Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/cLaOs2oBwdfS6q5ooLUToapr4lY.roa
File:                     cLaOs2oBwdfS6q5ooLUToapr4lY.roa (raw, json)
Hash identifier:          uYPgNVX9dSLB9y/xJavS1i0mKDOjXQndOIr+dpwZNpY=
Subject key identifier:   70:B6:8E:B3:6A:01:C1:D7:D2:EA:AE:68:A0:B5:13:A1:AA:6B:E2:56
Certificate issuer:       /CN=7da5d32d5b09c93c1b5e3fc5a2aa20d746fcfed1
Certificate serial:       0194ACE130BA9822710EF88B998406B4B5AA
Authority key identifier: 7D:A5:D3:2D:5B:09:C9:3C:1B:5E:3F:C5:A2:AA:20:D7:46:FC:FE:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/cLaOs2oBwdfS6q5ooLUToapr4lY.roa
Signing time:             Tue 28 Jan 2025 12:27:06 +0000
ROA not before:           Tue 28 Jan 2025 12:27:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     216127
IP address blocks:        194.58.33.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 13:01:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:ac:e1:30:ba:98:22:71:0e:f8:8b:99:84:06:b4:b5:aa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7da5d32d5b09c93c1b5e3fc5a2aa20d746fcfed1
        Validity
            Not Before: Jan 28 12:27:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=70b68eb36a01c1d7d2eaae68a0b513a1aa6be256
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:47:42:05:df:0d:b3:8d:28:45:f4:89:23:4f:
                    b2:81:54:4d:9d:f9:dd:4e:b7:ad:6c:ed:a6:3b:c6:
                    59:fd:de:73:11:0b:eb:7d:e4:69:41:4c:90:3c:3e:
                    22:36:20:92:b2:ba:99:2a:0a:56:99:b7:66:e4:3d:
                    db:32:04:e3:29:02:6a:4d:42:1b:82:b1:f8:29:2a:
                    24:e4:23:bd:ef:ad:81:22:e2:b6:2f:9d:c9:f2:26:
                    99:7d:cf:48:2e:54:a1:04:a9:97:bd:16:c7:42:6b:
                    28:42:21:21:d5:1a:70:23:28:0d:52:a4:f8:64:c2:
                    15:27:7e:dc:5c:37:5e:7c:3a:62:0f:33:68:57:89:
                    10:4a:65:4d:0b:4e:6b:af:01:da:93:5a:33:30:9c:
                    ff:8b:73:9e:40:77:ba:1d:ed:c4:c0:14:c0:82:b6:
                    8a:13:b4:ef:7d:10:0f:dc:25:8e:46:76:f6:d6:d8:
                    f2:34:d3:de:8d:3c:41:8d:45:f5:ea:24:7a:87:6a:
                    39:bd:96:c7:b8:3c:7b:d0:0e:4a:8f:b8:2d:c5:09:
                    83:f4:34:0f:87:99:2a:0d:99:16:6b:3f:30:9a:ea:
                    14:a3:80:e0:e6:9c:e4:3e:24:e3:eb:07:6b:41:dc:
                    44:c9:3b:ff:f0:50:01:27:24:48:4d:dd:74:af:4e:
                    26:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                70:B6:8E:B3:6A:01:C1:D7:D2:EA:AE:68:A0:B5:13:A1:AA:6B:E2:56
            X509v3 Authority Key Identifier:
                keyid:7D:A5:D3:2D:5B:09:C9:3C:1B:5E:3F:C5:A2:AA:20:D7:46:FC:FE:D1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/cLaOs2oBwdfS6q5ooLUToapr4lY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.58.33.0/24

