Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7e/077a53-314b-4004-8f1e-def0cc34e008/1/5p4iEJjCWHg2NCuzUgou4J5Rpxg.roa
File:                     5p4iEJjCWHg2NCuzUgou4J5Rpxg.roa (raw, json)
Hash identifier:          NfyhhVjM+im96vYLz64L3GHHSJz/s1weqZvBCCm8Yaw=
Subject key identifier:   E6:9E:22:10:98:C2:58:78:36:34:2B:B3:52:0A:2E:E0:9E:51:A7:18
Certificate issuer:       /CN=da7148d75bdc39ce9dd2e3bdaa75847b17b34ecb
Certificate serial:       019425219DE1ADEA4004B1FF6DA74AF1028A
Authority key identifier: DA:71:48:D7:5B:DC:39:CE:9D:D2:E3:BD:AA:75:84:7B:17:B3:4E:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2nFI11vcOc6d0uO9qnWEexezTss.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7e/077a53-314b-4004-8f1e-def0cc34e008/1/5p4iEJjCWHg2NCuzUgou4J5Rpxg.roa
Signing time:             Thu 02 Jan 2025 03:49:07 +0000
ROA not before:           Thu 02 Jan 2025 03:49:07 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     48441
IP address blocks:        94.247.56.0/21 maxlen: 21
                          185.33.236.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7e/077a53-314b-4004-8f1e-def0cc34e008/1/2nFI11vcOc6d0uO9qnWEexezTss.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7e/077a53-314b-4004-8f1e-def0cc34e008/1/2nFI11vcOc6d0uO9qnWEexezTss.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2nFI11vcOc6d0uO9qnWEexezTss.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 13 Apr 2025 23:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:21:9d:e1:ad:ea:40:04:b1:ff:6d:a7:4a:f1:02:8a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=da7148d75bdc39ce9dd2e3bdaa75847b17b34ecb
        Validity
            Not Before: Jan  2 03:49:07 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e69e221098c2587836342bb3520a2ee09e51a718
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:a5:fa:f4:c3:b8:d6:d4:d7:3b:47:32:cf:ca:
                    e1:e6:65:62:5e:b3:1a:52:5d:26:5c:98:6c:5f:16:
                    9c:fb:a8:b9:88:44:69:7d:1b:7b:06:97:2c:ee:61:
                    df:c1:ad:45:88:47:1e:c9:47:05:18:32:06:00:bd:
                    11:b5:7d:42:2b:d8:5f:8a:7b:ae:ac:8e:5f:91:00:
                    aa:4b:52:5b:b7:0f:09:b6:0d:e8:b8:85:86:ff:a8:
                    ac:b2:0c:bc:9c:06:5d:d8:6a:41:3a:68:ec:f2:5c:
                    2b:81:8c:98:34:23:66:d8:6a:ce:e8:30:61:db:2b:
                    93:1e:2f:e0:a1:a0:0a:84:7b:07:ac:ac:d8:42:6b:
                    b9:f1:2b:86:70:4c:2d:3a:ad:c3:6f:5f:04:49:1f:
                    27:4d:24:4a:e5:47:28:c2:00:02:25:f4:e9:bc:6b:
                    f3:39:09:aa:b5:aa:92:05:2b:9e:6a:d4:f3:a3:d4:
                    26:a0:0f:33:ff:84:62:b6:6f:bf:b8:a2:54:6f:26:
                    4f:7d:85:61:a2:f7:3f:bc:71:ff:b3:90:f5:e0:3a:
                    fc:65:9d:8b:30:01:d6:eb:f1:a4:61:68:f4:56:f5:
                    5f:fa:9b:04:b3:cb:fc:63:e2:64:4a:9e:4a:45:4f:
                    71:91:08:78:38:b2:bd:9b:1a:09:15:d2:a9:9d:74:
                    3a:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E6:9E:22:10:98:C2:58:78:36:34:2B:B3:52:0A:2E:E0:9E:51:A7:18
            X509v3 Authority Key Identifier:
                keyid:DA:71:48:D7:5B:DC:39:CE:9D:D2:E3:BD:AA:75:84:7B:17:B3:4E:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2nFI11vcOc6d0uO9qnWEexezTss.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7e/077a53-314b-4004-8f1e-def0cc34e008/1/5p4iEJjCWHg2NCuzUgou4J5Rpxg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7e/077a53-314b-4004-8f1e-def0cc34e008/1/2nFI11vcOc6d0uO9qnWEexezTss.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.247.56.0/21
                  185.33.236.0/22

    Signature Algorithm: sha256WithRSAEncryption
         86:2e:6c:7b:93:f7:89:72:d6:a5:5e:12:8c:dc:0c:a0:99:4b:
         d9:5f:34:02:fa:2e:56:7d:88:b6:ea:2d:ce:b2:f3:a1:0c:75:
         b2:68:96:b6:29:a3:3c:ef:39:83:de:ce:e3:62:dc:09:e7:3a:
         3f:4f:a3:b1:a7:14:37:d6:f8:e1:0f:16:76:51:97:93:f3:b8:
         da:b9:05:54:2a:24:6f:98:6e:dd:25:18:b6:e8:ed:38:37:5b:
         29:96:a3:e4:82:64:f1:00:12:29:d3:d0:0d:09:51:af:c7:72:
         a7:1f:5a:33:1e:b0:d8:ae:dd:50:fc:25:24:94:c7:7a:70:1d:
         c5:27:0c:2b:2b:d7:cf:0b:ad:7d:8e:4b:21:16:4c:03:76:22:
         58:7b:3c:4b:fe:e0:9a:51:1d:0b:f0:cb:3a:79:7e:2a:1b:69:
         b9:9e:dc:e9:70:9b:c4:31:c0:40:a1:c9:3d:6f:5c:60:bf:af:
         63:37:58:61:8e:1e:d8:a7:06:84:aa:d6:d8:e1:5c:25:62:96:
         66:ce:05:31:92:5e:81:c5:83:ca:c7:17:0b:ab:31:6e:40:4e:
         5b:96:82:08:74:3b:71:65:e2:fb:c9:6f:8c:c5:9d:d2:0b:d2:
         07:bf:70:81:05:dc:15:68:9c:a6:33:19:e4:52:8f:c1:0b:26:
         d6:fa:e4:7c
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQlIZ3hrepABLH/badK8QKKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRhNzE0OGQ3NWJkYzM5Y2U5ZGQyZTNiZGFhNzU4NDdiMTdi
MzRlY2IwHhcNMjUwMTAyMDM0OTA3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNjllMjIxMDk4YzI1ODc4MzYzNDJiYjM1MjBhMmVlMDllNTFhNzE4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApaX69MO41tTXO0cyz8rh5mViXrMa
Ul0mXJhsXxac+6i5iERpfRt7Bpcs7mHfwa1FiEceyUcFGDIGAL0RtX1CK9hfinuu
rI5fkQCqS1Jbtw8Jtg3ouIWG/6issgy8nAZd2GpBOmjs8lwrgYyYNCNm2GrO6DBh
2yuTHi/goaAKhHsHrKzYQmu58SuGcEwtOq3Db18ESR8nTSRK5UcowgACJfTpvGvz
OQmqtaqSBSueatTzo9QmoA8z/4Ritm+/uKJUbyZPfYVhovc/vHH/s5D14Dr8ZZ2L
MAHW6/GkYWj0VvVf+psEs8v8Y+JkSp5KRU9xkQh4OLK9mxoJFdKpnXQ6AwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFOaeIhCYwlh4NjQrs1IKLuCeUacYMB8GA1UdIwQY
MBaAFNpxSNdb3DnOndLjvap1hHsXs07LMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMm5GSTExdmNPYzZkMHVPOXFuV0VleGV6VHNzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83ZS8wNzdhNTMtMzE0Yi00MDA0LThmMWUt
ZGVmMGNjMzRlMDA4LzEvNXA0aUVKakNXSGcyTkN1elVnb3U0SjVScHhnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83ZS8wNzdhNTMtMzE0Yi00MDA0LThmMWUtZGVmMGNjMzRlMDA4
LzEvMm5GSTExdmNPYzZkMHVPOXFuV0VleGV6VHNzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQDXvc4AwQC
uSHsMA0GCSqGSIb3DQEBCwUAA4IBAQCGLmx7k/eJctalXhKM3AygmUvZXzQC+i5W
fYi26i3OsvOhDHWyaJa2KaM87zmD3s7jYtwJ5zo/T6OxpxQ31vjhDxZ2UZeT87ja
uQVUKiRvmG7dJRi26O04N1splqPkgmTxABIp09ANCVGvx3KnH1ozHrDYrt1Q/CUk
lMd6cB3FJwwrK9fPC619jkshFkwDdiJYezxL/uCaUR0L8Ms6eX4qG2m5ntzpcJvE
McBAock9b1xgv69jN1hhjh7YpwaEqtbY4VwlYpZmzgUxkl6BxYPKxxcLqzFuQE5b
loIIdDtxZeL7yW+MxZ3SC9IHv3CBBdwVaJymMxnkUo/BCybW+uR8
-----END CERTIFICATE-----