Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/82/a5c738-3df5-4e02-af31-2b0eab3d3d37/1/1-q5t5dbXJQJPAbEiSYfDN9-Kp_0.roa
File:                     1-q5t5dbXJQJPAbEiSYfDN9-Kp_0.roa (raw, json)
Hash identifier:          jh5W+EA/au2yjcrCCgbD+iZSjQ/AqIbIhccnO7LERWE=
Subject key identifier:   FA:AE:6D:E5:D6:D7:25:02:4F:01:B1:22:49:87:C3:37:DF:8A:A7:FD
Certificate issuer:       /CN=82b12ecfb22f29d60a3e31b79f362dd60c2d4c10
Certificate serial:       0194244576C1068D1C9F43651C8FB9D07E29
Authority key identifier: 82:B1:2E:CF:B2:2F:29:D6:0A:3E:31:B7:9F:36:2D:D6:0C:2D:4C:10
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/grEuz7IvKdYKPjG3nzYt1gwtTBA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/82/a5c738-3df5-4e02-af31-2b0eab3d3d37/1/1-q5t5dbXJQJPAbEiSYfDN9-Kp_0.roa
Signing time:             Wed 01 Jan 2025 23:48:39 +0000
ROA not before:           Wed 01 Jan 2025 23:48:39 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     197446
IP address blocks:        194.0.242.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/82/a5c738-3df5-4e02-af31-2b0eab3d3d37/1/grEuz7IvKdYKPjG3nzYt1gwtTBA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/82/a5c738-3df5-4e02-af31-2b0eab3d3d37/1/grEuz7IvKdYKPjG3nzYt1gwtTBA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/grEuz7IvKdYKPjG3nzYt1gwtTBA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:45:76:c1:06:8d:1c:9f:43:65:1c:8f:b9:d0:7e:29
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=82b12ecfb22f29d60a3e31b79f362dd60c2d4c10
        Validity
            Not Before: Jan  1 23:48:39 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=faae6de5d6d725024f01b1224987c337df8aa7fd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:ea:00:9f:d4:9a:47:cd:4d:8a:e7:f6:69:37:
                    5f:11:02:81:05:ff:26:c9:5a:c3:af:aa:83:af:4b:
                    77:91:28:c6:58:10:10:7a:c5:48:72:06:32:99:35:
                    0f:45:98:d9:0a:74:83:0c:86:67:1d:15:e3:4c:63:
                    11:af:1b:20:c0:3e:7c:f9:ed:0b:31:57:36:05:60:
                    e3:5d:4a:f7:6f:b0:dc:ea:73:ca:01:47:f0:f8:b4:
                    96:cb:d5:a5:53:a9:17:b2:64:e0:a5:e0:bb:92:63:
                    dd:f2:c5:b3:93:fd:95:3f:aa:e3:ec:dd:89:37:5d:
                    21:ee:6b:0a:8b:60:9d:6f:2b:4c:8d:10:a9:ec:b4:
                    a9:c0:11:b2:e8:ec:15:9e:d9:73:7e:b7:25:97:bf:
                    17:16:83:38:94:ed:90:7b:a7:08:c3:80:dc:fe:31:
                    87:95:98:df:b4:7c:e2:d5:5d:52:1a:89:4d:18:3d:
                    bf:ca:7c:18:6a:db:31:ab:3d:8c:62:c0:24:94:c6:
                    4f:7e:52:7b:26:b6:ee:d2:56:79:f9:3a:d8:41:4b:
                    93:4e:6f:37:81:49:3d:56:19:aa:4c:ac:c3:a8:31:
                    70:20:b0:d3:9f:db:99:c1:b6:5e:3d:6f:d8:71:66:
                    4d:dc:c8:5a:bc:9c:66:ad:20:e8:a7:fb:de:68:9d:
                    88:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FA:AE:6D:E5:D6:D7:25:02:4F:01:B1:22:49:87:C3:37:DF:8A:A7:FD
            X509v3 Authority Key Identifier:
                keyid:82:B1:2E:CF:B2:2F:29:D6:0A:3E:31:B7:9F:36:2D:D6:0C:2D:4C:10