    Signature Algorithm: sha256WithRSAEncryption
         46:7f:ae:1a:ba:3c:c3:06:13:23:24:45:af:eb:14:b6:5b:69:
         54:a2:2f:28:16:7e:c9:e4:1e:d3:14:a5:c3:55:ea:a8:c7:dd:
         cb:e3:17:b3:8c:c0:1c:c3:21:2f:b3:07:80:f2:21:0f:cf:0a:
         99:28:f1:83:26:df:57:e6:d2:15:e5:fe:a8:2f:18:d5:6c:7a:
         09:1d:cc:db:03:3e:f2:5c:f2:89:32:4f:1b:ba:4a:83:17:0b:
         5c:cd:f4:86:d0:ae:83:42:95:4c:a2:3a:28:86:fa:d8:58:92:
         de:09:9d:28:d6:e4:50:2f:dc:dc:42:68:3e:b3:26:b0:ff:89:
         1b:b4:6d:cc:9a:3e:8e:4c:65:52:c9:bd:06:c6:d6:3d:ad:51:
         63:37:2f:cb:6b:ae:de:4d:98:50:ca:b3:80:96:d2:f6:fd:c8:
         50:58:98:e9:89:01:c3:b3:a5:98:9f:d3:12:71:cc:99:33:7d:
         19:45:8f:53:c6:cc:1e:fa:27:9a:4c:c9:b3:f3:d6:10:8b:bc:
         62:d4:26:e3:0a:f1:7e:ad:12:4b:6e:27:3a:ec:97:ec:da:01:
         09:de:16:03:5e:bc:1a:7f:9b:f7:bc:ba:bb:77:2f:24:60:88:
         ce:b1:03:28:ad:ee:1d:ad:a6:23:8a:fa:53:39:69:3e:82:6b:
         f7:38:a1:47
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZSs4TC6mCJxDviLmYQGtLWqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkYTVkMzJkNWIwOWM5M2MxYjVlM2ZjNWEyYWEyMGQ3NDZm
Y2ZlZDEwHhcNMjUwMTI4MTIyNzA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MGI2OGViMzZhMDFjMWQ3ZDJlYWFlNjhhMGI1MTNhMWFhNmJlMjU2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwEdCBd8Ns40oRfSJI0+ygVRNnfnd
TretbO2mO8ZZ/d5zEQvrfeRpQUyQPD4iNiCSsrqZKgpWmbdm5D3bMgTjKQJqTUIb
grH4KSok5CO9762BIuK2L53J8iaZfc9ILlShBKmXvRbHQmsoQiEh1RpwIygNUqT4
ZMIVJ37cXDdefDpiDzNoV4kQSmVNC05rrwHak1ozMJz/i3OeQHe6He3EwBTAgraK
E7TvfRAP3CWORnb21tjyNNPejTxBjUX16iR6h2o5vZbHuDx70A5Kj7gtxQmD9DQP
h5kqDZkWaz8wmuoUo4Dg5pzkPiTj6wdrQdxEyTv/8FABJyRITd10r04m+wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHC2jrNqAcHX0uquaKC1E6Gqa+JWMB8GA1UdIwQY
MBaAFH2l0y1bCck8G14/xaKqINdG/P7RMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmFYVExWc0p5VHdiWGpfRm9xb2cxMGI4X3RFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni80YjE4ZmItZDNlZC00YjI3LTliZDAt
ZTU4MzlmNDNlNTgzLzEvY0xhT3Myb0J3ZGZTNnE1b29MVVRvYXByNGxZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni80YjE4ZmItZDNlZC00YjI3LTliZDAtZTU4MzlmNDNlNTgz
LzEvZmFYVExWc0p5VHdiWGpfRm9xb2cxMGI4X3RFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwjohMA0G
CSqGSIb3DQEBCwUAA4IBAQBGf64aujzDBhMjJEWv6xS2W2lUoi8oFn7J5B7TFKXD
Veqox93L4xezjMAcwyEvsweA8iEPzwqZKPGDJt9X5tIV5f6oLxjVbHoJHczbAz7y
XPKJMk8bukqDFwtczfSG0K6DQpVMojoohvrYWJLeCZ0o1uRQL9zcQmg+syaw/4kb
tG3Mmj6OTGVSyb0GxtY9rVFjNy/La67eTZhQyrOAltL2/chQWJjpiQHDs6WYn9MS
ccyZM30ZRY9Txswe+ieaTMmz89YQi7xi1CbjCvF+rRJLbic67Jfs2gEJ3hYDXrwa
f5v3vLq7dy8kYIjOsQMore4draYjivpTOWk+gmv3OKFH
-----END CERTIFICATE-----