Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/57/097111-3098-4cf7-ac0f-9f7e0f862f1e/1/1YRiu8peow1lTJm9FFHNR8FDAbc.roa
File:                     1YRiu8peow1lTJm9FFHNR8FDAbc.roa (raw, json)
Hash identifier:          M9tDjK8KKMnpI4O/RkjitSO923bPcK4J9p0X6jE60uA=
Subject key identifier:   D5:84:62:BB:CA:5E:A3:0D:65:4C:99:BD:14:51:CD:47:C1:43:01:B7
Certificate issuer:       /CN=0d4ee193b301665b56f6780f225fd44d144093af
Certificate serial:       019421B18A16EDA7E10CDAA963123002E6C8
Authority key identifier: 0D:4E:E1:93:B3:01:66:5B:56:F6:78:0F:22:5F:D4:4D:14:40:93:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DU7hk7MBZltW9ngPIl_UTRRAk68.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/57/097111-3098-4cf7-ac0f-9f7e0f862f1e/1/1YRiu8peow1lTJm9FFHNR8FDAbc.roa
Signing time:             Wed 01 Jan 2025 11:47:50 +0000
ROA not before:           Wed 01 Jan 2025 11:47:50 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     35038
IP address blocks:        194.117.24.0/21 maxlen: 21
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/57/097111-3098-4cf7-ac0f-9f7e0f862f1e/1/DU7hk7MBZltW9ngPIl_UTRRAk68.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/57/097111-3098-4cf7-ac0f-9f7e0f862f1e/1/DU7hk7MBZltW9ngPIl_UTRRAk68.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DU7hk7MBZltW9ngPIl_UTRRAk68.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 14 Apr 2025 08:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:b1:8a:16:ed:a7:e1:0c:da:a9:63:12:30:02:e6:c8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0d4ee193b301665b56f6780f225fd44d144093af
        Validity
            Not Before: Jan  1 11:47:50 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d58462bbca5ea30d654c99bd1451cd47c14301b7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:01:3c:4c:dc:c7:6e:4f:7a:67:ac:33:b0:18:
                    0e:b8:6d:d7:9e:dc:f0:c0:5b:c7:62:b1:b2:28:9c:
                    ba:8e:99:be:d6:3d:91:f3:de:b9:79:9e:f5:00:a8:
                    15:53:fc:fe:1e:eb:f2:cc:51:21:1f:11:16:33:eb:
                    14:cb:bb:6f:f4:7e:db:a8:fc:4f:54:16:78:ea:bd:
                    d3:bf:b2:37:e6:10:00:33:ed:4a:d6:7a:ed:42:4d:
                    15:2c:99:c6:fc:8f:d4:03:82:db:54:e9:44:5a:3d:
                    7b:43:c5:c7:29:f4:26:68:4e:14:d1:c8:7a:71:92:
                    c0:7f:e1:a4:09:bf:25:64:d9:73:62:c4:19:76:94:
                    58:e1:d3:f9:22:c9:db:6e:e5:f0:fe:08:71:3e:0c:
                    4b:94:55:fa:39:18:47:f3:b5:46:33:b8:48:c7:f9:
                    ff:1d:3f:32:fc:3e:11:dd:04:26:57:ba:7c:0f:4d:
                    30:42:c1:08:25:fe:1f:54:c3:1a:4b:07:63:eb:59:
                    ad:06:bc:a9:6c:e6:01:bc:c3:8f:f8:53:1a:5b:69:
                    97:1b:4b:7d:5f:21:a3:98:92:38:06:47:ad:9b:51:
                    d2:b5:fc:13:36:6f:be:4b:67:11:4b:52:9b:c1:b9:
                    c9:65:38:40:24:88:1f:bc:a6:8b:12:07:de:a2:d0:
                    c8:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D5:84:62:BB:CA:5E:A3:0D:65:4C:99:BD:14:51:CD:47:C1:43:01:B7
            X509v3 Authority Key Identifier:
