Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/c8c6f6-595c-45b1-a76e-bd192676c9bb/1/ryWvVob_sg8rrWsUDr_68HI1pUA.roa
File:                     ryWvVob_sg8rrWsUDr_68HI1pUA.roa (raw, json)
Hash identifier:          sxxveXuoxJS70qk+w1fDvfDA8mUjecUr+hClUDWTXQg=
Subject key identifier:   AF:25:AF:56:86:FF:B2:0F:2B:AD:6B:14:0E:BF:FA:F0:72:35:A5:40
Certificate issuer:       /CN=2663f3db152e055ac145bdbb429e018654204c8d
Certificate serial:       01942067E14758818F87366A849535ADA0A1
Authority key identifier: 26:63:F3:DB:15:2E:05:5A:C1:45:BD:BB:42:9E:01:86:54:20:4C:8D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JmPz2xUuBVrBRb27Qp4BhlQgTI0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/c8c6f6-595c-45b1-a76e-bd192676c9bb/1/ryWvVob_sg8rrWsUDr_68HI1pUA.roa
Signing time:             Wed 01 Jan 2025 05:47:46 +0000
ROA not before:           Wed 01 Jan 2025 05:47:46 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214756
IP address blocks:        194.209.40.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/c8c6f6-595c-45b1-a76e-bd192676c9bb/1/JmPz2xUuBVrBRb27Qp4BhlQgTI0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/c8c6f6-595c-45b1-a76e-bd192676c9bb/1/JmPz2xUuBVrBRb27Qp4BhlQgTI0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JmPz2xUuBVrBRb27Qp4BhlQgTI0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 07:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:67:e1:47:58:81:8f:87:36:6a:84:95:35:ad:a0:a1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2663f3db152e055ac145bdbb429e018654204c8d
        Validity
            Not Before: Jan  1 05:47:46 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=af25af5686ffb20f2bad6b140ebffaf07235a540
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f6:e7:67:b2:38:3a:30:22:88:2f:28:ca:bc:97:
                    22:c6:dd:1c:4a:52:fc:84:1f:be:df:60:99:4c:8a:
                    d6:ed:02:b2:60:66:50:a9:40:49:de:5c:f6:27:1d:
                    02:c9:a2:94:32:c8:da:b0:04:bd:18:79:93:39:a6:
                    0b:a4:20:db:58:28:80:01:18:6a:5f:c2:8e:bd:4f:
                    ff:14:ff:59:6a:97:d7:23:0d:18:00:f2:18:fa:2a:
                    09:b7:e6:23:28:9b:83:f8:bb:da:bb:f6:ed:5d:b1:
                    02:ce:81:96:be:67:c8:b6:13:44:54:87:d6:1f:f1:
                    d0:ed:f0:45:41:8f:d0:33:88:fe:3c:5f:e4:a2:81:
                    10:ed:ab:de:f8:51:91:7b:1a:ca:57:b2:04:b8:3a:
                    c0:aa:71:fb:3f:58:36:eb:20:56:5e:34:6c:ce:f5:
                    e5:92:2d:2c:ef:77:cd:e0:eb:67:5f:3e:fd:f3:b0:
                    99:5a:62:5d:31:76:d9:b5:3c:67:1f:cb:13:a6:9f:
                    72:ea:1b:f6:44:de:df:a4:fb:5c:c9:96:fd:92:06:
                    c9:10:58:bc:02:0d:3b:c9:a0:a4:a7:f8:dc:af:93:
                    92:4d:f8:f4:6f:6f:5b:3c:69:f7:86:6b:35:f3:62:
                    2e:43:5c:f2:49:64:59:a5:6b:da:44:1d:2c:ef:f9:
                    a0:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AF:25:AF:56:86:FF:B2:0F:2B:AD:6B:14:0E:BF:FA:F0:72:35:A5:40
            X509v3 Authority Key Identifier:
