Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/61/0949fc-accd-471f-a9cd-97243e316272/1/394tf-42F2nqTQBsIqtkSRmucjA.roa
File:                     394tf-42F2nqTQBsIqtkSRmucjA.roa (raw, json)
Hash identifier:          FEgkNeogh00D0/bMKIclm4PWisfm2kigk4t326/BxbM=
Subject key identifier:   DF:DE:2D:7F:EE:36:17:69:EA:4D:00:6C:22:AB:64:49:19:AE:72:30
Certificate issuer:       /CN=570fb0f1d8b8c198b0dc86158afbcbc529cf16be
Certificate serial:       019420D62A08ECECEB097BC6AA6D537AAE50
Authority key identifier: 57:0F:B0:F1:D8:B8:C1:98:B0:DC:86:15:8A:FB:CB:C5:29:CF:16:BE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Vw-w8di4wZiw3IYVivvLxSnPFr4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/61/0949fc-accd-471f-a9cd-97243e316272/1/394tf-42F2nqTQBsIqtkSRmucjA.roa
Signing time:             Wed 01 Jan 2025 07:48:13 +0000
ROA not before:           Wed 01 Jan 2025 07:48:13 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     32159
IP address blocks:        194.4.55.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/61/0949fc-accd-471f-a9cd-97243e316272/1/Vw-w8di4wZiw3IYVivvLxSnPFr4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/61/0949fc-accd-471f-a9cd-97243e316272/1/Vw-w8di4wZiw3IYVivvLxSnPFr4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Vw-w8di4wZiw3IYVivvLxSnPFr4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 13:00:14 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:d6:2a:08:ec:ec:eb:09:7b:c6:aa:6d:53:7a:ae:50
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=570fb0f1d8b8c198b0dc86158afbcbc529cf16be
        Validity
            Not Before: Jan  1 07:48:13 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=dfde2d7fee361769ea4d006c22ab644919ae7230
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:11:bb:d7:16:c4:55:d9:9b:d0:1f:da:2b:2d:
                    aa:d0:a4:4b:79:0c:62:ab:a8:51:bb:35:0d:09:28:
                    6d:7c:80:71:d8:cc:4b:dc:d8:c4:96:47:11:fd:2f:
                    91:0c:a7:38:2b:9b:71:c2:3e:0a:d7:ce:e2:cb:7b:
                    aa:26:ca:42:4c:20:ba:5c:1f:17:6d:85:51:bb:67:
                    4a:df:7d:2a:22:6a:d8:2d:c8:89:2b:62:61:d8:4b:
                    aa:96:e8:7b:9d:bf:4e:99:3e:cd:c9:91:e7:02:ca:
                    b7:77:b8:b9:15:d7:c4:54:14:90:57:a3:0d:e1:55:
                    32:03:7a:1b:40:6d:08:86:c4:b0:76:e3:27:7a:f9:
                    17:3f:84:f1:17:24:78:10:49:7b:50:d3:aa:b4:f2:
                    e8:ad:32:83:2c:fc:25:96:7e:e1:9c:56:69:17:a4:
                    13:ff:1d:9a:25:84:7e:d5:4e:78:ce:f0:ad:50:37:
                    64:f4:32:b8:46:ed:f4:d0:a0:2c:b2:98:93:ac:af:
                    e4:88:78:ed:3f:2f:62:4e:51:c7:fd:71:d4:84:de:
                    a5:b2:d4:63:ab:f0:bb:d5:22:8a:e0:01:41:07:8a:
                    21:d1:de:aa:26:f9:c2:ab:d6:30:60:92:24:e1:3d:
                    c1:1d:b6:77:0c:16:25:05:bd:a0:9b:b5:78:bf:fd:
                    6e:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DF:DE:2D:7F:EE:36:17:69:EA:4D:00:6C:22:AB:64:49:19:AE:72:30
            X509v3 Authority Key Identifier:
                keyid:57:0F:B0:F1:D8:B8:C1:98:B0:DC:86:15:8A:FB:CB:C5:29:CF:16:BE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Vw-w8di4wZiw3IYVivvLxSnPFr4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/61/0949fc-accd-471f-a9cd-97243e316272/1/394tf-42F2nqTQBsIqtkSRmucjA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/61/0949fc-accd-471f-a9cd-97243e316272/1/Vw-w8di4wZiw3IYVivvLxSnPFr4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.4.55.0/24

    Signature Algorithm: sha256WithRSAEncryption
         06:65:6b:7a:43:4a:0f:aa:16:d5:26:5d:23:2b:ca:7e:ce:f3:
         20:1a:a5:d1:6d:26:d5:10:ab:ab:cd:99:a3:60:32:08:60:cb:
         0c:b7:33:d4:35:34:52:70:45:ab:16:fc:fd:89:48:5c:d9:bb:
         2f:03:60:9e:c4:04:18:28:0e:fd:fc:92:29:b8:f5:a6:9e:44:
         ca:8b:e3:1d:48:b6:e0:2d:13:48:5a:c2:92:00:0f:a4:89:63:
         c1:f2:cf:3c:a8:52:78:0f:7c:af:52:ae:b6:f5:d6:1b:3e:1c:
         d5:7a:52:40:f9:f3:07:66:4a:87:89:e7:34:0d:7c:25:ba:b8:
         ad:49:be:80:2e:c4:55:fa:ca:60:b1:04:f9:b6:1e:82:0a:56:
         7f:0e:f2:20:c3:01:bf:3f:20:4e:a3:67:32:0a:5e:c7:86:26:
         06:25:bb:36:f8:66:98:65:c4:ac:7d:a0:64:68:fb:88:3f:79:
         cb:4c:43:07:41:b3:ad:97:d5:d0:c6:c0:b1:fb:6b:8e:71:aa:
         3e:c3:a3:c7:bf:1e:bc:bf:00:b1:df:f9:9c:2d:b5:dd:46:53:
         a5:38:2f:82:b0:72:fb:ea:59:fc:83:16:23:e4:1c:e3:97:6d:
         04:98:42:41:e0:84:56:ef:47:9c:ce:1f:b8:06:24:2f:f8:ed:
         48:b1:95:bb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQg1ioI7OzrCXvGqm1Teq5QMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU3MGZiMGYxZDhiOGMxOThiMGRjODYxNThhZmJjYmM1Mjlj
ZjE2YmUwHhcNMjUwMTAxMDc0ODEzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZmRlMmQ3ZmVlMzYxNzY5ZWE0ZDAwNmMyMmFiNjQ0OTE5YWU3MjMwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAohG71xbEVdmb0B/aKy2q0KRLeQxi
q6hRuzUNCShtfIBx2MxL3NjElkcR/S+RDKc4K5txwj4K187iy3uqJspCTCC6XB8X
bYVRu2dK330qImrYLciJK2Jh2Euqluh7nb9OmT7NyZHnAsq3d7i5FdfEVBSQV6MN
4VUyA3obQG0IhsSwduMnevkXP4TxFyR4EEl7UNOqtPLorTKDLPwlln7hnFZpF6QT
/x2aJYR+1U54zvCtUDdk9DK4Ru300KAsspiTrK/kiHjtPy9iTlHH/XHUhN6lstRj
q/C71SKK4AFBB4oh0d6qJvnCq9YwYJIk4T3BHbZ3DBYlBb2gm7V4v/1uswIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFN/eLX/uNhdp6k0AbCKrZEkZrnIwMB8GA1UdIwQY
MBaAFFcPsPHYuMGYsNyGFYr7y8Upzxa+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVnctdzhkaTR3Wml3M0lZVml2dkx4U25QRnI0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82MS8wOTQ5ZmMtYWNjZC00NzFmLWE5Y2Qt
OTcyNDNlMzE2MjcyLzEvMzk0dGYtNDJGMm5xVFFCc0lxdGtTUm11Y2pBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82MS8wOTQ5ZmMtYWNjZC00NzFmLWE5Y2QtOTcyNDNlMzE2Mjcy
LzEvVnctdzhkaTR3Wml3M0lZVml2dkx4U25QRnI0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwgQ3MA0G
CSqGSIb3DQEBCwUAA4IBAQAGZWt6Q0oPqhbVJl0jK8p+zvMgGqXRbSbVEKurzZmj
YDIIYMsMtzPUNTRScEWrFvz9iUhc2bsvA2CexAQYKA79/JIpuPWmnkTKi+MdSLbg
LRNIWsKSAA+kiWPB8s88qFJ4D3yvUq629dYbPhzVelJA+fMHZkqHiec0DXwlurit
Sb6ALsRV+spgsQT5th6CClZ/DvIgwwG/PyBOo2cyCl7HhiYGJbs2+GaYZcSsfaBk
aPuIP3nLTEMHQbOtl9XQxsCx+2uOcao+w6PHvx68vwCx3/mcLbXdRlOlOC+CsHL7
6ln8gxYj5Bzjl20EmEJB4IRW70eczh+4BiQv+O1IsZW7
-----END CERTIFICATE-----