Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/rzFfGTSaqc27paG5-NACC0AhHAM.roa
File:                     rzFfGTSaqc27paG5-NACC0AhHAM.roa (raw, json)
Hash identifier:          9yFeGG9Zpg3chpC6XHgpdEzEIyzEjZhMc+y3NpRPxEs=
Subject key identifier:   AF:31:5F:19:34:9A:A9:CD:BB:A5:A1:B9:F8:D0:02:0B:40:21:1C:03
Certificate issuer:       /CN=7da5d32d5b09c93c1b5e3fc5a2aa20d746fcfed1
Certificate serial:       0194ACE30479E9B23C26FA1A85BABB5083F2
Authority key identifier: 7D:A5:D3:2D:5B:09:C9:3C:1B:5E:3F:C5:A2:AA:20:D7:46:FC:FE:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/rzFfGTSaqc27paG5-NACC0AhHAM.roa
Signing time:             Tue 28 Jan 2025 12:29:06 +0000
ROA not before:           Tue 28 Jan 2025 12:29:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     12676
IP address blocks:        194.85.248.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 15 Mar 2025 03:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:ac:e3:04:79:e9:b2:3c:26:fa:1a:85:ba:bb:50:83:f2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7da5d32d5b09c93c1b5e3fc5a2aa20d746fcfed1
        Validity
            Not Before: Jan 28 12:29:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=af315f19349aa9cdbba5a1b9f8d0020b40211c03
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:14:3b:3f:7c:1b:13:aa:31:1d:f6:ac:7c:05:
                    d0:7d:91:b1:96:ed:53:36:da:25:f9:b5:57:67:bc:
                    51:d9:7d:57:51:a3:26:39:c9:db:57:2b:aa:37:a9:
                    e7:8c:34:fe:2d:4a:5f:c2:9f:a8:f6:4e:a6:63:24:
                    36:85:d8:9a:ab:7d:23:80:ce:98:51:65:91:d0:d8:
                    51:47:59:62:4c:47:57:05:0c:9e:6b:2e:fb:0f:62:
                    be:e2:8e:de:a4:b6:23:a9:c9:65:4a:18:f9:5e:76:
                    4f:a4:6f:a7:70:43:15:84:c8:3f:d0:6e:09:98:73:
                    ec:b2:b4:dc:8b:d2:86:f5:8e:d0:88:a6:04:7c:89:
                    a4:1f:e9:16:71:15:ac:70:1c:8a:56:f7:f0:1a:6a:
                    4b:a6:71:45:34:82:d3:6a:3f:fe:20:76:81:9c:df:
                    83:10:cd:35:2c:c0:be:86:05:03:35:ec:8d:35:55:
                    ff:8f:a8:53:27:44:54:18:2a:7b:a3:9f:8e:3e:9d:
                    2c:3c:af:1b:59:37:50:78:73:4e:b8:b9:63:c2:34:
                    26:e8:3b:ca:ca:3b:2f:b0:bb:8d:1f:70:3c:cc:ab:
                    cd:5e:e2:b5:b1:af:60:b1:ab:eb:0a:52:88:7a:f3:
                    95:43:03:05:6c:7e:55:e7:62:c3:83:4f:7d:81:0d:
                    29:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AF:31:5F:19:34:9A:A9:CD:BB:A5:A1:B9:F8:D0:02:0B:40:21:1C:03
            X509v3 Authority Key Identifier:
                keyid:7D:A5:D3:2D:5B:09:C9:3C:1B:5E:3F:C5:A2:AA:20:D7:46:FC:FE:D1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/rzFfGTSaqc27paG5-NACC0AhHAM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.85.248.0/24

