Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/24/a52048-12ca-4a03-95be-697948ea71f5/1/4AzaQ00Qbm11xuSZKiEAVdKCvuo.roa
File:                     4AzaQ00Qbm11xuSZKiEAVdKCvuo.roa (raw, json)
Hash identifier:          S2of1YjCL3/XCtKNbSiofOIataHuKf+CE34W0v3KCW4=
Subject key identifier:   E0:0C:DA:43:4D:10:6E:6D:75:C6:E4:99:2A:21:00:55:D2:82:BE:EA
Certificate issuer:       /CN=42ce759320195b9cc18ccfcb1b532aea949258f1
Certificate serial:       019427B612521B8426D0EC9078B0A981E9A5
Authority key identifier: 42:CE:75:93:20:19:5B:9C:C1:8C:CF:CB:1B:53:2A:EA:94:92:58:F1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Qs51kyAZW5zBjM_LG1Mq6pSSWPE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/24/a52048-12ca-4a03-95be-697948ea71f5/1/4AzaQ00Qbm11xuSZKiEAVdKCvuo.roa
Signing time:             Thu 02 Jan 2025 15:50:31 +0000
ROA not before:           Thu 02 Jan 2025 15:50:31 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     146961
IP address blocks:        194.53.201.0/24 maxlen: 24
                          194.53.202.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/24/a52048-12ca-4a03-95be-697948ea71f5/1/Qs51kyAZW5zBjM_LG1Mq6pSSWPE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/24/a52048-12ca-4a03-95be-697948ea71f5/1/Qs51kyAZW5zBjM_LG1Mq6pSSWPE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Qs51kyAZW5zBjM_LG1Mq6pSSWPE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 10 Apr 2025 16:11:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:b6:12:52:1b:84:26:d0:ec:90:78:b0:a9:81:e9:a5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=42ce759320195b9cc18ccfcb1b532aea949258f1
        Validity
            Not Before: Jan  2 15:50:31 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e00cda434d106e6d75c6e4992a210055d282beea
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:6a:5d:10:9d:64:40:c9:77:1a:b7:bb:ad:4b:
                    b0:8a:0f:ab:41:97:cb:cd:78:b7:c9:fb:0d:bc:ec:
                    d7:c4:7c:6a:57:a4:93:e4:46:6c:e2:63:2d:4e:6c:
                    fd:0a:93:a0:e4:fe:84:41:08:ed:aa:c4:62:43:e2:
                    33:f3:44:22:51:0f:8d:ef:53:c6:cb:73:68:4c:0d:
                    62:4e:b3:b0:a0:ee:7a:b7:6c:ad:7f:e9:05:ba:77:
                    21:3b:d0:51:d9:0f:68:fd:5d:d6:0b:56:57:60:d8:
                    e8:41:48:49:bc:bf:99:2b:11:74:45:fd:91:48:6b:
                    ec:05:49:4d:f9:7a:86:95:74:68:4a:39:99:07:5d:
                    bf:77:ff:40:00:fb:75:3d:b2:af:ec:8e:e8:a0:99:
                    71:67:fa:68:a9:cf:73:5f:15:7a:d4:4b:6d:ca:2e:
                    1d:43:8f:4f:1b:aa:6e:3c:6b:c6:a4:9f:0e:e2:d1:
                    80:99:2c:53:86:4e:70:00:42:18:9d:d8:63:b2:06:
                    d1:31:c0:c2:5c:4a:6d:a7:ed:e9:65:2e:78:85:54:
                    b3:97:42:d7:ea:d3:24:07:f3:ea:db:b5:3f:db:91:
                    18:25:da:ca:bc:18:47:3e:5f:14:8e:0a:92:10:15:
                    68:be:fd:95:39:0c:8f:3a:0f:a1:98:9f:fc:10:db:
                    7b:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E0:0C:DA:43:4D:10:6E:6D:75:C6:E4:99:2A:21:00:55:D2:82:BE:EA
            X509v3 Authority Key Identifier:
                keyid:42:CE:75:93:20:19:5B:9C:C1:8C:CF:CB:1B:53:2A:EA:94:92:58:F1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Qs51kyAZW5zBjM_LG1Mq6pSSWPE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/24/a52048-12ca-4a03-95be-697948ea71f5/1/4AzaQ00Qbm11xuSZKiEAVdKCvuo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/24/a52048-12ca-4a03-95be-697948ea71f5/1/Qs51kyAZW5zBjM_LG1Mq6pSSWPE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.53.201.0-194.53.202.255

    Signature Algorithm: sha256WithRSAEncryption
         05:ba:a6:23:b4:7f:40:0e:7f:3a:8a:59:ad:ea:d1:51:20:f2:
         a9:f3:da:96:ed:be:e0:30:3f:a8:43:46:8c:10:62:a9:74:99:
         c5:be:5f:2c:f5:fc:d6:f1:03:aa:57:73:92:36:ea:6a:d6:72:
         59:c1:bd:da:a7:d9:6b:4c:c6:fd:7e:84:03:9e:75:9b:a1:19:
         82:3b:5e:84:c1:d2:55:86:ae:99:70:bf:84:2c:80:14:d2:b8:
         bc:bc:aa:85:50:64:a7:5a:61:f1:bd:b4:62:1c:ad:95:33:ce:
         31:53:e3:19:bd:6f:56:dc:84:9b:b2:61:42:46:1e:e7:fe:58:
         ae:a8:8f:92:7c:f4:f7:89:01:4d:9b:a0:75:c6:83:8a:4f:6f:
         b5:a3:3e:f0:22:02:22:b1:60:a3:0d:16:46:7c:0d:ca:70:88:
         74:3f:5c:65:3d:dc:73:fb:a6:49:25:17:fc:68:51:b0:4d:1d:
         ef:03:bf:c6:80:c3:37:14:b3:c6:60:d6:af:6a:b7:20:04:b1:
         29:46:95:a7:5f:49:84:aa:33:2b:c2:61:41:00:c5:a0:ce:cc:
         72:a4:46:79:dd:ec:50:af:7c:cf:57:66:0a:fb:ce:50:bb:3a:
         fa:f8:b1:bb:24:c7:08:2f:23:93:c1:f5:8f:26:db:c4:d6:a6:
         88:d6:d8:1d
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZQnthJSG4Qm0OyQeLCpgemlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQyY2U3NTkzMjAxOTViOWNjMThjY2ZjYjFiNTMyYWVhOTQ5
MjU4ZjEwHhcNMjUwMTAyMTU1MDMxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMDBjZGE0MzRkMTA2ZTZkNzVjNmU0OTkyYTIxMDA1NWQyODJiZWVhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqWpdEJ1kQMl3Gre7rUuwig+rQZfL
zXi3yfsNvOzXxHxqV6ST5EZs4mMtTmz9CpOg5P6EQQjtqsRiQ+Iz80QiUQ+N71PG
y3NoTA1iTrOwoO56t2ytf+kFunchO9BR2Q9o/V3WC1ZXYNjoQUhJvL+ZKxF0Rf2R
SGvsBUlN+XqGlXRoSjmZB12/d/9AAPt1PbKv7I7ooJlxZ/poqc9zXxV61Ettyi4d
Q49PG6puPGvGpJ8O4tGAmSxThk5wAEIYndhjsgbRMcDCXEptp+3pZS54hVSzl0LX
6tMkB/Pq27U/25EYJdrKvBhHPl8UjgqSEBVovv2VOQyPOg+hmJ/8ENt7LQIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFOAM2kNNEG5tdcbkmSohAFXSgr7qMB8GA1UdIwQY
MBaAFELOdZMgGVucwYzPyxtTKuqUkljxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUXM1MWt5QVpXNXpCak1fTEcxTXE2cFNTV1BFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNC9hNTIwNDgtMTJjYS00YTAzLTk1YmUt
Njk3OTQ4ZWE3MWY1LzEvNEF6YVEwMFFibTExeHVTWktpRUFWZEtDdnVvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNC9hNTIwNDgtMTJjYS00YTAzLTk1YmUtNjk3OTQ4ZWE3MWY1
LzEvUXM1MWt5QVpXNXpCak1fTEcxTXE2cFNTV1BFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBADCNckD
BADCNcowDQYJKoZIhvcNAQELBQADggEBAAW6piO0f0AOfzqKWa3q0VEg8qnz2pbt
vuAwP6hDRowQYql0mcW+Xyz1/NbxA6pXc5I26mrWclnBvdqn2WtMxv1+hAOedZuh
GYI7XoTB0lWGrplwv4QsgBTSuLy8qoVQZKdaYfG9tGIcrZUzzjFT4xm9b1bchJuy
YUJGHuf+WK6oj5J89PeJAU2boHXGg4pPb7WjPvAiAiKxYKMNFkZ8DcpwiHQ/XGU9
3HP7pkklF/xoUbBNHe8Dv8aAwzcUs8Zg1q9qtyAEsSlGladfSYSqMyvCYUEAxaDO
zHKkRnnd7FCvfM9XZgr7zlC7Ovr4sbskxwgvI5PB9Y8m28TWpojW2B0=
-----END CERTIFICATE-----