Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/30/c22dc9-c7ba-4156-a79c-15e90bf87fab/1/_dP89dJHE-YZKAUIAMAKH5hCybo.roa
File:                     _dP89dJHE-YZKAUIAMAKH5hCybo.roa (raw, json)
Hash identifier:          RwLTyGyMw54nCLsLFUIuCCv0sJSfUYZ8s2qq98bQOs0=
Subject key identifier:   FD:D3:FC:F5:D2:47:13:E6:19:28:05:08:00:C0:0A:1F:98:42:C9:BA
Certificate issuer:       /CN=e0dee1b06ba24a676213f976a4b50c129dcb2b73
Certificate serial:       01942826FD4060408561BE07B3B6D9757FC9
Authority key identifier: E0:DE:E1:B0:6B:A2:4A:67:62:13:F9:76:A4:B5:0C:12:9D:CB:2B:73
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4N7hsGuiSmdiE_l2pLUMEp3LK3M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/30/c22dc9-c7ba-4156-a79c-15e90bf87fab/1/_dP89dJHE-YZKAUIAMAKH5hCybo.roa
Signing time:             Thu 02 Jan 2025 17:53:51 +0000
ROA not before:           Thu 02 Jan 2025 17:53:51 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     1759
IP address blocks:        192.126.63.0/24 maxlen: 24
                          192.126.64.0/24 maxlen: 24
                          194.188.145.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/30/c22dc9-c7ba-4156-a79c-15e90bf87fab/1/4N7hsGuiSmdiE_l2pLUMEp3LK3M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/30/c22dc9-c7ba-4156-a79c-15e90bf87fab/1/4N7hsGuiSmdiE_l2pLUMEp3LK3M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4N7hsGuiSmdiE_l2pLUMEp3LK3M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 16 Apr 2025 08:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:28:26:fd:40:60:40:85:61:be:07:b3:b6:d9:75:7f:c9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e0dee1b06ba24a676213f976a4b50c129dcb2b73
        Validity
            Not Before: Jan  2 17:53:51 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=fdd3fcf5d24713e61928050800c00a1f9842c9ba
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:a8:e5:45:15:1c:9a:d6:89:f6:c4:d0:3f:13:
                    a5:3b:9f:0f:b1:bc:fa:e3:05:50:05:56:0a:e7:b5:
                    e7:92:59:28:4e:87:55:7f:d3:89:86:ca:7c:a1:3d:
                    16:94:dc:ef:17:d1:11:4c:a8:99:b0:01:8e:13:0b:
                    48:c9:5e:76:9a:76:96:8a:86:85:90:91:a8:82:d4:
                    52:8e:d4:f0:37:df:64:e8:cc:36:90:30:a6:0f:8f:
                    30:b1:58:17:be:ed:f5:60:c0:c7:56:4e:dc:0b:c5:
                    74:83:2d:31:05:d2:6d:ea:f9:0a:0a:3c:10:a5:e3:
                    cc:e7:0c:cc:18:70:57:ff:2c:b3:a9:fc:75:d3:cf:
                    f7:7a:49:85:89:f7:3d:5d:ec:c5:2c:21:9a:c2:f0:
                    9a:41:b0:4b:e7:9c:4d:9c:f8:e5:ba:34:c4:b0:fb:
                    96:9e:52:bb:71:ff:ed:a8:a7:2d:ef:78:f1:36:43:
                    c7:60:d3:d0:7f:f1:cf:a4:f4:3f:93:29:a4:ba:59:
                    39:19:ea:4e:54:a8:a0:d7:83:b7:6f:87:a7:58:54:
                    9d:3a:a4:fc:d2:46:5c:3f:b3:f1:46:35:03:81:88:
                    92:17:ed:66:77:44:19:3d:9f:43:98:74:6b:99:14:
                    70:84:ce:42:31:d2:62:da:f4:c5:52:ae:b8:af:8a:
                    e8:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FD:D3:FC:F5:D2:47:13:E6:19:28:05:08:00:C0:0A:1F:98:42:C9:BA
            X509v3 Authority Key Identifier:
                keyid:E0:DE:E1:B0:6B:A2:4A:67:62:13:F9:76:A4:B5:0C:12:9D:CB:2B:73

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4N7hsGuiSmdiE_l2pLUMEp3LK3M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/30/c22dc9-c7ba-4156-a79c-15e90bf87fab/1/_dP89dJHE-YZKAUIAMAKH5hCybo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/30/c22dc9-c7ba-4156-a79c-15e90bf87fab/1/4N7hsGuiSmdiE_l2pLUMEp3LK3M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.126.63.0-192.126.64.255
                  194.188.145.0/24

    Signature Algorithm: sha256WithRSAEncryption
         43:be:93:d6:e8:10:f7:39:98:22:fe:f1:9d:cb:4d:dd:56:99:
         6b:b0:e8:42:38:ba:0d:ff:d0:25:4f:4e:88:dc:5c:5d:1f:72:
         d4:4b:86:a0:55:f8:69:b1:4e:09:6c:89:73:38:0e:d7:b5:92:
         8b:b6:4b:f7:9f:5c:12:74:85:11:ca:09:1c:ee:5a:79:5e:a7:
         b6:63:8f:d7:e3:c8:7e:03:1c:ec:16:af:4e:70:e8:1a:73:fd:
         7e:c9:91:e8:fb:34:89:b7:fd:1f:4a:33:b4:24:ff:9a:bf:e3:
         21:7d:17:33:d2:f4:6b:ae:78:c4:bb:28:c6:e6:06:aa:90:a2:
         c5:79:f2:5c:e8:53:fe:14:f2:cd:3e:78:69:80:48:d3:45:74:
         70:84:54:5a:d2:59:27:e5:0b:96:b7:16:94:f3:a0:f4:5b:55:
         01:47:71:b9:c2:a6:f4:2e:9b:bc:84:10:f7:88:5a:ff:fd:e0:
         99:88:d7:ca:25:f1:48:40:58:54:bb:8f:b7:a5:52:b5:cb:ee:
         82:19:54:8a:33:db:a5:be:03:3c:6b:dd:8a:16:6d:9b:99:1d:
         ad:98:57:4a:17:7c:a1:76:8f:42:44:62:ec:e2:97:de:8f:8a:
         76:8e:4b:28:a8:6a:2a:33:b6:bf:7c:cd:94:82:6d:a1:31:ff:
         97:37:be:63
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAZQoJv1AYECFYb4Hs7bZdX/JMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUwZGVlMWIwNmJhMjRhNjc2MjEzZjk3NmE0YjUwYzEyOWRj
YjJiNzMwHhcNMjUwMTAyMTc1MzUxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZGQzZmNmNWQyNDcxM2U2MTkyODA1MDgwMGMwMGExZjk4NDJjOWJhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsajlRRUcmtaJ9sTQPxOlO58Psbz6
4wVQBVYK57XnklkoTodVf9OJhsp8oT0WlNzvF9ERTKiZsAGOEwtIyV52mnaWioaF
kJGogtRSjtTwN99k6Mw2kDCmD48wsVgXvu31YMDHVk7cC8V0gy0xBdJt6vkKCjwQ
pePM5wzMGHBX/yyzqfx108/3ekmFifc9XezFLCGawvCaQbBL55xNnPjlujTEsPuW
nlK7cf/tqKct73jxNkPHYNPQf/HPpPQ/kymkulk5GepOVKig14O3b4enWFSdOqT8
0kZcP7PxRjUDgYiSF+1md0QZPZ9DmHRrmRRwhM5CMdJi2vTFUq64r4roAQIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFP3T/PXSRxPmGSgFCADACh+YQsm6MB8GA1UdIwQY
MBaAFODe4bBrokpnYhP5dqS1DBKdyytzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNE43aHNHdWlTbWRpRV9sMnBMVU1FcDNMSzNNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMC9jMjJkYzktYzdiYS00MTU2LWE3OWMt
MTVlOTBiZjg3ZmFiLzEvX2RQODlkSkhFLVlaS0FVSUFNQUtINWhDeWJvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMC9jMjJkYzktYzdiYS00MTU2LWE3OWMtMTVlOTBiZjg3ZmFi
LzEvNE43aHNHdWlTbWRpRV9sMnBMVU1FcDNMSzNNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAATAUMAwDBADAfj8D
BADAfkADBADCvJEwDQYJKoZIhvcNAQELBQADggEBAEO+k9boEPc5mCL+8Z3LTd1W
mWuw6EI4ug3/0CVPTojcXF0fctRLhqBV+GmxTglsiXM4Dte1kou2S/efXBJ0hRHK
CRzuWnlep7Zjj9fjyH4DHOwWr05w6Bpz/X7Jkej7NIm3/R9KM7Qk/5q/4yF9FzPS
9GuueMS7KMbmBqqQosV58lzoU/4U8s0+eGmASNNFdHCEVFrSWSflC5a3FpTzoPRb
VQFHcbnCpvQum7yEEPeIWv/94JmI18ol8UhAWFS7j7elUrXL7oIZVIoz26W+Azxr
3YoWbZuZHa2YV0oXfKF2j0JEYuzil96PinaOSyioaioztr98zZSCbaEx/5c3vmM=
-----END CERTIFICATE-----