Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/c8c6f6-595c-45b1-a76e-bd192676c9bb/1/1-CjIWemZiSRpq0xP_QeMforgOPM.roa
File:                     1-CjIWemZiSRpq0xP_QeMforgOPM.roa (raw, json)
Hash identifier:          t0I2pzjMWAvz6+jnlVU/gPrSvbzmxwXh8t45CVCoxvM=
Subject key identifier:   F8:28:C8:59:E9:99:89:24:69:AB:4C:4F:FD:07:8C:7E:8A:E0:38:F3
Certificate issuer:       /CN=2663f3db152e055ac145bdbb429e018654204c8d
Certificate serial:       01942067CD441C45B8A7CDFBA4E9FFE43EB6
Authority key identifier: 26:63:F3:DB:15:2E:05:5A:C1:45:BD:BB:42:9E:01:86:54:20:4C:8D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JmPz2xUuBVrBRb27Qp4BhlQgTI0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/c8c6f6-595c-45b1-a76e-bd192676c9bb/1/1-CjIWemZiSRpq0xP_QeMforgOPM.roa
Signing time:             Wed 01 Jan 2025 05:47:41 +0000
ROA not before:           Wed 01 Jan 2025 05:47:41 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     50476
IP address blocks:        195.65.93.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/c8c6f6-595c-45b1-a76e-bd192676c9bb/1/JmPz2xUuBVrBRb27Qp4BhlQgTI0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/c8c6f6-595c-45b1-a76e-bd192676c9bb/1/JmPz2xUuBVrBRb27Qp4BhlQgTI0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JmPz2xUuBVrBRb27Qp4BhlQgTI0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 07:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:67:cd:44:1c:45:b8:a7:cd:fb:a4:e9:ff:e4:3e:b6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2663f3db152e055ac145bdbb429e018654204c8d
        Validity
            Not Before: Jan  1 05:47:41 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f828c859e999892469ab4c4ffd078c7e8ae038f3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:ea:9c:af:68:bc:90:c0:45:b0:72:dc:e1:42:
                    80:51:da:e7:07:b3:fa:ce:c2:09:7e:12:35:26:e3:
                    93:61:c8:7a:a5:05:52:9a:ad:66:a0:df:e4:13:4c:
                    3b:c4:46:a3:98:86:fb:ef:71:af:73:27:df:59:6e:
                    69:de:72:38:f9:f2:b9:40:6c:29:84:61:7e:10:2a:
                    b9:22:71:61:11:96:e5:2c:9d:7e:61:d6:b9:74:45:
                    b3:b8:41:ca:f8:d6:68:f0:11:a6:2b:77:b1:0b:40:
                    54:76:5d:18:ca:be:de:bf:e2:d1:b6:b2:58:07:b4:
                    15:e4:79:6d:15:67:f2:1e:5e:80:e2:96:aa:0f:3c:
                    aa:a0:c9:c2:f0:c7:46:fa:22:09:1b:64:1b:04:5e:
                    a1:a7:4b:d0:2e:94:8a:2b:12:85:cf:b1:4c:17:07:
                    b9:3e:ec:bb:7b:98:92:7e:8e:30:23:da:ed:79:f7:
                    0e:f0:20:ea:f1:74:65:58:1c:c9:2b:35:09:09:4f:
                    f6:89:94:42:3e:56:62:37:b8:55:b7:ea:09:2a:bf:
                    61:4c:79:59:dc:e7:71:28:7d:24:1a:28:b0:8c:19:
                    8a:75:24:f8:98:00:d3:9d:fa:00:1d:b3:e0:f4:34:
                    8c:9d:bb:79:19:20:ae:6b:99:a5:7f:f6:ba:47:ce:
                    67:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F8:28:C8:59:E9:99:89:24:69:AB:4C:4F:FD:07:8C:7E:8A:E0:38:F3
            X509v3 Authority Key Identifier:
                keyid:26:63:F3:DB:15:2E:05:5A:C1:45:BD:BB:42:9E:01:86:54:20:4C:8D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JmPz2xUuBVrBRb27Qp4BhlQgTI0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/c8c6f6-595c-45b1-a76e-bd192676c9bb/1/1-CjIWemZiSRpq0xP_QeMforgOPM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/c8c6f6-595c-45b1-a76e-bd192676c9bb/1/JmPz2xUuBVrBRb27Qp4BhlQgTI0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.65.93.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0f:5c:c6:85:87:ef:e5:a1:b6:20:f4:f3:cd:85:45:b8:a6:10:
         e4:c5:f7:2b:a2:11:92:ab:cf:fa:9e:5e:74:6d:1b:53:05:44:
         35:71:59:e4:7c:29:91:a2:be:7b:ad:d2:91:30:fb:ae:55:9b:
         d2:25:cb:16:e1:a1:1b:5e:56:3f:18:66:b1:19:e4:01:29:f2:
         eb:51:6a:85:78:05:57:10:ab:72:af:45:04:57:32:9e:30:47:
         f6:6f:58:22:4a:23:30:55:da:0a:d4:55:37:8f:c5:79:d3:ab:
         ba:0a:aa:53:91:b7:db:92:8f:4b:05:f8:c8:e3:41:54:a0:02:
         13:25:67:09:02:49:a5:3a:97:72:25:d0:38:89:74:0c:b2:56:
         5b:56:b1:ea:12:08:f7:1f:a5:4b:1b:9c:c2:b2:a3:78:4c:8e:
         b3:e6:1d:8f:07:5e:b8:a0:55:8c:e7:cf:a9:06:bf:7c:82:b3:
         cb:42:d4:9f:13:47:8e:0c:0c:81:13:b4:4b:17:79:f1:64:29:
         23:78:55:6e:30:1e:68:8a:a8:13:18:6f:3a:94:29:13:4c:ee:
         49:39:eb:09:f3:4b:11:e5:44:de:5b:65:80:45:38:2d:1f:35:
         1a:bb:dc:9d:a3:ac:4c:60:94:3e:2a:b7:e1:bd:15:7d:40:34:
         1b:99:a0:69
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZQgZ81EHEW4p837pOn/5D62MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI2NjNmM2RiMTUyZTA1NWFjMTQ1YmRiYjQyOWUwMTg2NTQy
MDRjOGQwHhcNMjUwMTAxMDU0NzQxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmODI4Yzg1OWU5OTk4OTI0NjlhYjRjNGZmZDA3OGM3ZThhZTAzOGYzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvuqcr2i8kMBFsHLc4UKAUdrnB7P6
zsIJfhI1JuOTYch6pQVSmq1moN/kE0w7xEajmIb773GvcyffWW5p3nI4+fK5QGwp
hGF+ECq5InFhEZblLJ1+Yda5dEWzuEHK+NZo8BGmK3exC0BUdl0Yyr7ev+LRtrJY
B7QV5HltFWfyHl6A4paqDzyqoMnC8MdG+iIJG2QbBF6hp0vQLpSKKxKFz7FMFwe5
Puy7e5iSfo4wI9rtefcO8CDq8XRlWBzJKzUJCU/2iZRCPlZiN7hVt+oJKr9hTHlZ
3OdxKH0kGiiwjBmKdST4mADTnfoAHbPg9DSMnbt5GSCua5mlf/a6R85nhwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFPgoyFnpmYkkaatMT/0HjH6K4DjzMB8GA1UdIwQY
MBaAFCZj89sVLgVawUW9u0KeAYZUIEyNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSm1QejJ4VXVCVnJCUmIyN1FwNEJobFFnVEkwLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS9jOGM2ZjYtNTk1Yy00NWIxLWE3NmUt
YmQxOTI2NzZjOWJiLzEvMS1DaklXZW1aaVNScHEweFBfUWVNZm9yZ09QTS5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvMjkvYzhjNmY2LTU5NWMtNDViMS1hNzZlLWJkMTkyNjc2Yzli
Yi8xL0ptUHoyeFV1QlZyQlJiMjdRcDRCaGxRZ1RJMC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAMNBXTAN
BgkqhkiG9w0BAQsFAAOCAQEAD1zGhYfv5aG2IPTzzYVFuKYQ5MX3K6IRkqvP+p5e
dG0bUwVENXFZ5HwpkaK+e63SkTD7rlWb0iXLFuGhG15WPxhmsRnkASny61FqhXgF
VxCrcq9FBFcynjBH9m9YIkojMFXaCtRVN4/FedOrugqqU5G325KPSwX4yONBVKAC
EyVnCQJJpTqXciXQOIl0DLJWW1ax6hII9x+lSxucwrKjeEyOs+YdjwdeuKBVjOfP
qQa/fIKzy0LUnxNHjgwMgRO0Sxd58WQpI3hVbjAeaIqoExhvOpQpE0zuSTnrCfNL
EeVE3ltlgEU4LR81GrvcnaOsTGCUPiq34b0VfUA0G5mgaQ==
-----END CERTIFICATE-----