Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/70/24875c-f159-464f-a8a7-1119b7fedfec/1/bKPhCw0mFqwfHuOY5bTkew_cDWA.roa
File:                     bKPhCw0mFqwfHuOY5bTkew_cDWA.roa (raw, json)
Hash identifier:          GZO9dwOguzhoWcajFIoo6bMBVjK4nlEVTDqTZEZzar4=
Subject key identifier:   6C:A3:E1:0B:0D:26:16:AC:1F:1E:E3:98:E5:B4:E4:7B:0F:DC:0D:60
Certificate issuer:       /CN=f12b1b68ea1093bcee78d07192e6d8c3f70302cf
Certificate serial:       01942368C9F5B4E9B12A52FAF2BD942848F9
Authority key identifier: F1:2B:1B:68:EA:10:93:BC:EE:78:D0:71:92:E6:D8:C3:F7:03:02:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8SsbaOoQk7zueNBxkubYw_cDAs8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/70/24875c-f159-464f-a8a7-1119b7fedfec/1/bKPhCw0mFqwfHuOY5bTkew_cDWA.roa
Signing time:             Wed 01 Jan 2025 19:47:37 +0000
ROA not before:           Wed 01 Jan 2025 19:47:37 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     39666
IP address blocks:        194.50.114.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/70/24875c-f159-464f-a8a7-1119b7fedfec/1/8SsbaOoQk7zueNBxkubYw_cDAs8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/70/24875c-f159-464f-a8a7-1119b7fedfec/1/8SsbaOoQk7zueNBxkubYw_cDAs8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8SsbaOoQk7zueNBxkubYw_cDAs8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 22:01:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:68:c9:f5:b4:e9:b1:2a:52:fa:f2:bd:94:28:48:f9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f12b1b68ea1093bcee78d07192e6d8c3f70302cf
        Validity
            Not Before: Jan  1 19:47:37 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6ca3e10b0d2616ac1f1ee398e5b4e47b0fdc0d60
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:b5:bc:69:65:34:96:aa:7f:5a:ee:7c:a4:70:
                    16:f2:8f:b7:ab:27:5a:8d:1d:53:89:8d:34:4a:5a:
                    3a:1d:72:bd:48:90:5c:09:7c:e2:bd:bd:14:44:a5:
                    e5:a9:03:6a:4f:8d:cc:39:9a:08:47:f8:cf:10:90:
                    45:36:b3:b6:2d:d6:fd:f8:d9:2e:89:d0:0d:b7:96:
                    bc:5c:18:54:5f:87:be:ae:4b:2a:ad:17:1e:a4:5d:
                    73:31:bf:1c:cc:fd:bf:99:be:36:eb:1d:e7:bb:fb:
                    e1:64:4a:ef:46:dc:47:11:be:9b:05:d4:fd:66:28:
                    bf:83:5b:8a:ae:19:f7:9b:8e:1f:99:4b:02:8a:f0:
                    67:56:0c:4d:7b:84:51:38:0d:fd:29:20:d2:c6:d5:
                    7e:58:bc:25:31:11:fb:66:42:6c:ba:6d:28:b3:55:
                    fa:42:f6:3a:f5:85:3b:4d:24:cc:57:1d:eb:64:86:
                    b1:7c:d9:7f:44:1a:73:ba:72:46:04:ed:9c:f1:ce:
                    bc:ec:b0:32:19:39:b3:c1:b8:64:2d:57:20:c1:86:
                    8b:5f:cd:90:0d:31:6b:7c:09:6f:7c:b8:d6:23:06:
                    17:37:71:84:9f:92:d6:f8:dd:24:78:b4:da:77:38:
                    38:9a:4a:7b:51:98:0e:7a:f1:da:fb:55:b4:5a:54:
                    9e:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6C:A3:E1:0B:0D:26:16:AC:1F:1E:E3:98:E5:B4:E4:7B:0F:DC:0D:60
            X509v3 Authority Key Identifier:
                keyid:F1:2B:1B:68:EA:10:93:BC:EE:78:D0:71:92:E6:D8:C3:F7:03:02:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8SsbaOoQk7zueNBxkubYw_cDAs8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/70/24875c-f159-464f-a8a7-1119b7fedfec/1/bKPhCw0mFqwfHuOY5bTkew_cDWA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/70/24875c-f159-464f-a8a7-1119b7fedfec/1/8SsbaOoQk7zueNBxkubYw_cDAs8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.50.114.0/24

    Signature Algorithm: sha256WithRSAEncryption
         90:1e:c7:e8:b6:5c:51:1f:14:62:4e:36:ef:6a:20:f9:94:65:
         87:89:31:70:e8:01:79:e9:48:dc:de:dc:dd:5a:67:08:3c:15:
         cb:ca:f3:f9:d4:04:67:05:54:54:a9:50:99:36:6c:d9:0a:18:
         a7:7b:14:e6:9e:12:b8:ef:9e:66:5a:6e:ea:73:93:35:b3:6a:
         4f:e7:33:66:35:dd:b0:fb:bc:ee:d6:e3:3e:3a:23:9d:8f:55:
         17:94:71:d5:a5:2d:aa:bd:1a:65:06:e0:4f:73:bc:ef:c9:4a:
         8a:20:82:62:b4:a4:15:60:51:64:b4:07:dc:2b:46:39:f9:b6:
         29:da:51:90:20:86:10:3e:c7:77:46:79:5b:50:c1:2c:99:49:
         88:72:91:4b:16:7f:ee:87:b1:b7:2f:15:d0:30:8e:2d:c0:fe:
         8e:fe:65:c4:12:f1:ef:52:7e:d3:37:9c:03:d1:72:32:14:82:
         4a:85:41:5a:d8:35:d3:1a:86:c9:75:7e:07:fc:f5:9a:50:6f:
         b0:48:b9:9f:98:03:8b:74:13:68:df:a0:50:df:fc:01:48:26:
         f7:45:29:65:fd:87:e8:f0:48:27:d7:27:4e:b5:f7:c4:49:31:
         34:ae:e5:20:70:b6:3d:d1:9f:8f:e3:bb:aa:0a:2f:09:27:bf:
         d2:d6:9f:9a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQjaMn1tOmxKlL68r2UKEj5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYxMmIxYjY4ZWExMDkzYmNlZTc4ZDA3MTkyZTZkOGMzZjcw
MzAyY2YwHhcNMjUwMTAxMTk0NzM3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2Y2EzZTEwYjBkMjYxNmFjMWYxZWUzOThlNWI0ZTQ3YjBmZGMwZDYwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm7W8aWU0lqp/Wu58pHAW8o+3qyda
jR1TiY00Slo6HXK9SJBcCXzivb0URKXlqQNqT43MOZoIR/jPEJBFNrO2Ldb9+Nku
idANt5a8XBhUX4e+rksqrRcepF1zMb8czP2/mb426x3nu/vhZErvRtxHEb6bBdT9
Zii/g1uKrhn3m44fmUsCivBnVgxNe4RROA39KSDSxtV+WLwlMRH7ZkJsum0os1X6
QvY69YU7TSTMVx3rZIaxfNl/RBpzunJGBO2c8c687LAyGTmzwbhkLVcgwYaLX82Q
DTFrfAlvfLjWIwYXN3GEn5LW+N0keLTadzg4mkp7UZgOevHa+1W0WlSe2wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGyj4QsNJhasHx7jmOW05HsP3A1gMB8GA1UdIwQY
MBaAFPErG2jqEJO87njQcZLm2MP3AwLPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOFNzYmFPb1FrN3p1ZU5CeGt1Yll3X2NEQXM4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MC8yNDg3NWMtZjE1OS00NjRmLWE4YTct
MTExOWI3ZmVkZmVjLzEvYktQaEN3MG1GcXdmSHVPWTViVGtld19jRFdBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MC8yNDg3NWMtZjE1OS00NjRmLWE4YTctMTExOWI3ZmVkZmVj
LzEvOFNzYmFPb1FrN3p1ZU5CeGt1Yll3X2NEQXM4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwjJyMA0G
CSqGSIb3DQEBCwUAA4IBAQCQHsfotlxRHxRiTjbvaiD5lGWHiTFw6AF56Ujc3tzd
WmcIPBXLyvP51ARnBVRUqVCZNmzZChinexTmnhK4755mWm7qc5M1s2pP5zNmNd2w
+7zu1uM+OiOdj1UXlHHVpS2qvRplBuBPc7zvyUqKIIJitKQVYFFktAfcK0Y5+bYp
2lGQIIYQPsd3RnlbUMEsmUmIcpFLFn/uh7G3LxXQMI4twP6O/mXEEvHvUn7TN5wD
0XIyFIJKhUFa2DXTGobJdX4H/PWaUG+wSLmfmAOLdBNo36BQ3/wBSCb3RSll/Yfo
8Egn1ydOtffESTE0ruUgcLY90Z+P47uqCi8JJ7/S1p+a
-----END CERTIFICATE-----