Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4a/8b1fac-5a21-4848-a66a-10bb4579d528/1/ydOhopDpEgxJrzwZy5o2ywKpW8w.roa
File:                     ydOhopDpEgxJrzwZy5o2ywKpW8w.roa (raw, json)
Hash identifier:          cGNA9jtDwM6OD4vlqV4K4uD26uy/JQnhTPG3oY/YMmA=
Subject key identifier:   C9:D3:A1:A2:90:E9:12:0C:49:AF:3C:19:CB:9A:36:CB:02:A9:5B:CC
Certificate issuer:       /CN=0a7327805df20fb5c1d6f4e89074743caeb24af7
Certificate serial:       019422FB5C45AF5DCA43BC9D51A30D7A8A8A
Authority key identifier: 0A:73:27:80:5D:F2:0F:B5:C1:D6:F4:E8:90:74:74:3C:AE:B2:4A:F7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CnMngF3yD7XB1vTokHR0PK6ySvc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4a/8b1fac-5a21-4848-a66a-10bb4579d528/1/ydOhopDpEgxJrzwZy5o2ywKpW8w.roa
Signing time:             Wed 01 Jan 2025 17:48:05 +0000
ROA not before:           Wed 01 Jan 2025 17:48:05 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     216136
IP address blocks:        194.31.134.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4a/8b1fac-5a21-4848-a66a-10bb4579d528/1/CnMngF3yD7XB1vTokHR0PK6ySvc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4a/8b1fac-5a21-4848-a66a-10bb4579d528/1/CnMngF3yD7XB1vTokHR0PK6ySvc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CnMngF3yD7XB1vTokHR0PK6ySvc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 02:01:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:fb:5c:45:af:5d:ca:43:bc:9d:51:a3:0d:7a:8a:8a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0a7327805df20fb5c1d6f4e89074743caeb24af7
        Validity
            Not Before: Jan  1 17:48:05 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c9d3a1a290e9120c49af3c19cb9a36cb02a95bcc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:e3:05:6a:01:3f:67:0d:60:fc:48:cd:1e:c9:
                    18:09:94:ba:8d:e9:23:f0:54:34:64:bd:8a:eb:c6:
                    89:3f:af:77:8d:26:28:04:e2:db:36:a0:a8:55:8c:
                    04:0d:74:c1:54:3f:49:80:87:35:1d:f6:ef:47:17:
                    f8:93:b8:4f:c2:e1:77:c3:61:8f:c5:dd:fb:16:8c:
                    91:3e:93:3b:79:e7:be:4f:57:d0:0e:a3:a9:c3:cf:
                    49:9a:31:84:dd:ad:da:e0:38:7f:1a:f4:0d:34:90:
                    77:4c:7d:87:5b:9a:27:1f:6e:e9:bd:c8:d2:12:f2:
                    a0:d4:86:07:06:43:5f:45:55:d2:13:81:97:eb:8b:
                    ac:0a:c6:0b:62:9d:ab:4b:1e:a1:5d:1d:1f:70:80:
                    1f:0f:2a:be:f9:d8:c6:0c:03:7d:32:e9:07:f0:cf:
                    82:2b:34:c2:b6:fb:37:10:de:cf:95:f4:9e:65:4a:
                    6b:0a:1a:16:46:cf:d0:48:cd:ed:4d:2d:a0:71:db:
                    92:41:fd:c7:c5:ed:94:f5:f3:98:d7:3f:9b:a9:fd:
                    df:4a:d7:9b:c3:6a:7a:11:d4:0c:dc:b8:5d:b6:87:
                    c2:00:2b:94:6c:92:45:f1:53:e5:20:ab:ea:5a:0e:
                    49:7a:1f:da:ad:25:a4:a8:f5:74:0e:16:68:1f:9d:
                    77:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C9:D3:A1:A2:90:E9:12:0C:49:AF:3C:19:CB:9A:36:CB:02:A9:5B:CC
            X509v3 Authority Key Identifier:
                keyid:0A:73:27:80:5D:F2:0F:B5:C1:D6:F4:E8:90:74:74:3C:AE:B2:4A:F7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CnMngF3yD7XB1vTokHR0PK6ySvc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4a/8b1fac-5a21-4848-a66a-10bb4579d528/1/ydOhopDpEgxJrzwZy5o2ywKpW8w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4a/8b1fac-5a21-4848-a66a-10bb4579d528/1/CnMngF3yD7XB1vTokHR0PK6ySvc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.31.134.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b6:1c:46:24:29:dd:9a:3d:50:b2:98:c9:6b:4a:d8:93:9a:15:
         8b:a5:b6:62:48:07:0c:fe:42:bf:88:5d:1e:a1:7b:35:b8:cf:
         bf:57:7f:9f:88:bf:24:1e:19:51:be:5e:f4:25:d8:16:2d:fc:
         6b:02:77:9f:37:e5:2d:85:f1:95:be:91:d9:f3:5a:93:28:79:
         2a:b3:43:92:5f:db:2a:8b:1d:f8:16:ff:49:9c:cb:fd:74:8e:
         6f:31:a7:2c:1f:69:77:81:cb:9d:df:44:bf:9c:c7:a7:97:ee:
         48:e4:02:43:32:89:f7:17:2a:47:10:b2:6c:d3:b0:85:15:0b:
         d5:cd:d5:74:1d:20:fa:e4:1a:f2:92:d8:69:b4:a5:35:f8:b0:
         2f:ca:22:cb:ab:38:9c:b1:93:48:28:13:b2:9c:4c:36:3d:0d:
         88:05:17:8c:0b:56:c1:66:c7:67:3a:e8:46:42:20:36:dc:eb:
         cb:75:f3:0c:e6:bb:a8:49:ac:ef:e3:10:6f:98:9f:22:bf:67:
         9f:34:7d:78:71:e4:25:92:ab:24:f1:53:90:1b:c2:51:79:21:
         e4:9c:bb:04:c7:79:70:1e:1f:a3:19:fd:7a:14:f9:7f:86:83:
         76:28:1d:b7:5c:d7:72:55:31:20:46:8f:63:ce:43:c7:0a:45:
         8d:c9:a6:6a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQi+1xFr13KQ7ydUaMNeoqKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBhNzMyNzgwNWRmMjBmYjVjMWQ2ZjRlODkwNzQ3NDNjYWVi
MjRhZjcwHhcNMjUwMTAxMTc0ODA1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjOWQzYTFhMjkwZTkxMjBjNDlhZjNjMTljYjlhMzZjYjAyYTk1YmNjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAseMFagE/Zw1g/EjNHskYCZS6jekj
8FQ0ZL2K68aJP693jSYoBOLbNqCoVYwEDXTBVD9JgIc1HfbvRxf4k7hPwuF3w2GP
xd37FoyRPpM7eee+T1fQDqOpw89JmjGE3a3a4Dh/GvQNNJB3TH2HW5onH27pvcjS
EvKg1IYHBkNfRVXSE4GX64usCsYLYp2rSx6hXR0fcIAfDyq++djGDAN9MukH8M+C
KzTCtvs3EN7PlfSeZUprChoWRs/QSM3tTS2gcduSQf3Hxe2U9fOY1z+bqf3fSteb
w2p6EdQM3LhdtofCACuUbJJF8VPlIKvqWg5Jeh/arSWkqPV0DhZoH513GQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMnToaKQ6RIMSa88GcuaNssCqVvMMB8GA1UdIwQY
MBaAFApzJ4Bd8g+1wdb06JB0dDyuskr3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ25NbmdGM3lEN1hCMXZUb2tIUjBQSzZ5U3ZjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80YS84YjFmYWMtNWEyMS00ODQ4LWE2NmEt
MTBiYjQ1NzlkNTI4LzEveWRPaG9wRHBFZ3hKcnp3Wnk1bzJ5d0twVzh3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80YS84YjFmYWMtNWEyMS00ODQ4LWE2NmEtMTBiYjQ1NzlkNTI4
LzEvQ25NbmdGM3lEN1hCMXZUb2tIUjBQSzZ5U3ZjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwh+GMA0G
CSqGSIb3DQEBCwUAA4IBAQC2HEYkKd2aPVCymMlrStiTmhWLpbZiSAcM/kK/iF0e
oXs1uM+/V3+fiL8kHhlRvl70JdgWLfxrAnefN+UthfGVvpHZ81qTKHkqs0OSX9sq
ix34Fv9JnMv9dI5vMacsH2l3gcud30S/nMenl+5I5AJDMon3FypHELJs07CFFQvV
zdV0HSD65BrykthptKU1+LAvyiLLqzicsZNIKBOynEw2PQ2IBReMC1bBZsdnOuhG
QiA23OvLdfMM5ruoSazv4xBvmJ8iv2efNH14ceQlkqsk8VOQG8JReSHknLsEx3lw
Hh+jGf16FPl/hoN2KB23XNdyVTEgRo9jzkPHCkWNyaZq
-----END CERTIFICATE-----