Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/25/466aab-a470-4344-a367-547be4cfa457/1/gYinuUkN5-ijpn1rqGGqGii0p6g.roa
File:                     gYinuUkN5-ijpn1rqGGqGii0p6g.roa (raw, json)
Hash identifier:          lpzZyTHLuJfHa94o7AaeZ6AmXeDKqlRwU9KcssuE8rk=
Subject key identifier:   81:88:A7:B9:49:0D:E7:E8:A3:A6:7D:6B:A8:61:AA:1A:28:B4:A7:A8
Certificate issuer:       /CN=75b795066150a1c367dabccf69c970ab0c723215
Certificate serial:       0194266BBB01E44610F81ACD65AA647D00BA
Authority key identifier: 75:B7:95:06:61:50:A1:C3:67:DA:BC:CF:69:C9:70:AB:0C:72:32:15
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dbeVBmFQocNn2rzPaclwqwxyMhU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/25/466aab-a470-4344-a367-547be4cfa457/1/gYinuUkN5-ijpn1rqGGqGii0p6g.roa
Signing time:             Thu 02 Jan 2025 09:49:41 +0000
ROA not before:           Thu 02 Jan 2025 09:49:41 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     48214
IP address blocks:        194.5.54.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/25/466aab-a470-4344-a367-547be4cfa457/1/dbeVBmFQocNn2rzPaclwqwxyMhU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/25/466aab-a470-4344-a367-547be4cfa457/1/dbeVBmFQocNn2rzPaclwqwxyMhU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dbeVBmFQocNn2rzPaclwqwxyMhU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 13 Apr 2025 18:34:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:6b:bb:01:e4:46:10:f8:1a:cd:65:aa:64:7d:00:ba
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=75b795066150a1c367dabccf69c970ab0c723215
        Validity
            Not Before: Jan  2 09:49:41 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8188a7b9490de7e8a3a67d6ba861aa1a28b4a7a8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:07:34:d4:7c:e4:18:fb:7e:54:b4:42:77:93:
                    ba:27:0b:89:a5:5d:2e:eb:81:be:c2:d0:d1:58:fe:
                    0a:8f:55:fc:26:90:39:35:09:b7:7a:8c:a5:ad:0b:
                    da:14:84:08:58:7f:bf:77:d5:84:b7:a5:47:63:7c:
                    49:8f:5e:b0:f8:21:64:9a:f8:11:b7:83:38:bc:1d:
                    5f:1e:1a:92:3d:bd:b5:09:7c:87:21:4c:f9:48:03:
                    0d:2c:6c:3e:1f:33:d3:bd:1e:cc:9f:da:e5:d7:d8:
                    97:0e:9e:a3:9e:ac:79:62:c1:28:91:7f:1d:d4:60:
                    07:d3:43:b4:53:7b:9e:81:32:1d:de:ca:7c:58:99:
                    52:1e:17:75:46:ca:4b:e0:18:5b:f0:a4:3a:6e:01:
                    77:fe:45:65:60:31:7d:6f:d6:73:2e:2c:91:d6:33:
                    c6:80:70:2e:d6:cc:dc:bb:ee:1e:80:5c:f8:bc:1b:
                    a8:37:a5:c9:e2:31:16:9d:05:94:5a:9a:18:71:35:
                    7b:9c:5c:26:36:b4:c5:03:22:aa:81:55:77:a0:ad:
                    49:ab:4b:c9:49:4e:93:a0:95:35:43:29:f7:c7:93:
                    cc:4e:b8:12:c8:39:e3:e6:cb:a3:97:b4:58:49:73:
                    40:a9:67:f5:67:e1:cc:22:53:71:15:77:c2:cc:60:
                    f1:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                81:88:A7:B9:49:0D:E7:E8:A3:A6:7D:6B:A8:61:AA:1A:28:B4:A7:A8
            X509v3 Authority Key Identifier:
