Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/931927-9f38-41b6-87fa-254acd92b4e1/1/yTfqidErl7l7uRv7UyndAsDANac.roa
File:                     yTfqidErl7l7uRv7UyndAsDANac.roa (raw, json)
Hash identifier:          aGLiWaMGOF722O9lof0muiC1EZZY+MdTXbhObJs8IMo=
Subject key identifier:   C9:37:EA:89:D1:2B:97:B9:7B:B9:1B:FB:53:29:DD:02:C0:C0:35:A7
Certificate issuer:       /CN=a576eb2cc462e6e4bf0de69b9f634875debbaae2
Certificate serial:       019424449C864E9609FC94BD7EB2DBA86FE5
Authority key identifier: A5:76:EB:2C:C4:62:E6:E4:BF:0D:E6:9B:9F:63:48:75:DE:BB:AA:E2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pXbrLMRi5uS_Deabn2NIdd67quI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/87/931927-9f38-41b6-87fa-254acd92b4e1/1/yTfqidErl7l7uRv7UyndAsDANac.roa
Signing time:             Wed 01 Jan 2025 23:47:43 +0000
ROA not before:           Wed 01 Jan 2025 23:47:43 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     208328
IP address blocks:        194.36.26.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/87/931927-9f38-41b6-87fa-254acd92b4e1/1/pXbrLMRi5uS_Deabn2NIdd67quI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/87/931927-9f38-41b6-87fa-254acd92b4e1/1/pXbrLMRi5uS_Deabn2NIdd67quI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/pXbrLMRi5uS_Deabn2NIdd67quI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 19:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:44:9c:86:4e:96:09:fc:94:bd:7e:b2:db:a8:6f:e5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a576eb2cc462e6e4bf0de69b9f634875debbaae2
        Validity
            Not Before: Jan  1 23:47:43 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c937ea89d12b97b97bb91bfb5329dd02c0c035a7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:e7:8e:52:91:c6:cd:22:a6:5d:2f:a0:8e:12:
                    98:ac:72:13:ea:f3:e3:79:98:df:da:b6:99:a6:ba:
                    28:1e:b1:af:8e:d0:16:35:c1:cd:5a:1f:75:f9:8c:
                    20:13:b0:7a:62:2d:9b:e7:91:e2:58:a6:c1:0d:f1:
                    95:64:82:c1:05:55:c5:3a:cf:1d:06:dc:5a:f9:c7:
                    d8:89:ee:97:0a:72:7c:95:e7:f3:af:73:66:19:33:
                    c7:a4:8d:b2:13:ac:d0:ec:f8:60:aa:e9:be:48:a4:
                    a8:62:7c:ff:49:e8:fc:4b:ae:45:58:70:f5:65:01:
                    dd:13:d9:65:0f:65:88:b6:71:ab:05:de:82:03:3f:
                    b4:d7:8b:ae:9b:75:96:a7:9c:6d:6a:ea:0f:65:37:
                    e4:b2:78:8e:b6:0d:35:90:da:92:b6:e1:2a:e6:bb:
                    ee:7d:1b:1f:e6:85:d5:21:fb:d8:8e:dc:55:12:c7:
                    5a:a3:a1:ba:2f:4f:1c:8d:40:c8:a2:f4:9b:f3:2e:
                    c0:46:a6:e5:46:35:85:ab:0c:04:98:58:e6:40:d4:
                    4c:d1:25:22:6b:76:e0:dd:40:70:aa:4f:d9:fb:1d:
                    93:63:90:2e:62:56:3a:d2:40:1c:d0:50:d3:ee:f8:
                    f3:e1:a9:93:af:df:00:ca:42:d7:02:98:fb:ae:f8:
                    3d:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C9:37:EA:89:D1:2B:97:B9:7B:B9:1B:FB:53:29:DD:02:C0:C0:35:A7
            X509v3 Authority Key Identifier:
