EE:58:4C:E8:74:43:BE:43:39:D7:54:C4:7E:6A:51
            X509v3 Authority Key Identifier:
                keyid:4C:A8:5A:D4:3B:7B:47:E7:52:87:83:07:18:47:94:D7:0A:02:76:6C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TKha1Dt7R-dSh4MHGEeU1woCdmw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/20/2bea8f-9fbc-4765-93bc-222252929873/1/cpRFayTuWEzodEO-QznXVMR-alE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/20/2bea8f-9fbc-4765-93bc-222252929873/1/TKha1Dt7R-dSh4MHGEeU1woCdmw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.169.248.0/24

    Signature Algorithm: sha256WithRSAEncryption
         13:a7:0e:e1:c8:30:91:37:02:43:5a:27:fd:84:92:77:fb:7d:
         6a:b1:3c:f4:1f:45:ce:89:18:14:79:9c:ae:29:6b:26:d7:45:
         3a:af:02:a9:7a:0c:f5:1b:20:5a:ca:4d:43:0e:98:02:61:a4:
         c2:ef:2c:d9:96:f6:a1:08:f4:48:c6:c0:10:6f:38:87:50:6e:
         c7:2e:6b:f5:ee:7a:e2:b5:c0:81:1b:8f:c1:00:75:e7:5b:2b:
         e5:e1:76:1f:6c:81:9e:6f:c1:a8:5e:44:16:ce:50:80:20:da:
         99:2f:c3:c1:c7:54:a5:10:18:8c:82:77:81:26:d1:e2:df:98:
         fc:1c:59:a6:28:29:c3:38:35:b0:36:de:d9:26:70:2c:61:5d:
         91:cb:50:12:dd:4a:fe:49:4a:de:7b:79:54:fe:c7:1a:2c:4d:
         a6:9a:e9:aa:5c:82:6d:f6:31:3d:0b:45:f0:b8:12:f2:77:bc:
         ff:6d:c1:e6:17:a6:cc:cf:fb:0e:65:96:80:42:f6:b0:e3:bd:
         75:99:c8:38:6a:cf:dd:7c:c1:82:e0:18:c7:a1:a2:f8:f3:93:
         5f:95:b0:7f:95:35:2b:be:ce:78:b8:03:9e:42:3a:62:4d:a3:
         9b:c4:6c:9c:f9:65:df:d1:a9:c9:5d:9f:8f:3d:55:20:8a:27:
         15:51:00:f5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZVdeIdefcTsHPDbJ3bQBOGsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRjYTg1YWQ0M2I3YjQ3ZTc1Mjg3ODMwNzE4NDc5NGQ3MGEw
Mjc2NmMwHhcNMjUwMzAzMTkyNTM0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3Mjk0NDU2YjI0ZWU1ODRjZTg3NDQzYmU0MzM5ZDc1NGM0N2U2YTUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvabJ+Qn804eURcCyjRy5X4rTOmbx
dPTJeBeDmiKxA7bKDUUO7FeW9qb6AvkXzKMECqjaFwD4PtHebT8GmrB3wD0CsMUt
BcNKqVG6E8lhKQrAJU+BD+fQR2a8j/YsTj4XLRTP31GeA0Vb0thz4aXK20bsCfZA
IoTYki+L75xmpE5J+jWq71hWBnB1urTheDw2wNW+sICbR9vTFoz8cVh/z5QMWhtf
oX4wx7pqJgWzUh/MfFS9sn+2EZH6jb+7upPDOMsqCYGhu+4fQjxk1za6mioIIsrA
D6bytqIvCY5uKSx81AR79xrUauLdu/rQQ9C1mb8uUd3DjHAwf5Zyn5l3oQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHKURWsk7lhM6HRDvkM511TEfmpRMB8GA1UdIwQY
MBaAFEyoWtQ7e0fnUoeDBxhHlNcKAnZsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVEtoYTFEdDdSLWRTaDRNSEdFZVUxd29DZG13LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMC8yYmVhOGYtOWZiYy00NzY1LTkzYmMt
MjIyMjUyOTI5ODczLzEvY3BSRmF5VHVXRXpvZEVPLVF6blhWTVItYWxFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMC8yYmVhOGYtOWZiYy00NzY1LTkzYmMtMjIyMjUyOTI5ODcz
LzEvVEtoYTFEdDdSLWRTaDRNSEdFZVUxd29DZG13LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwqn4MA0G
CSqGSIb3DQEBCwUAA4IBAQATpw7hyDCRNwJDWif9hJJ3+31qsTz0H0XOiRgUeZyu
KWsm10U6rwKpegz1GyBayk1DDpgCYaTC7yzZlvahCPRIxsAQbziHUG7HLmv17nri
tcCBG4/BAHXnWyvl4XYfbIGeb8GoXkQWzlCAINqZL8PBx1SlEBiMgneBJtHi35j8
HFmmKCnDODWwNt7ZJnAsYV2Ry1AS3Ur+SUree3lU/scaLE2mmumqXIJt9jE9C0Xw
uBLyd7z/bcHmF6bMz/sOZZaAQvaw4711mcg4as/dfMGC4BjHoaL485NflbB/lTUr
vs54uAOeQjpiTaObxGyc+WXf0anJXZ+PPVUgiicVUQD1
-----END CERTIFICATE-----