Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/61/0949fc-accd-471f-a9cd-97243e316272/1/xtQkvE-BfPKmkRCMT0mfTaY-Qnk.roa
File:                     xtQkvE-BfPKmkRCMT0mfTaY-Qnk.roa (raw, json)
Hash identifier:          bWoWLjpB0/INlSEEwksj7kb2GcvU1sLoTUOKUQMOGh8=
Subject key identifier:   C6:D4:24:BC:4F:81:7C:F2:A6:91:10:8C:4F:49:9F:4D:A6:3E:42:79
Certificate issuer:       /CN=570fb0f1d8b8c198b0dc86158afbcbc529cf16be
Certificate serial:       019420D629C7095FDD0AB54409532383F6F4
Authority key identifier: 57:0F:B0:F1:D8:B8:C1:98:B0:DC:86:15:8A:FB:CB:C5:29:CF:16:BE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Vw-w8di4wZiw3IYVivvLxSnPFr4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/61/0949fc-accd-471f-a9cd-97243e316272/1/xtQkvE-BfPKmkRCMT0mfTaY-Qnk.roa
Signing time:             Wed 01 Jan 2025 07:48:13 +0000
ROA not before:           Wed 01 Jan 2025 07:48:13 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     21859
IP address blocks:        194.4.52.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/61/0949fc-accd-471f-a9cd-97243e316272/1/Vw-w8di4wZiw3IYVivvLxSnPFr4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/61/0949fc-accd-471f-a9cd-97243e316272/1/Vw-w8di4wZiw3IYVivvLxSnPFr4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Vw-w8di4wZiw3IYVivvLxSnPFr4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 13:00:14 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:d6:29:c7:09:5f:dd:0a:b5:44:09:53:23:83:f6:f4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=570fb0f1d8b8c198b0dc86158afbcbc529cf16be
        Validity
            Not Before: Jan  1 07:48:13 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c6d424bc4f817cf2a691108c4f499f4da63e4279
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:3d:0a:ca:84:7f:c1:dc:68:17:4b:d3:ec:da:
                    ea:ca:00:89:66:3e:c5:03:8f:cd:c8:b0:25:e9:70:
                    f0:ec:78:b6:7c:4b:2b:a1:6c:6f:76:f2:1f:f0:71:
                    83:2b:31:d0:4b:d7:d6:64:97:96:f0:92:fa:ab:f2:
                    12:1b:a9:0c:53:7e:b8:cd:d1:31:1d:3d:6a:ee:73:
                    05:46:69:29:34:1a:1e:3f:e6:c2:fb:8d:43:90:9b:
                    56:17:49:a5:6b:41:3e:96:e8:62:42:80:0a:6f:57:
                    6f:eb:71:74:93:ed:cc:b2:c1:25:82:79:31:51:70:
                    87:3f:48:d4:ca:63:0f:f7:c2:aa:bf:3c:b8:2f:4d:
                    e3:0d:5b:d4:1f:25:c0:6a:68:62:91:b5:76:b3:3e:
                    ec:29:f2:21:7f:e2:fa:0b:bf:45:f4:06:37:80:b7:
                    28:fa:6e:01:db:f3:32:91:a3:41:14:5f:d5:39:38:
                    f4:7f:6a:4e:3e:cc:95:7e:a8:38:8b:e5:ea:23:b0:
                    56:e3:9a:29:b0:95:46:53:cb:48:c5:60:e7:9a:21:
                    ce:85:c1:b8:05:cd:0f:aa:d8:55:f1:99:cc:a7:3e:
                    db:3c:e4:7b:bb:ab:ae:bb:5d:0f:3f:3f:d2:e2:3c:
                    6e:64:c7:f3:1f:62:73:53:57:2f:5d:eb:c9:fc:b4:
                    17:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C6:D4:24:BC:4F:81:7C:F2:A6:91:10:8C:4F:49:9F:4D:A6:3E:42:79
            X509v3 Authority Key Identifier:
                keyid:57:0F:B0:F1:D8:B8:C1:98:B0:DC:86:15:8A:FB:CB:C5:29:CF:16:BE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Vw-w8di4wZiw3IYVivvLxSnPFr4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/61/0949fc-accd-471f-a9cd-97243e316272/1/xtQkvE-BfPKmkRCMT0mfTaY-Qnk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/61/0949fc-accd-471f-a9cd-97243e316272/1/Vw-w8di4wZiw3IYVivvLxSnPFr4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.4.52.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0c:0c:fb:92:a5:63:0b:16:de:b1:a4:3b:d9:46:d4:71:65:a4:
         4b:f0:71:54:69:88:e2:49:80:cd:a9:35:6b:57:35:d5:dc:21:
         5a:d7:3d:e2:35:96:41:13:ba:f8:f1:e5:ee:62:b6:d6:68:9a:
         31:30:a3:34:85:80:76:1c:91:55:65:1a:fe:2b:e9:f0:6d:d6:
         cb:ab:84:2f:c4:4e:11:4a:79:bd:68:34:0a:6e:f2:2c:42:c6:
         2c:32:60:57:0a:cb:4b:a7:72:1c:7c:12:3b:f1:ba:d2:98:a3:
         68:44:51:4d:f6:9f:02:1d:db:04:b0:2a:6e:2f:e2:b4:9e:25:
         5a:42:5d:99:e5:5d:d2:df:0c:1d:09:b6:77:dc:9c:89:fc:ee:
         6b:64:c3:2b:bd:25:a9:18:da:d9:ef:89:ce:99:26:65:f8:cd:
         fd:11:c5:9b:68:61:c9:bd:47:a2:4c:6b:1a:d0:6e:5c:09:86:
         c7:71:7a:f1:12:58:10:07:bd:f7:b2:f3:8b:48:8a:f1:8f:fe:
         4c:38:05:44:e1:a8:da:ed:a2:70:75:0d:6b:dd:60:5d:df:9d:
         82:9a:cf:fd:5e:e7:05:a0:3c:f9:59:bf:4d:e0:a0:3c:25:54:
         c0:42:39:c1:13:f0:ef:91:98:11:ae:04:1b:7c:de:72:36:8c:
         10:22:57:b7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQg1inHCV/dCrVECVMjg/b0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU3MGZiMGYxZDhiOGMxOThiMGRjODYxNThhZmJjYmM1Mjlj
ZjE2YmUwHhcNMjUwMTAxMDc0ODEzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNmQ0MjRiYzRmODE3Y2YyYTY5MTEwOGM0ZjQ5OWY0ZGE2M2U0Mjc5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArT0KyoR/wdxoF0vT7NrqygCJZj7F
A4/NyLAl6XDw7Hi2fEsroWxvdvIf8HGDKzHQS9fWZJeW8JL6q/ISG6kMU364zdEx
HT1q7nMFRmkpNBoeP+bC+41DkJtWF0mla0E+luhiQoAKb1dv63F0k+3MssElgnkx
UXCHP0jUymMP98Kqvzy4L03jDVvUHyXAamhikbV2sz7sKfIhf+L6C79F9AY3gLco
+m4B2/MykaNBFF/VOTj0f2pOPsyVfqg4i+XqI7BW45opsJVGU8tIxWDnmiHOhcG4
Bc0PqthV8ZnMpz7bPOR7u6uuu10PPz/S4jxuZMfzH2JzU1cvXevJ/LQX9QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMbUJLxPgXzyppEQjE9Jn02mPkJ5MB8GA1UdIwQY
MBaAFFcPsPHYuMGYsNyGFYr7y8Upzxa+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVnctdzhkaTR3Wml3M0lZVml2dkx4U25QRnI0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82MS8wOTQ5ZmMtYWNjZC00NzFmLWE5Y2Qt
OTcyNDNlMzE2MjcyLzEveHRRa3ZFLUJmUEtta1JDTVQwbWZUYVktUW5rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82MS8wOTQ5ZmMtYWNjZC00NzFmLWE5Y2QtOTcyNDNlMzE2Mjcy
LzEvVnctdzhkaTR3Wml3M0lZVml2dkx4U25QRnI0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwgQ0MA0G
CSqGSIb3DQEBCwUAA4IBAQAMDPuSpWMLFt6xpDvZRtRxZaRL8HFUaYjiSYDNqTVr
VzXV3CFa1z3iNZZBE7r48eXuYrbWaJoxMKM0hYB2HJFVZRr+K+nwbdbLq4QvxE4R
Snm9aDQKbvIsQsYsMmBXCstLp3IcfBI78brSmKNoRFFN9p8CHdsEsCpuL+K0niVa
Ql2Z5V3S3wwdCbZ33JyJ/O5rZMMrvSWpGNrZ74nOmSZl+M39EcWbaGHJvUeiTGsa
0G5cCYbHcXrxElgQB733svOLSIrxj/5MOAVE4aja7aJwdQ1r3WBd352Cms/9XucF
oDz5Wb9N4KA8JVTAQjnBE/DvkZgRrgQbfN5yNowQIle3
-----END CERTIFICATE-----