Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7f/eafc41-c358-4b51-9b1c-3fbbba9249cd/1/AED-H7PGUVCOCrAnUFEk8S8gM68.roa
File:                     AED-H7PGUVCOCrAnUFEk8S8gM68.roa (raw, json)
Hash identifier:          zLG7/3SklgX+Jt0+oGvLyRug9bScR/l/JiiFj/KHykE=
Subject key identifier:   00:40:FE:1F:B3:C6:51:50:8E:0A:B0:27:50:51:24:F1:2F:20:33:AF
Certificate issuer:       /CN=117f9d55826b42486dfc84d35c1a63a5ce87507c
Certificate serial:       019427477558AA2D138F47820E586D444F94
Authority key identifier: 11:7F:9D:55:82:6B:42:48:6D:FC:84:D3:5C:1A:63:A5:CE:87:50:7C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/EX-dVYJrQkht_ITTXBpjpc6HUHw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7f/eafc41-c358-4b51-9b1c-3fbbba9249cd/1/AED-H7PGUVCOCrAnUFEk8S8gM68.roa
Signing time:             Thu 02 Jan 2025 13:49:42 +0000
ROA not before:           Thu 02 Jan 2025 13:49:42 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213893
IP address blocks:        194.59.186.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7f/eafc41-c358-4b51-9b1c-3fbbba9249cd/1/EX-dVYJrQkht_ITTXBpjpc6HUHw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7f/eafc41-c358-4b51-9b1c-3fbbba9249cd/1/EX-dVYJrQkht_ITTXBpjpc6HUHw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/EX-dVYJrQkht_ITTXBpjpc6HUHw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 10:07:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:47:75:58:aa:2d:13:8f:47:82:0e:58:6d:44:4f:94
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=117f9d55826b42486dfc84d35c1a63a5ce87507c
        Validity
            Not Before: Jan  2 13:49:42 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0040fe1fb3c651508e0ab027505124f12f2033af
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:2b:5a:fd:4c:41:1c:c3:61:ec:4e:28:39:86:
                    c0:21:04:a5:44:3c:1f:b8:3c:8f:96:73:13:66:66:
                    90:47:de:50:fe:5f:63:2f:38:b3:33:b6:28:ae:51:
                    a2:12:ee:ee:54:dc:d3:bb:ae:e2:c2:ed:80:4e:10:
                    f4:da:72:39:fa:13:20:ae:43:a9:56:0a:fb:dc:58:
                    c9:9b:d3:5d:0f:53:b2:af:f7:68:ee:bf:2c:5b:ee:
                    d2:ee:e6:4a:03:54:85:02:7e:78:54:a4:d5:a6:be:
                    0f:48:51:72:5d:44:18:ca:16:db:68:c5:77:f7:a1:
                    0c:61:3a:89:bc:b0:83:1b:e2:a4:26:2a:e4:ba:05:
                    be:ba:dc:c4:af:e3:7f:62:6d:8d:b6:6b:77:c4:6f:
                    e2:48:d5:e8:23:1a:b4:cb:27:64:cb:c7:f1:67:67:
                    3e:d0:13:81:d9:53:ca:87:b1:27:ca:ca:31:53:54:
                    bc:96:79:6c:37:a9:a3:39:e3:8e:e4:fc:b2:1b:f9:
                    2e:ad:8d:0a:cd:ad:5d:b1:63:ef:70:80:e4:73:ef:
                    99:56:7e:40:a9:a4:4b:53:35:27:6d:c5:1e:8e:5c:
                    25:e1:42:55:db:29:17:cd:35:79:d8:44:87:d9:bf:
                    16:5c:b3:d0:d3:8d:ef:d9:59:66:82:22:55:13:ff:
                    d0:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                00:40:FE:1F:B3:C6:51:50:8E:0A:B0:27:50:51:24:F1:2F:20:33:AF
            X509v3 Authority Key Identifier:
                keyid:11:7F:9D:55:82:6B:42:48:6D:FC:84:D3:5C:1A:63:A5:CE:87:50:7C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EX-dVYJrQkht_ITTXBpjpc6HUHw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/eafc41-c358-4b51-9b1c-3fbbba9249cd/1/AED-H7PGUVCOCrAnUFEk8S8gM68.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/eafc41-c358-4b51-9b1c-3fbbba9249cd/1/EX-dVYJrQkht_ITTXBpjpc6HUHw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.59.186.0/24

    Signature Algorithm: sha256WithRSAEncryption
         75:2d:17:d3:fa:04:fb:a0:7d:17:62:2d:c0:14:ab:0d:46:94:
         6a:ca:8c:85:99:11:0e:30:56:23:e8:21:4d:e0:af:d0:d4:4a:
         c3:e4:89:e0:af:5b:03:8b:ad:91:ee:b5:5c:20:6e:b3:bb:ac:
         a2:34:51:12:4f:3c:82:ef:5c:e0:c6:89:a0:54:a8:28:ee:0a:
         61:0a:da:1a:b5:eb:7b:f5:4c:40:ee:a6:e3:12:b7:1b:60:c3:
         24:89:fd:38:e8:fe:9d:10:f8:8e:e4:49:96:8f:b1:04:b7:e2:
         d7:84:a2:87:56:19:b2:37:50:22:68:3d:d1:b8:a0:e2:6e:ea:
         16:94:25:e2:da:db:82:1a:05:d7:b9:b1:e8:11:cd:2e:49:18:
         90:e1:ba:b8:71:15:fc:fe:93:48:e9:77:9b:a8:3d:27:d0:ec:
         4e:f8:4b:25:c8:cd:90:5f:7f:74:1d:fb:af:a0:2c:99:11:06:
         dc:74:da:33:b9:87:17:14:5b:25:c5:d1:54:45:d9:c6:37:fa:
         2b:d6:c2:5e:80:0f:20:5d:07:00:25:4b:75:54:c6:b4:e9:a9:
         d1:5a:2b:d4:9e:f0:49:c8:12:82:78:e5:24:2a:3a:2d:06:c7:
         74:cf:bb:e3:2a:1f:b2:74:d8:9b:7a:1a:11:00:bd:c1:c6:6b:
         fd:43:0c:cf
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQnR3VYqi0Tj0eCDlhtRE+UMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDExN2Y5ZDU1ODI2YjQyNDg2ZGZjODRkMzVjMWE2M2E1Y2U4
NzUwN2MwHhcNMjUwMTAyMTM0OTQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMDQwZmUxZmIzYzY1MTUwOGUwYWIwMjc1MDUxMjRmMTJmMjAzM2FmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApCta/UxBHMNh7E4oOYbAIQSlRDwf
uDyPlnMTZmaQR95Q/l9jLzizM7YorlGiEu7uVNzTu67iwu2AThD02nI5+hMgrkOp
Vgr73FjJm9NdD1Oyr/do7r8sW+7S7uZKA1SFAn54VKTVpr4PSFFyXUQYyhbbaMV3
96EMYTqJvLCDG+KkJirkugW+utzEr+N/Ym2Ntmt3xG/iSNXoIxq0yydky8fxZ2c+
0BOB2VPKh7EnysoxU1S8lnlsN6mjOeOO5PyyG/kurY0Kza1dsWPvcIDkc++ZVn5A
qaRLUzUnbcUejlwl4UJV2ykXzTV52ESH2b8WXLPQ043v2VlmgiJVE//QmQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFABA/h+zxlFQjgqwJ1BRJPEvIDOvMB8GA1UdIwQY
MBaAFBF/nVWCa0JIbfyE01waY6XOh1B8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRVgtZFZZSnJRa2h0X0lUVFhCcGpwYzZIVUh3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Zi9lYWZjNDEtYzM1OC00YjUxLTliMWMt
M2ZiYmJhOTI0OWNkLzEvQUVELUg3UEdVVkNPQ3JBblVGRWs4UzhnTTY4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Zi9lYWZjNDEtYzM1OC00YjUxLTliMWMtM2ZiYmJhOTI0OWNk
LzEvRVgtZFZZSnJRa2h0X0lUVFhCcGpwYzZIVUh3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwju6MA0G
CSqGSIb3DQEBCwUAA4IBAQB1LRfT+gT7oH0XYi3AFKsNRpRqyoyFmREOMFYj6CFN
4K/Q1ErD5Ingr1sDi62R7rVcIG6zu6yiNFESTzyC71zgxomgVKgo7gphCtoatet7
9UxA7qbjErcbYMMkif046P6dEPiO5EmWj7EEt+LXhKKHVhmyN1AiaD3RuKDibuoW
lCXi2tuCGgXXubHoEc0uSRiQ4bq4cRX8/pNI6XebqD0n0OxO+EslyM2QX390Hfuv
oCyZEQbcdNozuYcXFFslxdFURdnGN/or1sJegA8gXQcAJUt1VMa06anRWivUnvBJ
yBKCeOUkKjotBsd0z7vjKh+ydNibehoRAL3Bxmv9QwzP
-----END CERTIFICATE-----