Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4d/ff0a7d-dccd-47ce-b21d-14809c938b76/1/1-qC_h0BMH68nwZM--m9RrJPfUSU.roa
File:                     1-qC_h0BMH68nwZM--m9RrJPfUSU.roa (raw, json)
Hash identifier:          dGjZPTTJM5HpRM58D6GZPV5SzYmb4kq7Kyp7lE449Zo=
Subject key identifier:   FA:A0:BF:87:40:4C:1F:AF:27:C1:93:3E:FA:6F:51:AC:93:DF:51:25
Certificate issuer:       /CN=509c8f32a1f4281f71463895d543c7179cf7f959
Certificate serial:       019427B5DE57FA98BA2EF8DB47B17CC4BE38
Authority key identifier: 50:9C:8F:32:A1:F4:28:1F:71:46:38:95:D5:43:C7:17:9C:F7:F9:59
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/UJyPMqH0KB9xRjiV1UPHF5z3-Vk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4d/ff0a7d-dccd-47ce-b21d-14809c938b76/1/1-qC_h0BMH68nwZM--m9RrJPfUSU.roa
Signing time:             Thu 02 Jan 2025 15:50:17 +0000
ROA not before:           Thu 02 Jan 2025 15:50:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     209999
IP address blocks:        193.41.56.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4d/ff0a7d-dccd-47ce-b21d-14809c938b76/1/UJyPMqH0KB9xRjiV1UPHF5z3-Vk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4d/ff0a7d-dccd-47ce-b21d-14809c938b76/1/UJyPMqH0KB9xRjiV1UPHF5z3-Vk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/UJyPMqH0KB9xRjiV1UPHF5z3-Vk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 23:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:b5:de:57:fa:98:ba:2e:f8:db:47:b1:7c:c4:be:38
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=509c8f32a1f4281f71463895d543c7179cf7f959
        Validity
            Not Before: Jan  2 15:50:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=faa0bf87404c1faf27c1933efa6f51ac93df5125
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:e8:0b:05:0e:3e:82:b1:2b:51:c0:b5:ad:d1:
                    55:69:75:34:f2:f5:57:c3:82:4e:08:99:dd:83:90:
                    0b:23:a7:57:e8:76:bc:6e:b1:6f:d6:0d:17:a8:7c:
                    8c:c6:ea:86:33:31:03:81:c1:40:a9:67:2f:a9:55:
                    5a:7b:97:ca:10:9b:ef:74:64:6d:c1:27:14:e9:22:
                    8e:d0:96:43:84:18:fd:35:74:b0:65:c8:16:aa:8a:
                    04:fc:71:52:04:57:71:ae:e3:6f:16:1d:6a:4f:fa:
                    bd:9a:7e:c5:58:61:c0:08:dc:e8:a6:39:ec:d9:24:
                    d0:e1:ec:cf:4a:21:e0:a4:25:93:3d:a3:8e:02:5e:
                    22:ef:63:29:0d:76:de:15:c1:19:82:7f:83:c6:e5:
                    b8:86:5f:bf:84:bb:95:52:3e:63:32:7a:78:14:9f:
                    83:f2:15:9d:57:f1:f4:df:40:71:83:93:35:15:78:
                    df:16:73:d0:c9:2d:4d:64:97:64:f6:05:9f:f3:4f:
                    34:ae:5c:3c:79:21:db:53:d1:13:6b:ec:ad:44:c7:
                    0e:d6:01:e3:b1:cb:85:55:d4:47:ef:5d:b2:c5:bd:
                    de:4e:04:ec:bb:77:66:df:b6:63:7e:11:52:40:52:
                    0f:bd:25:1d:8a:da:2f:6f:35:be:03:62:1a:cd:d1:
                    21:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FA:A0:BF:87:40:4C:1F:AF:27:C1:93:3E:FA:6F:51:AC:93:DF:51:25
            X509v3 Authority Key Identifier:
                keyid:50:9C:8F:32:A1:F4:28:1F:71:46:38:95:D5:43:C7:17:9C:F7:F9:59

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UJyPMqH0KB9xRjiV1UPHF5z3-Vk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/ff0a7d-dccd-47ce-b21d-14809c938b76/1/1-qC_h0BMH68nwZM--m9RrJPfUSU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/ff0a7d-dccd-47ce-b21d-14809c938b76/1/UJyPMqH0KB9xRjiV1UPHF5z3-Vk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.41.56.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0c:66:87:f8:7c:af:06:54:f5:37:05:0c:03:e8:9b:9c:97:d6:
         dd:5d:a0:cf:e3:a0:09:9e:44:3b:0a:b5:0f:f4:19:61:4f:4d:
         b8:c0:67:ed:0f:40:f5:75:a2:ae:b7:54:d9:e5:77:76:d7:87:
         0d:af:b2:cd:a5:c5:9b:11:14:6d:82:ed:66:89:28:67:00:8b:
         f0:a4:c8:5e:6b:eb:84:15:3c:0e:2a:02:77:6f:20:1c:20:09:
         0a:32:ac:6c:41:6a:c1:26:85:e7:c1:e4:c4:38:0c:ba:60:24:
         de:05:99:1a:46:dd:41:d7:4b:97:44:a7:e4:22:00:c7:41:75:
         cb:f4:c1:bf:72:ec:b8:bf:0f:3c:8c:16:12:f6:cc:e3:56:6a:
         67:5d:cc:fe:b2:7e:ec:90:bd:01:5d:30:8a:6c:13:ac:14:e0:
         4d:b5:0a:a7:61:46:07:aa:3c:f7:0f:83:b9:2d:cf:4d:6c:bf:
         a1:c3:7e:8a:21:8d:51:2f:f3:b3:d5:cc:94:ca:6b:f3:bb:3e:
         5a:72:df:89:57:b4:fd:0d:4a:da:ee:e4:df:f3:e1:e6:a0:1a:
         2f:8e:83:d9:23:26:d0:4a:9b:66:6f:f8:1b:aa:35:17:4a:d0:
         38:dc:1b:a0:fb:a1:72:13:55:da:74:f2:dd:c7:7b:3d:b8:5c:
         85:d2:80:ff
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZQntd5X+pi6LvjbR7F8xL44MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUwOWM4ZjMyYTFmNDI4MWY3MTQ2Mzg5NWQ1NDNjNzE3OWNm
N2Y5NTkwHhcNMjUwMTAyMTU1MDE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYWEwYmY4NzQwNGMxZmFmMjdjMTkzM2VmYTZmNTFhYzkzZGY1MTI1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyugLBQ4+grErUcC1rdFVaXU08vVX
w4JOCJndg5ALI6dX6Ha8brFv1g0XqHyMxuqGMzEDgcFAqWcvqVVae5fKEJvvdGRt
wScU6SKO0JZDhBj9NXSwZcgWqooE/HFSBFdxruNvFh1qT/q9mn7FWGHACNzopjns
2STQ4ezPSiHgpCWTPaOOAl4i72MpDXbeFcEZgn+DxuW4hl+/hLuVUj5jMnp4FJ+D
8hWdV/H030Bxg5M1FXjfFnPQyS1NZJdk9gWf8080rlw8eSHbU9ETa+ytRMcO1gHj
scuFVdRH712yxb3eTgTsu3dm37ZjfhFSQFIPvSUditovbzW+A2IazdEhKQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFPqgv4dATB+vJ8GTPvpvUayT31ElMB8GA1UdIwQY
MBaAFFCcjzKh9CgfcUY4ldVDxxec9/lZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVUp5UE1xSDBLQjl4UmppVjFVUEhGNXozLVZrLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZC9mZjBhN2QtZGNjZC00N2NlLWIyMWQt
MTQ4MDljOTM4Yjc2LzEvMS1xQ19oMEJNSDY4bndaTS0tbTlSckpQZlVTVS5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNGQvZmYwYTdkLWRjY2QtNDdjZS1iMjFkLTE0ODA5YzkzOGI3
Ni8xL1VKeVBNcUgwS0I5eFJqaVYxVVBIRjV6My1Way5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAMEpODAN
BgkqhkiG9w0BAQsFAAOCAQEADGaH+HyvBlT1NwUMA+ibnJfW3V2gz+OgCZ5EOwq1
D/QZYU9NuMBn7Q9A9XWirrdU2eV3dteHDa+yzaXFmxEUbYLtZokoZwCL8KTIXmvr
hBU8DioCd28gHCAJCjKsbEFqwSaF58HkxDgMumAk3gWZGkbdQddLl0Sn5CIAx0F1
y/TBv3LsuL8PPIwWEvbM41ZqZ13M/rJ+7JC9AV0wimwTrBTgTbUKp2FGB6o89w+D
uS3PTWy/ocN+iiGNUS/zs9XMlMpr87s+WnLfiVe0/Q1K2u7k3/Ph5qAaL46D2SMm
0EqbZm/4G6o1F0rQONwboPuhchNV2nTy3cd7PbhchdKA/w==
-----END CERTIFICATE-----