Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/096c17-dd83-4058-82e1-cda36256296c/1/Ni5vtm0M3bjCTeGdNSnDAVszYLE.roa
File:                     Ni5vtm0M3bjCTeGdNSnDAVszYLE.roa (raw, json)
Hash identifier:          OME01+LPKlOdHdZ6RncStdMa9nK9uQNDcVGUK02vlcM=
Subject key identifier:   36:2E:6F:B6:6D:0C:DD:B8:C2:4D:E1:9D:35:29:C3:01:5B:33:60:B1
Certificate issuer:       /CN=1983b02e10ca821bfe1be6e751d92cf73d6d4c0b
Certificate serial:       019423D713B40F8FE4F60F6F5E238B22A477
Authority key identifier: 19:83:B0:2E:10:CA:82:1B:FE:1B:E6:E7:51:D9:2C:F7:3D:6D:4C:0B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GYOwLhDKghv-G-bnUdks9z1tTAs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/87/096c17-dd83-4058-82e1-cda36256296c/1/Ni5vtm0M3bjCTeGdNSnDAVszYLE.roa
Signing time:             Wed 01 Jan 2025 21:48:05 +0000
ROA not before:           Wed 01 Jan 2025 21:48:05 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     47794
IP address blocks:        194.11.247.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/87/096c17-dd83-4058-82e1-cda36256296c/1/GYOwLhDKghv-G-bnUdks9z1tTAs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/87/096c17-dd83-4058-82e1-cda36256296c/1/GYOwLhDKghv-G-bnUdks9z1tTAs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GYOwLhDKghv-G-bnUdks9z1tTAs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 17 Apr 2025 12:00:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:d7:13:b4:0f:8f:e4:f6:0f:6f:5e:23:8b:22:a4:77
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1983b02e10ca821bfe1be6e751d92cf73d6d4c0b
        Validity
            Not Before: Jan  1 21:48:05 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=362e6fb66d0cddb8c24de19d3529c3015b3360b1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:89:a4:1c:e5:95:19:7e:a5:32:23:c9:9e:cc:
                    0a:1f:02:f9:ca:98:9d:9a:74:77:ac:bc:ea:8b:6d:
                    e7:c5:c7:59:44:c8:12:8c:4c:8a:5d:1e:b2:64:a6:
                    e5:c0:4b:17:b7:8f:73:59:c9:12:94:e4:3e:05:9e:
                    29:f5:60:82:1b:04:2e:88:7d:5a:97:96:8b:ae:aa:
                    36:c1:c8:7a:f9:1a:99:a7:8d:f7:0b:6b:12:ac:3f:
                    b0:d0:55:80:58:62:af:b6:db:9b:bd:9b:39:a6:d3:
                    dc:db:3f:bf:6d:86:d3:de:4d:16:62:63:8f:0f:55:
                    9d:bd:a6:cc:7e:f1:b7:50:32:b3:fa:31:4a:d7:6c:
                    29:33:c8:5d:91:71:53:09:ca:0e:19:b5:75:51:6b:
                    5a:3a:c3:57:d8:34:49:a2:c3:e9:8b:61:b1:76:1c:
                    56:8e:c5:b1:3a:2d:fc:e0:08:58:33:b6:bb:b3:fd:
                    d5:0c:d9:65:11:d9:ab:2d:9f:b9:90:a6:37:c1:d9:
                    47:04:4f:19:2a:b2:4c:4c:41:d5:50:02:8e:db:be:
                    bb:c2:62:60:54:f9:78:c1:cd:5a:cc:68:f8:86:9e:
                    f0:1c:cd:76:13:ce:25:fe:e4:c5:3e:d4:66:1c:0f:
                    60:80:50:41:e0:cb:67:78:2f:34:f0:ba:4c:ac:89:
                    76:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                36:2E:6F:B6:6D:0C:DD:B8:C2:4D:E1:9D:35:29:C3:01:5B:33:60:B1
            X509v3 Authority Key Identifier:
                keyid:19:83:B0:2E:10:CA:82:1B:FE:1B:E6:E7:51:D9:2C:F7:3D:6D:4C:0B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GYOwLhDKghv-G-bnUdks9z1tTAs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/096c17-dd83-4058-82e1-cda36256296c/1/Ni5vtm0M3bjCTeGdNSnDAVszYLE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/87/096c17-dd83-4058-82e1-cda36256296c/1/GYOwLhDKghv-G-bnUdks9z1tTAs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.11.247.0/24

    Signature Algorithm: sha256WithRSAEncryption
         85:77:7b:38:95:7d:7c:36:1d:cd:87:f2:28:3d:2b:ee:2b:37:
         29:c6:e4:6d:de:10:ff:8d:d2:b6:f3:be:86:72:67:c8:e8:06:
         d3:e8:8a:46:07:e9:de:cd:f5:d9:47:cc:d3:5b:c1:82:e5:72:
         f9:b0:fd:6d:ba:cf:69:22:40:16:a5:77:f1:b4:ea:28:ef:35:
         2e:d4:07:3a:36:20:e1:71:46:de:b5:32:c6:91:f0:df:52:b7:
         d8:a2:21:a0:84:0c:da:7d:af:f6:50:de:dd:47:83:1d:c5:f8:
         19:35:d3:fa:76:25:e6:7f:5d:16:02:04:d7:58:da:1a:91:68:
         d0:60:28:cd:f5:29:2b:f2:03:76:2a:9d:ff:06:0b:df:dd:59:
         39:38:37:05:07:65:2a:4d:14:92:0e:73:77:28:52:cf:87:9c:
         54:c5:fe:af:b2:4a:62:29:7e:38:d2:16:e6:69:3c:19:66:92:
         da:9d:d7:d3:7f:b7:12:6c:df:78:b5:d0:6a:2b:1a:2c:28:fb:
         6a:8d:9d:cb:8a:4f:58:0a:0f:d6:5e:45:6d:cc:e1:75:3d:8f:
         5c:97:f9:4f:6a:cd:82:75:b9:31:73:d1:cc:d9:bc:f5:96:dc:
         8b:6a:e4:58:a4:66:0f:0b:d3:ae:81:4b:ad:e4:b0:e1:4a:eb:
         d2:ca:73:60
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQj1xO0D4/k9g9vXiOLIqR3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE5ODNiMDJlMTBjYTgyMWJmZTFiZTZlNzUxZDkyY2Y3M2Q2
ZDRjMGIwHhcNMjUwMTAxMjE0ODA1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNjJlNmZiNjZkMGNkZGI4YzI0ZGUxOWQzNTI5YzMwMTViMzM2MGIxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsYmkHOWVGX6lMiPJnswKHwL5ypid
mnR3rLzqi23nxcdZRMgSjEyKXR6yZKblwEsXt49zWckSlOQ+BZ4p9WCCGwQuiH1a
l5aLrqo2wch6+RqZp433C2sSrD+w0FWAWGKvttubvZs5ptPc2z+/bYbT3k0WYmOP
D1WdvabMfvG3UDKz+jFK12wpM8hdkXFTCcoOGbV1UWtaOsNX2DRJosPpi2GxdhxW
jsWxOi384AhYM7a7s/3VDNllEdmrLZ+5kKY3wdlHBE8ZKrJMTEHVUAKO2767wmJg
VPl4wc1azGj4hp7wHM12E84l/uTFPtRmHA9ggFBB4MtneC808LpMrIl2DwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDYub7ZtDN24wk3hnTUpwwFbM2CxMB8GA1UdIwQY
MBaAFBmDsC4QyoIb/hvm51HZLPc9bUwLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR1lPd0xoREtnaHYtRy1iblVka3M5ejF0VEFzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny8wOTZjMTctZGQ4My00MDU4LTgyZTEt
Y2RhMzYyNTYyOTZjLzEvTmk1dnRtME0zYmpDVGVHZE5TbkRBVnN6WUxFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ny8wOTZjMTctZGQ4My00MDU4LTgyZTEtY2RhMzYyNTYyOTZj
LzEvR1lPd0xoREtnaHYtRy1iblVka3M5ejF0VEFzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwgv3MA0G
CSqGSIb3DQEBCwUAA4IBAQCFd3s4lX18Nh3Nh/IoPSvuKzcpxuRt3hD/jdK2876G
cmfI6AbT6IpGB+nezfXZR8zTW8GC5XL5sP1tus9pIkAWpXfxtOoo7zUu1Ac6NiDh
cUbetTLGkfDfUrfYoiGghAzafa/2UN7dR4MdxfgZNdP6diXmf10WAgTXWNoakWjQ
YCjN9Skr8gN2Kp3/Bgvf3Vk5ODcFB2UqTRSSDnN3KFLPh5xUxf6vskpiKX440hbm
aTwZZpLandfTf7cSbN94tdBqKxosKPtqjZ3Lik9YCg/WXkVtzOF1PY9cl/lPas2C
dbkxc9HM2bz1ltyLauRYpGYPC9OugUut5LDhSuvSynNg
-----END CERTIFICATE-----