Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/45/57cd56-7bec-40f1-bf72-3d46caf55738/1/N4kdXs6oJ2OgpmlrmSJfyNKzdiQ.roa
File:                     N4kdXs6oJ2OgpmlrmSJfyNKzdiQ.roa (raw, json)
Hash identifier:          4gywf4SeDVtAzz5fsjo6F/Rz+kjvjVxtwZB0jmDDSZU=
Subject key identifier:   37:89:1D:5E:CE:A8:27:63:A0:A6:69:6B:99:22:5F:C8:D2:B3:76:24
Certificate issuer:       /CN=550d4c571d8bfbfdd8fa3a170f99fb3afab411d1
Certificate serial:       0194244570819C08C699FD895230325C5939
Authority key identifier: 55:0D:4C:57:1D:8B:FB:FD:D8:FA:3A:17:0F:99:FB:3A:FA:B4:11:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VQ1MVx2L-_3Y-joXD5n7Ovq0EdE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/45/57cd56-7bec-40f1-bf72-3d46caf55738/1/N4kdXs6oJ2OgpmlrmSJfyNKzdiQ.roa
Signing time:             Wed 01 Jan 2025 23:48:38 +0000
ROA not before:           Wed 01 Jan 2025 23:48:38 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     209271
IP address blocks:        176.119.220.0/24 maxlen: 24
                          2a0a:ac0::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/45/57cd56-7bec-40f1-bf72-3d46caf55738/1/VQ1MVx2L-_3Y-joXD5n7Ovq0EdE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/45/57cd56-7bec-40f1-bf72-3d46caf55738/1/VQ1MVx2L-_3Y-joXD5n7Ovq0EdE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VQ1MVx2L-_3Y-joXD5n7Ovq0EdE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 23 Apr 2025 04:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:45:70:81:9c:08:c6:99:fd:89:52:30:32:5c:59:39
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=550d4c571d8bfbfdd8fa3a170f99fb3afab411d1
        Validity
            Not Before: Jan  1 23:48:38 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=37891d5ecea82763a0a6696b99225fc8d2b37624
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:ff:af:1d:56:bd:3e:8d:6e:af:fd:a5:c1:86:
                    f0:45:d4:61:5c:9f:ac:3a:d4:7f:21:14:e1:10:9b:
                    f0:56:12:3a:f1:10:dd:29:02:66:57:0a:b6:72:53:
                    b2:4e:0a:79:b7:fd:63:f1:c5:97:93:95:cb:ad:77:
                    02:9e:69:85:c1:3e:32:78:29:c7:3c:a8:7f:e9:ff:
                    cb:6d:d0:2a:c4:a7:04:fc:51:44:62:8a:81:ff:1a:
                    b1:fa:5c:f8:9b:61:d4:79:0d:66:04:4b:a2:40:a2:
                    0e:34:ae:d7:7b:68:8a:2d:01:8e:11:02:92:79:e7:
                    83:40:d7:f3:95:13:ca:04:d8:cf:bd:77:a2:dd:e3:
                    cb:a9:0f:d6:91:b6:32:ad:8f:6a:19:54:fc:19:51:
                    a3:66:27:58:ea:cd:d6:8c:64:3d:be:74:8a:e3:73:
                    2d:31:fb:38:04:49:4e:ec:8b:5c:9a:e8:e8:29:79:
                    2e:3a:a5:73:b8:86:28:22:44:34:a6:00:b6:95:26:
                    78:24:f5:f9:81:65:ea:0e:92:7a:f9:4f:29:de:de:
                    c8:29:39:f0:a8:34:62:32:69:34:03:97:49:cc:ba:
                    8f:0f:bf:95:a9:11:dc:cf:d8:a6:28:5b:30:00:f2:
                    a3:3d:3f:4f:57:28:e9:6f:aa:eb:0d:4d:d4:6d:97:
                    84:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                37:89:1D:5E:CE:A8:27:63:A0:A6:69:6B:99:22:5F:C8:D2:B3:76:24
            X509v3 Authority Key Identifier:
                keyid:55:0D:4C:57:1D:8B:FB:FD:D8:FA:3A:17:0F:99:FB:3A:FA:B4:11:D1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VQ1MVx2L-_3Y-joXD5n7Ovq0EdE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/45/57cd56-7bec-40f1-bf72-3d46caf55738/1/N4kdXs6oJ2OgpmlrmSJfyNKzdiQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/45/57cd56-7bec-40f1-bf72-3d46caf55738/1/VQ1MVx2L-_3Y-joXD5n7Ovq0EdE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.119.220.0/24
                IPv6:
                  2a0a:ac0::/29

    Signature Algorithm: sha256WithRSAEncryption
         ad:4d:54:0a:28:c2:88:56:fa:cd:92:d7:6e:28:fc:e6:f0:93:
         33:36:98:c0:a5:20:43:28:8d:7e:f6:8d:69:f1:8b:8b:97:01:
         74:1c:63:21:de:86:58:46:0c:32:26:96:5b:11:cc:e5:99:4e:
         db:19:c8:89:75:a3:e7:b7:52:c3:3b:61:c9:1d:99:5e:ba:41:
         a4:5e:4e:3e:31:29:cd:f8:3d:ff:31:29:dd:07:9e:ba:cd:01:
         f7:ab:6b:2a:49:eb:a3:0e:81:3e:ba:dc:ca:5d:5b:25:f3:e3:
         d2:9f:12:ab:7f:59:b2:78:70:94:6e:af:0b:2b:48:04:52:51:
         41:5c:a2:82:3f:33:b5:dd:26:bb:27:f6:b6:14:2f:cb:74:33:
         a1:33:74:c6:e4:fa:8f:0d:e4:c1:85:6a:47:f2:97:9b:6d:7d:
         6c:3c:ca:42:f3:86:4a:04:f5:86:60:f0:d1:17:d9:ce:94:e8:
         0a:2b:79:9c:3b:f9:90:7d:95:e3:42:3d:99:e2:b0:80:a2:e7:
         64:70:eb:d9:7c:9f:0e:b1:a2:60:9a:0a:4a:d5:17:e1:9e:c0:
         90:a2:69:45:13:d8:f8:a7:ed:9d:ec:9d:84:20:db:2f:5b:c0:
         b1:72:fb:f8:37:42:27:58:ba:6d:0e:ad:67:d7:08:19:63:3a:
         9a:c5:94:c0
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQkRXCBnAjGmf2JUjAyXFk5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU1MGQ0YzU3MWQ4YmZiZmRkOGZhM2ExNzBmOTlmYjNhZmFi
NDExZDEwHhcNMjUwMTAxMjM0ODM4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNzg5MWQ1ZWNlYTgyNzYzYTBhNjY5NmI5OTIyNWZjOGQyYjM3NjI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApv+vHVa9Po1ur/2lwYbwRdRhXJ+s
OtR/IRThEJvwVhI68RDdKQJmVwq2clOyTgp5t/1j8cWXk5XLrXcCnmmFwT4yeCnH
PKh/6f/LbdAqxKcE/FFEYoqB/xqx+lz4m2HUeQ1mBEuiQKIONK7Xe2iKLQGOEQKS
eeeDQNfzlRPKBNjPvXei3ePLqQ/WkbYyrY9qGVT8GVGjZidY6s3WjGQ9vnSK43Mt
Mfs4BElO7ItcmujoKXkuOqVzuIYoIkQ0pgC2lSZ4JPX5gWXqDpJ6+U8p3t7IKTnw
qDRiMmk0A5dJzLqPD7+VqRHcz9imKFswAPKjPT9PVyjpb6rrDU3UbZeE1QIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFDeJHV7OqCdjoKZpa5kiX8jSs3YkMB8GA1UdIwQY
MBaAFFUNTFcdi/v92Po6Fw+Z+zr6tBHRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVlExTVZ4MkwtXzNZLWpvWEQ1bjdPdnEwRWRFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80NS81N2NkNTYtN2JlYy00MGYxLWJmNzIt
M2Q0NmNhZjU1NzM4LzEvTjRrZFhzNm9KMk9ncG1scm1TSmZ5Tkt6ZGlRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80NS81N2NkNTYtN2JlYy00MGYxLWJmNzItM2Q0NmNhZjU1NzM4
LzEvVlExTVZ4MkwtXzNZLWpvWEQ1bjdPdnEwRWRFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAsHfcMA0E
AgACMAcDBQMqCgrAMA0GCSqGSIb3DQEBCwUAA4IBAQCtTVQKKMKIVvrNktduKPzm
8JMzNpjApSBDKI1+9o1p8YuLlwF0HGMh3oZYRgwyJpZbEczlmU7bGciJdaPnt1LD
O2HJHZleukGkXk4+MSnN+D3/MSndB566zQH3q2sqSeujDoE+utzKXVsl8+PSnxKr
f1myeHCUbq8LK0gEUlFBXKKCPzO13Sa7J/a2FC/LdDOhM3TG5PqPDeTBhWpH8peb
bX1sPMpC84ZKBPWGYPDRF9nOlOgKK3mcO/mQfZXjQj2Z4rCAoudkcOvZfJ8OsaJg
mgpK1RfhnsCQomlFE9j4p+2d7J2EINsvW8Cxcvv4N0InWLptDq1n1wgZYzqaxZTA
-----END CERTIFICATE-----