Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7f/a5b368-3313-4132-9897-d017957ea39e/1/RK9xACY5XxzSQaeBbJjDwmPGdFw.roa
File:                     RK9xACY5XxzSQaeBbJjDwmPGdFw.roa (raw, json)
Hash identifier:          Z9/aIdSLDIxdeAqdfXn6u/SeZl9dpZ2YPR093LrIQCs=
Subject key identifier:   44:AF:71:00:26:39:5F:1C:D2:41:A7:81:6C:98:C3:C2:63:C6:74:5C
Certificate issuer:       /CN=04b1e756edb1c3bd2f57669f582bf6a951b83f48
Certificate serial:       019425220D141387D230363915AF8A220029
Authority key identifier: 04:B1:E7:56:ED:B1:C3:BD:2F:57:66:9F:58:2B:F6:A9:51:B8:3F:48
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BLHnVu2xw70vV2afWCv2qVG4P0g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7f/a5b368-3313-4132-9897-d017957ea39e/1/RK9xACY5XxzSQaeBbJjDwmPGdFw.roa
Signing time:             Thu 02 Jan 2025 03:49:36 +0000
ROA not before:           Thu 02 Jan 2025 03:49:36 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     680
IP address blocks:        192.124.245.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7f/a5b368-3313-4132-9897-d017957ea39e/1/BLHnVu2xw70vV2afWCv2qVG4P0g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7f/a5b368-3313-4132-9897-d017957ea39e/1/BLHnVu2xw70vV2afWCv2qVG4P0g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BLHnVu2xw70vV2afWCv2qVG4P0g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 13 Apr 2025 05:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:22:0d:14:13:87:d2:30:36:39:15:af:8a:22:00:29
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=04b1e756edb1c3bd2f57669f582bf6a951b83f48
        Validity
            Not Before: Jan  2 03:49:36 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=44af710026395f1cd241a7816c98c3c263c6745c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:86:60:5c:48:9f:a4:53:8d:b4:5e:6b:bc:ac:
                    04:dd:12:ba:59:55:42:ed:c6:4c:a8:11:04:c9:c6:
                    02:60:52:ed:3d:84:2f:91:39:cc:6d:95:e8:55:67:
                    78:92:02:a5:06:ae:0f:6f:a9:25:fe:75:fd:f9:3a:
                    63:9c:29:bb:6f:8b:95:fe:17:b6:60:ef:18:c9:c7:
                    62:3c:0b:b1:17:df:fc:5c:bc:c9:7a:c0:b9:d4:e5:
                    0b:fc:4a:fc:74:7c:1a:56:12:67:87:3f:62:6c:16:
                    05:a1:2f:17:a8:e2:4a:7e:1e:a1:c1:6f:b1:6c:28:
                    a7:bb:55:17:89:7c:b1:e6:1a:41:3c:a9:61:68:0c:
                    55:ca:95:bd:0f:dd:c4:87:9b:2e:c6:33:cf:a0:0c:
                    e6:f0:4a:e9:a7:50:1c:40:5e:64:7d:9d:5f:bb:1c:
                    fd:55:91:43:53:0d:d2:17:7e:82:fc:1f:13:14:e7:
                    dd:76:8c:10:3f:88:3f:bb:c9:a2:6e:1c:dc:f2:31:
                    cd:7c:a8:16:f3:b4:b9:8d:f8:91:ec:8d:8b:c0:42:
                    a7:99:94:bc:27:8b:69:af:e3:c4:a7:2a:2d:c4:ad:
                    0c:2e:80:08:b6:6e:5b:a3:6e:8e:02:7e:8e:8a:68:
                    3d:12:ff:74:29:93:42:86:ec:bf:15:6d:42:ca:e9:
                    d4:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                44:AF:71:00:26:39:5F:1C:D2:41:A7:81:6C:98:C3:C2:63:C6:74:5C
            X509v3 Authority Key Identifier:
                keyid:04:B1:E7:56:ED:B1:C3:BD:2F:57:66:9F:58:2B:F6:A9:51:B8:3F:48

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BLHnVu2xw70vV2afWCv2qVG4P0g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/a5b368-3313-4132-9897-d017957ea39e/1/RK9xACY5XxzSQaeBbJjDwmPGdFw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/a5b368-3313-4132-9897-d017957ea39e/1/BLHnVu2xw70vV2afWCv2qVG4P0g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.124.245.0/24

    Signature Algorithm: sha256WithRSAEncryption
         46:33:30:c7:d5:c0:a2:aa:f5:63:db:52:cd:70:78:56:ba:d9:
         e6:28:05:74:9a:ea:e6:53:6f:a6:79:eb:57:50:d2:70:1d:e1:
         db:c2:00:ed:1d:b6:93:67:6e:c9:2f:7a:a1:c2:55:2f:64:36:
         8b:61:b6:c2:0c:1e:b0:84:b2:b5:08:dc:60:9f:95:b9:56:57:
         94:2c:ca:32:aa:91:c6:63:07:94:84:60:a2:a6:dd:1b:6e:5e:
         3d:bb:c7:aa:4b:6d:8a:0d:92:e1:fb:1b:51:13:0f:9b:3c:8a:
         a1:36:f5:8f:46:11:d3:a0:c1:5c:78:9c:f8:cb:d6:a9:f6:df:
         c0:58:2d:7a:70:21:bc:48:42:94:46:de:a9:45:b4:2c:17:58:
         3e:58:3e:f3:f1:55:ae:d1:0b:3c:c4:46:18:37:12:6d:ce:6d:
         53:ad:44:22:e8:a6:1d:54:d1:8c:46:8a:3a:32:61:f3:25:90:
         e6:e7:a7:5d:c6:27:b2:a8:c4:c8:5b:8e:d5:d1:96:3c:2c:32:
         dd:b8:23:1e:d7:1f:13:11:09:ed:2b:40:68:ea:49:7d:2e:7a:
         3d:6d:66:49:1e:d6:f5:a4:a5:b0:9d:9a:97:01:7b:3d:10:1c:
         d8:03:65:f7:fb:a7:a7:3f:d2:0b:bf:1b:aa:36:f2:85:b3:89:
         e5:2f:50:a8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQlIg0UE4fSMDY5Fa+KIgApMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA0YjFlNzU2ZWRiMWMzYmQyZjU3NjY5ZjU4MmJmNmE5NTFi
ODNmNDgwHhcNMjUwMTAyMDM0OTM2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NGFmNzEwMDI2Mzk1ZjFjZDI0MWE3ODE2Yzk4YzNjMjYzYzY3NDVjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApYZgXEifpFONtF5rvKwE3RK6WVVC
7cZMqBEEycYCYFLtPYQvkTnMbZXoVWd4kgKlBq4Pb6kl/nX9+TpjnCm7b4uV/he2
YO8YycdiPAuxF9/8XLzJesC51OUL/Er8dHwaVhJnhz9ibBYFoS8XqOJKfh6hwW+x
bCinu1UXiXyx5hpBPKlhaAxVypW9D93Eh5suxjPPoAzm8Erpp1AcQF5kfZ1fuxz9
VZFDUw3SF36C/B8TFOfddowQP4g/u8mibhzc8jHNfKgW87S5jfiR7I2LwEKnmZS8
J4tpr+PEpyotxK0MLoAItm5bo26OAn6Oimg9Ev90KZNChuy/FW1CyunUWQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFESvcQAmOV8c0kGngWyYw8JjxnRcMB8GA1UdIwQY
MBaAFASx51btscO9L1dmn1gr9qlRuD9IMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQkxIblZ1Mnh3NzB2VjJhZldDdjJxVkc0UDBnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Zi9hNWIzNjgtMzMxMy00MTMyLTk4OTct
ZDAxNzk1N2VhMzllLzEvUks5eEFDWTVYeHpTUWFlQmJKakR3bVBHZEZ3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Zi9hNWIzNjgtMzMxMy00MTMyLTk4OTctZDAxNzk1N2VhMzll
LzEvQkxIblZ1Mnh3NzB2VjJhZldDdjJxVkc0UDBnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwHz1MA0G
CSqGSIb3DQEBCwUAA4IBAQBGMzDH1cCiqvVj21LNcHhWutnmKAV0murmU2+meetX
UNJwHeHbwgDtHbaTZ27JL3qhwlUvZDaLYbbCDB6whLK1CNxgn5W5VleULMoyqpHG
YweUhGCipt0bbl49u8eqS22KDZLh+xtREw+bPIqhNvWPRhHToMFceJz4y9ap9t/A
WC16cCG8SEKURt6pRbQsF1g+WD7z8VWu0Qs8xEYYNxJtzm1TrUQi6KYdVNGMRoo6
MmHzJZDm56ddxieyqMTIW47V0ZY8LDLduCMe1x8TEQntK0Bo6kl9Lno9bWZJHtb1
pKWwnZqXAXs9EBzYA2X3+6enP9ILvxuqNvKFs4nlL1Co
-----END CERTIFICATE-----