Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/1-SSgY6BzOPxBiZ2-Wj39kCwFCr8.roa
File:                     1-SSgY6BzOPxBiZ2-Wj39kCwFCr8.roa (raw, json)
Hash identifier:          P974Ni0NaMyMKmbdE7Mo/YiW9G1cCx3Gz1G8svOuKNA=
Subject key identifier:   F9:24:A0:63:A0:73:38:FC:41:89:9D:BE:5A:3D:FD:90:2C:05:0A:BF
Certificate issuer:       /CN=7da5d32d5b09c93c1b5e3fc5a2aa20d746fcfed1
Certificate serial:       0194ACE5C556593CD7595450B164A1F648B4
Authority key identifier: 7D:A5:D3:2D:5B:09:C9:3C:1B:5E:3F:C5:A2:AA:20:D7:46:FC:FE:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/1-SSgY6BzOPxBiZ2-Wj39kCwFCr8.roa
Signing time:             Tue 28 Jan 2025 12:32:06 +0000
ROA not before:           Tue 28 Jan 2025 12:32:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     205220
IP address blocks:        94.176.215.0/24 maxlen: 24
                          212.192.212.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 16 Mar 2025 15:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:ac:e5:c5:56:59:3c:d7:59:54:50:b1:64:a1:f6:48:b4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7da5d32d5b09c93c1b5e3fc5a2aa20d746fcfed1
        Validity
            Not Before: Jan 28 12:32:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f924a063a07338fc41899dbe5a3dfd902c050abf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:74:93:24:57:23:87:ac:a7:08:ed:3c:1e:64:
                    36:49:19:35:9d:2e:b5:20:f0:3a:59:6d:54:fa:f3:
                    44:e8:bd:a2:88:f3:be:db:a7:49:64:dc:d8:37:f8:
                    e8:f8:fb:df:2c:24:f5:f6:ae:ab:d3:42:8c:74:c1:
                    70:cd:ef:52:7f:cc:ac:bc:c9:c2:86:81:16:c0:dc:
                    6f:29:ef:47:ae:b2:cb:49:d9:f0:69:b9:fa:2e:a5:
                    a0:70:ae:64:09:36:23:e5:ac:62:d4:49:2f:a0:c5:
                    af:69:f4:ac:b6:b2:9a:e2:48:d5:5c:30:67:69:9c:
                    71:dc:87:d7:93:6c:ec:4d:47:d6:f3:af:5e:53:3a:
                    a3:be:08:4b:87:14:5f:f7:b0:d3:66:a8:65:52:d2:
                    3e:b6:c0:b6:f0:ea:ff:7a:0b:f6:24:83:b1:f0:b6:
                    f1:c3:2f:bb:1f:0e:af:da:5e:8b:e4:3b:91:d9:93:
                    15:e7:6c:22:a1:dd:44:25:01:2c:1a:74:f4:97:c1:
                    21:62:b5:e7:3f:33:18:22:82:50:30:0c:62:80:8f:
                    85:93:a2:8e:20:b7:a4:a9:c5:71:b0:d4:5c:3e:43:
                    b4:8f:22:9a:42:15:49:ca:dd:8b:6c:89:db:9e:e1:
                    8c:ce:ec:f2:44:aa:66:64:08:a9:ad:dc:dd:69:db:
                    de:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F9:24:A0:63:A0:73:38:FC:41:89:9D:BE:5A:3D:FD:90:2C:05:0A:BF
            X509v3 Authority Key Identifier:
                keyid:7D:A5:D3:2D:5B:09:C9:3C:1B:5E:3F:C5:A2:AA:20:D7:46:FC:FE:D1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/1-SSgY6BzOPxBiZ2-Wj39kCwFCr8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.176.215.0/24
