Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5d/9cf9d4-2ce9-424b-9cf0-8aa6f6c170ff/1/s4gZLWdCbjdScQy92lhU1qj4INY.roa
File:                     s4gZLWdCbjdScQy92lhU1qj4INY.roa (raw, json)
Hash identifier:          xkF7VCE+qi9EQz5A3LDxMLzmcYX7S6EBBQO/VGtQ7OQ=
Subject key identifier:   B3:88:19:2D:67:42:6E:37:52:71:0C:BD:DA:58:54:D6:A8:F8:20:D6
Certificate issuer:       /CN=12085c540c114fc8957a0250bb49f484b74357b9
Certificate serial:       01955BE5F8B12A571DAD1358E5CB713096C3
Authority key identifier: 12:08:5C:54:0C:11:4F:C8:95:7A:02:50:BB:49:F4:84:B7:43:57:B9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/EghcVAwRT8iVegJQu0n0hLdDV7k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5d/9cf9d4-2ce9-424b-9cf0-8aa6f6c170ff/1/s4gZLWdCbjdScQy92lhU1qj4INY.roa
Signing time:             Mon 03 Mar 2025 12:05:52 +0000
ROA not before:           Mon 03 Mar 2025 12:05:52 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     197984
IP address blocks:        194.107.115.0/24 maxlen: 24
                          2a13:9fc0::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5d/9cf9d4-2ce9-424b-9cf0-8aa6f6c170ff/1/EghcVAwRT8iVegJQu0n0hLdDV7k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5d/9cf9d4-2ce9-424b-9cf0-8aa6f6c170ff/1/EghcVAwRT8iVegJQu0n0hLdDV7k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/EghcVAwRT8iVegJQu0n0hLdDV7k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 23 Apr 2025 04:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:5b:e5:f8:b1:2a:57:1d:ad:13:58:e5:cb:71:30:96:c3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=12085c540c114fc8957a0250bb49f484b74357b9
        Validity
            Not Before: Mar  3 12:05:52 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b388192d67426e3752710cbdda5854d6a8f820d6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:b8:4f:b5:b8:62:e0:e4:f2:0b:62:ba:27:9d:
                    ed:8f:f8:92:50:0c:03:b3:41:6b:30:29:c7:0b:52:
                    e3:55:b1:d7:26:e7:f3:1b:c3:01:77:58:34:53:95:
                    50:70:c0:b4:95:66:37:0f:e4:07:7f:d3:79:32:6f:
                    2d:09:99:a7:26:bc:68:11:3c:e8:e0:38:8d:1e:43:
                    7b:f9:62:21:f3:af:5d:0d:25:4e:65:14:ce:61:89:
                    84:4a:d4:5d:3f:51:9b:41:5f:b3:2f:cc:47:1a:fe:
                    17:6a:7f:3b:7d:25:3c:67:af:9a:6f:7e:84:fb:2c:
                    83:37:31:ff:98:79:59:77:4a:e4:1d:3f:d6:61:03:
                    07:e7:78:99:0b:83:eb:58:e6:b5:c6:56:96:21:84:
                    93:05:89:1d:59:d7:7c:ea:bb:0d:f4:f1:af:fb:bf:
                    43:22:ca:69:9a:49:8d:e7:aa:2c:3b:2e:37:8d:24:
                    ec:df:4c:22:c4:85:d3:5f:17:04:10:0e:31:bf:8e:
                    c8:8b:a1:c9:35:88:1f:a5:c3:08:0f:11:1a:71:a2:
                    f6:3d:fa:d2:f4:5f:d3:d0:52:62:11:d8:53:d5:8f:
                    3b:49:6f:bd:04:d5:1b:ff:d7:21:c4:e6:ac:46:9b:
                    32:f1:cb:d0:51:a2:33:5a:2f:b3:3b:03:a6:bf:42:
                    2e:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B3:88:19:2D:67:42:6E:37:52:71:0C:BD:DA:58:54:D6:A8:F8:20:D6
            X509v3 Authority Key Identifier:
                keyid:12:08:5C:54:0C:11:4F:C8:95:7A:02:50:BB:49:F4:84:B7:43:57:B9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EghcVAwRT8iVegJQu0n0hLdDV7k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5d/9cf9d4-2ce9-424b-9cf0-8aa6f6c170ff/1/s4gZLWdCbjdScQy92lhU1qj4INY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5d/9cf9d4-2ce9-424b-9cf0-8aa6f6c170ff/1/EghcVAwRT8iVegJQu0n0hLdDV7k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.107.115.0/24
                IPv6:
                  2a13:9fc0::/48

    Signature Algorithm: sha256WithRSAEncryption
         56:04:6c:89:71:ec:2e:5c:4d:3f:ca:2c:b7:25:b1:26:8c:10:
         43:b8:e6:37:93:d3:9c:30:f9:be:b7:09:2d:49:df:e7:17:8a:
         75:75:37:07:0d:f4:89:e5:cf:87:93:af:25:37:e9:37:f5:69:
         58:88:47:ee:30:60:ed:af:b7:56:a7:04:23:71:84:17:21:63:
         18:8c:4e:6c:a8:9e:64:2a:f1:a9:bf:7a:c5:e0:4b:e3:d9:2c:
         48:70:21:f4:2a:b8:2d:dc:14:7a:76:8c:e2:09:f4:25:55:5a:
         f4:5d:af:4c:7b:75:a9:2e:1b:fa:86:6a:29:96:b0:2e:3b:4a:
         8e:87:f3:ae:fd:bd:34:98:b5:6a:dc:00:b5:91:1f:f5:fd:79:
         61:3b:82:9a:ad:da:29:a8:ec:35:ae:6b:8c:81:b3:6e:fe:26:
         3d:c9:5f:38:89:3d:c3:2a:ba:35:04:fb:cf:90:04:c6:10:11:
         4d:ee:4d:59:d0:0e:0c:c1:dc:76:82:2e:80:c7:8f:69:7c:55:
         68:b5:fa:bd:4c:93:65:39:2a:ca:91:3a:72:66:11:e2:9f:cf:
         6f:c1:43:28:d8:aa:75:b4:17:c5:20:68:22:60:75:af:11:7f:
         80:81:4e:d6:97:bd:fd:d2:d8:6b:de:e2:4d:88:18:d7:50:1b:
         28:ef:65:ab
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZVb5fixKlcdrRNY5ctxMJbDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEyMDg1YzU0MGMxMTRmYzg5NTdhMDI1MGJiNDlmNDg0Yjc0
MzU3YjkwHhcNMjUwMzAzMTIwNTUyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMzg4MTkyZDY3NDI2ZTM3NTI3MTBjYmRkYTU4NTRkNmE4ZjgyMGQ2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt7hPtbhi4OTyC2K6J53tj/iSUAwD
s0FrMCnHC1LjVbHXJufzG8MBd1g0U5VQcMC0lWY3D+QHf9N5Mm8tCZmnJrxoETzo
4DiNHkN7+WIh869dDSVOZRTOYYmEStRdP1GbQV+zL8xHGv4Xan87fSU8Z6+ab36E
+yyDNzH/mHlZd0rkHT/WYQMH53iZC4PrWOa1xlaWIYSTBYkdWdd86rsN9PGv+79D
IsppmkmN56osOy43jSTs30wixIXTXxcEEA4xv47Ii6HJNYgfpcMIDxEacaL2PfrS
9F/T0FJiEdhT1Y87SW+9BNUb/9chxOasRpsy8cvQUaIzWi+zOwOmv0IuOwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFLOIGS1nQm43UnEMvdpYVNao+CDWMB8GA1UdIwQY
MBaAFBIIXFQMEU/IlXoCULtJ9IS3Q1e5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRWdoY1ZBd1JUOGlWZWdKUXUwbjBoTGREVjdrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZC85Y2Y5ZDQtMmNlOS00MjRiLTljZjAt
OGFhNmY2YzE3MGZmLzEvczRnWkxXZENiamRTY1F5OTJsaFUxcWo0SU5ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZC85Y2Y5ZDQtMmNlOS00MjRiLTljZjAtOGFhNmY2YzE3MGZm
LzEvRWdoY1ZBd1JUOGlWZWdKUXUwbjBoTGREVjdrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAwmtzMA8E
AgACMAkDBwAqE5/AAAAwDQYJKoZIhvcNAQELBQADggEBAFYEbIlx7C5cTT/KLLcl
sSaMEEO45jeT05ww+b63CS1J3+cXinV1NwcN9Inlz4eTryU36Tf1aViIR+4wYO2v
t1anBCNxhBchYxiMTmyonmQq8am/esXgS+PZLEhwIfQquC3cFHp2jOIJ9CVVWvRd
r0x7dakuG/qGaimWsC47So6H8679vTSYtWrcALWRH/X9eWE7gpqt2imo7DWua4yB
s27+Jj3JXziJPcMqujUE+8+QBMYQEU3uTVnQDgzB3HaCLoDHj2l8VWi1+r1Mk2U5
KsqROnJmEeKfz2/BQyjYqnW0F8UgaCJgda8Rf4CBTtaXvf3S2Gve4k2IGNdQGyjv
Zas=
-----END CERTIFICATE-----