                keyid:0D:4E:E1:93:B3:01:66:5B:56:F6:78:0F:22:5F:D4:4D:14:40:93:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DU7hk7MBZltW9ngPIl_UTRRAk68.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/57/097111-3098-4cf7-ac0f-9f7e0f862f1e/1/1YRiu8peow1lTJm9FFHNR8FDAbc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/57/097111-3098-4cf7-ac0f-9f7e0f862f1e/1/DU7hk7MBZltW9ngPIl_UTRRAk68.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.117.24.0/21

    Signature Algorithm: sha256WithRSAEncryption
         7c:17:c4:61:4d:51:a1:d3:8e:18:5f:3b:a9:01:5d:96:8d:5b:
         8e:f4:f5:7b:77:0e:28:56:ca:07:ca:28:2f:7b:16:1b:0e:41:
         9f:1c:71:1b:5f:7a:f2:33:fa:46:59:b3:b5:28:58:c2:77:86:
         ad:90:34:85:b2:1f:81:7f:90:e6:35:19:0d:16:f5:59:20:21:
         46:bf:11:c0:85:dd:18:66:78:8f:04:a1:c1:0c:b4:92:3e:19:
         48:fb:60:c1:ee:b0:9c:53:8e:74:1e:18:16:46:89:c9:23:3e:
         47:4d:82:00:6e:a9:d7:5d:a3:d8:29:6c:1e:5c:52:63:ee:56:
         c6:fc:1a:c5:dc:0f:2f:25:42:ca:88:b0:63:73:64:86:95:50:
         f8:f1:02:08:a4:8c:e4:32:28:ec:f2:0d:db:e7:f9:ea:d2:b5:
         c2:4f:df:ae:f0:18:1e:60:22:6f:d6:fd:e1:bf:06:81:36:8d:
         f8:75:9d:e5:0d:a5:a4:54:cd:f6:f2:94:f1:6d:e9:a0:fc:1d:
         93:14:c7:d2:9c:ef:93:b8:72:3d:a8:5d:7a:5e:82:c0:27:ce:
         15:d5:c5:a9:27:5a:91:a9:75:fe:f0:43:2c:ad:69:a3:48:a2:
         12:ae:a9:b6:05:63:bd:76:4b:4c:97:1e:a1:cc:80:06:67:5e:
         52:b4:94:f3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhsYoW7afhDNqpYxIwAubIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBkNGVlMTkzYjMwMTY2NWI1NmY2NzgwZjIyNWZkNDRkMTQ0
MDkzYWYwHhcNMjUwMTAxMTE0NzUwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNTg0NjJiYmNhNWVhMzBkNjU0Yzk5YmQxNDUxY2Q0N2MxNDMwMWI3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAugE8TNzHbk96Z6wzsBgOuG3Xntzw
wFvHYrGyKJy6jpm+1j2R8965eZ71AKgVU/z+HuvyzFEhHxEWM+sUy7tv9H7bqPxP
VBZ46r3Tv7I35hAAM+1K1nrtQk0VLJnG/I/UA4LbVOlEWj17Q8XHKfQmaE4U0ch6
cZLAf+GkCb8lZNlzYsQZdpRY4dP5IsnbbuXw/ghxPgxLlFX6ORhH87VGM7hIx/n/
HT8y/D4R3QQmV7p8D00wQsEIJf4fVMMaSwdj61mtBrypbOYBvMOP+FMaW2mXG0t9
XyGjmJI4Bketm1HStfwTNm++S2cRS1KbwbnJZThAJIgfvKaLEgfeotDIsQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNWEYrvKXqMNZUyZvRRRzUfBQwG3MB8GA1UdIwQY
MBaAFA1O4ZOzAWZbVvZ4DyJf1E0UQJOvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRFU3aGs3TUJabHRXOW5nUElsX1VUUlJBazY4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Ny8wOTcxMTEtMzA5OC00Y2Y3LWFjMGYt
OWY3ZTBmODYyZjFlLzEvMVlSaXU4cGVvdzFsVEptOUZGSE5SOEZEQWJjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Ny8wOTcxMTEtMzA5OC00Y2Y3LWFjMGYtOWY3ZTBmODYyZjFl
LzEvRFU3aGs3TUJabHRXOW5nUElsX1VUUlJBazY4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDwnUYMA0G
CSqGSIb3DQEBCwUAA4IBAQB8F8RhTVGh044YXzupAV2WjVuO9PV7dw4oVsoHyigv
exYbDkGfHHEbX3ryM/pGWbO1KFjCd4atkDSFsh+Bf5DmNRkNFvVZICFGvxHAhd0Y
ZniPBKHBDLSSPhlI+2DB7rCcU450HhgWRonJIz5HTYIAbqnXXaPYKWweXFJj7lbG
/BrF3A8vJULKiLBjc2SGlVD48QIIpIzkMijs8g3b5/nq0rXCT9+u8BgeYCJv1v3h
vwaBNo34dZ3lDaWkVM328pTxbemg/B2TFMfSnO+TuHI9qF16XoLAJ84V1cWpJ1qR
qXX+8EMsrWmjSKISrqm2BWO9dktMlx6hzIAGZ15StJTz
-----END CERTIFICATE-----