Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/RmQfZ4BVG_A9-jULEyFqgtQ3E9c.roa
File:                     RmQfZ4BVG_A9-jULEyFqgtQ3E9c.roa (raw, json)
Hash identifier:          6aau0QvJAnDOgnSlVxzkKmMD9BQ8VJeDA0W19MBM31c=
Subject key identifier:   46:64:1F:67:80:55:1B:F0:3D:FA:35:0B:13:21:6A:82:D4:37:13:D7
Certificate issuer:       /CN=7da5d32d5b09c93c1b5e3fc5a2aa20d746fcfed1
Certificate serial:       0194ACE5C68096A4EB5CBBA9C7164E32FFFF
Authority key identifier: 7D:A5:D3:2D:5B:09:C9:3C:1B:5E:3F:C5:A2:AA:20:D7:46:FC:FE:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/RmQfZ4BVG_A9-jULEyFqgtQ3E9c.roa
Signing time:             Tue 28 Jan 2025 12:32:07 +0000
ROA not before:           Tue 28 Jan 2025 12:32:07 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213028
IP address blocks:        194.135.124.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 15 Mar 2025 03:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:ac:e5:c6:80:96:a4:eb:5c:bb:a9:c7:16:4e:32:ff:ff
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7da5d32d5b09c93c1b5e3fc5a2aa20d746fcfed1
        Validity
            Not Before: Jan 28 12:32:07 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=46641f6780551bf03dfa350b13216a82d43713d7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:3e:66:10:2b:2f:2b:8b:bf:27:31:43:85:15:
                    b9:e7:96:73:35:d8:bd:46:de:69:66:de:4a:7e:8c:
                    1a:8d:5e:bb:85:3c:d4:32:50:39:47:b9:c4:2f:56:
                    7c:7f:3a:d9:8d:08:e2:7a:06:96:7d:c6:51:1b:d7:
                    42:e0:55:a9:d1:b5:3d:f3:22:a1:69:68:e1:c6:8a:
                    76:24:6b:21:08:90:1b:17:cf:13:2c:2f:d2:89:91:
                    53:11:02:a9:eb:0b:1c:6e:ac:f6:56:d1:87:9e:5e:
                    3a:81:a6:3d:07:14:5a:50:50:90:9c:a9:18:d6:b6:
                    f1:de:03:52:60:45:a2:63:1c:50:af:a7:8d:0e:2a:
                    43:36:37:61:fa:56:ab:4f:b0:74:bd:fb:f1:1b:83:
                    29:0e:75:35:cc:4b:c3:fe:f8:7b:32:06:ac:3b:a7:
                    f6:5f:a1:a7:eb:2c:e6:06:a5:a0:5c:a6:09:fd:32:
                    36:08:ce:a6:7b:d0:fb:31:a3:e7:8d:a5:d7:5a:54:
                    80:ca:63:02:5d:c8:ad:ae:06:90:c2:f7:c0:0b:29:
                    e0:89:87:1f:1d:c8:7c:e2:1b:c5:98:de:85:b0:40:
                    6a:54:a0:d3:b9:b8:12:f8:8b:6f:f0:55:46:71:a3:
                    cb:7d:e1:ad:db:57:54:ef:c2:67:5d:08:5d:a4:91:
                    cd:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                46:64:1F:67:80:55:1B:F0:3D:FA:35:0B:13:21:6A:82:D4:37:13:D7
            X509v3 Authority Key Identifier:
                keyid:7D:A5:D3:2D:5B:09:C9:3C:1B:5E:3F:C5:A2:AA:20:D7:46:FC:FE:D1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/RmQfZ4BVG_A9-jULEyFqgtQ3E9c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.135.124.0/24

