Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/23/b27d45-08cc-47a1-ac5a-5f4836083a30/1/1-PxoxI0pjeoIhSSKerY6tOEWuoI.roa
File:                     1-PxoxI0pjeoIhSSKerY6tOEWuoI.roa (raw, json)
Hash identifier:          lBboLe7L0MERYDzzwiB1Vs/DVbFyBwYxqUhr24nvp7g=
Subject key identifier:   F8:FC:68:C4:8D:29:8D:EA:08:85:24:8A:7A:B6:3A:B4:E1:16:BA:82
Certificate issuer:       /CN=52056867e4d2885e99b549ed6fb786330adf8f44
Certificate serial:       0194258F7182966B81365F35EB332B53EF1A
Authority key identifier: 52:05:68:67:E4:D2:88:5E:99:B5:49:ED:6F:B7:86:33:0A:DF:8F:44
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/UgVoZ-TSiF6ZtUntb7eGMwrfj0Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/23/b27d45-08cc-47a1-ac5a-5f4836083a30/1/1-PxoxI0pjeoIhSSKerY6tOEWuoI.roa
Signing time:             Thu 02 Jan 2025 05:49:05 +0000
ROA not before:           Thu 02 Jan 2025 05:49:05 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     14618
IP address blocks:        178.239.128.0/20 maxlen: 24
                          195.93.178.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/23/b27d45-08cc-47a1-ac5a-5f4836083a30/1/UgVoZ-TSiF6ZtUntb7eGMwrfj0Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/23/b27d45-08cc-47a1-ac5a-5f4836083a30/1/UgVoZ-TSiF6ZtUntb7eGMwrfj0Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/UgVoZ-TSiF6ZtUntb7eGMwrfj0Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 19:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:8f:71:82:96:6b:81:36:5f:35:eb:33:2b:53:ef:1a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=52056867e4d2885e99b549ed6fb786330adf8f44
        Validity
            Not Before: Jan  2 05:49:05 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f8fc68c48d298dea0885248a7ab63ab4e116ba82
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:f3:35:fc:36:33:39:f1:eb:4e:89:d3:7a:74:
                    0a:a7:0b:b5:d9:fe:c0:14:ef:7e:d9:5d:b1:c3:8a:
                    4b:7a:69:37:87:9e:2c:63:eb:d3:84:64:17:e2:e9:
                    e6:76:e1:45:54:6f:93:29:dd:f1:96:1c:27:20:20:
                    3b:c6:db:b9:f7:d8:0e:17:7e:39:64:9e:ff:41:db:
                    db:e0:99:f2:b5:4a:d2:b5:d6:bb:b1:0d:7b:18:94:
                    8e:52:87:15:ec:78:e3:ab:fd:cc:a4:fa:7a:8d:d2:
                    2b:41:bb:7e:77:32:a9:11:73:76:e7:f8:de:27:a2:
                    3a:1c:f3:3b:3b:1c:49:5d:27:70:65:4f:fd:7b:36:
                    b5:48:78:f3:63:e2:eb:dc:dd:29:66:f0:11:94:ae:
                    96:88:f7:07:17:1e:62:cd:4b:2b:4c:60:57:a3:c9:
                    0f:a0:74:75:f2:f8:61:09:a9:a1:c2:ed:d1:27:8c:
                    16:00:91:a2:e9:a6:f4:84:0e:37:86:39:4e:cd:f4:
                    e7:47:9a:0a:2a:23:c0:de:1e:a1:2b:4b:06:fb:68:
                    79:92:2e:70:3a:9f:05:99:c2:99:57:65:9b:bc:10:
                    cb:1b:5c:43:43:5f:2b:15:d7:b6:2a:3f:c4:46:e8:
                    14:59:25:e4:9f:e4:75:ca:db:b0:11:cf:f3:d7:d5:
                    85:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F8:FC:68:C4:8D:29:8D:EA:08:85:24:8A:7A:B6:3A:B4:E1:16:BA:82
            X509v3 Authority Key Identifier:
                keyid:52:05:68:67:E4:D2:88:5E:99:B5:49:ED:6F:B7:86:33:0A:DF:8F:44

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UgVoZ-TSiF6ZtUntb7eGMwrfj0Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/23/b27d45-08cc-47a1-ac5a-5f4836083a30/1/1-PxoxI0pjeoIhSSKerY6tOEWuoI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/23/b27d45-08cc-47a1-ac5a-5f4836083a30/1/UgVoZ-TSiF6ZtUntb7eGMwrfj0Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.239.128.0/20
                  195.93.178.0/23

    Signature Algorithm: sha256WithRSAEncryption
         0a:c8:09:a9:86:21:ce:46:61:01:a9:37:3d:dc:ae:3c:f0:fc:
         8a:ee:66:3e:a6:f5:51:db:3a:1e:a8:26:a5:3c:27:62:bd:24:
         ed:aa:6f:19:9f:6e:47:52:9d:f8:cb:9d:c5:39:43:c7:21:1f:
         97:73:cb:1c:5e:82:28:a4:de:89:74:a9:d1:b4:c8:60:60:1f:
         dc:51:16:a8:93:78:d1:16:04:d8:46:ad:71:45:ff:89:d4:3c:
         1c:69:21:7e:ba:1c:6e:25:43:fb:97:3e:55:75:d1:f6:53:94:
         b7:c0:40:73:c2:94:e2:24:35:79:bc:45:49:27:b8:ee:98:11:
         7b:59:6c:ac:84:d6:1e:14:fa:72:7e:a2:0f:a4:bc:a6:ff:dd:
         10:4c:60:b0:37:42:c5:5e:15:4e:c0:5a:f0:44:36:fc:7e:6f:
         00:39:cd:db:7e:d1:6d:1d:8a:14:6d:5b:49:36:3f:08:1c:27:
         24:78:16:18:29:52:44:7a:dd:79:07:0e:14:be:23:9f:42:aa:
         01:7e:ab:fa:00:f0:61:be:21:3b:c0:6c:ee:49:d0:dd:30:2b:
         b9:0f:a8:5b:2f:76:06:6b:55:a3:7d:fe:dd:4b:6f:ae:19:e5:
         ac:f8:98:7a:3a:7f:ca:ad:c9:8b:3d:61:09:88:c5:b4:a4:52:
         28:50:e6:ec
-----BEGIN CERTIFICATE-----
MIIFBDCCA+ygAwIBAgISAZQlj3GClmuBNl816zMrU+8aMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUyMDU2ODY3ZTRkMjg4NWU5OWI1NDllZDZmYjc4NjMzMGFk
ZjhmNDQwHhcNMjUwMTAyMDU0OTA1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmOGZjNjhjNDhkMjk4ZGVhMDg4NTI0OGE3YWI2M2FiNGUxMTZiYTgyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy/M1/DYzOfHrTonTenQKpwu12f7A
FO9+2V2xw4pLemk3h54sY+vThGQX4unmduFFVG+TKd3xlhwnICA7xtu599gOF345
ZJ7/Qdvb4JnytUrStda7sQ17GJSOUocV7Hjjq/3MpPp6jdIrQbt+dzKpEXN25/je
J6I6HPM7OxxJXSdwZU/9eza1SHjzY+Lr3N0pZvARlK6WiPcHFx5izUsrTGBXo8kP
oHR18vhhCamhwu3RJ4wWAJGi6ab0hA43hjlOzfTnR5oKKiPA3h6hK0sG+2h5ki5w
Op8FmcKZV2WbvBDLG1xDQ18rFde2Kj/ERugUWSXkn+R1ytuwEc/z19WFtQIDAQAB
o4ICEDCCAgwwHQYDVR0OBBYEFPj8aMSNKY3qCIUkinq2OrThFrqCMB8GA1UdIwQY
MBaAFFIFaGfk0ohembVJ7W+3hjMK349EMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVWdWb1otVFNpRjZadFVudGI3ZUdNd3JmajBRLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMy9iMjdkNDUtMDhjYy00N2ExLWFjNWEt
NWY0ODM2MDgzYTMwLzEvMS1QeG94STBwamVvSWhTU0tlclk2dE9FV3VvSS5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvMjMvYjI3ZDQ1LTA4Y2MtNDdhMS1hYzVhLTVmNDgzNjA4M2Ez
MC8xL1VnVm9aLVRTaUY2WnRVbnRiN2VHTXdyZmowUS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAlBggrBgEFBQcBBwEB/wQWMBQwEgQCAAEwDAMEBLLvgAME
AcNdsjANBgkqhkiG9w0BAQsFAAOCAQEACsgJqYYhzkZhAak3PdyuPPD8iu5mPqb1
Uds6HqgmpTwnYr0k7apvGZ9uR1Kd+MudxTlDxyEfl3PLHF6CKKTeiXSp0bTIYGAf
3FEWqJN40RYE2EatcUX/idQ8HGkhfrocbiVD+5c+VXXR9lOUt8BAc8KU4iQ1ebxF
SSe47pgRe1lsrITWHhT6cn6iD6S8pv/dEExgsDdCxV4VTsBa8EQ2/H5vADnN237R
bR2KFG1bSTY/CBwnJHgWGClSRHrdeQcOFL4jn0KqAX6r+gDwYb4hO8Bs7knQ3TAr
uQ+oWy92BmtVo33+3UtvrhnlrPiYejp/yq3Jiz1hCYjFtKRSKFDm7A==
-----END CERTIFICATE-----