Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/c8c6f6-595c-45b1-a76e-bd192676c9bb/1/PlQFa4jhWlVaiszjKNJ7kupx4aQ.roa
File:                     PlQFa4jhWlVaiszjKNJ7kupx4aQ.roa (raw, json)
Hash identifier:          UeW0XS3+Kg6ANuyjkIjAhB49ySB0c3S1+43WQrcrzm4=
Subject key identifier:   3E:54:05:6B:88:E1:5A:55:5A:8A:CC:E3:28:D2:7B:92:EA:71:E1:A4
Certificate issuer:       /CN=2663f3db152e055ac145bdbb429e018654204c8d
Certificate serial:       01942067C9F9B593CB90360023083AF6BD24
Authority key identifier: 26:63:F3:DB:15:2E:05:5A:C1:45:BD:BB:42:9E:01:86:54:20:4C:8D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JmPz2xUuBVrBRb27Qp4BhlQgTI0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/c8c6f6-595c-45b1-a76e-bd192676c9bb/1/PlQFa4jhWlVaiszjKNJ7kupx4aQ.roa
Signing time:             Wed 01 Jan 2025 05:47:40 +0000
ROA not before:           Wed 01 Jan 2025 05:47:40 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     35610
IP address blocks:        194.209.52.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/c8c6f6-595c-45b1-a76e-bd192676c9bb/1/JmPz2xUuBVrBRb27Qp4BhlQgTI0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/c8c6f6-595c-45b1-a76e-bd192676c9bb/1/JmPz2xUuBVrBRb27Qp4BhlQgTI0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JmPz2xUuBVrBRb27Qp4BhlQgTI0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 07:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:67:c9:f9:b5:93:cb:90:36:00:23:08:3a:f6:bd:24
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2663f3db152e055ac145bdbb429e018654204c8d
        Validity
            Not Before: Jan  1 05:47:40 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3e54056b88e15a555a8acce328d27b92ea71e1a4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:0c:49:72:82:d8:cc:cf:06:c8:0d:cf:8a:a1:
                    07:32:a8:c7:00:63:97:3d:32:9c:af:6a:35:94:33:
                    40:b3:68:f8:07:2a:1c:bb:f7:8b:40:fa:8f:43:ae:
                    5d:d1:48:81:0f:a4:af:8a:71:39:8d:d6:3e:05:72:
                    97:06:0a:26:10:39:6f:8e:df:3e:8e:64:e9:2e:0e:
                    f5:28:89:48:43:ed:99:47:ab:86:2b:ec:7e:3b:82:
                    c3:d9:e8:9a:20:3e:3a:98:da:dd:19:a0:ea:21:f9:
                    bf:a0:18:ef:d0:f2:26:93:44:c3:a5:3a:b1:e4:cc:
                    bf:50:70:5f:20:84:43:6d:54:86:b8:6d:68:e0:95:
                    65:f3:78:61:b0:c8:e3:72:7f:cc:bd:fa:da:ba:67:
                    9f:e2:f8:75:ca:09:c7:f6:0d:0c:91:65:0f:62:3e:
                    84:60:21:ff:9d:c7:c7:7c:b3:cc:d9:68:a1:ea:ad:
                    96:c8:94:6b:b0:9f:ba:a8:58:1d:57:4e:de:b7:1c:
                    9b:df:41:ba:f8:53:70:58:35:c6:c2:8f:e6:ca:aa:
                    b6:a1:f7:e4:5d:0b:d4:f4:91:74:e3:a5:1f:df:7c:
                    87:64:06:ea:e4:db:01:b0:ca:49:2d:5b:31:46:da:
                    49:7f:a8:92:37:c2:81:a1:15:d3:31:49:5f:c5:e3:
                    cf:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3E:54:05:6B:88:E1:5A:55:5A:8A:CC:E3:28:D2:7B:92:EA:71:E1:A4
            X509v3 Authority Key Identifier:
                keyid:26:63:F3:DB:15:2E:05:5A:C1:45:BD:BB:42:9E:01:86:54:20:4C:8D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JmPz2xUuBVrBRb27Qp4BhlQgTI0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/c8c6f6-595c-45b1-a76e-bd192676c9bb/1/PlQFa4jhWlVaiszjKNJ7kupx4aQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/c8c6f6-595c-45b1-a76e-bd192676c9bb/1/JmPz2xUuBVrBRb27Qp4BhlQgTI0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.209.52.0/24

    Signature Algorithm: sha256WithRSAEncryption
         15:c3:07:b4:3e:3a:56:e3:a2:4f:42:c4:32:b7:66:bd:53:30:
         9b:fb:83:e4:5a:16:30:74:c3:5e:32:3e:dc:cb:95:75:df:42:
         91:01:22:e0:cf:fc:04:1f:07:f1:9e:ea:5d:a4:ce:8e:45:3a:
         fa:d4:22:5c:9e:6a:52:ed:57:80:67:48:d4:dc:9e:c9:87:45:
         21:0c:42:4a:2d:f8:2d:a9:b0:6f:cc:89:9e:1b:c6:b5:e7:96:
         2e:2e:ff:20:c5:9c:69:c9:da:9d:d2:a6:87:9a:a6:29:ab:19:
         80:4c:0c:e7:d2:99:e0:07:70:db:d4:4f:9b:9a:c0:7b:f2:0b:
         7b:96:95:f0:fc:2c:19:42:65:38:a2:4f:22:51:19:f0:bd:2a:
         d5:00:77:8b:4b:c7:86:25:d6:9a:37:7a:d7:59:a8:ab:8c:29:
         2d:e9:9a:40:43:72:f6:25:c9:0f:1b:48:71:46:98:80:3a:89:
         74:70:14:d0:35:60:81:cc:c0:95:06:e1:e7:e7:51:b0:a0:b0:
         e9:40:bb:c8:fa:70:d4:d0:2b:cb:bf:f6:aa:ec:7c:0a:48:96:
         17:45:6c:be:96:40:52:7b:e7:5b:d8:62:7c:3f:75:ae:a7:6d:
         c5:5a:53:5c:2b:52:6c:db:2e:05:64:a1:01:e6:66:cf:37:bd:
         99:30:5d:e8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQgZ8n5tZPLkDYAIwg69r0kMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI2NjNmM2RiMTUyZTA1NWFjMTQ1YmRiYjQyOWUwMTg2NTQy
MDRjOGQwHhcNMjUwMTAxMDU0NzQwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZTU0MDU2Yjg4ZTE1YTU1NWE4YWNjZTMyOGQyN2I5MmVhNzFlMWE0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArAxJcoLYzM8GyA3PiqEHMqjHAGOX
PTKcr2o1lDNAs2j4Byocu/eLQPqPQ65d0UiBD6SvinE5jdY+BXKXBgomEDlvjt8+
jmTpLg71KIlIQ+2ZR6uGK+x+O4LD2eiaID46mNrdGaDqIfm/oBjv0PImk0TDpTqx
5My/UHBfIIRDbVSGuG1o4JVl83hhsMjjcn/Mvfraumef4vh1ygnH9g0MkWUPYj6E
YCH/ncfHfLPM2Wih6q2WyJRrsJ+6qFgdV07etxyb30G6+FNwWDXGwo/myqq2offk
XQvU9JF046Uf33yHZAbq5NsBsMpJLVsxRtpJf6iSN8KBoRXTMUlfxePPHwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFD5UBWuI4VpVWorM4yjSe5LqceGkMB8GA1UdIwQY
MBaAFCZj89sVLgVawUW9u0KeAYZUIEyNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSm1QejJ4VXVCVnJCUmIyN1FwNEJobFFnVEkwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS9jOGM2ZjYtNTk1Yy00NWIxLWE3NmUt
YmQxOTI2NzZjOWJiLzEvUGxRRmE0amhXbFZhaXN6aktOSjdrdXB4NGFRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS9jOGM2ZjYtNTk1Yy00NWIxLWE3NmUtYmQxOTI2NzZjOWJi
LzEvSm1QejJ4VXVCVnJCUmIyN1FwNEJobFFnVEkwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwtE0MA0G
CSqGSIb3DQEBCwUAA4IBAQAVwwe0PjpW46JPQsQyt2a9UzCb+4PkWhYwdMNeMj7c
y5V130KRASLgz/wEHwfxnupdpM6ORTr61CJcnmpS7VeAZ0jU3J7Jh0UhDEJKLfgt
qbBvzImeG8a155YuLv8gxZxpydqd0qaHmqYpqxmATAzn0pngB3Db1E+bmsB78gt7
lpXw/CwZQmU4ok8iURnwvSrVAHeLS8eGJdaaN3rXWairjCkt6ZpAQ3L2JckPG0hx
RpiAOol0cBTQNWCBzMCVBuHn51GwoLDpQLvI+nDU0CvLv/aq7HwKSJYXRWy+lkBS
e+db2GJ8P3Wup23FWlNcK1Js2y4FZKEB5mbPN72ZMF3o
-----END CERTIFICATE-----