    Signature Algorithm: sha256WithRSAEncryption
         91:2c:0e:19:23:6f:03:65:c6:87:e3:5f:7c:49:17:29:b4:e7:
         49:25:99:e1:58:31:bd:b9:48:3d:bf:d5:b4:f7:fa:71:8c:d9:
         6a:08:93:72:77:69:b3:2c:53:76:86:d1:fa:f6:bd:b6:12:ee:
         f9:0b:cf:d2:8e:c9:4e:b9:06:8b:3d:ba:5b:c1:97:aa:59:7a:
         cc:6e:64:aa:82:8f:82:ca:be:34:f0:a6:c3:c6:59:a0:0b:f9:
         ce:b3:59:4e:11:38:28:f1:c6:a9:15:da:cc:59:e4:ff:46:9c:
         6c:99:1a:18:6a:15:72:53:bc:1b:57:37:0c:d8:9b:6f:6f:43:
         19:b4:5e:41:ae:2e:5b:cb:57:8c:24:8d:72:af:f2:08:66:f1:
         25:4e:87:00:4c:2d:d6:e1:5d:73:62:02:bc:44:8f:ad:64:09:
         92:62:f4:0d:92:43:b0:05:5d:aa:5a:32:75:64:f0:51:af:56:
         68:4b:ad:3e:d7:02:7a:b6:84:b3:f5:12:f6:71:e6:fc:71:de:
         ee:e3:74:06:db:59:83:f3:83:6b:2c:f5:90:e8:f5:ac:31:87:
         1c:a1:16:a7:43:50:6d:f6:63:67:f5:8b:c7:fe:d9:b8:c0:e5:
         12:31:bc:bc:34:1b:41:0c:a0:05:c0:96:7c:98:55:4d:26:02:
         0c:cc:42:56
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZSs5caAlqTrXLupxxZOMv//MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkYTVkMzJkNWIwOWM5M2MxYjVlM2ZjNWEyYWEyMGQ3NDZm
Y2ZlZDEwHhcNMjUwMTI4MTIzMjA3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NjY0MWY2NzgwNTUxYmYwM2RmYTM1MGIxMzIxNmE4MmQ0MzcxM2Q3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxD5mECsvK4u/JzFDhRW555ZzNdi9
Rt5pZt5KfowajV67hTzUMlA5R7nEL1Z8fzrZjQjiegaWfcZRG9dC4FWp0bU98yKh
aWjhxop2JGshCJAbF88TLC/SiZFTEQKp6wscbqz2VtGHnl46gaY9BxRaUFCQnKkY
1rbx3gNSYEWiYxxQr6eNDipDNjdh+larT7B0vfvxG4MpDnU1zEvD/vh7MgasO6f2
X6Gn6yzmBqWgXKYJ/TI2CM6me9D7MaPnjaXXWlSAymMCXcitrgaQwvfACyngiYcf
Hch84hvFmN6FsEBqVKDTubgS+Itv8FVGcaPLfeGt21dU78JnXQhdpJHN/QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEZkH2eAVRvwPfo1CxMhaoLUNxPXMB8GA1UdIwQY
MBaAFH2l0y1bCck8G14/xaKqINdG/P7RMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmFYVExWc0p5VHdiWGpfRm9xb2cxMGI4X3RFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni80YjE4ZmItZDNlZC00YjI3LTliZDAt
ZTU4MzlmNDNlNTgzLzEvUm1RZlo0QlZHX0E5LWpVTEV5RnFndFEzRTljLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni80YjE4ZmItZDNlZC00YjI3LTliZDAtZTU4MzlmNDNlNTgz
LzEvZmFYVExWc0p5VHdiWGpfRm9xb2cxMGI4X3RFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwod8MA0G
CSqGSIb3DQEBCwUAA4IBAQCRLA4ZI28DZcaH4198SRcptOdJJZnhWDG9uUg9v9W0
9/pxjNlqCJNyd2mzLFN2htH69r22Eu75C8/SjslOuQaLPbpbwZeqWXrMbmSqgo+C
yr408KbDxlmgC/nOs1lOETgo8capFdrMWeT/RpxsmRoYahVyU7wbVzcM2Jtvb0MZ
tF5Bri5by1eMJI1yr/IIZvElTocATC3W4V1zYgK8RI+tZAmSYvQNkkOwBV2qWjJ1
ZPBRr1ZoS60+1wJ6toSz9RL2ceb8cd7u43QG21mD84NrLPWQ6PWsMYccoRanQ1Bt
9mNn9YvH/tm4wOUSMby8NBtBDKAFwJZ8mFVNJgIMzEJW
-----END CERTIFICATE-----