Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/44/319d7c-7e76-4308-bc00-be5832d5f7aa/1/n7V7OXaDS-XvJc4UQc5MPqTFYmY.roa
File:                     n7V7OXaDS-XvJc4UQc5MPqTFYmY.roa (raw, json)
Hash identifier:          0QBDYhcEfGTqjEJgSs+TOY3XMDZsBCVa117v4v2Y4iI=
Subject key identifier:   9F:B5:7B:39:76:83:4B:E5:EF:25:CE:14:41:CE:4C:3E:A4:C5:62:66
Certificate issuer:       /CN=fb987244611b5230536744b6a89f044f32f462ea
Certificate serial:       0194266BF10B46B15EC0028D32C958427B04
Authority key identifier: FB:98:72:44:61:1B:52:30:53:67:44:B6:A8:9F:04:4F:32:F4:62:EA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-5hyRGEbUjBTZ0S2qJ8ETzL0Yuo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/44/319d7c-7e76-4308-bc00-be5832d5f7aa/1/n7V7OXaDS-XvJc4UQc5MPqTFYmY.roa
Signing time:             Thu 02 Jan 2025 09:49:55 +0000
ROA not before:           Thu 02 Jan 2025 09:49:55 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     15995
IP address blocks:        194.176.58.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/44/319d7c-7e76-4308-bc00-be5832d5f7aa/1/1-5hyRGEbUjBTZ0S2qJ8ETzL0Yuo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/44/319d7c-7e76-4308-bc00-be5832d5f7aa/1/1-5hyRGEbUjBTZ0S2qJ8ETzL0Yuo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-5hyRGEbUjBTZ0S2qJ8ETzL0Yuo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 01:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:6b:f1:0b:46:b1:5e:c0:02:8d:32:c9:58:42:7b:04
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fb987244611b5230536744b6a89f044f32f462ea
        Validity
            Not Before: Jan  2 09:49:55 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9fb57b3976834be5ef25ce1441ce4c3ea4c56266
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:74:b9:25:50:35:b4:8c:6f:8e:a0:13:8b:2e:
                    cb:58:9d:6f:69:a3:8a:9f:ba:84:ad:06:ae:7d:b3:
                    a1:38:dd:91:09:57:8a:c3:ff:e0:50:3c:d6:6c:01:
                    d7:fa:3d:17:6c:db:ff:6a:b6:07:64:2a:1d:ee:64:
                    eb:96:a8:d8:a6:62:23:c7:ce:a1:b6:4c:ff:d3:47:
                    8d:da:95:01:3b:7f:fc:a6:91:dc:f0:81:af:12:93:
                    c3:ab:4a:db:10:5d:20:98:99:5c:89:c2:09:30:57:
                    5e:96:d4:e2:15:54:11:22:eb:c2:fa:d1:74:28:49:
                    f2:45:5e:23:fb:22:9d:08:ef:a6:3e:dc:7a:b7:3e:
                    14:67:9f:38:43:99:2d:93:4b:7d:86:02:55:59:7c:
                    fe:fc:be:d3:a1:c7:b1:54:fd:9d:51:b6:ac:67:91:
                    bb:96:7a:b6:4f:e5:33:6c:81:9d:55:aa:6b:50:f0:
                    fe:a7:32:a4:21:4e:9b:2b:5e:d2:6b:b1:86:6c:4f:
                    f4:3d:99:38:e8:87:c0:24:58:b3:4b:aa:03:89:61:
                    8d:ea:06:ad:80:dc:e9:0f:8c:93:16:95:91:94:54:
                    af:41:41:e2:af:39:36:d9:5b:19:7d:99:d8:3b:6f:
                    36:0a:5f:2e:36:8b:87:2f:1b:69:1f:76:d2:17:dc:
                    01:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9F:B5:7B:39:76:83:4B:E5:EF:25:CE:14:41:CE:4C:3E:A4:C5:62:66
            X509v3 Authority Key Identifier:
                keyid:FB:98:72:44:61:1B:52:30:53:67:44:B6:A8:9F:04:4F:32:F4:62:EA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-5hyRGEbUjBTZ0S2qJ8ETzL0Yuo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/44/319d7c-7e76-4308-bc00-be5832d5f7aa/1/n7V7OXaDS-XvJc4UQc5MPqTFYmY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/44/319d7c-7e76-4308-bc00-be5832d5f7aa/1/1-5hyRGEbUjBTZ0S2qJ8ETzL0Yuo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.176.58.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5d:f9:7c:2b:32:fb:b5:9b:91:d7:ca:f4:61:ef:50:70:15:bb:
         18:7f:40:08:ed:1a:12:a3:01:24:a3:27:18:f5:c5:fa:b6:54:
         bd:3d:3a:d4:e4:72:07:3e:9f:2c:ff:28:bd:45:50:79:29:39:
         e8:85:44:87:25:61:27:45:3e:e2:27:ab:e6:34:b4:4e:5a:20:
         6d:47:9f:a8:8b:c2:71:b9:bb:ae:62:72:e6:b7:6a:80:31:dd:
         6e:73:4f:10:38:88:f1:ec:12:12:23:f8:3d:79:b3:f7:bb:30:
         12:67:5c:5c:1a:81:d0:38:91:67:90:c1:cb:06:8d:16:06:d9:
         c7:17:96:de:b3:b3:1f:2e:0d:84:1d:09:ca:65:b1:79:fe:40:
         3a:5c:0b:4a:58:60:39:d9:7e:e7:fd:23:a8:8f:69:3b:17:a1:
         29:06:c0:aa:19:16:58:bf:4b:48:7e:5f:1b:11:94:c5:67:57:
         b9:fa:51:e0:ef:12:ea:ea:47:e1:4f:f4:84:0c:2f:04:5a:ec:
         43:0b:16:13:35:07:5f:cc:7f:eb:59:92:27:cd:84:f9:5d:04:
         11:19:77:cc:e5:16:e7:46:40:db:d8:2b:96:dd:eb:c0:88:28:
         96:fa:2b:80:eb:a9:b0:06:60:10:12:38:d4:3c:45:17:23:7e:
         14:4b:5d:46
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZQma/ELRrFewAKNMslYQnsEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZiOTg3MjQ0NjExYjUyMzA1MzY3NDRiNmE4OWYwNDRmMzJm
NDYyZWEwHhcNMjUwMTAyMDk0OTU1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZmI1N2IzOTc2ODM0YmU1ZWYyNWNlMTQ0MWNlNGMzZWE0YzU2MjY2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkHS5JVA1tIxvjqATiy7LWJ1vaaOK
n7qErQaufbOhON2RCVeKw//gUDzWbAHX+j0XbNv/arYHZCod7mTrlqjYpmIjx86h
tkz/00eN2pUBO3/8ppHc8IGvEpPDq0rbEF0gmJlcicIJMFdeltTiFVQRIuvC+tF0
KEnyRV4j+yKdCO+mPtx6tz4UZ584Q5ktk0t9hgJVWXz+/L7TocexVP2dUbasZ5G7
lnq2T+UzbIGdVaprUPD+pzKkIU6bK17Sa7GGbE/0PZk46IfAJFizS6oDiWGN6gat
gNzpD4yTFpWRlFSvQUHirzk22VsZfZnYO282Cl8uNouHLxtpH3bSF9wB0QIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFJ+1ezl2g0vl7yXOFEHOTD6kxWJmMB8GA1UdIwQY
MBaAFPuYckRhG1IwU2dEtqifBE8y9GLqMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS01aHlSR0ViVWpCVFowUzJxSjhFVHpMMFl1by5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNDQvMzE5ZDdjLTdlNzYtNDMwOC1iYzAw
LWJlNTgzMmQ1ZjdhYS8xL243VjdPWGFEUy1YdkpjNFVRYzVNUHFURlltWS5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNDQvMzE5ZDdjLTdlNzYtNDMwOC1iYzAwLWJlNTgzMmQ1Zjdh
YS8xLzEtNWh5UkdFYlVqQlRaMFMycUo4RVR6TDBZdW8uY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBADCsDow
DQYJKoZIhvcNAQELBQADggEBAF35fCsy+7WbkdfK9GHvUHAVuxh/QAjtGhKjASSj
Jxj1xfq2VL09OtTkcgc+nyz/KL1FUHkpOeiFRIclYSdFPuInq+Y0tE5aIG1Hn6iL
wnG5u65icua3aoAx3W5zTxA4iPHsEhIj+D15s/e7MBJnXFwagdA4kWeQwcsGjRYG
2ccXlt6zsx8uDYQdCcplsXn+QDpcC0pYYDnZfuf9I6iPaTsXoSkGwKoZFli/S0h+
XxsRlMVnV7n6UeDvEurqR+FP9IQMLwRa7EMLFhM1B1/Mf+tZkifNhPldBBEZd8zl
FudGQNvYK5bd68CIKJb6K4DrqbAGYBASONQ8RRcjfhRLXUY=
-----END CERTIFICATE-----