                keyid:75:B7:95:06:61:50:A1:C3:67:DA:BC:CF:69:C9:70:AB:0C:72:32:15

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dbeVBmFQocNn2rzPaclwqwxyMhU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/25/466aab-a470-4344-a367-547be4cfa457/1/gYinuUkN5-ijpn1rqGGqGii0p6g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/25/466aab-a470-4344-a367-547be4cfa457/1/dbeVBmFQocNn2rzPaclwqwxyMhU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.5.54.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b1:98:79:12:c2:00:fe:5c:52:61:73:51:b4:77:22:65:8b:b9:
         75:9c:73:df:ca:9e:ca:a1:99:19:bd:14:f4:57:21:0b:c8:02:
         a5:69:50:1c:21:9f:73:79:cd:84:61:83:0e:3c:cb:61:cc:91:
         68:d5:c9:48:d6:3a:aa:53:b0:d0:02:06:6b:77:0e:c4:e6:54:
         d5:fc:55:17:95:36:ce:65:7d:5b:78:c7:60:c5:74:a1:47:46:
         1b:fd:95:e5:f0:22:ee:41:ce:df:9e:64:6f:91:6d:d9:1b:6a:
         43:ef:8e:dd:83:c3:c7:5c:55:4f:44:56:0b:25:4a:1d:e4:5b:
         03:58:fc:3f:4f:69:86:5b:66:9f:fd:03:77:65:c8:45:b7:91:
         3f:72:ed:4d:17:4b:93:55:77:98:9d:4d:c6:77:c3:5c:d6:0e:
         91:9b:a6:60:fb:ad:54:fb:65:ee:ed:d4:d3:27:43:71:75:16:
         dd:6a:3e:95:00:53:a3:65:99:bf:ea:d9:5c:75:3a:a4:3b:0f:
         3b:9e:ae:94:91:d2:2d:33:51:5e:0b:aa:e7:92:1c:d8:5d:eb:
         9a:07:36:f1:15:68:de:aa:f6:12:09:a4:69:81:ec:f9:4d:3f:
         66:a6:5a:db:e6:17:51:2b:41:bd:d9:ba:c7:6f:e7:62:b4:be:
         76:36:eb:38
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQma7sB5EYQ+BrNZapkfQC6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc1Yjc5NTA2NjE1MGExYzM2N2RhYmNjZjY5Yzk3MGFiMGM3
MjMyMTUwHhcNMjUwMTAyMDk0OTQxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MTg4YTdiOTQ5MGRlN2U4YTNhNjdkNmJhODYxYWExYTI4YjRhN2E4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnQc01HzkGPt+VLRCd5O6JwuJpV0u
64G+wtDRWP4Kj1X8JpA5NQm3eoylrQvaFIQIWH+/d9WEt6VHY3xJj16w+CFkmvgR
t4M4vB1fHhqSPb21CXyHIUz5SAMNLGw+HzPTvR7Mn9rl19iXDp6jnqx5YsEokX8d
1GAH00O0U3uegTId3sp8WJlSHhd1RspL4Bhb8KQ6bgF3/kVlYDF9b9ZzLiyR1jPG
gHAu1szcu+4egFz4vBuoN6XJ4jEWnQWUWpoYcTV7nFwmNrTFAyKqgVV3oK1Jq0vJ
SU6ToJU1Qyn3x5PMTrgSyDnj5sujl7RYSXNAqWf1Z+HMIlNxFXfCzGDxCQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIGIp7lJDefoo6Z9a6hhqhootKeoMB8GA1UdIwQY
MBaAFHW3lQZhUKHDZ9q8z2nJcKsMcjIVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZGJlVkJtRlFvY05uMnJ6UGFjbHdxd3h5TWhVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNS80NjZhYWItYTQ3MC00MzQ0LWEzNjct
NTQ3YmU0Y2ZhNDU3LzEvZ1lpbnVVa041LWlqcG4xcnFHR3FHaWkwcDZnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNS80NjZhYWItYTQ3MC00MzQ0LWEzNjctNTQ3YmU0Y2ZhNDU3
LzEvZGJlVkJtRlFvY05uMnJ6UGFjbHdxd3h5TWhVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwgU2MA0G
CSqGSIb3DQEBCwUAA4IBAQCxmHkSwgD+XFJhc1G0dyJli7l1nHPfyp7KoZkZvRT0
VyELyAKlaVAcIZ9zec2EYYMOPMthzJFo1clI1jqqU7DQAgZrdw7E5lTV/FUXlTbO
ZX1beMdgxXShR0Yb/ZXl8CLuQc7fnmRvkW3ZG2pD747dg8PHXFVPRFYLJUod5FsD
WPw/T2mGW2af/QN3ZchFt5E/cu1NF0uTVXeYnU3Gd8Nc1g6Rm6Zg+61U+2Xu7dTT
J0NxdRbdaj6VAFOjZZm/6tlcdTqkOw87nq6UkdItM1FeC6rnkhzYXeuaBzbxFWje
qvYSCaRpgez5TT9mplrb5hdRK0G92brHb+ditL52Nus4
-----END CERTIFICATE-----