Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/38/3f249b-e836-41b4-9a3a-994806f081f0/1/pS5Nq1EnJi25Ni8D7F2AsfCr3us.roa
File:                     pS5Nq1EnJi25Ni8D7F2AsfCr3us.roa (raw, json)
Hash identifier:          z8UYe9Iy4/xJP09QZfzYnqZgX4/AIGkREultrmYRO6o=
Subject key identifier:   A5:2E:4D:AB:51:27:26:2D:B9:36:2F:03:EC:5D:80:B1:F0:AB:DE:EB
Certificate issuer:       /CN=e2c2b834fbc91af0ec6b1d34fd64054d2269a1fd
Certificate serial:       0194266B9E431A887049B83E391DFA89B228
Authority key identifier: E2:C2:B8:34:FB:C9:1A:F0:EC:6B:1D:34:FD:64:05:4D:22:69:A1:FD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4sK4NPvJGvDsax00_WQFTSJpof0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/38/3f249b-e836-41b4-9a3a-994806f081f0/1/pS5Nq1EnJi25Ni8D7F2AsfCr3us.roa
Signing time:             Thu 02 Jan 2025 09:49:34 +0000
ROA not before:           Thu 02 Jan 2025 09:49:34 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     3170
IP address blocks:        194.124.43.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/38/3f249b-e836-41b4-9a3a-994806f081f0/1/4sK4NPvJGvDsax00_WQFTSJpof0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/38/3f249b-e836-41b4-9a3a-994806f081f0/1/4sK4NPvJGvDsax00_WQFTSJpof0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4sK4NPvJGvDsax00_WQFTSJpof0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 13:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:6b:9e:43:1a:88:70:49:b8:3e:39:1d:fa:89:b2:28
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e2c2b834fbc91af0ec6b1d34fd64054d2269a1fd
        Validity
            Not Before: Jan  2 09:49:34 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a52e4dab5127262db9362f03ec5d80b1f0abdeeb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:09:06:f4:fa:5b:e6:02:e3:56:12:e6:2a:67:
                    c3:45:0c:84:55:f3:1f:4a:07:45:33:46:9b:89:88:
                    d8:a1:68:70:7a:2a:14:2c:4d:4c:ad:79:c2:cf:28:
                    ff:02:9f:dc:56:05:2d:70:aa:ea:f9:1f:c7:66:59:
                    ab:68:9e:eb:0a:d7:83:c2:5b:81:2b:c0:7e:7b:6a:
                    77:d3:1b:de:f3:d2:45:4d:77:43:d5:db:9e:98:46:
                    f3:ab:5d:61:e1:f4:f5:de:5b:eb:1d:35:37:23:f8:
                    d5:35:4d:cb:9a:d5:31:c5:08:b2:42:d2:aa:77:cf:
                    c7:74:8c:69:33:6f:67:7f:7a:5b:4f:6d:50:25:96:
                    69:32:1c:f8:63:48:f2:dc:15:a6:e7:e0:09:ae:24:
                    08:a0:cf:83:3c:91:93:e0:97:a5:0d:b6:34:de:8c:
                    bb:6b:3f:dc:2b:de:18:7b:0e:fd:e4:37:bd:5c:44:
                    a9:fd:10:e7:a4:2c:4a:0f:d9:a5:5a:cc:87:8b:ea:
                    41:08:70:e0:72:db:0f:dc:7f:61:72:b7:f3:17:26:
                    e3:41:6b:fc:b4:d8:fe:22:06:77:24:93:db:67:ec:
                    47:a3:86:03:a6:f5:16:ed:a4:97:5c:1c:d4:f7:09:
                    ab:df:79:e3:78:b0:c7:3b:93:b7:98:0b:4c:c4:62:
                    f0:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A5:2E:4D:AB:51:27:26:2D:B9:36:2F:03:EC:5D:80:B1:F0:AB:DE:EB
            X509v3 Authority Key Identifier:
                keyid:E2:C2:B8:34:FB:C9:1A:F0:EC:6B:1D:34:FD:64:05:4D:22:69:A1:FD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4sK4NPvJGvDsax00_WQFTSJpof0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/38/3f249b-e836-41b4-9a3a-994806f081f0/1/pS5Nq1EnJi25Ni8D7F2AsfCr3us.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/38/3f249b-e836-41b4-9a3a-994806f081f0/1/4sK4NPvJGvDsax00_WQFTSJpof0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.124.43.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7a:d3:fd:f4:1b:4f:14:e8:33:2d:d2:99:f4:76:d2:cd:54:6c:
         84:6b:07:95:dc:ae:8a:b6:85:40:27:91:02:df:fc:ee:3f:eb:
         60:b9:56:ba:81:84:a1:c5:6a:30:38:15:bb:27:de:2d:73:f3:
         a0:0f:b1:35:f6:2b:37:ce:7c:e6:18:b0:3e:53:5f:57:71:5d:
         40:50:9f:df:b3:db:f4:48:fa:18:59:7e:18:e0:e5:65:6f:90:
         59:7f:89:98:7e:aa:cf:7b:5a:64:98:6a:de:e2:63:aa:ea:87:
         d4:60:fb:e3:a1:34:24:01:d1:cd:7b:07:59:29:e2:60:0e:ac:
         e6:30:57:f7:dc:b7:b7:1b:9f:cb:1f:60:68:ba:25:e6:ee:5a:
         ee:07:84:0d:c4:9f:7a:cb:18:94:d4:19:e7:0e:27:c6:96:e9:
         77:fe:b3:33:98:9e:8e:63:e6:23:26:9f:bb:28:66:9d:50:7e:
         97:46:c0:83:01:7b:cc:29:70:95:b8:df:b0:89:3a:4c:46:cd:
         38:c7:a5:7c:24:7e:99:44:a7:73:3f:0c:7a:70:9d:0d:18:32:
         48:c7:0e:8a:6c:20:7b:4f:b1:8f:56:de:16:d3:30:40:3f:80:
         af:77:ba:66:7d:78:bc:e4:c7:50:ae:0a:07:67:43:a8:1b:1f:
         fc:0e:c0:14
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQma55DGohwSbg+OR36ibIoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUyYzJiODM0ZmJjOTFhZjBlYzZiMWQzNGZkNjQwNTRkMjI2
OWExZmQwHhcNMjUwMTAyMDk0OTM0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNTJlNGRhYjUxMjcyNjJkYjkzNjJmMDNlYzVkODBiMWYwYWJkZWViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAywkG9Ppb5gLjVhLmKmfDRQyEVfMf
SgdFM0abiYjYoWhweioULE1MrXnCzyj/Ap/cVgUtcKrq+R/HZlmraJ7rCteDwluB
K8B+e2p30xve89JFTXdD1duemEbzq11h4fT13lvrHTU3I/jVNU3LmtUxxQiyQtKq
d8/HdIxpM29nf3pbT21QJZZpMhz4Y0jy3BWm5+AJriQIoM+DPJGT4JelDbY03oy7
az/cK94Yew795De9XESp/RDnpCxKD9mlWsyHi+pBCHDgctsP3H9hcrfzFybjQWv8
tNj+IgZ3JJPbZ+xHo4YDpvUW7aSXXBzU9wmr33njeLDHO5O3mAtMxGLwzQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKUuTatRJyYtuTYvA+xdgLHwq97rMB8GA1UdIwQY
MBaAFOLCuDT7yRrw7GsdNP1kBU0iaaH9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNHNLNE5QdkpHdkRzYXgwMF9XUUZUU0pwb2YwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zOC8zZjI0OWItZTgzNi00MWI0LTlhM2Et
OTk0ODA2ZjA4MWYwLzEvcFM1TnExRW5KaTI1Tmk4RDdGMkFzZkNyM3VzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zOC8zZjI0OWItZTgzNi00MWI0LTlhM2EtOTk0ODA2ZjA4MWYw
LzEvNHNLNE5QdkpHdkRzYXgwMF9XUUZUU0pwb2YwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwnwrMA0G
CSqGSIb3DQEBCwUAA4IBAQB60/30G08U6DMt0pn0dtLNVGyEaweV3K6KtoVAJ5EC
3/zuP+tguVa6gYShxWowOBW7J94tc/OgD7E19is3znzmGLA+U19XcV1AUJ/fs9v0
SPoYWX4Y4OVlb5BZf4mYfqrPe1pkmGre4mOq6ofUYPvjoTQkAdHNewdZKeJgDqzm
MFf33Le3G5/LH2BouiXm7lruB4QNxJ96yxiU1BnnDifGlul3/rMzmJ6OY+YjJp+7
KGadUH6XRsCDAXvMKXCVuN+wiTpMRs04x6V8JH6ZRKdzPwx6cJ0NGDJIxw6KbCB7
T7GPVt4W0zBAP4Cvd7pmfXi85MdQrgoHZ0OoGx/8DsAU
-----END CERTIFICATE-----