    Signature Algorithm: sha256WithRSAEncryption
         30:38:28:d5:28:e1:0d:0a:82:dd:b4:5c:3f:86:dc:db:0b:2a:
         2c:24:92:d2:45:63:9e:67:3a:06:91:f3:f6:67:82:c3:fc:d0:
         40:87:49:fc:1f:ae:15:10:f0:74:a0:fb:c0:27:70:1e:f3:6e:
         f0:ad:9a:fd:fb:01:bf:41:5a:7d:e8:88:cf:98:a3:19:39:23:
         03:f5:41:1b:a2:6b:f7:52:9b:f5:0f:6c:d7:3b:12:74:64:cd:
         55:70:8a:c0:66:7d:f9:53:eb:ca:23:67:12:0e:01:1f:35:5f:
         f6:f7:92:cf:64:15:2f:4d:ab:5c:c9:9c:6f:50:c8:87:83:fd:
         58:c7:66:48:1a:8d:ad:62:03:8c:92:91:cd:56:65:36:b9:5f:
         3d:5d:3f:af:1b:f5:02:73:44:f3:12:94:79:b1:e7:9c:69:73:
         b3:c5:7c:d9:15:5c:9c:53:35:7f:70:44:61:4e:02:82:44:01:
         87:09:f9:86:6d:5b:22:1b:78:29:93:d7:16:b5:65:06:65:4f:
         16:c9:f7:8e:01:5f:ae:2d:1c:59:d0:c1:d2:7e:fe:d4:da:d8:
         1d:64:12:7d:1f:ea:f0:cf:c1:83:40:0f:8a:08:52:d7:2c:f1:
         e3:d8:d8:6a:c7:ad:3b:e5:79:6b:f2:6d:4a:ca:45:9e:c2:57:
         32:d0:40:dc
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZSs4wR56bI8Jvoahbq7UIPyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkYTVkMzJkNWIwOWM5M2MxYjVlM2ZjNWEyYWEyMGQ3NDZm
Y2ZlZDEwHhcNMjUwMTI4MTIyOTA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZjMxNWYxOTM0OWFhOWNkYmJhNWExYjlmOGQwMDIwYjQwMjExYzAzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtBQ7P3wbE6oxHfasfAXQfZGxlu1T
Ntol+bVXZ7xR2X1XUaMmOcnbVyuqN6nnjDT+LUpfwp+o9k6mYyQ2hdiaq30jgM6Y
UWWR0NhRR1liTEdXBQyeay77D2K+4o7epLYjqcllShj5XnZPpG+ncEMVhMg/0G4J
mHPssrTci9KG9Y7QiKYEfImkH+kWcRWscByKVvfwGmpLpnFFNILTaj/+IHaBnN+D
EM01LMC+hgUDNeyNNVX/j6hTJ0RUGCp7o5+OPp0sPK8bWTdQeHNOuLljwjQm6DvK
yjsvsLuNH3A8zKvNXuK1sa9gsavrClKIevOVQwMFbH5V52LDg099gQ0pOQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFK8xXxk0mqnNu6WhufjQAgtAIRwDMB8GA1UdIwQY
MBaAFH2l0y1bCck8G14/xaKqINdG/P7RMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmFYVExWc0p5VHdiWGpfRm9xb2cxMGI4X3RFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni80YjE4ZmItZDNlZC00YjI3LTliZDAt
ZTU4MzlmNDNlNTgzLzEvcnpGZkdUU2FxYzI3cGFHNS1OQUNDMEFoSEFNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni80YjE4ZmItZDNlZC00YjI3LTliZDAtZTU4MzlmNDNlNTgz
LzEvZmFYVExWc0p5VHdiWGpfRm9xb2cxMGI4X3RFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwlX4MA0G
CSqGSIb3DQEBCwUAA4IBAQAwOCjVKOENCoLdtFw/htzbCyosJJLSRWOeZzoGkfP2
Z4LD/NBAh0n8H64VEPB0oPvAJ3Ae827wrZr9+wG/QVp96IjPmKMZOSMD9UEbomv3
Upv1D2zXOxJ0ZM1VcIrAZn35U+vKI2cSDgEfNV/295LPZBUvTatcyZxvUMiHg/1Y
x2ZIGo2tYgOMkpHNVmU2uV89XT+vG/UCc0TzEpR5seecaXOzxXzZFVycUzV/cERh
TgKCRAGHCfmGbVsiG3gpk9cWtWUGZU8WyfeOAV+uLRxZ0MHSfv7U2tgdZBJ9H+rw
z8GDQA+KCFLXLPHj2Nhqx6075Xlr8m1KykWewlcy0EDc
-----END CERTIFICATE-----