Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/dJp0K3tZDxLrfAxsHcBx_QZB4nY.roa
File:                     dJp0K3tZDxLrfAxsHcBx_QZB4nY.roa (raw, json)
Hash identifier:          qvPw2hihRqXC8kVBiMVjliujgX4Qy+BhgophVEgaNW0=
Subject key identifier:   74:9A:74:2B:7B:59:0F:12:EB:7C:0C:6C:1D:C0:71:FD:06:41:E2:76
Certificate issuer:       /CN=05976801363d375786152e4d061e75c8beb35058
Certificate serial:       01941FFA8EF1C4BA5B909FE412A6CE426DB1
Authority key identifier: 05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/dJp0K3tZDxLrfAxsHcBx_QZB4nY.roa
Signing time:             Wed 01 Jan 2025 03:48:21 +0000
ROA not before:           Wed 01 Jan 2025 03:48:21 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     208709
IP address blocks:        194.28.97.0/24 maxlen: 24
                          2a0c:b641:400::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 13:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:fa:8e:f1:c4:ba:5b:90:9f:e4:12:a6:ce:42:6d:b1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05976801363d375786152e4d061e75c8beb35058
        Validity
            Not Before: Jan  1 03:48:21 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=749a742b7b590f12eb7c0c6c1dc071fd0641e276
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:76:da:03:c8:97:9b:9b:c8:0c:d1:6d:60:03:
                    1f:f8:61:b3:bc:48:e1:a4:07:15:ab:c8:c0:68:7d:
                    b7:f3:47:79:e6:6b:2e:19:c9:72:f8:25:2a:09:39:
                    16:2f:f7:af:c2:6c:12:7e:3e:f4:cf:db:88:68:24:
                    71:aa:f3:89:1c:44:32:8a:c1:ee:71:50:66:86:8f:
                    63:b5:b3:67:ce:66:3a:22:b2:c3:e8:35:f1:74:b6:
                    d2:18:63:49:94:bd:56:a6:f8:fb:27:f5:ad:93:49:
                    d5:e5:93:b1:0e:5b:c7:cd:8c:b2:82:09:fa:f7:b8:
                    52:ec:37:bb:6e:3c:cc:b9:45:b6:5b:02:83:fc:23:
                    82:78:7a:e3:50:87:bc:67:8e:f0:23:11:73:2c:d6:
                    b1:ae:55:3a:a7:a5:77:89:26:fa:d3:81:bd:b0:fc:
                    35:e8:d8:1d:78:1a:3b:2d:6e:69:5f:b1:26:07:7e:
                    eb:07:96:30:1f:8a:68:2b:95:06:06:35:09:ed:1d:
                    0d:6e:2f:6b:f3:25:fb:77:bc:1c:b3:f4:66:6b:ae:
                    c2:74:35:fd:72:50:c0:63:d1:e2:14:ed:e8:c5:1b:
                    57:ab:1e:37:40:b5:d1:d2:e8:98:b6:fd:6a:ce:92:
                    75:24:b3:0f:53:0e:9b:87:ba:0d:de:a0:f0:dd:b2:
                    ac:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                74:9A:74:2B:7B:59:0F:12:EB:7C:0C:6C:1D:C0:71:FD:06:41:E2:76
            X509v3 Authority Key Identifier:
