Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/56/b71ca7-5070-4bcc-a00d-ec97f18a794a/1/sJgvME5bJ6yVOF59D9xKTp2vpfs.roa
File:                     sJgvME5bJ6yVOF59D9xKTp2vpfs.roa (raw, json)
Hash identifier:          RFFMtoYHpJBnhJPcD6pM/r00V/xv6R7sQSuEQXzi4Ow=
Subject key identifier:   B0:98:2F:30:4E:5B:27:AC:95:38:5E:7D:0F:DC:4A:4E:9D:AF:A5:FB
Certificate issuer:       /CN=a7f62916197f7796cec578ea4352fae4ef89aec2
Certificate serial:       01942444DCA30B07CA29A6587C58C2805660
Authority key identifier: A7:F6:29:16:19:7F:77:96:CE:C5:78:EA:43:52:FA:E4:EF:89:AE:C2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/p_YpFhl_d5bOxXjqQ1L65O-JrsI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/56/b71ca7-5070-4bcc-a00d-ec97f18a794a/1/sJgvME5bJ6yVOF59D9xKTp2vpfs.roa
Signing time:             Wed 01 Jan 2025 23:48:00 +0000
ROA not before:           Wed 01 Jan 2025 23:48:00 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     47220
IP address blocks:        194.152.42.0/24 maxlen: 24
                          194.152.43.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/56/b71ca7-5070-4bcc-a00d-ec97f18a794a/1/p_YpFhl_d5bOxXjqQ1L65O-JrsI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/56/b71ca7-5070-4bcc-a00d-ec97f18a794a/1/p_YpFhl_d5bOxXjqQ1L65O-JrsI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/p_YpFhl_d5bOxXjqQ1L65O-JrsI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 17:00:57 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:44:dc:a3:0b:07:ca:29:a6:58:7c:58:c2:80:56:60
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a7f62916197f7796cec578ea4352fae4ef89aec2
        Validity
            Not Before: Jan  1 23:48:00 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b0982f304e5b27ac95385e7d0fdc4a4e9dafa5fb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:af:5b:ee:0f:13:37:05:d9:f4:e1:44:1b:f8:
                    b7:79:c5:22:09:58:39:1c:28:40:bc:6b:ab:9d:86:
                    24:0a:4c:a4:ed:86:3e:49:13:57:20:79:dc:ea:1b:
                    95:8a:98:2d:58:fd:6b:58:73:98:c5:9a:32:a4:8d:
                    27:6f:78:af:f5:c4:72:5b:ab:e2:37:37:40:2b:41:
                    64:dd:66:02:6d:cc:f5:7c:6e:94:88:4c:1d:52:fb:
                    e9:6e:a8:1a:15:f3:d9:f8:9f:e5:cb:b8:24:2b:21:
                    71:7e:11:2b:c6:cd:fb:00:27:33:16:f0:a3:41:db:
                    c6:2c:1a:65:e7:c4:8c:d9:e1:88:94:14:be:93:61:
                    e4:8e:8a:32:d7:07:c4:d4:42:54:42:a6:2d:cc:ad:
                    41:50:0f:b0:23:12:6d:b5:c5:f8:81:fe:97:44:67:
                    6e:ce:9d:32:fa:71:31:d4:f1:ca:1f:b4:73:65:3d:
                    6c:95:48:8e:c7:0e:af:70:6d:16:62:18:4d:f2:16:
                    9c:f7:b2:54:17:e8:61:b5:89:97:40:cb:f6:0c:f4:
                    40:de:7e:9b:58:4b:a5:96:eb:29:61:ca:f7:79:1a:
                    b4:d1:17:92:58:d0:e2:27:ce:3a:4c:55:5c:c1:8a:
                    ae:22:b2:73:d6:b1:75:f4:ac:38:b3:e6:57:48:24:
                    ba:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B0:98:2F:30:4E:5B:27:AC:95:38:5E:7D:0F:DC:4A:4E:9D:AF:A5:FB
            X509v3 Authority Key Identifier:
                keyid:A7:F6:29:16:19:7F:77:96:CE:C5:78:EA:43:52:FA:E4:EF:89:AE:C2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/p_YpFhl_d5bOxXjqQ1L65O-JrsI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/56/b71ca7-5070-4bcc-a00d-ec97f18a794a/1/sJgvME5bJ6yVOF59D9xKTp2vpfs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/56/b71ca7-5070-4bcc-a00d-ec97f18a794a/1/p_YpFhl_d5bOxXjqQ1L65O-JrsI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.152.42.0/23

    Signature Algorithm: sha256WithRSAEncryption
         86:db:18:16:21:51:6f:c9:72:f6:96:0a:b2:ce:81:70:22:a0:
         f8:1d:1d:50:90:3a:3f:06:14:a4:36:fe:d0:ec:de:ef:4d:47:
         67:26:fa:8c:d2:23:6e:ab:5a:87:4b:16:fc:54:3b:a9:4c:0f:
         4e:21:ef:f5:b3:93:ca:82:71:7a:0e:88:7c:9e:ac:20:e5:91:
         39:07:32:db:6a:cd:f5:19:f5:e7:6c:b3:0a:8d:8c:0e:51:f0:
         4f:c8:de:71:74:83:e3:dd:7c:b2:74:d6:c0:aa:57:12:59:8b:
         39:6c:e5:a6:61:e8:a2:3d:f1:fb:d3:68:a6:ab:70:83:22:cb:
         b1:47:8d:00:26:2d:1c:9f:b2:3f:01:7e:7c:96:2c:90:0d:37:
         09:df:8c:fb:af:87:cc:81:a1:16:e5:f0:3b:14:08:72:b3:d3:
         d4:85:83:d0:5f:8a:43:9f:1f:20:66:b4:72:1a:bf:92:29:ee:
         6d:cf:54:c9:83:a5:b8:67:44:d7:6a:f5:b2:63:b5:84:c3:ad:
         73:d7:71:a0:fa:2f:e4:53:93:67:9d:77:41:b4:f1:81:9a:4c:
         92:91:35:09:e3:38:72:c0:2d:ba:29:23:4c:c9:8a:a8:e4:8a:
         8a:83:68:e1:32:bb:2f:a2:0d:4f:9c:63:b3:4f:c7:83:ee:4d:
         17:9e:55:f7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQkRNyjCwfKKaZYfFjCgFZgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE3ZjYyOTE2MTk3Zjc3OTZjZWM1NzhlYTQzNTJmYWU0ZWY4
OWFlYzIwHhcNMjUwMTAxMjM0ODAwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMDk4MmYzMDRlNWIyN2FjOTUzODVlN2QwZmRjNGE0ZTlkYWZhNWZiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw69b7g8TNwXZ9OFEG/i3ecUiCVg5
HChAvGurnYYkCkyk7YY+SRNXIHnc6huVipgtWP1rWHOYxZoypI0nb3iv9cRyW6vi
NzdAK0Fk3WYCbcz1fG6UiEwdUvvpbqgaFfPZ+J/ly7gkKyFxfhErxs37ACczFvCj
QdvGLBpl58SM2eGIlBS+k2Hkjooy1wfE1EJUQqYtzK1BUA+wIxJttcX4gf6XRGdu
zp0y+nEx1PHKH7RzZT1slUiOxw6vcG0WYhhN8hac97JUF+hhtYmXQMv2DPRA3n6b
WEulluspYcr3eRq00ReSWNDiJ846TFVcwYquIrJz1rF19Kw4s+ZXSCS6ewIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLCYLzBOWyeslThefQ/cSk6dr6X7MB8GA1UdIwQY
MBaAFKf2KRYZf3eWzsV46kNS+uTvia7CMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcF9ZcEZobF9kNWJPeFhqcVExTDY1Ty1KcnNJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Ni9iNzFjYTctNTA3MC00YmNjLWEwMGQt
ZWM5N2YxOGE3OTRhLzEvc0pndk1FNWJKNnlWT0Y1OUQ5eEtUcDJ2cGZzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Ni9iNzFjYTctNTA3MC00YmNjLWEwMGQtZWM5N2YxOGE3OTRh
LzEvcF9ZcEZobF9kNWJPeFhqcVExTDY1Ty1KcnNJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwpgqMA0G
CSqGSIb3DQEBCwUAA4IBAQCG2xgWIVFvyXL2lgqyzoFwIqD4HR1QkDo/BhSkNv7Q
7N7vTUdnJvqM0iNuq1qHSxb8VDupTA9OIe/1s5PKgnF6Doh8nqwg5ZE5BzLbas31
GfXnbLMKjYwOUfBPyN5xdIPj3XyydNbAqlcSWYs5bOWmYeiiPfH702imq3CDIsux
R40AJi0cn7I/AX58liyQDTcJ34z7r4fMgaEW5fA7FAhys9PUhYPQX4pDnx8gZrRy
Gr+SKe5tz1TJg6W4Z0TXavWyY7WEw61z13Gg+i/kU5NnnXdBtPGBmkySkTUJ4zhy
wC26KSNMyYqo5IqKg2jhMrsvog1PnGOzT8eD7k0XnlX3
-----END CERTIFICATE-----