                  212.192.212.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4e:64:da:17:8d:c5:54:4d:17:7e:f7:73:a0:58:38:e2:9f:2c:
         d2:30:d8:0b:20:36:05:02:37:43:67:96:3b:0b:84:33:ef:72:
         18:66:c2:04:55:f5:80:23:ce:12:00:e9:71:c0:b0:fd:d9:f1:
         06:38:c6:ce:48:82:93:31:d9:ea:9a:6b:2d:8d:2e:71:04:e8:
         1c:44:71:c2:fc:a3:78:7a:b9:50:59:26:8b:a0:bf:16:6a:7c:
         1a:4d:65:4e:3a:c2:c2:b4:05:88:0e:1e:3c:0d:16:28:10:6c:
         27:f3:02:11:cb:36:2c:db:e6:d4:b2:d9:f2:2c:a5:8e:49:b7:
         55:a2:9b:ee:b7:24:07:1a:fc:f6:49:ba:2d:4d:78:a1:15:87:
         84:62:d2:45:90:5c:32:32:41:cd:ee:6a:dd:94:91:b2:ba:48:
         2b:05:0d:10:8b:c2:79:a9:ac:b9:9f:1a:bd:a0:3e:2a:42:a4:
         b6:0c:a2:36:59:13:ff:29:65:c0:33:a8:a2:93:a8:70:90:0c:
         ad:47:2f:eb:1f:a0:5f:81:9b:fb:a6:a0:95:54:dc:35:27:ec:
         10:e0:de:aa:60:be:96:bb:1c:a5:b6:3f:7a:da:34:db:0e:2d:
         4d:e7:cd:c8:e7:5f:bc:03:54:53:91:0b:56:e4:db:ac:ac:e9:
         54:43:32:1f
-----BEGIN CERTIFICATE-----
MIIFBDCCA+ygAwIBAgISAZSs5cVWWTzXWVRQsWSh9ki0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkYTVkMzJkNWIwOWM5M2MxYjVlM2ZjNWEyYWEyMGQ3NDZm
Y2ZlZDEwHhcNMjUwMTI4MTIzMjA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmOTI0YTA2M2EwNzMzOGZjNDE4OTlkYmU1YTNkZmQ5MDJjMDUwYWJmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr3STJFcjh6ynCO08HmQ2SRk1nS61
IPA6WW1U+vNE6L2iiPO+26dJZNzYN/jo+PvfLCT19q6r00KMdMFwze9Sf8ysvMnC
hoEWwNxvKe9HrrLLSdnwabn6LqWgcK5kCTYj5axi1EkvoMWvafSstrKa4kjVXDBn
aZxx3IfXk2zsTUfW869eUzqjvghLhxRf97DTZqhlUtI+tsC28Or/egv2JIOx8Lbx
wy+7Hw6v2l6L5DuR2ZMV52wiod1EJQEsGnT0l8EhYrXnPzMYIoJQMAxigI+Fk6KO
ILekqcVxsNRcPkO0jyKaQhVJyt2LbInbnuGMzuzyRKpmZAiprdzdadve6wIDAQAB
o4ICEDCCAgwwHQYDVR0OBBYEFPkkoGOgczj8QYmdvlo9/ZAsBQq/MB8GA1UdIwQY
MBaAFH2l0y1bCck8G14/xaKqINdG/P7RMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmFYVExWc0p5VHdiWGpfRm9xb2cxMGI4X3RFLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni80YjE4ZmItZDNlZC00YjI3LTliZDAt
ZTU4MzlmNDNlNTgzLzEvMS1TU2dZNkJ6T1B4QmlaMi1XajM5a0N3RkNyOC5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNjYvNGIxOGZiLWQzZWQtNGIyNy05YmQwLWU1ODM5ZjQzZTU4
My8xL2ZhWFRMVnNKeVR3YlhqX0ZvcW9nMTBiOF90RS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAlBggrBgEFBQcBBwEB/wQWMBQwEgQCAAEwDAMEAF6w1wME
ANTA1DANBgkqhkiG9w0BAQsFAAOCAQEATmTaF43FVE0XfvdzoFg44p8s0jDYCyA2
BQI3Q2eWOwuEM+9yGGbCBFX1gCPOEgDpccCw/dnxBjjGzkiCkzHZ6pprLY0ucQTo
HERxwvyjeHq5UFkmi6C/Fmp8Gk1lTjrCwrQFiA4ePA0WKBBsJ/MCEcs2LNvm1LLZ
8iyljkm3VaKb7rckBxr89km6LU14oRWHhGLSRZBcMjJBze5q3ZSRsrpIKwUNEIvC
eamsuZ8avaA+KkKktgyiNlkT/yllwDOoopOocJAMrUcv6x+gX4Gb+6aglVTcNSfs
EODeqmC+lrscpbY/eto02w4tTefNyOdfvANUU5ELVuTbrKzpVEMyHw==
-----END CERTIFICATE-----