                keyid:A5:76:EB:2C:C4:62:E6:E4:BF:0D:E6:9B:9F:63:48:75:DE:BB:AA:E2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pXbrLMRi5uS_Deabn2NIdd67quI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/931927-9f38-41b6-87fa-254acd92b4e1/1/yTfqidErl7l7uRv7UyndAsDANac.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/87/931927-9f38-41b6-87fa-254acd92b4e1/1/pXbrLMRi5uS_Deabn2NIdd67quI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.36.26.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7b:d0:51:c8:73:16:73:1a:3f:87:9d:de:8b:1e:ee:16:30:02:
         ae:fe:7d:3c:d9:25:d0:66:6b:70:db:50:1b:9b:5b:de:cd:ee:
         17:fa:c5:28:0d:f7:86:cc:ea:b2:70:3f:af:9a:f3:cd:60:ea:
         b6:b5:de:e6:2d:1e:c7:f4:75:04:20:67:74:14:c5:59:05:fa:
         8e:0c:6f:c1:81:07:3c:0c:24:9c:d1:37:28:e9:1b:07:2e:4a:
         47:87:65:0b:16:b3:50:cb:3e:94:d5:d8:ea:93:ea:71:4e:8c:
         4e:32:5a:28:ab:7a:61:43:8a:f5:dc:b6:5a:9d:a6:18:90:07:
         ae:7c:55:d8:ca:62:84:31:0c:3c:f5:94:51:32:67:e4:df:ab:
         2b:4c:e6:b0:a0:01:63:66:4e:3b:78:2d:4a:91:c1:6f:07:3c:
         38:5e:90:5c:8d:b7:8e:d0:52:b4:00:cb:ad:58:3d:1c:63:e9:
         46:16:73:e1:96:ff:30:df:1d:c8:32:78:22:1c:b5:25:22:23:
         b2:c6:f4:0a:fe:a3:5a:ec:1c:9f:83:80:2e:16:8f:0b:7d:58:
         b0:ca:38:30:89:ce:e4:ac:f3:d4:e4:80:4e:c3:70:14:38:aa:
         dc:af:4c:11:a8:40:c7:62:11:bb:8f:e9:6e:4d:46:58:e2:15:
         79:7c:43:8b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQkRJyGTpYJ/JS9frLbqG/lMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE1NzZlYjJjYzQ2MmU2ZTRiZjBkZTY5YjlmNjM0ODc1ZGVi
YmFhZTIwHhcNMjUwMTAxMjM0NzQzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjOTM3ZWE4OWQxMmI5N2I5N2JiOTFiZmI1MzI5ZGQwMmMwYzAzNWE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0OeOUpHGzSKmXS+gjhKYrHIT6vPj
eZjf2raZprooHrGvjtAWNcHNWh91+YwgE7B6Yi2b55HiWKbBDfGVZILBBVXFOs8d
Btxa+cfYie6XCnJ8lefzr3NmGTPHpI2yE6zQ7Phgqum+SKSoYnz/Sej8S65FWHD1
ZQHdE9llD2WItnGrBd6CAz+014uum3WWp5xtauoPZTfksniOtg01kNqStuEq5rvu
fRsf5oXVIfvYjtxVEsdao6G6L08cjUDIovSb8y7ARqblRjWFqwwEmFjmQNRM0SUi
a3bg3UBwqk/Z+x2TY5AuYlY60kAc0FDT7vjz4amTr98AykLXApj7rvg9NQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMk36onRK5e5e7kb+1Mp3QLAwDWnMB8GA1UdIwQY
MBaAFKV26yzEYubkvw3mm59jSHXeu6riMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcFhickxNUmk1dVNfRGVhYm4yTklkZDY3cXVJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny85MzE5MjctOWYzOC00MWI2LTg3ZmEt
MjU0YWNkOTJiNGUxLzEveVRmcWlkRXJsN2w3dVJ2N1V5bmRBc0RBTmFjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ny85MzE5MjctOWYzOC00MWI2LTg3ZmEtMjU0YWNkOTJiNGUx
LzEvcFhickxNUmk1dVNfRGVhYm4yTklkZDY3cXVJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwiQaMA0G
CSqGSIb3DQEBCwUAA4IBAQB70FHIcxZzGj+Hnd6LHu4WMAKu/n082SXQZmtw21Ab
m1veze4X+sUoDfeGzOqycD+vmvPNYOq2td7mLR7H9HUEIGd0FMVZBfqODG/BgQc8
DCSc0Tco6RsHLkpHh2ULFrNQyz6U1djqk+pxToxOMlooq3phQ4r13LZanaYYkAeu
fFXYymKEMQw89ZRRMmfk36srTOawoAFjZk47eC1KkcFvBzw4XpBcjbeO0FK0AMut
WD0cY+lGFnPhlv8w3x3IMngiHLUlIiOyxvQK/qNa7Byfg4AuFo8LfViwyjgwic7k
rPPU5IBOw3AUOKrcr0wRqEDHYhG7j+luTUZY4hV5fEOL
-----END CERTIFICATE-----