                keyid:26:63:F3:DB:15:2E:05:5A:C1:45:BD:BB:42:9E:01:86:54:20:4C:8D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JmPz2xUuBVrBRb27Qp4BhlQgTI0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/c8c6f6-595c-45b1-a76e-bd192676c9bb/1/ryWvVob_sg8rrWsUDr_68HI1pUA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/c8c6f6-595c-45b1-a76e-bd192676c9bb/1/JmPz2xUuBVrBRb27Qp4BhlQgTI0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.209.40.0/24

    Signature Algorithm: sha256WithRSAEncryption
         41:e8:1c:1d:a5:c9:bf:00:77:c6:9d:9a:94:6a:93:63:1c:e2:
         7a:a9:41:55:34:7e:9d:57:6d:17:e9:42:50:20:cd:10:24:06:
         e5:d2:99:97:31:7a:03:dc:94:1d:1a:8a:bf:7d:0c:2c:14:2c:
         20:a2:cb:61:fb:33:bd:cf:f5:64:b9:30:a8:a2:7b:f6:8a:1d:
         f0:04:60:e4:ce:80:17:a5:e9:d1:81:95:1a:79:d6:a0:4e:2c:
         8a:cf:bd:be:95:57:3b:ab:cb:af:ce:6d:4f:16:3d:df:2a:15:
         a3:0a:59:a7:0a:60:24:fb:4f:84:3a:53:7c:10:6c:1b:c0:b9:
         4b:ac:3d:e1:04:14:d5:87:e0:8d:98:50:78:4d:68:b2:13:87:
         1e:81:3a:d8:47:31:0d:27:2d:fd:c3:0b:a5:b5:4e:63:4d:1a:
         35:e5:0a:51:ec:bc:e3:a5:70:19:1e:39:83:19:16:de:1d:28:
         2f:95:de:cc:ca:1f:55:0f:a4:7f:f3:a0:5b:b0:c7:92:b6:0f:
         65:57:4e:29:10:91:7c:91:cd:80:26:03:9c:b4:76:dc:69:42:
         b8:fe:f3:c0:42:13:39:3e:ca:8e:52:83:de:27:b4:6e:9a:56:
         aa:29:cc:8e:b7:87:06:40:e3:3b:a7:6e:a7:76:02:30:85:a8:
         e1:ff:4e:8b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQgZ+FHWIGPhzZqhJU1raChMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI2NjNmM2RiMTUyZTA1NWFjMTQ1YmRiYjQyOWUwMTg2NTQy
MDRjOGQwHhcNMjUwMTAxMDU0NzQ2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZjI1YWY1Njg2ZmZiMjBmMmJhZDZiMTQwZWJmZmFmMDcyMzVhNTQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA9udnsjg6MCKILyjKvJcixt0cSlL8
hB++32CZTIrW7QKyYGZQqUBJ3lz2Jx0CyaKUMsjasAS9GHmTOaYLpCDbWCiAARhq
X8KOvU//FP9ZapfXIw0YAPIY+ioJt+YjKJuD+Lvau/btXbECzoGWvmfIthNEVIfW
H/HQ7fBFQY/QM4j+PF/kooEQ7ave+FGRexrKV7IEuDrAqnH7P1g26yBWXjRszvXl
ki0s73fN4OtnXz7987CZWmJdMXbZtTxnH8sTpp9y6hv2RN7fpPtcyZb9kgbJEFi8
Ag07yaCkp/jcr5OSTfj0b29bPGn3hms182IuQ1zySWRZpWvaRB0s7/mglwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFK8lr1aG/7IPK61rFA6/+vByNaVAMB8GA1UdIwQY
MBaAFCZj89sVLgVawUW9u0KeAYZUIEyNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSm1QejJ4VXVCVnJCUmIyN1FwNEJobFFnVEkwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS9jOGM2ZjYtNTk1Yy00NWIxLWE3NmUt
YmQxOTI2NzZjOWJiLzEvcnlXdlZvYl9zZzhycldzVURyXzY4SEkxcFVBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS9jOGM2ZjYtNTk1Yy00NWIxLWE3NmUtYmQxOTI2NzZjOWJi
LzEvSm1QejJ4VXVCVnJCUmIyN1FwNEJobFFnVEkwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwtEoMA0G
CSqGSIb3DQEBCwUAA4IBAQBB6Bwdpcm/AHfGnZqUapNjHOJ6qUFVNH6dV20X6UJQ
IM0QJAbl0pmXMXoD3JQdGoq/fQwsFCwgosth+zO9z/VkuTCoonv2ih3wBGDkzoAX
penRgZUaedagTiyKz72+lVc7q8uvzm1PFj3fKhWjClmnCmAk+0+EOlN8EGwbwLlL
rD3hBBTVh+CNmFB4TWiyE4cegTrYRzENJy39wwultU5jTRo15QpR7LzjpXAZHjmD
GRbeHSgvld7Myh9VD6R/86BbsMeStg9lV04pEJF8kc2AJgOctHbcaUK4/vPAQhM5
PsqOUoPeJ7RumlaqKcyOt4cGQOM7p26ndgIwhajh/06L
-----END CERTIFICATE-----