Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/77/c66ff9-10ea-4b44-9169-c5f670239718/1/7ivcRbHUq4tA4Hz9Wb386VjaBS0.roa
File:                     7ivcRbHUq4tA4Hz9Wb386VjaBS0.roa (raw, json)
Hash identifier:          CGbH34TXJ114G1ywTRowOQ13NrG2LKX6vQJmgAwZZz4=
Subject key identifier:   EE:2B:DC:45:B1:D4:AB:8B:40:E0:7C:FD:59:BD:FC:E9:58:DA:05:2D
Certificate issuer:       /CN=fe24fb2812ae2f3d4d9bb4589dd731e546979109
Certificate serial:       019426D94025DD2A56AD79E10480D3078F21
Authority key identifier: FE:24:FB:28:12:AE:2F:3D:4D:9B:B4:58:9D:D7:31:E5:46:97:91:09
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_iT7KBKuLz1Nm7RYndcx5UaXkQk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/77/c66ff9-10ea-4b44-9169-c5f670239718/1/7ivcRbHUq4tA4Hz9Wb386VjaBS0.roa
Signing time:             Thu 02 Jan 2025 11:49:19 +0000
ROA not before:           Thu 02 Jan 2025 11:49:19 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     42180
IP address blocks:        194.0.140.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/77/c66ff9-10ea-4b44-9169-c5f670239718/1/_iT7KBKuLz1Nm7RYndcx5UaXkQk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/77/c66ff9-10ea-4b44-9169-c5f670239718/1/_iT7KBKuLz1Nm7RYndcx5UaXkQk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_iT7KBKuLz1Nm7RYndcx5UaXkQk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 23:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:d9:40:25:dd:2a:56:ad:79:e1:04:80:d3:07:8f:21
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fe24fb2812ae2f3d4d9bb4589dd731e546979109
        Validity
            Not Before: Jan  2 11:49:19 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ee2bdc45b1d4ab8b40e07cfd59bdfce958da052d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:75:c4:32:9c:fe:21:49:1a:4f:40:22:9b:bf:
                    fc:a6:51:ab:ca:b3:39:e1:0a:ed:8e:de:af:a6:f4:
                    d6:21:a9:a1:0a:f6:d7:90:a6:97:c1:d0:18:19:70:
                    0f:a3:a1:38:22:78:45:a2:e6:8c:56:2c:37:aa:97:
                    c3:ae:24:c5:55:0c:13:7e:28:e2:ea:f5:3d:29:4f:
                    88:23:0d:8f:79:c6:fb:6b:53:e1:c7:1e:0c:c7:91:
                    86:15:e5:87:27:a6:34:03:32:bd:2e:a7:0a:96:50:
                    d6:c3:18:e4:14:ae:ed:e2:68:bf:90:4f:f9:98:17:
                    86:af:5c:4a:42:db:26:f8:84:85:79:09:e2:6f:f1:
                    82:b4:76:86:d3:ed:6b:95:d2:e1:0f:bb:7c:b0:a2:
                    d9:7c:4b:3e:b5:f8:2f:79:13:4b:ce:1f:6a:93:60:
                    2b:a4:f7:b3:03:b4:05:62:b9:cb:9b:89:22:b1:b7:
                    e1:03:68:da:37:92:0c:71:e6:c1:ab:46:c6:bd:ba:
                    d6:59:58:22:91:7a:98:3c:40:50:0d:18:47:15:74:
                    f5:be:14:0c:aa:95:31:49:bd:c5:d6:5e:5a:c5:f6:
                    3e:af:be:28:f6:48:4b:cc:2c:c8:46:51:f7:63:4c:
                    3f:e4:30:96:8f:a8:54:a4:0f:6e:5e:45:d1:bc:6d:
                    51:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EE:2B:DC:45:B1:D4:AB:8B:40:E0:7C:FD:59:BD:FC:E9:58:DA:05:2D
            X509v3 Authority Key Identifier:
