Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/38/2dab18-7bb7-4aa1-98ad-27c9d9114238/1/RAu0fNtqwivhpDFk4ehwbUssHTc.roa
File:                     RAu0fNtqwivhpDFk4ehwbUssHTc.roa (raw, json)
Hash identifier:          ASO7jKRNvxEqEpBOo5wevxzSp2tNnkfm3RRt0ZwZtAw=
Subject key identifier:   44:0B:B4:7C:DB:6A:C2:2B:E1:A4:31:64:E1:E8:70:6D:4B:2C:1D:37
Certificate issuer:       /CN=a1a55bf2888753e44675b61dda30394d90156c0a
Certificate serial:       019423D74B8A07AFBE8041976A2B0B0EFB1D
Authority key identifier: A1:A5:5B:F2:88:87:53:E4:46:75:B6:1D:DA:30:39:4D:90:15:6C:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/oaVb8oiHU-RGdbYd2jA5TZAVbAo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/38/2dab18-7bb7-4aa1-98ad-27c9d9114238/1/RAu0fNtqwivhpDFk4ehwbUssHTc.roa
Signing time:             Wed 01 Jan 2025 21:48:19 +0000
ROA not before:           Wed 01 Jan 2025 21:48:19 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     208919
IP address blocks:        194.147.219.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/38/2dab18-7bb7-4aa1-98ad-27c9d9114238/1/oaVb8oiHU-RGdbYd2jA5TZAVbAo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/38/2dab18-7bb7-4aa1-98ad-27c9d9114238/1/oaVb8oiHU-RGdbYd2jA5TZAVbAo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/oaVb8oiHU-RGdbYd2jA5TZAVbAo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:d7:4b:8a:07:af:be:80:41:97:6a:2b:0b:0e:fb:1d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a1a55bf2888753e44675b61dda30394d90156c0a
        Validity
            Not Before: Jan  1 21:48:19 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=440bb47cdb6ac22be1a43164e1e8706d4b2c1d37
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:cf:52:44:17:bb:b9:0e:28:c8:9b:ab:65:fc:
                    43:9f:2b:c4:7e:2d:d3:0e:94:85:ee:eb:35:b4:06:
                    44:64:2d:05:8c:b0:3c:8e:c3:32:a0:77:fb:7d:a5:
                    bf:1a:77:55:2c:84:b0:62:a8:c4:43:44:99:4c:12:
                    a5:c5:db:98:0d:46:95:03:e6:6e:28:3d:ca:f1:d6:
                    d2:93:c9:b7:30:22:18:ad:88:35:f9:92:7d:e7:e7:
                    9f:13:ff:e6:af:39:6e:c9:42:04:db:d6:26:cf:99:
                    49:f4:ff:96:fd:d4:d0:3d:e8:78:21:94:36:f6:52:
                    c3:27:ba:d5:64:55:a7:bd:1c:cc:e7:a4:81:f7:28:
                    6b:2b:c8:2b:ab:c6:cb:27:29:1d:97:f7:e3:4c:fb:
                    ae:48:1d:3a:09:07:d1:6d:28:52:bf:cf:42:25:7f:
                    8d:4e:80:97:b3:ec:c5:d5:0c:be:1f:c9:21:ec:38:
                    d6:07:bb:11:74:71:06:11:12:54:68:5b:57:ae:44:
                    4e:23:c1:df:ab:92:b2:76:76:5f:36:8e:a5:d5:9d:
                    e0:ea:f7:e5:36:28:b6:54:ef:19:41:d3:7b:38:db:
                    fb:b8:76:00:de:90:24:6c:4f:ee:72:c7:2b:b9:0d:
                    3d:2f:e3:de:99:23:64:20:e1:0f:7a:93:4a:86:05:
                    35:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                44:0B:B4:7C:DB:6A:C2:2B:E1:A4:31:64:E1:E8:70:6D:4B:2C:1D:37
            X509v3 Authority Key Identifier:
                keyid:A1:A5:5B:F2:88:87:53:E4:46:75:B6:1D:DA:30:39:4D:90:15:6C:0A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/oaVb8oiHU-RGdbYd2jA5TZAVbAo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/38/2dab18-7bb7-4aa1-98ad-27c9d9114238/1/RAu0fNtqwivhpDFk4ehwbUssHTc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/38/2dab18-7bb7-4aa1-98ad-27c9d9114238/1/oaVb8oiHU-RGdbYd2jA5TZAVbAo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.147.219.0/24

    Signature Algorithm: sha256WithRSAEncryption
         49:86:f6:2f:1c:33:e3:4f:60:64:31:07:b6:6a:04:f7:2e:79:
         72:8d:8d:fb:6d:d8:0f:0e:cf:a5:a0:b7:c0:cd:68:38:a3:44:
         e9:d1:53:a2:9b:9f:2c:eb:7b:c2:6e:42:9c:bb:5b:d6:c3:79:
         e1:ee:99:a6:15:d9:3b:f7:d9:eb:53:fe:69:26:9d:a2:7e:e1:
         02:96:fc:0a:70:75:ce:7c:f0:23:f8:72:0a:e3:82:13:78:ca:
         59:5b:94:45:8c:04:7e:b4:01:36:fd:4d:63:4e:33:40:11:91:
         43:0d:83:0b:d2:00:ae:15:26:67:8b:8e:2e:ae:db:c5:61:be:
         9f:70:ed:5b:e5:a8:17:41:56:59:c6:72:52:36:4e:b6:0e:fc:
         cb:e8:53:30:79:d1:c9:c3:04:5b:e1:7b:82:8d:db:62:ac:eb:
         3a:db:d0:8b:e4:68:91:5f:bf:c2:67:de:c8:f4:3d:0d:60:b5:
         b2:f1:be:2c:05:ac:06:54:cc:a5:cd:92:87:c8:c8:77:e0:0c:
         14:80:ac:45:0e:c9:4a:fb:e5:2d:2f:ef:36:10:07:00:e2:6b:
         45:04:60:6d:0c:0d:f4:42:9a:1c:53:6d:58:e8:70:a6:a4:62:
         5c:43:e9:47:e8:36:54:45:e0:11:11:ea:02:55:05:a4:ff:06:
         3d:e8:d3:f0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQj10uKB6++gEGXaisLDvsdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGExYTU1YmYyODg4NzUzZTQ0Njc1YjYxZGRhMzAzOTRkOTAx
NTZjMGEwHhcNMjUwMTAxMjE0ODE5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NDBiYjQ3Y2RiNmFjMjJiZTFhNDMxNjRlMWU4NzA2ZDRiMmMxZDM3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvs9SRBe7uQ4oyJurZfxDnyvEfi3T
DpSF7us1tAZEZC0FjLA8jsMyoHf7faW/GndVLISwYqjEQ0SZTBKlxduYDUaVA+Zu
KD3K8dbSk8m3MCIYrYg1+ZJ95+efE//mrzluyUIE29Ymz5lJ9P+W/dTQPeh4IZQ2
9lLDJ7rVZFWnvRzM56SB9yhrK8grq8bLJykdl/fjTPuuSB06CQfRbShSv89CJX+N
ToCXs+zF1Qy+H8kh7DjWB7sRdHEGERJUaFtXrkROI8Hfq5KydnZfNo6l1Z3g6vfl
Nii2VO8ZQdN7ONv7uHYA3pAkbE/ucscruQ09L+PemSNkIOEPepNKhgU1IwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEQLtHzbasIr4aQxZOHocG1LLB03MB8GA1UdIwQY
MBaAFKGlW/KIh1PkRnW2HdowOU2QFWwKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb2FWYjhvaUhVLVJHZGJZZDJqQTVUWkFWYkFvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zOC8yZGFiMTgtN2JiNy00YWExLTk4YWQt
MjdjOWQ5MTE0MjM4LzEvUkF1MGZOdHF3aXZocERGazRlaHdiVXNzSFRjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zOC8yZGFiMTgtN2JiNy00YWExLTk4YWQtMjdjOWQ5MTE0MjM4
LzEvb2FWYjhvaUhVLVJHZGJZZDJqQTVUWkFWYkFvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwpPbMA0G
CSqGSIb3DQEBCwUAA4IBAQBJhvYvHDPjT2BkMQe2agT3LnlyjY37bdgPDs+loLfA
zWg4o0Tp0VOim58s63vCbkKcu1vWw3nh7pmmFdk799nrU/5pJp2ifuEClvwKcHXO
fPAj+HIK44ITeMpZW5RFjAR+tAE2/U1jTjNAEZFDDYML0gCuFSZni44urtvFYb6f
cO1b5agXQVZZxnJSNk62DvzL6FMwedHJwwRb4XuCjdtirOs629CL5GiRX7/CZ97I
9D0NYLWy8b4sBawGVMylzZKHyMh34AwUgKxFDslK++UtL+82EAcA4mtFBGBtDA30
QpocU21Y6HCmpGJcQ+lH6DZUReAREeoCVQWk/wY96NPw
-----END CERTIFICATE-----