Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/nH3kSK4laB5MMPpMWK9j3r5FIdI.roa
File:                     nH3kSK4laB5MMPpMWK9j3r5FIdI.roa (raw, json)
Hash identifier:          49e5HCOxqfigUPyAobJDI0/99EqZRK3/mHOQzh9hPvY=
Subject key identifier:   9C:7D:E4:48:AE:25:68:1E:4C:30:FA:4C:58:AF:63:DE:BE:45:21:D2
Certificate issuer:       /CN=7da5d32d5b09c93c1b5e3fc5a2aa20d746fcfed1
Certificate serial:       01942827732AEB25507C49B6BC3DF37FF70F
Authority key identifier: 7D:A5:D3:2D:5B:09:C9:3C:1B:5E:3F:C5:A2:AA:20:D7:46:FC:FE:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/nH3kSK4laB5MMPpMWK9j3r5FIdI.roa
Signing time:             Thu 02 Jan 2025 17:54:21 +0000
ROA not before:           Thu 02 Jan 2025 17:54:21 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214577
IP address blocks:        128.0.1.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 09:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:28:27:73:2a:eb:25:50:7c:49:b6:bc:3d:f3:7f:f7:0f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7da5d32d5b09c93c1b5e3fc5a2aa20d746fcfed1
        Validity
            Not Before: Jan  2 17:54:21 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9c7de448ae25681e4c30fa4c58af63debe4521d2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:ab:a6:71:ba:20:70:a1:cd:fe:1d:c8:8b:51:
                    46:67:a7:c9:93:b0:bd:c1:b2:31:b7:59:92:2e:5a:
                    b7:bd:07:cb:f1:7b:71:f1:e2:17:b3:14:4c:35:73:
                    fd:95:8a:96:ae:84:c2:8f:55:ab:e5:45:8d:27:0a:
                    b3:2a:22:a8:7d:18:0c:d4:ff:95:75:25:a1:b6:79:
                    ec:3e:01:58:0c:40:21:43:01:e3:4a:3b:e2:7c:8e:
                    b4:ad:cd:e1:e5:b5:68:95:ec:7d:41:83:a3:34:75:
                    37:e1:60:14:75:cb:c2:6b:b8:eb:d4:e2:29:43:65:
                    41:d4:fb:35:78:0e:27:30:9a:9b:cc:49:7b:1c:60:
                    22:b0:9f:ec:2e:41:07:95:14:02:9c:cc:16:3e:17:
                    d4:b5:b5:e1:2c:68:84:06:c2:d2:8b:1c:2c:be:2b:
                    1e:9e:cf:a1:00:3a:ab:1c:17:14:f2:1f:49:18:90:
                    1e:70:c3:8f:10:6a:a1:3f:66:14:e5:92:28:7b:7d:
                    bc:6c:2f:de:54:8b:66:d5:44:31:b2:f2:61:d8:ed:
                    71:b9:33:2c:78:66:e7:8b:9b:a8:68:b7:77:49:d6:
                    be:77:95:a5:30:2c:2c:1e:9f:ef:3b:9a:95:20:0f:
                    e1:bb:5f:00:21:49:38:38:06:59:aa:e8:1f:69:2b:
                    63:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9C:7D:E4:48:AE:25:68:1E:4C:30:FA:4C:58:AF:63:DE:BE:45:21:D2
            X509v3 Authority Key Identifier:
                keyid:7D:A5:D3:2D:5B:09:C9:3C:1B:5E:3F:C5:A2:AA:20:D7:46:FC:FE:D1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/nH3kSK4laB5MMPpMWK9j3r5FIdI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  128.0.1.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5f:ed:a2:bb:05:b8:48:6d:5b:17:e3:48:85:52:bd:38:9a:83:
         63:77:15:89:67:41:80:ec:74:54:da:de:6a:2a:ad:84:16:26:
         f3:01:b3:f5:d2:55:80:cb:dc:bb:37:e2:df:f9:91:84:0c:11:
         54:ad:a8:d1:ef:7b:8c:18:4b:11:13:1b:2a:21:ed:f1:2d:a5:
         ec:31:dd:47:be:c1:d6:5e:81:24:bb:7e:52:b2:86:da:eb:54:
         20:c6:c5:05:07:f6:ed:ec:e3:2e:8f:66:0f:7f:4a:bf:17:29:
         35:e4:6f:e9:92:00:c3:63:aa:6f:4f:2b:a8:36:cc:50:0e:2d:
         ad:e2:8c:55:14:f6:5d:7b:d7:ae:30:80:4d:83:53:1d:ff:a5:
         4c:4c:31:78:c7:58:74:ba:57:cf:7c:6e:ed:ba:0a:d2:76:a5:
         af:b3:21:a9:6c:5d:ae:23:9c:c4:66:5b:b4:56:10:19:c7:e4:
         63:d2:83:0e:a7:15:70:83:bf:d2:e0:28:f2:ee:87:4a:ff:2e:
         9f:ab:fb:22:fe:f1:4d:bf:d5:ea:00:5f:7e:58:14:e3:c8:c9:
         2e:bc:7e:6e:34:8f:88:93:1d:c4:6e:84:a4:72:1d:f2:3c:be:
         a4:86:20:fd:45:08:ff:ef:26:f3:3e:85:a1:e5:43:c5:5e:1a:
         31:39:f0:60
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQoJ3Mq6yVQfEm2vD3zf/cPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkYTVkMzJkNWIwOWM5M2MxYjVlM2ZjNWEyYWEyMGQ3NDZm
Y2ZlZDEwHhcNMjUwMTAyMTc1NDIxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YzdkZTQ0OGFlMjU2ODFlNGMzMGZhNGM1OGFmNjNkZWJlNDUyMWQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq6umcbogcKHN/h3Ii1FGZ6fJk7C9
wbIxt1mSLlq3vQfL8Xtx8eIXsxRMNXP9lYqWroTCj1Wr5UWNJwqzKiKofRgM1P+V
dSWhtnnsPgFYDEAhQwHjSjvifI60rc3h5bVolex9QYOjNHU34WAUdcvCa7jr1OIp
Q2VB1Ps1eA4nMJqbzEl7HGAisJ/sLkEHlRQCnMwWPhfUtbXhLGiEBsLSixwsvise
ns+hADqrHBcU8h9JGJAecMOPEGqhP2YU5ZIoe328bC/eVItm1UQxsvJh2O1xuTMs
eGbni5uoaLd3Sda+d5WlMCwsHp/vO5qVIA/hu18AIUk4OAZZqugfaStjOwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJx95EiuJWgeTDD6TFivY96+RSHSMB8GA1UdIwQY
MBaAFH2l0y1bCck8G14/xaKqINdG/P7RMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmFYVExWc0p5VHdiWGpfRm9xb2cxMGI4X3RFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni80YjE4ZmItZDNlZC00YjI3LTliZDAt
ZTU4MzlmNDNlNTgzLzEvbkgza1NLNGxhQjVNTVBwTVdLOWozcjVGSWRJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni80YjE4ZmItZDNlZC00YjI3LTliZDAtZTU4MzlmNDNlNTgz
LzEvZmFYVExWc0p5VHdiWGpfRm9xb2cxMGI4X3RFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAgAABMA0G
CSqGSIb3DQEBCwUAA4IBAQBf7aK7BbhIbVsX40iFUr04moNjdxWJZ0GA7HRU2t5q
Kq2EFibzAbP10lWAy9y7N+Lf+ZGEDBFUrajR73uMGEsRExsqIe3xLaXsMd1HvsHW
XoEku35Ssoba61QgxsUFB/bt7OMuj2YPf0q/Fyk15G/pkgDDY6pvTyuoNsxQDi2t
4oxVFPZde9euMIBNg1Md/6VMTDF4x1h0ulfPfG7tugrSdqWvsyGpbF2uI5zEZlu0
VhAZx+Rj0oMOpxVwg7/S4Cjy7odK/y6fq/si/vFNv9XqAF9+WBTjyMkuvH5uNI+I
kx3EboSkch3yPL6khiD9RQj/7ybzPoWh5UPFXhoxOfBg
-----END CERTIFICATE-----