                keyid:FE:24:FB:28:12:AE:2F:3D:4D:9B:B4:58:9D:D7:31:E5:46:97:91:09

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_iT7KBKuLz1Nm7RYndcx5UaXkQk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/77/c66ff9-10ea-4b44-9169-c5f670239718/1/7ivcRbHUq4tA4Hz9Wb386VjaBS0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/77/c66ff9-10ea-4b44-9169-c5f670239718/1/_iT7KBKuLz1Nm7RYndcx5UaXkQk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.0.140.0/24

    Signature Algorithm: sha256WithRSAEncryption
         55:3f:06:14:1c:bc:0c:93:45:6b:4d:ac:dc:59:e1:a6:f5:05:
         f0:8b:b1:b6:e1:3c:1b:f8:24:22:68:34:ec:4a:3f:73:f0:96:
         3c:07:e1:fd:99:11:06:3d:23:bf:12:4c:16:db:96:a1:01:75:
         b8:52:6f:5b:9c:7f:c4:62:13:f5:b1:28:4e:91:01:ba:67:c3:
         71:11:4e:bf:4b:30:1a:b3:d2:8c:07:8b:ec:2a:11:56:ad:a5:
         ce:74:6f:42:22:e1:04:fb:7d:da:cf:db:23:3b:04:de:4c:71:
         4b:b8:09:ed:35:c1:06:51:1f:7c:c7:07:cb:58:ee:5c:39:c3:
         ab:38:bc:3c:49:9a:e6:c3:85:b5:d8:9e:96:c9:44:3e:24:01:
         5d:cf:39:8f:ad:1e:8f:3f:19:c2:d4:e4:34:6f:81:d8:cb:f2:
         d0:27:f7:c1:21:d2:d0:7b:30:b5:fa:81:df:27:63:ae:05:80:
         2b:81:4c:4f:4e:48:f8:02:57:1e:a3:d2:8f:54:94:f2:b7:8a:
         84:20:0a:47:b8:85:c2:92:9b:b4:0b:59:94:f5:52:0d:24:a3:
         f3:ea:51:66:50:eb:b9:9c:6b:b0:06:d2:bd:94:69:78:9e:3b:
         e7:b2:1b:fe:20:28:a8:d9:c4:ae:a0:35:75:e6:5d:80:8f:91:
         2d:cb:fb:81
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQm2UAl3SpWrXnhBIDTB48hMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZlMjRmYjI4MTJhZTJmM2Q0ZDliYjQ1ODlkZDczMWU1NDY5
NzkxMDkwHhcNMjUwMTAyMTE0OTE5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZTJiZGM0NWIxZDRhYjhiNDBlMDdjZmQ1OWJkZmNlOTU4ZGEwNTJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAznXEMpz+IUkaT0Aim7/8plGryrM5
4Qrtjt6vpvTWIamhCvbXkKaXwdAYGXAPo6E4InhFouaMViw3qpfDriTFVQwTfiji
6vU9KU+IIw2Pecb7a1Phxx4Mx5GGFeWHJ6Y0AzK9LqcKllDWwxjkFK7t4mi/kE/5
mBeGr1xKQtsm+ISFeQnib/GCtHaG0+1rldLhD7t8sKLZfEs+tfgveRNLzh9qk2Ar
pPezA7QFYrnLm4kisbfhA2jaN5IMcebBq0bGvbrWWVgikXqYPEBQDRhHFXT1vhQM
qpUxSb3F1l5axfY+r74o9khLzCzIRlH3Y0w/5DCWj6hUpA9uXkXRvG1RvQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFO4r3EWx1KuLQOB8/Vm9/OlY2gUtMB8GA1UdIwQY
MBaAFP4k+ygSri89TZu0WJ3XMeVGl5EJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX2lUN0tCS3VMejFObTdSWW5kY3g1VWFYa1FrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Ny9jNjZmZjktMTBlYS00YjQ0LTkxNjkt
YzVmNjcwMjM5NzE4LzEvN2l2Y1JiSFVxNHRBNEh6OVdiMzg2VmphQlMwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Ny9jNjZmZjktMTBlYS00YjQ0LTkxNjktYzVmNjcwMjM5NzE4
LzEvX2lUN0tCS3VMejFObTdSWW5kY3g1VWFYa1FrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwgCMMA0G
CSqGSIb3DQEBCwUAA4IBAQBVPwYUHLwMk0VrTazcWeGm9QXwi7G24Twb+CQiaDTs
Sj9z8JY8B+H9mREGPSO/EkwW25ahAXW4Um9bnH/EYhP1sShOkQG6Z8NxEU6/SzAa
s9KMB4vsKhFWraXOdG9CIuEE+33az9sjOwTeTHFLuAntNcEGUR98xwfLWO5cOcOr
OLw8SZrmw4W12J6WyUQ+JAFdzzmPrR6PPxnC1OQ0b4HYy/LQJ/fBIdLQezC1+oHf
J2OuBYArgUxPTkj4Alceo9KPVJTyt4qEIApHuIXCkpu0C1mU9VINJKPz6lFmUOu5
nGuwBtK9lGl4njvnshv+ICio2cSuoDV15l2Aj5Ety/uB
-----END CERTIFICATE-----