Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4a/ba4ad2-f40e-4f4b-a60d-753ab19687d8/1/XaWBl1pdgCEAOtWYlDnABozWGpY.roa
File:                     XaWBl1pdgCEAOtWYlDnABozWGpY.roa (raw, json)
Hash identifier:          NkTYxkGxoFs3l9oUz9ZXBu6um1xVsgaeI44+mBnF24s=
Subject key identifier:   5D:A5:81:97:5A:5D:80:21:00:3A:D5:98:94:39:C0:06:8C:D6:1A:96
Certificate issuer:       /CN=dda5a222acb99ab2398439eded7770a65ee66de6
Certificate serial:       0194274804248BD86AFA0B6E05059174C42F
Authority key identifier: DD:A5:A2:22:AC:B9:9A:B2:39:84:39:ED:ED:77:70:A6:5E:E6:6D:E6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3aWiIqy5mrI5hDnt7Xdwpl7mbeY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4a/ba4ad2-f40e-4f4b-a60d-753ab19687d8/1/XaWBl1pdgCEAOtWYlDnABozWGpY.roa
Signing time:             Thu 02 Jan 2025 13:50:18 +0000
ROA not before:           Thu 02 Jan 2025 13:50:18 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     198298
IP address blocks:        194.33.12.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4a/ba4ad2-f40e-4f4b-a60d-753ab19687d8/1/3aWiIqy5mrI5hDnt7Xdwpl7mbeY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4a/ba4ad2-f40e-4f4b-a60d-753ab19687d8/1/3aWiIqy5mrI5hDnt7Xdwpl7mbeY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3aWiIqy5mrI5hDnt7Xdwpl7mbeY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 10 Apr 2025 23:00:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:48:04:24:8b:d8:6a:fa:0b:6e:05:05:91:74:c4:2f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dda5a222acb99ab2398439eded7770a65ee66de6
        Validity
            Not Before: Jan  2 13:50:18 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5da581975a5d8021003ad5989439c0068cd61a96
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:af:09:d9:13:4a:31:0e:fd:a5:d2:c6:6e:26:
                    2d:02:8b:ff:b5:7a:d2:42:83:98:9b:5c:80:7b:4e:
                    5b:11:77:2a:35:7a:67:a8:b4:f3:12:42:11:2e:2e:
                    de:28:f0:c7:98:9c:b2:d9:63:f4:12:19:64:a8:14:
                    60:60:9e:c4:52:cd:33:7c:f7:45:4c:96:ea:9e:49:
                    46:9c:ae:01:0d:3a:c2:9f:98:74:ff:32:fa:28:ae:
                    24:94:30:63:90:ac:da:9f:50:79:2e:c5:e2:c9:e7:
                    4b:39:7f:0b:98:1c:d2:03:52:dc:0e:3c:f6:a5:9c:
                    59:bc:39:73:36:49:e0:36:ff:f9:f5:61:0d:2d:20:
                    30:e9:b0:2c:49:ed:c7:53:45:26:b6:a4:2d:aa:30:
                    70:f3:18:22:45:76:14:28:95:87:da:20:68:38:c1:
                    08:db:ea:e4:4e:54:b2:c4:d6:08:0c:1e:ab:11:02:
                    6d:99:96:1b:ce:78:f0:6e:cb:d6:4b:10:0b:ae:e2:
                    40:e7:94:14:10:2c:3e:cb:0e:04:32:43:07:40:b0:
                    71:6f:39:86:c3:37:ae:9b:7b:7a:43:d9:45:b6:1d:
                    0d:0a:65:b3:ce:ed:03:d4:a9:ce:46:39:5a:d6:aa:
                    15:55:f4:f2:41:05:0a:03:e7:b1:0e:83:66:16:06:
                    3b:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5D:A5:81:97:5A:5D:80:21:00:3A:D5:98:94:39:C0:06:8C:D6:1A:96
            X509v3 Authority Key Identifier:
                keyid:DD:A5:A2:22:AC:B9:9A:B2:39:84:39:ED:ED:77:70:A6:5E:E6:6D:E6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3aWiIqy5mrI5hDnt7Xdwpl7mbeY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4a/ba4ad2-f40e-4f4b-a60d-753ab19687d8/1/XaWBl1pdgCEAOtWYlDnABozWGpY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4a/ba4ad2-f40e-4f4b-a60d-753ab19687d8/1/3aWiIqy5mrI5hDnt7Xdwpl7mbeY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.33.12.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a3:d8:9d:ed:13:64:e4:3f:c3:fd:45:ea:33:12:69:74:ef:de:
         31:86:cf:ea:22:0f:72:9a:d5:fc:37:6b:83:0a:ef:9a:04:cd:
         fe:58:64:c7:f5:a2:be:ce:40:05:e7:b3:5f:29:d0:83:8b:98:
         60:e5:bb:b9:4e:81:f4:aa:b7:6d:99:6c:8e:dd:b3:ad:d5:6e:
         0e:5b:8d:54:70:ba:3d:b3:da:6a:1c:45:70:c5:37:5c:9c:78:
         15:f4:f4:e9:58:5a:1b:0e:49:69:fd:a6:6c:c2:06:14:43:5e:
         0d:88:73:d5:49:7f:9a:6d:d2:15:06:ce:f0:a7:2f:2b:f9:93:
         03:64:9a:f6:bc:88:75:63:92:60:d6:5e:d3:3a:2b:1b:bd:b6:
         f8:d1:fa:b0:d0:64:f8:37:a6:7d:fd:a6:b2:d8:93:5a:51:01:
         2b:0b:73:d8:d1:84:88:63:25:1c:9a:20:90:5a:a5:13:b8:f0:
         2f:ab:18:38:e5:b7:06:33:c6:b0:70:2e:20:00:03:51:01:b1:
         3b:75:12:22:cc:e8:86:66:cf:39:ca:c3:06:78:99:96:47:50:
         cb:0d:5e:80:b2:50:d0:75:fa:f4:67:fd:6f:de:e2:5a:49:3d:
         4b:87:69:05:5c:2c:d9:74:53:6c:7a:ea:d8:3c:0c:09:df:78:
         50:f2:00:97
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQnSAQki9hq+gtuBQWRdMQvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRkYTVhMjIyYWNiOTlhYjIzOTg0MzllZGVkNzc3MGE2NWVl
NjZkZTYwHhcNMjUwMTAyMTM1MDE4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZGE1ODE5NzVhNWQ4MDIxMDAzYWQ1OTg5NDM5YzAwNjhjZDYxYTk2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAza8J2RNKMQ79pdLGbiYtAov/tXrS
QoOYm1yAe05bEXcqNXpnqLTzEkIRLi7eKPDHmJyy2WP0EhlkqBRgYJ7EUs0zfPdF
TJbqnklGnK4BDTrCn5h0/zL6KK4klDBjkKzan1B5LsXiyedLOX8LmBzSA1LcDjz2
pZxZvDlzNkngNv/59WENLSAw6bAsSe3HU0UmtqQtqjBw8xgiRXYUKJWH2iBoOMEI
2+rkTlSyxNYIDB6rEQJtmZYbznjwbsvWSxALruJA55QUECw+yw4EMkMHQLBxbzmG
wzeum3t6Q9lFth0NCmWzzu0D1KnORjla1qoVVfTyQQUKA+exDoNmFgY74QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFF2lgZdaXYAhADrVmJQ5wAaM1hqWMB8GA1UdIwQY
MBaAFN2loiKsuZqyOYQ57e13cKZe5m3mMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM2FXaUlxeTVtckk1aERudDdYZHdwbDdtYmVZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80YS9iYTRhZDItZjQwZS00ZjRiLWE2MGQt
NzUzYWIxOTY4N2Q4LzEvWGFXQmwxcGRnQ0VBT3RXWWxEbkFCb3pXR3BZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80YS9iYTRhZDItZjQwZS00ZjRiLWE2MGQtNzUzYWIxOTY4N2Q4
LzEvM2FXaUlxeTVtckk1aERudDdYZHdwbDdtYmVZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwiEMMA0G
CSqGSIb3DQEBCwUAA4IBAQCj2J3tE2TkP8P9ReozEml0794xhs/qIg9ymtX8N2uD
Cu+aBM3+WGTH9aK+zkAF57NfKdCDi5hg5bu5ToH0qrdtmWyO3bOt1W4OW41UcLo9
s9pqHEVwxTdcnHgV9PTpWFobDklp/aZswgYUQ14NiHPVSX+abdIVBs7wpy8r+ZMD
ZJr2vIh1Y5Jg1l7TOisbvbb40fqw0GT4N6Z9/aay2JNaUQErC3PY0YSIYyUcmiCQ
WqUTuPAvqxg45bcGM8awcC4gAANRAbE7dRIizOiGZs85ysMGeJmWR1DLDV6AslDQ
dfr0Z/1v3uJaST1Lh2kFXCzZdFNseurYPAwJ33hQ8gCX
-----END CERTIFICATE-----