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/grEuz7IvKdYKPjG3nzYt1gwtTBA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/82/a5c738-3df5-4e02-af31-2b0eab3d3d37/1/1-q5t5dbXJQJPAbEiSYfDN9-Kp_0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/82/a5c738-3df5-4e02-af31-2b0eab3d3d37/1/grEuz7IvKdYKPjG3nzYt1gwtTBA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.0.242.0/24

    Signature Algorithm: sha256WithRSAEncryption
         10:95:d3:b9:3f:11:7c:29:29:23:9f:48:f1:f0:50:36:3b:f4:
         7c:cf:7b:72:e7:0e:19:63:a6:db:20:80:41:b1:bb:15:e4:21:
         54:4d:d3:2e:45:39:e4:9a:a7:08:10:b0:4b:14:60:0b:6d:08:
         ba:bb:d1:2e:60:4e:9f:3d:2a:16:ea:02:bd:47:dc:df:91:d5:
         d6:d5:b7:e6:a6:bf:21:37:56:0d:d6:4d:8e:31:10:d4:8e:42:
         c5:09:d9:b0:94:2b:3b:8c:e6:58:b2:98:a3:41:a2:ed:e8:76:
         55:92:38:44:84:1c:4d:b1:a0:a9:d6:e1:fd:51:f9:06:6d:95:
         d4:b9:d6:79:80:1a:8d:53:f9:d2:ed:ae:92:d2:7c:b9:b8:b9:
         4a:e4:9f:49:18:54:c7:f1:82:14:97:fd:86:54:3a:44:ea:82:
         7f:d2:c9:38:60:d5:31:07:74:8e:b3:31:d4:1a:18:02:e7:96:
         96:40:af:6e:ad:10:ac:4d:d8:37:dd:42:8c:ea:e4:37:77:05:
         4c:6e:2a:8d:11:e6:f7:40:5e:c2:0b:fd:25:1e:78:fc:e4:bc:
         fb:7c:32:53:88:e9:13:a0:14:19:4e:14:ff:58:87:01:31:19:
         1c:75:00:7f:a0:ec:74:21:e0:09:ff:66:82:0e:94:b7:b7:ec:
         bc:ad:0b:13
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZQkRXbBBo0cn0NlHI+50H4pMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgyYjEyZWNmYjIyZjI5ZDYwYTNlMzFiNzlmMzYyZGQ2MGMy
ZDRjMTAwHhcNMjUwMTAxMjM0ODM5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYWFlNmRlNWQ2ZDcyNTAyNGYwMWIxMjI0OTg3YzMzN2RmOGFhN2ZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2uoAn9SaR81Niuf2aTdfEQKBBf8m
yVrDr6qDr0t3kSjGWBAQesVIcgYymTUPRZjZCnSDDIZnHRXjTGMRrxsgwD58+e0L
MVc2BWDjXUr3b7Dc6nPKAUfw+LSWy9WlU6kXsmTgpeC7kmPd8sWzk/2VP6rj7N2J
N10h7msKi2CdbytMjRCp7LSpwBGy6OwVntlzfrcll78XFoM4lO2Qe6cIw4Dc/jGH
lZjftHzi1V1SGolNGD2/ynwYatsxqz2MYsAklMZPflJ7Jrbu0lZ5+TrYQUuTTm83
gUk9VhmqTKzDqDFwILDTn9uZwbZePW/YcWZN3MhavJxmrSDop/veaJ2IwQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFPqubeXW1yUCTwGxIkmHwzffiqf9MB8GA1UdIwQY
MBaAFIKxLs+yLynWCj4xt582LdYMLUwQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ3JFdXo3SXZLZFlLUGpHM256WXQxZ3d0VEJBLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Mi9hNWM3MzgtM2RmNS00ZTAyLWFmMzEt
MmIwZWFiM2QzZDM3LzEvMS1xNXQ1ZGJYSlFKUEFiRWlTWWZETjktS3BfMC5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvODIvYTVjNzM4LTNkZjUtNGUwMi1hZjMxLTJiMGVhYjNkM2Qz
Ny8xL2dyRXV6N0l2S2RZS1BqRzNuell0MWd3dFRCQS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAMIA8jAN
BgkqhkiG9w0BAQsFAAOCAQEAEJXTuT8RfCkpI59I8fBQNjv0fM97cucOGWOm2yCA
QbG7FeQhVE3TLkU55JqnCBCwSxRgC20IurvRLmBOnz0qFuoCvUfc35HV1tW35qa/
ITdWDdZNjjEQ1I5CxQnZsJQrO4zmWLKYo0Gi7eh2VZI4RIQcTbGgqdbh/VH5Bm2V
1LnWeYAajVP50u2uktJ8ubi5SuSfSRhUx/GCFJf9hlQ6ROqCf9LJOGDVMQd0jrMx
1BoYAueWlkCvbq0QrE3YN91CjOrkN3cFTG4qjRHm90Bewgv9JR54/OS8+3wyU4jp
E6AUGU4U/1iHATEZHHUAf6DsdCHgCf9mgg6Ut7fsvK0LEw==
-----END CERTIFICATE-----