Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/82/fd53f7-8315-40d2-915b-cd0f59c28d2d/1/I0uKuQxKXFKWPHV3tWp8USg1X-E.roa
File:                     I0uKuQxKXFKWPHV3tWp8USg1X-E.roa (raw, json)
Hash identifier:          WXxoeNxUFy+lmF1DwKWF+FMyVOrtNM4sTEwb6rXBq/g=
Subject key identifier:   23:4B:8A:B9:0C:4A:5C:52:96:3C:75:77:B5:6A:7C:51:28:35:5F:E1
Certificate issuer:       /CN=4b2ec0a9b9e60e8652168ca69d9239f27307c372
Certificate serial:       019425FDDEB3F8EBF5D8A24B001A0A4F2919
Authority key identifier: 4B:2E:C0:A9:B9:E6:0E:86:52:16:8C:A6:9D:92:39:F2:73:07:C3:72
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Sy7AqbnmDoZSFoymnZI58nMHw3I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/82/fd53f7-8315-40d2-915b-cd0f59c28d2d/1/I0uKuQxKXFKWPHV3tWp8USg1X-E.roa
Signing time:             Thu 02 Jan 2025 07:49:42 +0000
ROA not before:           Thu 02 Jan 2025 07:49:42 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     39661
IP address blocks:        194.50.110.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/82/fd53f7-8315-40d2-915b-cd0f59c28d2d/1/Sy7AqbnmDoZSFoymnZI58nMHw3I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/82/fd53f7-8315-40d2-915b-cd0f59c28d2d/1/Sy7AqbnmDoZSFoymnZI58nMHw3I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Sy7AqbnmDoZSFoymnZI58nMHw3I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:fd:de:b3:f8:eb:f5:d8:a2:4b:00:1a:0a:4f:29:19
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4b2ec0a9b9e60e8652168ca69d9239f27307c372
        Validity
            Not Before: Jan  2 07:49:42 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=234b8ab90c4a5c52963c7577b56a7c5128355fe1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dd:2d:9d:a9:30:8e:df:86:10:26:5e:3b:5e:93:
                    6a:ee:04:84:87:21:df:2c:04:b3:9f:26:d7:ed:22:
                    85:37:0a:99:45:e0:1b:be:20:a3:68:41:b1:00:aa:
                    fc:c8:94:76:2c:94:36:db:f9:58:e2:37:d9:09:cf:
                    c2:30:07:f8:2a:7a:eb:95:ef:26:0d:a1:c3:44:65:
                    51:56:6d:99:c3:5f:fb:a6:7e:43:0e:d7:4e:cc:5c:
                    76:d5:4b:9d:7a:03:bd:01:af:44:86:a0:26:30:76:
                    98:d7:74:c5:6c:cf:16:0c:e4:5d:9c:ce:ca:f2:3e:
                    03:50:8a:b7:85:d1:ac:d6:0c:3c:cb:fd:90:0b:c2:
                    fb:6b:9b:28:f6:27:43:14:05:68:02:79:d2:95:f3:
                    59:f4:d6:ba:c5:84:1d:b8:e1:0e:e1:8e:54:66:fd:
                    9f:39:69:51:4e:2c:47:dc:98:01:52:c2:e6:6e:5b:
                    83:ca:d1:df:20:73:d9:34:ac:cd:3b:17:0d:cb:00:
                    ad:84:f5:10:dd:e4:c8:67:72:e0:f6:b3:3b:ce:9e:
                    52:6a:92:ec:48:81:fc:b6:61:72:37:f9:e0:32:e7:
                    22:8f:24:5b:49:a9:49:81:d1:c2:1b:0e:e4:0a:d0:
                    99:3f:65:bc:8e:0f:6c:2a:1d:a6:6e:bd:f0:04:f8:
                    d9:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                23:4B:8A:B9:0C:4A:5C:52:96:3C:75:77:B5:6A:7C:51:28:35:5F:E1
            X509v3 Authority Key Identifier:
                keyid:4B:2E:C0:A9:B9:E6:0E:86:52:16:8C:A6:9D:92:39:F2:73:07:C3:72

