Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/48/6b22e6-352f-4e88-827b-d78d5631d7f6/1/pygxQHbvGZKVLzuvUJnRE055Ymk.roa
File:                     pygxQHbvGZKVLzuvUJnRE055Ymk.roa (raw, json)
Hash identifier:          jTpMpBKEIx8o2FyniDrKdnhuTZAZvNKL8hZwfmfGnMs=
Subject key identifier:   A7:28:31:40:76:EF:19:92:95:2F:3B:AF:50:99:D1:13:4E:79:62:69
Certificate issuer:       /CN=9868a1992bb8037dde81d0c8cdc0695fcee17c27
Certificate serial:       0194236A49D051C8DF13B903D2E5AFD40C69
Authority key identifier: 98:68:A1:99:2B:B8:03:7D:DE:81:D0:C8:CD:C0:69:5F:CE:E1:7C:27
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mGihmSu4A33egdDIzcBpX87hfCc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/48/6b22e6-352f-4e88-827b-d78d5631d7f6/1/pygxQHbvGZKVLzuvUJnRE055Ymk.roa
Signing time:             Wed 01 Jan 2025 19:49:15 +0000
ROA not before:           Wed 01 Jan 2025 19:49:15 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     209854
IP address blocks:        94.154.124.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/48/6b22e6-352f-4e88-827b-d78d5631d7f6/1/mGihmSu4A33egdDIzcBpX87hfCc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/48/6b22e6-352f-4e88-827b-d78d5631d7f6/1/mGihmSu4A33egdDIzcBpX87hfCc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/mGihmSu4A33egdDIzcBpX87hfCc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 13:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:6a:49:d0:51:c8:df:13:b9:03:d2:e5:af:d4:0c:69
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9868a1992bb8037dde81d0c8cdc0695fcee17c27
        Validity
            Not Before: Jan  1 19:49:15 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a728314076ef1992952f3baf5099d1134e796269
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:ce:36:cc:05:a7:01:dd:64:f7:da:0d:c8:a0:
                    72:f4:7f:5a:51:46:34:24:2e:1a:7e:33:11:c9:c5:
                    85:29:63:b7:e4:d9:9b:34:07:93:f6:b0:dc:6f:88:
                    e5:40:2d:3f:8a:30:3f:96:72:38:8b:f6:b0:7d:df:
                    95:be:e8:63:8c:52:d8:0b:b8:21:e1:9d:d1:7d:b8:
                    ee:47:65:84:e5:3b:de:b5:1e:24:ae:ea:4f:85:c2:
                    b2:ce:50:7f:c6:11:06:66:03:dc:1b:ed:8f:ab:7e:
                    96:e4:47:a6:87:da:57:5d:04:b5:bf:96:5d:dc:dd:
                    5e:e5:88:62:91:bc:d9:d2:e9:e9:42:9f:2d:cc:e5:
                    4f:55:54:07:2c:e3:a9:cb:7c:93:a3:0c:08:a0:16:
                    5d:b9:c8:81:c7:92:d7:68:0a:72:70:e7:30:3c:8f:
                    88:07:4c:51:d7:75:aa:9e:c7:f0:fb:8b:79:a1:88:
                    fa:dc:8b:4d:16:6b:ea:fa:00:dc:e2:08:76:0d:64:
                    24:40:0b:01:8e:65:c5:bb:86:16:27:95:e4:36:e1:
                    d7:fc:a8:6d:95:9a:54:73:83:d0:b5:e4:70:21:b6:
                    3c:07:c2:68:71:92:ef:4a:e0:12:e3:29:93:cb:37:
                    de:70:6a:bf:9b:47:3a:c9:ae:13:c2:31:bb:23:3b:
                    14:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A7:28:31:40:76:EF:19:92:95:2F:3B:AF:50:99:D1:13:4E:79:62:69
            X509v3 Authority Key Identifier:
                keyid:98:68:A1:99:2B:B8:03:7D:DE:81:D0:C8:CD:C0:69:5F:CE:E1:7C:27

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mGihmSu4A33egdDIzcBpX87hfCc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/48/6b22e6-352f-4e88-827b-d78d5631d7f6/1/pygxQHbvGZKVLzuvUJnRE055Ymk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/48/6b22e6-352f-4e88-827b-d78d5631d7f6/1/mGihmSu4A33egdDIzcBpX87hfCc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.154.124.0/24

    Signature Algorithm: sha256WithRSAEncryption
         cc:33:56:0d:89:9e:69:bf:8b:95:6a:e2:45:e7:20:4b:13:10:
         53:2c:41:11:63:11:27:63:11:b5:19:aa:7b:6f:ac:02:50:ed:
         d4:f6:6f:af:47:2b:05:70:d1:8e:0e:31:21:e2:c4:ce:b1:73:
         85:6d:63:cb:2f:78:2a:e6:c7:db:2b:03:14:6f:79:b4:69:fe:
         c7:49:14:69:d0:0a:f0:32:85:29:f6:15:50:7f:d6:94:e1:28:
         44:cb:cf:80:e1:b7:ec:86:70:00:41:ac:79:f6:2b:b3:ac:da:
         fb:ba:48:2a:bb:2f:c0:95:b3:f5:7d:3b:b6:45:e0:d0:c1:13:
         37:74:24:8a:8c:93:8d:b0:b7:47:1d:68:91:51:1a:10:a5:93:
         28:1f:2f:19:bc:47:0d:fe:f4:86:fa:17:a8:44:f6:da:3d:34:
         ef:e8:75:ae:fa:b7:54:75:5d:dd:01:52:67:dd:c6:53:87:37:
         1f:eb:17:9c:80:5b:8a:a8:25:69:d1:94:8e:cb:91:ae:20:72:
         2b:f8:51:2e:04:84:bd:12:3e:cf:ef:3c:e3:9c:2c:3d:17:9f:
         d5:6f:75:29:1f:c2:d9:47:7f:eb:e4:d9:2e:e2:49:02:d5:2b:
         45:21:45:77:92:72:e3:6b:b6:c8:a6:d5:09:91:ea:42:e7:ae:
         7f:95:18:e1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQjaknQUcjfE7kD0uWv1AxpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk4NjhhMTk5MmJiODAzN2RkZTgxZDBjOGNkYzA2OTVmY2Vl
MTdjMjcwHhcNMjUwMTAxMTk0OTE1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNzI4MzE0MDc2ZWYxOTkyOTUyZjNiYWY1MDk5ZDExMzRlNzk2MjY5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0c42zAWnAd1k99oNyKBy9H9aUUY0
JC4afjMRycWFKWO35NmbNAeT9rDcb4jlQC0/ijA/lnI4i/awfd+VvuhjjFLYC7gh
4Z3RfbjuR2WE5TvetR4krupPhcKyzlB/xhEGZgPcG+2Pq36W5Eemh9pXXQS1v5Zd
3N1e5YhikbzZ0unpQp8tzOVPVVQHLOOpy3yTowwIoBZduciBx5LXaApycOcwPI+I
B0xR13Wqnsfw+4t5oYj63ItNFmvq+gDc4gh2DWQkQAsBjmXFu4YWJ5XkNuHX/Kht
lZpUc4PQteRwIbY8B8JocZLvSuAS4ymTyzfecGq/m0c6ya4TwjG7IzsUYwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKcoMUB27xmSlS87r1CZ0RNOeWJpMB8GA1UdIwQY
MBaAFJhooZkruAN93oHQyM3AaV/O4XwnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbUdpaG1TdTRBMzNlZ2RESXpjQnBYODdoZkNjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80OC82YjIyZTYtMzUyZi00ZTg4LTgyN2It
ZDc4ZDU2MzFkN2Y2LzEvcHlneFFIYnZHWktWTHp1dlVKblJFMDU1WW1rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80OC82YjIyZTYtMzUyZi00ZTg4LTgyN2ItZDc4ZDU2MzFkN2Y2
LzEvbUdpaG1TdTRBMzNlZ2RESXpjQnBYODdoZkNjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXpp8MA0G
CSqGSIb3DQEBCwUAA4IBAQDMM1YNiZ5pv4uVauJF5yBLExBTLEERYxEnYxG1Gap7
b6wCUO3U9m+vRysFcNGODjEh4sTOsXOFbWPLL3gq5sfbKwMUb3m0af7HSRRp0Arw
MoUp9hVQf9aU4ShEy8+A4bfshnAAQax59iuzrNr7ukgquy/AlbP1fTu2ReDQwRM3
dCSKjJONsLdHHWiRURoQpZMoHy8ZvEcN/vSG+heoRPbaPTTv6HWu+rdUdV3dAVJn
3cZThzcf6xecgFuKqCVp0ZSOy5GuIHIr+FEuBIS9Ej7P7zzjnCw9F5/Vb3UpH8LZ
R3/r5Nku4kkC1StFIUV3knLja7bIptUJkepC565/lRjh
-----END CERTIFICATE-----