Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/8fa78f-1d73-4c5a-9e0b-66d80ed09bc7/1/kTc3tdsyRqEwIQUrDzGOak8nANc.roa
File:                     kTc3tdsyRqEwIQUrDzGOak8nANc.roa (raw, json)
Hash identifier:          7cesO8GKLYeXhtn4E2bVxqR/wKRQ+h04HAytGr5/XYw=
Subject key identifier:   91:37:37:B5:DB:32:46:A1:30:21:05:2B:0F:31:8E:6A:4F:27:00:D7
Certificate issuer:       /CN=82e014f1c8ca3966a93ef39dbc612daac0d83dc0
Certificate serial:       0194214442A28F78CE0724EF4D2293BACB32
Authority key identifier: 82:E0:14:F1:C8:CA:39:66:A9:3E:F3:9D:BC:61:2D:AA:C0:D8:3D:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/guAU8cjKOWapPvOdvGEtqsDYPcA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/8fa78f-1d73-4c5a-9e0b-66d80ed09bc7/1/kTc3tdsyRqEwIQUrDzGOak8nANc.roa
Signing time:             Wed 01 Jan 2025 09:48:29 +0000
ROA not before:           Wed 01 Jan 2025 09:48:29 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     42346
IP address blocks:        194.56.124.0/23 maxlen: 23
                          194.56.126.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/8fa78f-1d73-4c5a-9e0b-66d80ed09bc7/1/guAU8cjKOWapPvOdvGEtqsDYPcA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/8fa78f-1d73-4c5a-9e0b-66d80ed09bc7/1/guAU8cjKOWapPvOdvGEtqsDYPcA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/guAU8cjKOWapPvOdvGEtqsDYPcA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 17 Apr 2025 13:16:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:44:42:a2:8f:78:ce:07:24:ef:4d:22:93:ba:cb:32
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=82e014f1c8ca3966a93ef39dbc612daac0d83dc0
        Validity
            Not Before: Jan  1 09:48:29 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=913737b5db3246a13021052b0f318e6a4f2700d7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:34:a9:0f:4e:3d:9d:41:74:4c:84:b4:2c:e5:
                    88:e6:cd:6a:90:64:d6:87:fd:f7:21:4f:8c:19:fa:
                    73:e6:9a:52:12:7a:3d:52:1e:f4:d7:f7:93:66:c5:
                    1e:16:63:71:d7:61:5b:88:72:8d:eb:e0:73:b6:dd:
                    b3:68:90:45:79:ae:fc:3d:4a:14:e8:7a:f2:39:33:
                    b7:25:73:45:da:25:28:7f:09:78:ef:bd:a2:3b:a8:
                    28:eb:7c:22:bd:70:6c:78:02:9d:4d:08:ea:78:d7:
                    c5:08:5a:dc:01:cb:2f:f0:ee:9e:5e:f1:0d:75:88:
                    24:eb:c5:58:cd:99:74:2e:d2:a6:35:2e:7b:e2:a5:
                    86:3a:a6:e7:75:9e:64:dd:ae:f7:8e:e3:76:6b:dd:
                    d2:af:7d:26:10:aa:90:a9:73:64:36:52:d3:df:d4:
                    2b:aa:6a:04:c2:9b:bc:01:bf:37:61:ec:0c:25:91:
                    b1:c5:e7:9a:fa:22:ac:97:b5:8b:64:89:dc:03:b4:
                    09:2c:d3:19:ea:9e:7a:85:e7:d7:b9:f3:ac:12:a4:
                    63:46:20:a7:6d:f0:ea:26:c0:0c:03:14:b8:87:ee:
                    d9:ea:86:a8:1c:b8:1a:a4:2b:d6:86:89:b3:65:17:
                    6f:b6:ed:b8:b6:95:a4:14:06:35:7b:b9:bd:61:db:
                    e9:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                91:37:37:B5:DB:32:46:A1:30:21:05:2B:0F:31:8E:6A:4F:27:00:D7
            X509v3 Authority Key Identifier:
                keyid:82:E0:14:F1:C8:CA:39:66:A9:3E:F3:9D:BC:61:2D:AA:C0:D8:3D:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/guAU8cjKOWapPvOdvGEtqsDYPcA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/8fa78f-1d73-4c5a-9e0b-66d80ed09bc7/1/kTc3tdsyRqEwIQUrDzGOak8nANc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/8fa78f-1d73-4c5a-9e0b-66d80ed09bc7/1/guAU8cjKOWapPvOdvGEtqsDYPcA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.56.124.0-194.56.126.255

    Signature Algorithm: sha256WithRSAEncryption
         34:6f:50:59:a5:4e:38:4e:d2:21:96:90:af:38:25:99:4a:dc:
         cd:27:c9:c2:f7:16:ec:e4:d9:92:f8:78:7b:d4:2e:fa:ce:43:
         13:39:f3:47:16:27:ff:67:c1:00:4f:b3:1a:36:f9:4b:21:f6:
         a0:39:9f:fc:7a:60:70:37:76:24:19:bd:37:a2:df:1c:60:70:
         22:33:be:3a:09:51:da:72:ea:27:7a:c1:ea:9c:d2:9e:c1:79:
         e8:46:48:0b:ff:d1:42:75:48:0e:70:dd:e9:b8:a7:d3:7a:68:
         6b:9b:c1:fc:ea:75:f9:a2:fa:17:5c:41:6a:85:9c:5c:f9:97:
         55:b5:f8:6c:b5:2b:e6:e4:47:ba:f1:59:6d:43:74:bf:3a:1b:
         ce:d1:c3:94:f6:1c:9e:ba:d9:0b:77:3d:11:3c:d0:9d:65:c4:
         90:a4:03:f4:a1:65:7a:8b:1f:69:ad:28:93:97:30:0a:5f:d4:
         d3:cf:42:4d:fa:9f:7f:a5:11:89:c1:78:9c:5c:71:0d:ee:46:
         ee:98:46:3d:38:e5:d5:63:4c:63:78:a2:47:1d:05:e7:6c:ca:
         3d:07:49:f5:30:09:7f:6c:ef:cf:44:bc:f7:bb:61:90:00:00:
         ef:e2:69:49:20:52:05:19:0b:05:66:40:e7:3a:e2:21:22:e2:
         c5:9b:26:29
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZQhREKij3jOByTvTSKTussyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgyZTAxNGYxYzhjYTM5NjZhOTNlZjM5ZGJjNjEyZGFhYzBk
ODNkYzAwHhcNMjUwMTAxMDk0ODI5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MTM3MzdiNWRiMzI0NmExMzAyMTA1MmIwZjMxOGU2YTRmMjcwMGQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzDSpD049nUF0TIS0LOWI5s1qkGTW
h/33IU+MGfpz5ppSEno9Uh701/eTZsUeFmNx12FbiHKN6+Bztt2zaJBFea78PUoU
6HryOTO3JXNF2iUofwl4772iO6go63wivXBseAKdTQjqeNfFCFrcAcsv8O6eXvEN
dYgk68VYzZl0LtKmNS574qWGOqbndZ5k3a73juN2a93Sr30mEKqQqXNkNlLT39Qr
qmoEwpu8Ab83YewMJZGxxeea+iKsl7WLZIncA7QJLNMZ6p56hefXufOsEqRjRiCn
bfDqJsAMAxS4h+7Z6oaoHLgapCvWhomzZRdvtu24tpWkFAY1e7m9Ydvp4wIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFJE3N7XbMkahMCEFKw8xjmpPJwDXMB8GA1UdIwQY
MBaAFILgFPHIyjlmqT7znbxhLarA2D3AMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ3VBVThjaktPV2FwUHZPZHZHRXRxc0RZUGNBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS84ZmE3OGYtMWQ3My00YzVhLTllMGIt
NjZkODBlZDA5YmM3LzEva1RjM3Rkc3lScUV3SVFVckR6R09hazhuQU5jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS84ZmE3OGYtMWQ3My00YzVhLTllMGItNjZkODBlZDA5YmM3
LzEvZ3VBVThjaktPV2FwUHZPZHZHRXRxc0RZUGNBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBALCOHwD
BADCOH4wDQYJKoZIhvcNAQELBQADggEBADRvUFmlTjhO0iGWkK84JZlK3M0nycL3
Fuzk2ZL4eHvULvrOQxM580cWJ/9nwQBPsxo2+Ush9qA5n/x6YHA3diQZvTei3xxg
cCIzvjoJUdpy6id6weqc0p7BeehGSAv/0UJ1SA5w3em4p9N6aGubwfzqdfmi+hdc
QWqFnFz5l1W1+Gy1K+bkR7rxWW1DdL86G87Rw5T2HJ662Qt3PRE80J1lxJCkA/Sh
ZXqLH2mtKJOXMApf1NPPQk36n3+lEYnBeJxccQ3uRu6YRj045dVjTGN4okcdBeds
yj0HSfUwCX9s789EvPe7YZAAAO/iaUkgUgUZCwVmQOc64iEi4sWbJik=
-----END CERTIFICATE-----