Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/44/55eb96-f121-4cf4-ac94-8477b6638f31/1/qHgPIcF0pz9j4TEEkIAHX7Dd0Xs.roa
File:                     qHgPIcF0pz9j4TEEkIAHX7Dd0Xs.roa (raw, json)
Hash identifier:          +F3TXNG5tHAq0c+WeS6vtqr5NrxVAYlw9IQBeKyvga0=
Subject key identifier:   A8:78:0F:21:C1:74:A7:3F:63:E1:31:04:90:80:07:5F:B0:DD:D1:7B
Certificate issuer:       /CN=d0012bf8f572484a6f6068562ca9919c6da5446f
Certificate serial:       01942067E7F27458969237B390B7F7B6B656
Authority key identifier: D0:01:2B:F8:F5:72:48:4A:6F:60:68:56:2C:A9:91:9C:6D:A5:44:6F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0AEr-PVySEpvYGhWLKmRnG2lRG8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/44/55eb96-f121-4cf4-ac94-8477b6638f31/1/qHgPIcF0pz9j4TEEkIAHX7Dd0Xs.roa
Signing time:             Wed 01 Jan 2025 05:47:48 +0000
ROA not before:           Wed 01 Jan 2025 05:47:48 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     12329
IP address blocks:        194.24.230.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/44/55eb96-f121-4cf4-ac94-8477b6638f31/1/0AEr-PVySEpvYGhWLKmRnG2lRG8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/44/55eb96-f121-4cf4-ac94-8477b6638f31/1/0AEr-PVySEpvYGhWLKmRnG2lRG8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0AEr-PVySEpvYGhWLKmRnG2lRG8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 09 Apr 2025 07:00:57 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:67:e7:f2:74:58:96:92:37:b3:90:b7:f7:b6:b6:56
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d0012bf8f572484a6f6068562ca9919c6da5446f
        Validity
            Not Before: Jan  1 05:47:48 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a8780f21c174a73f63e131049080075fb0ddd17b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:74:14:86:c8:34:63:fd:cc:20:41:80:fc:7d:
                    d7:e0:3f:2c:8c:86:f4:bf:ed:f9:11:e7:f4:98:8b:
                    17:b3:e7:bb:7d:ea:72:05:c7:50:af:6c:f0:d4:5e:
                    c9:40:93:17:47:f4:fb:c4:c2:00:87:71:2e:48:58:
                    ec:97:99:9a:84:a9:b8:13:89:c2:6f:48:8d:e7:f3:
                    29:e7:04:60:cc:dc:d7:69:9c:4d:c2:4b:3f:f7:fa:
                    e6:b9:08:c4:a4:f9:f4:3e:65:d5:8b:35:88:39:c0:
                    10:1f:6a:54:5e:03:d3:b2:38:8d:0f:95:3d:81:54:
                    1f:e4:01:3d:f8:a3:98:86:80:17:62:d9:89:3e:b5:
                    e1:9e:1f:54:b2:65:b5:23:1b:79:3c:6a:32:59:e6:
                    9a:a0:7c:5b:e7:d9:92:5e:dd:22:f9:a9:5d:36:5a:
                    26:f7:9c:81:95:49:85:4d:ac:22:a4:0b:32:da:ad:
                    18:5f:fb:c7:b0:45:04:42:62:c4:f6:03:c6:a2:01:
                    7b:e7:d0:05:48:51:40:b5:f1:13:77:6c:04:78:8a:
                    e5:85:98:17:db:4b:97:1f:50:b2:0d:df:ec:74:b3:
                    e2:c5:75:ed:e6:38:c3:67:a7:6f:09:88:72:f6:f8:
                    0a:1e:55:e4:53:fb:10:01:86:c7:bc:08:ea:a5:06:
                    76:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A8:78:0F:21:C1:74:A7:3F:63:E1:31:04:90:80:07:5F:B0:DD:D1:7B
            X509v3 Authority Key Identifier:
                keyid:D0:01:2B:F8:F5:72:48:4A:6F:60:68:56:2C:A9:91:9C:6D:A5:44:6F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0AEr-PVySEpvYGhWLKmRnG2lRG8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/44/55eb96-f121-4cf4-ac94-8477b6638f31/1/qHgPIcF0pz9j4TEEkIAHX7Dd0Xs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/44/55eb96-f121-4cf4-ac94-8477b6638f31/1/0AEr-PVySEpvYGhWLKmRnG2lRG8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.24.230.0/24

    Signature Algorithm: sha256WithRSAEncryption
         cb:20:22:2f:b1:1c:30:af:67:72:95:ae:78:ff:97:b2:1c:6c:
         97:55:4f:f2:c1:7a:07:c4:b9:95:02:48:05:4b:bc:f6:3f:55:
         db:e5:b0:e3:3a:be:fc:7d:30:85:e1:4d:ec:13:79:71:7b:69:
         c2:22:6a:48:d5:d5:37:70:e4:2f:20:31:aa:67:01:bc:21:d7:
         d4:71:9c:e0:64:49:68:3f:15:25:77:9c:43:27:28:66:d2:e1:
         25:ba:1c:1d:d3:fe:87:0b:66:ea:d8:f0:d3:0c:00:65:9c:df:
         b5:0c:00:b5:51:51:ed:57:44:95:69:60:b4:8d:61:db:2f:73:
         6b:aa:80:16:db:a8:c9:d8:8b:0a:50:2f:eb:84:df:4e:ac:50:
         2a:3c:82:2d:28:88:ff:30:c1:42:9a:9a:96:83:66:ef:d3:02:
         63:8e:15:7a:56:97:3d:53:e9:c1:dd:78:e1:43:86:ac:5c:52:
         6f:78:92:33:82:e5:cf:68:eb:ba:7f:87:a8:15:f2:b0:61:1f:
         73:96:1a:bd:c5:d2:c7:5d:73:90:e7:9d:8e:18:06:93:ff:2f:
         25:ea:4e:f5:29:fd:3e:4a:a6:a8:55:f7:a4:b1:63:84:ba:be:
         83:e6:da:5b:6c:64:9f:8d:64:4e:1c:3e:45:80:d5:93:45:73:
         88:bd:31:0a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQgZ+fydFiWkjezkLf3trZWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQwMDEyYmY4ZjU3MjQ4NGE2ZjYwNjg1NjJjYTk5MTljNmRh
NTQ0NmYwHhcNMjUwMTAxMDU0NzQ4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhODc4MGYyMWMxNzRhNzNmNjNlMTMxMDQ5MDgwMDc1ZmIwZGRkMTdiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvHQUhsg0Y/3MIEGA/H3X4D8sjIb0
v+35Eef0mIsXs+e7fepyBcdQr2zw1F7JQJMXR/T7xMIAh3EuSFjsl5mahKm4E4nC
b0iN5/Mp5wRgzNzXaZxNwks/9/rmuQjEpPn0PmXVizWIOcAQH2pUXgPTsjiND5U9
gVQf5AE9+KOYhoAXYtmJPrXhnh9UsmW1Ixt5PGoyWeaaoHxb59mSXt0i+aldNlom
95yBlUmFTawipAsy2q0YX/vHsEUEQmLE9gPGogF759AFSFFAtfETd2wEeIrlhZgX
20uXH1CyDd/sdLPixXXt5jjDZ6dvCYhy9vgKHlXkU/sQAYbHvAjqpQZ27wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKh4DyHBdKc/Y+ExBJCAB1+w3dF7MB8GA1UdIwQY
MBaAFNABK/j1ckhKb2BoViypkZxtpURvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMEFFci1QVnlTRXB2WUdoV0xLbVJuRzJsUkc4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80NC81NWViOTYtZjEyMS00Y2Y0LWFjOTQt
ODQ3N2I2NjM4ZjMxLzEvcUhnUEljRjBwejlqNFRFRWtJQUhYN0RkMFhzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80NC81NWViOTYtZjEyMS00Y2Y0LWFjOTQtODQ3N2I2NjM4ZjMx
LzEvMEFFci1QVnlTRXB2WUdoV0xLbVJuRzJsUkc4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwhjmMA0G
CSqGSIb3DQEBCwUAA4IBAQDLICIvsRwwr2dyla54/5eyHGyXVU/ywXoHxLmVAkgF
S7z2P1Xb5bDjOr78fTCF4U3sE3lxe2nCImpI1dU3cOQvIDGqZwG8IdfUcZzgZElo
PxUld5xDJyhm0uEluhwd0/6HC2bq2PDTDABlnN+1DAC1UVHtV0SVaWC0jWHbL3Nr
qoAW26jJ2IsKUC/rhN9OrFAqPIItKIj/MMFCmpqWg2bv0wJjjhV6Vpc9U+nB3Xjh
Q4asXFJveJIzguXPaOu6f4eoFfKwYR9zlhq9xdLHXXOQ552OGAaT/y8l6k71Kf0+
SqaoVfeksWOEur6D5tpbbGSfjWROHD5FgNWTRXOIvTEK
-----END CERTIFICATE-----