Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/39/293a2f-3997-497f-9ef1-4852c8ff8af2/1/1-W_ixXGYX8sPaJagj-AVwFiwChc.roa
File:                     1-W_ixXGYX8sPaJagj-AVwFiwChc.roa (raw, json)
Hash identifier:          L0D3lIfkN9efhBw5T+b3u9NkdIMxDqZ5UXxZUhgRWOs=
Subject key identifier:   F9:6F:E2:C5:71:98:5F:CB:0F:68:96:A0:8F:E0:15:C0:58:B0:0A:17
Certificate issuer:       /CN=91d0c78c309a3e99dc9ab74f2cdc0484859e7530
Certificate serial:       01942067EB9DE3701DFDADCF15A909D00AFD
Authority key identifier: 91:D0:C7:8C:30:9A:3E:99:DC:9A:B7:4F:2C:DC:04:84:85:9E:75:30
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/kdDHjDCaPpncmrdPLNwEhIWedTA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/39/293a2f-3997-497f-9ef1-4852c8ff8af2/1/1-W_ixXGYX8sPaJagj-AVwFiwChc.roa
Signing time:             Wed 01 Jan 2025 05:47:48 +0000
ROA not before:           Wed 01 Jan 2025 05:47:48 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     397423
IP address blocks:        195.62.47.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/39/293a2f-3997-497f-9ef1-4852c8ff8af2/1/kdDHjDCaPpncmrdPLNwEhIWedTA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/39/293a2f-3997-497f-9ef1-4852c8ff8af2/1/kdDHjDCaPpncmrdPLNwEhIWedTA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/kdDHjDCaPpncmrdPLNwEhIWedTA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 12 Apr 2025 14:34:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:67:eb:9d:e3:70:1d:fd:ad:cf:15:a9:09:d0:0a:fd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=91d0c78c309a3e99dc9ab74f2cdc0484859e7530
        Validity
            Not Before: Jan  1 05:47:48 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f96fe2c571985fcb0f6896a08fe015c058b00a17
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:3a:03:8a:e4:5e:da:55:fe:e0:ee:49:26:07:
                    48:f2:a7:2b:9f:66:26:d7:5f:85:07:2a:84:a6:ba:
                    d7:7a:57:f3:5a:86:cc:68:25:29:95:34:28:e6:b4:
                    19:3e:57:f5:da:9c:9a:29:53:94:9e:e1:f3:9c:27:
                    ac:d7:3e:fe:e7:b0:56:03:85:bd:bc:41:f2:4d:b6:
                    48:c4:c6:ed:5d:fc:bf:63:99:7d:24:f9:e9:4c:c3:
                    a4:e9:c4:26:97:1a:a2:89:ff:98:59:db:61:18:17:
                    b3:47:8a:10:6b:bf:5f:11:8e:ad:0a:96:8d:a7:89:
                    5d:76:d8:66:df:e6:8c:ac:0a:a6:e7:a2:8b:2b:c1:
                    e4:e0:11:03:70:28:6b:f7:81:ec:e0:2e:41:41:d9:
                    a4:a6:ed:76:6b:b6:3b:49:64:88:ce:44:56:78:a5:
                    f9:ec:8c:c8:d4:43:cb:17:05:a7:9d:2c:07:25:16:
                    b1:cb:70:83:70:97:4b:97:a9:b5:cc:09:56:f1:b9:
                    2d:57:f2:31:a5:47:5a:36:0e:98:fc:ab:af:a7:01:
                    28:16:73:5f:f0:38:d7:5e:f0:7e:39:ce:3c:b6:95:
                    60:8d:20:9f:77:f7:4c:20:56:3e:13:f8:43:f6:17:
                    0f:0b:b9:d0:91:4c:29:a3:a0:06:c8:9e:a1:27:c6:
                    47:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F9:6F:E2:C5:71:98:5F:CB:0F:68:96:A0:8F:E0:15:C0:58:B0:0A:17
            X509v3 Authority Key Identifier:
                keyid:91:D0:C7:8C:30:9A:3E:99:DC:9A:B7:4F:2C:DC:04:84:85:9E:75:30

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/kdDHjDCaPpncmrdPLNwEhIWedTA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/39/293a2f-3997-497f-9ef1-4852c8ff8af2/1/1-W_ixXGYX8sPaJagj-AVwFiwChc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/39/293a2f-3997-497f-9ef1-4852c8ff8af2/1/kdDHjDCaPpncmrdPLNwEhIWedTA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.62.47.0/24

    Signature Algorithm: sha256WithRSAEncryption
         43:c1:00:08:52:26:ba:77:30:b4:9e:98:b9:d9:a5:0f:b1:08:
         ce:b7:fb:2b:ce:55:48:c0:cf:ef:33:5e:05:63:ee:d6:cc:e5:
         50:a6:07:31:24:5f:da:b5:8f:dc:8e:7f:3f:69:8e:18:37:c5:
         b6:d8:83:13:93:69:d7:a7:39:b3:79:d2:3f:95:0c:a9:df:63:
         e3:3e:07:40:13:af:06:62:83:3e:2c:2a:dd:29:77:db:d9:d1:
         a2:84:b9:21:30:4c:de:50:6a:19:29:4d:60:a0:37:1a:e1:68:
         36:bb:cc:69:55:c0:c7:fb:4e:b6:01:1b:7f:48:6c:17:d3:7e:
         bc:10:0e:1d:bc:19:f2:f4:35:41:5a:f5:01:df:98:47:10:71:
         23:d5:7e:56:7f:d2:75:16:eb:6e:68:31:6f:6a:7a:a1:86:eb:
         de:c2:35:72:b1:1b:67:0a:43:3c:e0:ee:97:89:41:84:d9:c6:
         2f:74:44:26:96:d3:5b:0f:49:39:8c:5f:66:17:40:2b:80:26:
         d1:c4:a4:07:e8:01:36:67:cd:1f:bd:f3:7b:8a:72:4c:7e:a4:
         e2:59:72:a9:15:60:df:0f:48:d8:79:e8:3c:29:c9:64:54:c0:
         17:37:97:67:c0:45:ff:0c:63:a4:fb:b5:b5:8a:c1:b2:9a:28:
         9a:82:44:cb
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZQgZ+ud43Ad/a3PFakJ0Ar9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkxZDBjNzhjMzA5YTNlOTlkYzlhYjc0ZjJjZGMwNDg0ODU5
ZTc1MzAwHhcNMjUwMTAxMDU0NzQ4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmOTZmZTJjNTcxOTg1ZmNiMGY2ODk2YTA4ZmUwMTVjMDU4YjAwYTE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnDoDiuRe2lX+4O5JJgdI8qcrn2Ym
11+FByqEprrXelfzWobMaCUplTQo5rQZPlf12pyaKVOUnuHznCes1z7+57BWA4W9
vEHyTbZIxMbtXfy/Y5l9JPnpTMOk6cQmlxqiif+YWdthGBezR4oQa79fEY6tCpaN
p4lddthm3+aMrAqm56KLK8Hk4BEDcChr94Hs4C5BQdmkpu12a7Y7SWSIzkRWeKX5
7IzI1EPLFwWnnSwHJRaxy3CDcJdLl6m1zAlW8bktV/IxpUdaNg6Y/KuvpwEoFnNf
8DjXXvB+Oc48tpVgjSCfd/dMIFY+E/hD9hcPC7nQkUwpo6AGyJ6hJ8ZHNQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFPlv4sVxmF/LD2iWoI/gFcBYsAoXMB8GA1UdIwQY
MBaAFJHQx4wwmj6Z3Jq3TyzcBISFnnUwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva2RESGpEQ2FQcG5jbXJkUExOd0VoSVdlZFRBLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zOS8yOTNhMmYtMzk5Ny00OTdmLTllZjEt
NDg1MmM4ZmY4YWYyLzEvMS1XX2l4WEdZWDhzUGFKYWdqLUFWd0Zpd0NoYy5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvMzkvMjkzYTJmLTM5OTctNDk3Zi05ZWYxLTQ4NTJjOGZmOGFm
Mi8xL2tkREhqRENhUHBuY21yZFBMTndFaElXZWRUQS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAMM+LzAN
BgkqhkiG9w0BAQsFAAOCAQEAQ8EACFImuncwtJ6YudmlD7EIzrf7K85VSMDP7zNe
BWPu1szlUKYHMSRf2rWP3I5/P2mOGDfFttiDE5Np16c5s3nSP5UMqd9j4z4HQBOv
BmKDPiwq3Sl329nRooS5ITBM3lBqGSlNYKA3GuFoNrvMaVXAx/tOtgEbf0hsF9N+
vBAOHbwZ8vQ1QVr1Ad+YRxBxI9V+Vn/SdRbrbmgxb2p6oYbr3sI1crEbZwpDPODu
l4lBhNnGL3REJpbTWw9JOYxfZhdAK4Am0cSkB+gBNmfNH73ze4pyTH6k4llyqRVg
3w9I2HnoPCnJZFTAFzeXZ8BF/wxjpPu1tYrBspoomoJEyw==
-----END CERTIFICATE-----