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Sy7AqbnmDoZSFoymnZI58nMHw3I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/82/fd53f7-8315-40d2-915b-cd0f59c28d2d/1/I0uKuQxKXFKWPHV3tWp8USg1X-E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/82/fd53f7-8315-40d2-915b-cd0f59c28d2d/1/Sy7AqbnmDoZSFoymnZI58nMHw3I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.50.110.0/24

    Signature Algorithm: sha256WithRSAEncryption
         26:23:cd:d9:3a:84:7f:9e:5a:40:50:86:69:a3:74:11:43:09:
         e2:c8:98:6b:cb:06:2e:9a:32:a6:38:98:be:8d:eb:53:cd:ef:
         43:be:05:85:be:28:35:04:4a:04:02:81:e5:c4:0e:7f:f8:e4:
         12:9b:16:6d:80:fb:e3:da:07:cc:17:f6:24:d7:b0:4d:c5:be:
         3d:4c:de:aa:eb:1a:fa:1a:6c:c3:fb:ae:d8:ce:09:b9:22:35:
         39:63:b5:6d:41:27:d8:41:7c:f6:5d:9a:21:c7:43:58:86:a3:
         9e:96:97:0c:21:a2:ab:c9:b2:9a:49:60:f1:f6:73:a4:7d:34:
         c1:9f:d5:d0:df:ce:d6:03:7c:fa:05:a5:6b:01:7b:7e:eb:bb:
         82:b3:7d:af:a4:39:6c:f7:f7:f7:a3:97:41:75:d2:3d:67:d3:
         cb:e9:38:f6:e8:c9:99:fc:4d:d1:84:d5:a2:34:b4:6b:9d:14:
         fd:ff:76:fb:a2:43:68:a5:a4:a0:a4:d4:dd:f3:02:7c:03:c5:
         bc:7d:8f:80:5f:83:7d:7d:b8:ed:7f:a0:54:00:9e:2f:a6:4f:
         58:cf:17:10:52:51:1a:ee:bf:bc:ae:f9:d4:27:f8:4c:ef:ed:
         f0:c2:86:f0:0d:52:d1:76:d7:d8:c0:93:cd:12:e9:11:0d:41:
         b3:4e:2b:e2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQl/d6z+Ov12KJLABoKTykZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRiMmVjMGE5YjllNjBlODY1MjE2OGNhNjlkOTIzOWYyNzMw
N2MzNzIwHhcNMjUwMTAyMDc0OTQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMzRiOGFiOTBjNGE1YzUyOTYzYzc1NzdiNTZhN2M1MTI4MzU1ZmUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3S2dqTCO34YQJl47XpNq7gSEhyHf
LASznybX7SKFNwqZReAbviCjaEGxAKr8yJR2LJQ22/lY4jfZCc/CMAf4Knrrle8m
DaHDRGVRVm2Zw1/7pn5DDtdOzFx21UudegO9Aa9EhqAmMHaY13TFbM8WDORdnM7K
8j4DUIq3hdGs1gw8y/2QC8L7a5so9idDFAVoAnnSlfNZ9Na6xYQduOEO4Y5UZv2f
OWlRTixH3JgBUsLmbluDytHfIHPZNKzNOxcNywCthPUQ3eTIZ3Lg9rM7zp5SapLs
SIH8tmFyN/ngMucijyRbSalJgdHCGw7kCtCZP2W8jg9sKh2mbr3wBPjZ1wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCNLirkMSlxSljx1d7VqfFEoNV/hMB8GA1UdIwQY
MBaAFEsuwKm55g6GUhaMpp2SOfJzB8NyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU3k3QXFibm1Eb1pTRm95bW5aSTU4bk1IdzNJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Mi9mZDUzZjctODMxNS00MGQyLTkxNWIt
Y2QwZjU5YzI4ZDJkLzEvSTB1S3VReEtYRktXUEhWM3RXcDhVU2cxWC1FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Mi9mZDUzZjctODMxNS00MGQyLTkxNWItY2QwZjU5YzI4ZDJk
LzEvU3k3QXFibm1Eb1pTRm95bW5aSTU4bk1IdzNJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwjJuMA0G
CSqGSIb3DQEBCwUAA4IBAQAmI83ZOoR/nlpAUIZpo3QRQwniyJhrywYumjKmOJi+
jetTze9DvgWFvig1BEoEAoHlxA5/+OQSmxZtgPvj2gfMF/Yk17BNxb49TN6q6xr6
GmzD+67Yzgm5IjU5Y7VtQSfYQXz2XZohx0NYhqOelpcMIaKrybKaSWDx9nOkfTTB
n9XQ387WA3z6BaVrAXt+67uCs32vpDls9/f3o5dBddI9Z9PL6Tj26MmZ/E3RhNWi
NLRrnRT9/3b7okNopaSgpNTd8wJ8A8W8fY+AX4N9fbjtf6BUAJ4vpk9YzxcQUlEa
7r+8rvnUJ/hM7+3wwobwDVLRdtfYwJPNEukRDUGzTivi
-----END CERTIFICATE-----