                keyid:05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/dJp0K3tZDxLrfAxsHcBx_QZB4nY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.28.97.0/24
                IPv6:
                  2a0c:b641:400::/44

    Signature Algorithm: sha256WithRSAEncryption
         41:06:99:6f:7d:48:83:41:7a:f5:49:c4:46:7d:87:c0:ad:b4:
         65:09:37:96:9e:41:36:1c:f6:b1:f3:44:73:e9:a4:5f:ac:98:
         b9:78:68:d9:20:ac:44:0a:dc:10:e3:ec:09:62:23:6f:cb:57:
         72:15:04:19:5f:8a:61:c6:73:c4:3f:a3:44:b8:8c:8b:31:12:
         95:1c:89:c0:0b:07:e1:08:9c:de:82:21:2e:5e:71:12:a3:53:
         59:d6:54:f8:15:e9:ea:f2:e0:7c:2b:b0:c9:3f:6b:d7:39:2c:
         c5:86:ca:1d:b0:09:75:d2:21:a9:dd:9c:88:75:75:7b:f4:52:
         41:f9:e7:35:ac:04:75:46:d6:ae:1c:fd:07:5f:0a:b9:c9:76:
         4f:32:20:f6:ba:9a:ab:4b:07:66:9f:73:5b:f9:5d:3e:69:bd:
         2d:3c:1a:f7:b8:ce:d5:db:a4:91:ad:cb:0a:ea:3d:d4:bf:fe:
         9e:73:73:47:c6:ce:d0:16:21:14:24:aa:33:df:37:75:8b:d6:
         da:a6:7c:e0:ec:23:aa:34:2a:cf:96:72:84:84:5e:61:f2:fe:
         f0:64:ce:d0:5a:b9:14:fd:4c:c3:6d:29:d7:9e:24:cf:67:10:
         e0:3b:4a:d6:7f:fa:c2:94:29:15:c5:41:55:95:61:02:da:4b:
         07:51:19:69
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZQf+o7xxLpbkJ/kEqbOQm2xMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1OTc2ODAxMzYzZDM3NTc4NjE1MmU0ZDA2MWU3NWM4YmVi
MzUwNTgwHhcNMjUwMTAxMDM0ODIxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NDlhNzQyYjdiNTkwZjEyZWI3YzBjNmMxZGMwNzFmZDA2NDFlMjc2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr3baA8iXm5vIDNFtYAMf+GGzvEjh
pAcVq8jAaH2380d55msuGcly+CUqCTkWL/evwmwSfj70z9uIaCRxqvOJHEQyisHu
cVBmho9jtbNnzmY6IrLD6DXxdLbSGGNJlL1Wpvj7J/Wtk0nV5ZOxDlvHzYyyggn6
97hS7De7bjzMuUW2WwKD/COCeHrjUIe8Z47wIxFzLNaxrlU6p6V3iSb604G9sPw1
6NgdeBo7LW5pX7EmB37rB5YwH4poK5UGBjUJ7R0Nbi9r8yX7d7wcs/Rma67CdDX9
clDAY9HiFO3oxRtXqx43QLXR0uiYtv1qzpJ1JLMPUw6bh7oN3qDw3bKs8wIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFHSadCt7WQ8S63wMbB3Acf0GQeJ2MB8GA1UdIwQY
MBaAFAWXaAE2PTdXhhUuTQYedci+s1BYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2Et
NWVjOGM4ZWQ2MGZkLzEvZEpwMEszdFpEeExyZkF4c0hjQnhfUVpCNG5ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2EtNWVjOGM4ZWQ2MGZk
LzEvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAwhxhMA8E
AgACMAkDBwQqDLZBBAAwDQYJKoZIhvcNAQELBQADggEBAEEGmW99SINBevVJxEZ9
h8CttGUJN5aeQTYc9rHzRHPppF+smLl4aNkgrEQK3BDj7AliI2/LV3IVBBlfimHG
c8Q/o0S4jIsxEpUcicALB+EInN6CIS5ecRKjU1nWVPgV6ery4HwrsMk/a9c5LMWG
yh2wCXXSIandnIh1dXv0UkH55zWsBHVG1q4c/QdfCrnJdk8yIPa6mqtLB2afc1v5
XT5pvS08Gve4ztXbpJGtywrqPdS//p5zc0fGztAWIRQkqjPfN3WL1tqmfODsI6o0
Ks+WcoSEXmHy/vBkztBauRT9TMNtKdeeJM9nEOA7StZ/+sKUKRXFQVWVYQLaSwdR
GWk=
-----END CERTIFICATE-----