Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/66b74c-81c1-410e-957d-a8d65dccb96b/1/syjiQ17dBmmkBrrPm3qMJQlfeQw.roa
File:                     syjiQ17dBmmkBrrPm3qMJQlfeQw.roa (raw, json)
Hash identifier:          xvm/Qu4QjTYO005UFyYbS5lkq4TgWn4H6EMhyBLhJuc=
Subject key identifier:   B3:28:E2:43:5E:DD:06:69:A4:06:BA:CF:9B:7A:8C:25:09:5F:79:0C
Certificate issuer:       /CN=72e4baf99ab840129133285fe9ad7b83fd130c39
Certificate serial:       0194266BC1251A138F447260B9919145EAA1
Authority key identifier: 72:E4:BA:F9:9A:B8:40:12:91:33:28:5F:E9:AD:7B:83:FD:13:0C:39
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cuS6-Zq4QBKRMyhf6a17g_0TDDk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/66b74c-81c1-410e-957d-a8d65dccb96b/1/syjiQ17dBmmkBrrPm3qMJQlfeQw.roa
Signing time:             Thu 02 Jan 2025 09:49:43 +0000
ROA not before:           Thu 02 Jan 2025 09:49:43 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     5511
IP address blocks:        194.213.20.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/36/66b74c-81c1-410e-957d-a8d65dccb96b/1/cuS6-Zq4QBKRMyhf6a17g_0TDDk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/36/66b74c-81c1-410e-957d-a8d65dccb96b/1/cuS6-Zq4QBKRMyhf6a17g_0TDDk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cuS6-Zq4QBKRMyhf6a17g_0TDDk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 18:01:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:6b:c1:25:1a:13:8f:44:72:60:b9:91:91:45:ea:a1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72e4baf99ab840129133285fe9ad7b83fd130c39
        Validity
            Not Before: Jan  2 09:49:43 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b328e2435edd0669a406bacf9b7a8c25095f790c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:7b:02:5c:a3:f0:94:ac:10:48:a0:38:09:ae:
                    24:2f:db:30:81:c0:e0:56:7c:13:ba:8a:ac:50:c8:
                    91:ba:e8:bc:e0:a3:8b:c7:c5:c4:29:ef:c0:02:c1:
                    32:55:23:df:9d:ef:eb:7b:56:6f:12:dd:89:f3:bc:
                    df:ab:c4:f8:c1:c3:17:50:f0:13:0e:14:ef:69:ec:
                    66:e5:53:70:29:44:9d:c6:90:2c:01:b6:66:09:e8:
                    e3:0d:1d:40:d7:ba:44:03:d0:84:86:fe:f4:d1:18:
                    27:39:d9:7d:e3:d9:20:5a:87:7d:6d:a0:cb:20:9d:
                    b7:b2:c2:a9:12:27:3d:c4:1a:97:c7:c9:1f:59:a2:
                    1c:76:5a:8e:cf:27:b1:47:37:8a:cd:47:dd:8b:68:
                    6e:27:ce:9b:54:b5:ef:ef:c1:cd:7e:2e:6c:68:a1:
                    4b:6b:e4:ea:29:a1:87:b2:0a:fa:0e:55:d0:95:d4:
                    33:5a:8a:30:e7:4d:23:d4:27:53:57:53:14:a8:89:
                    e7:95:4c:57:29:ab:1b:e1:9c:a5:30:e4:74:c2:b7:
                    ce:55:49:a9:17:e2:7f:ca:1d:0c:77:f4:dc:20:78:
                    c0:43:4d:83:4f:46:94:c1:55:17:ae:90:37:fe:21:
                    fd:14:99:ff:67:05:56:4b:75:88:9b:0e:c6:10:2e:
                    71:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B3:28:E2:43:5E:DD:06:69:A4:06:BA:CF:9B:7A:8C:25:09:5F:79:0C
            X509v3 Authority Key Identifier:
                keyid:72:E4:BA:F9:9A:B8:40:12:91:33:28:5F:E9:AD:7B:83:FD:13:0C:39

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cuS6-Zq4QBKRMyhf6a17g_0TDDk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/66b74c-81c1-410e-957d-a8d65dccb96b/1/syjiQ17dBmmkBrrPm3qMJQlfeQw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/66b74c-81c1-410e-957d-a8d65dccb96b/1/cuS6-Zq4QBKRMyhf6a17g_0TDDk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.213.20.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0f:de:33:88:0d:06:b4:f2:93:da:76:d7:81:60:4f:4d:34:38:
         8a:f6:04:3c:3e:d5:75:49:b1:5a:de:50:51:9a:5b:8f:92:d7:
         0e:4b:f6:2b:20:4e:6e:0f:5a:ff:25:27:a7:53:29:a1:4b:d8:
         e3:19:4f:7e:31:59:7f:ed:f0:56:d9:87:a1:c0:1e:da:72:48:
         4a:67:37:c9:f4:f4:71:89:2b:0b:5e:df:a9:2e:c8:ef:2f:4f:
         df:86:91:49:d6:e1:88:8e:e6:13:28:48:41:ff:a2:0c:44:60:
         bb:a2:c3:8d:48:45:60:80:b3:8f:55:c2:12:c6:37:29:99:f6:
         60:33:e8:26:e3:bc:28:76:85:27:c4:80:bf:06:e4:51:17:72:
         a4:0f:2d:9a:69:8a:5c:05:fe:48:42:cb:8e:4d:67:de:23:db:
         d4:0a:39:a7:88:22:62:76:19:50:e1:40:4a:72:ef:03:9d:56:
         40:df:bd:d5:39:7c:2f:15:27:1d:88:0a:39:a7:27:04:d6:e5:
         5f:a2:38:a5:e9:fd:cb:12:8d:6c:64:d2:f8:e8:24:c3:40:aa:
         0b:17:04:64:eb:c9:72:b8:34:7d:a8:29:cd:c9:15:19:b9:fe:
         72:18:ca:62:37:6c:c1:c2:a6:0c:e6:05:5b:26:41:42:01:8b:
         45:15:32:18
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQma8ElGhOPRHJguZGRReqhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyZTRiYWY5OWFiODQwMTI5MTMzMjg1ZmU5YWQ3YjgzZmQx
MzBjMzkwHhcNMjUwMTAyMDk0OTQzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMzI4ZTI0MzVlZGQwNjY5YTQwNmJhY2Y5YjdhOGMyNTA5NWY3OTBjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAynsCXKPwlKwQSKA4Ca4kL9swgcDg
VnwTuoqsUMiRuui84KOLx8XEKe/AAsEyVSPfne/re1ZvEt2J87zfq8T4wcMXUPAT
DhTvaexm5VNwKUSdxpAsAbZmCejjDR1A17pEA9CEhv700RgnOdl949kgWod9baDL
IJ23ssKpEic9xBqXx8kfWaIcdlqOzyexRzeKzUfdi2huJ86bVLXv78HNfi5saKFL
a+TqKaGHsgr6DlXQldQzWoow500j1CdTV1MUqInnlUxXKasb4ZylMOR0wrfOVUmp
F+J/yh0Md/TcIHjAQ02DT0aUwVUXrpA3/iH9FJn/ZwVWS3WImw7GEC5xIQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLMo4kNe3QZppAa6z5t6jCUJX3kMMB8GA1UdIwQY
MBaAFHLkuvmauEASkTMoX+mte4P9Eww5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY3VTNi1acTRRQktSTXloZjZhMTdnXzBURERrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi82NmI3NGMtODFjMS00MTBlLTk1N2Qt
YThkNjVkY2NiOTZiLzEvc3lqaVExN2RCbW1rQnJyUG0zcU1KUWxmZVF3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi82NmI3NGMtODFjMS00MTBlLTk1N2QtYThkNjVkY2NiOTZi
LzEvY3VTNi1acTRRQktSTXloZjZhMTdnXzBURERrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwtUUMA0G
CSqGSIb3DQEBCwUAA4IBAQAP3jOIDQa08pPadteBYE9NNDiK9gQ8PtV1SbFa3lBR
mluPktcOS/YrIE5uD1r/JSenUymhS9jjGU9+MVl/7fBW2YehwB7ackhKZzfJ9PRx
iSsLXt+pLsjvL0/fhpFJ1uGIjuYTKEhB/6IMRGC7osONSEVggLOPVcISxjcpmfZg
M+gm47wodoUnxIC/BuRRF3KkDy2aaYpcBf5IQsuOTWfeI9vUCjmniCJidhlQ4UBK
cu8DnVZA373VOXwvFScdiAo5pycE1uVfojil6f3LEo1sZNL46CTDQKoLFwRk68ly
uDR9qCnNyRUZuf5yGMpiN2zBwqYM5gVbJkFCAYtFFTIY
-----END CERTIFICATE-----