Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8d/e90976-3dd1-4716-bbf6-292ae46e6302/1/7y1PMFZ77TvwERIOq36v9qt_I0g.roa
File:                     7y1PMFZ77TvwERIOq36v9qt_I0g.roa (raw, json)
Hash identifier:          XyYA5RSKyGwMjTqBAMbzkSTfG/qYbYS13qe9sSm88Pg=
Subject key identifier:   EF:2D:4F:30:56:7B:ED:3B:F0:11:12:0E:AB:7E:AF:F6:AB:7F:23:48
Certificate issuer:       /CN=f02dac605f4659718c0a15e1f732cbd4f48aae7b
Certificate serial:       019421B1CFCB2D8050257FDFFCFC471735A3
Authority key identifier: F0:2D:AC:60:5F:46:59:71:8C:0A:15:E1:F7:32:CB:D4:F4:8A:AE:7B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8C2sYF9GWXGMChXh9zLL1PSKrns.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8d/e90976-3dd1-4716-bbf6-292ae46e6302/1/7y1PMFZ77TvwERIOq36v9qt_I0g.roa
Signing time:             Wed 01 Jan 2025 11:48:08 +0000
ROA not before:           Wed 01 Jan 2025 11:48:08 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     16015
IP address blocks:        194.149.46.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8d/e90976-3dd1-4716-bbf6-292ae46e6302/1/8C2sYF9GWXGMChXh9zLL1PSKrns.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8d/e90976-3dd1-4716-bbf6-292ae46e6302/1/8C2sYF9GWXGMChXh9zLL1PSKrns.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8C2sYF9GWXGMChXh9zLL1PSKrns.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 14 Apr 2025 05:01:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:b1:cf:cb:2d:80:50:25:7f:df:fc:fc:47:17:35:a3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f02dac605f4659718c0a15e1f732cbd4f48aae7b
        Validity
            Not Before: Jan  1 11:48:08 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ef2d4f30567bed3bf011120eab7eaff6ab7f2348
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:68:6a:31:5f:74:e8:12:c9:2d:44:e9:2a:e5:
                    04:21:64:1a:c8:c9:2e:5e:aa:52:ca:4a:8d:8e:33:
                    e3:12:4e:e6:5e:db:d3:e2:ea:50:70:e8:9a:9a:4f:
                    6b:4a:f6:51:5b:24:c8:15:c0:f2:b8:cb:a4:55:fa:
                    e8:ec:1d:f2:84:76:9e:17:1d:8b:72:2e:31:be:37:
                    cd:d7:e7:fb:7d:b9:b2:fc:27:b1:53:b2:cf:f1:02:
                    13:8d:bc:69:1a:ce:ca:fe:79:80:22:d8:96:4c:0c:
                    34:7a:cc:b1:de:a6:4c:41:97:b8:ff:79:2f:20:7f:
                    fd:49:34:98:42:83:83:c6:c0:aa:fb:55:28:60:41:
                    17:9c:3c:e8:1b:6a:37:ab:9e:46:97:57:40:06:f1:
                    fc:3d:8e:cb:77:62:9c:38:a5:c9:43:80:91:30:e3:
                    49:f0:5d:99:fa:30:d3:1d:e6:a4:07:e4:cf:f9:c2:
                    da:fd:67:44:1c:c4:eb:27:88:f6:61:c4:d0:e8:ed:
                    2b:4d:8d:93:23:cc:00:38:6e:b0:eb:0c:2a:e6:35:
                    17:02:14:78:1c:37:52:f4:35:6a:51:b4:62:90:dc:
                    94:42:34:e1:9e:7f:d4:0a:17:f1:de:ae:50:cd:65:
                    50:dc:1d:ae:96:f0:ca:2f:b7:69:a8:c7:55:67:eb:
                    07:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EF:2D:4F:30:56:7B:ED:3B:F0:11:12:0E:AB:7E:AF:F6:AB:7F:23:48
            X509v3 Authority Key Identifier:
                keyid:F0:2D:AC:60:5F:46:59:71:8C:0A:15:E1:F7:32:CB:D4:F4:8A:AE:7B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8C2sYF9GWXGMChXh9zLL1PSKrns.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8d/e90976-3dd1-4716-bbf6-292ae46e6302/1/7y1PMFZ77TvwERIOq36v9qt_I0g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8d/e90976-3dd1-4716-bbf6-292ae46e6302/1/8C2sYF9GWXGMChXh9zLL1PSKrns.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.149.46.0/24

    Signature Algorithm: sha256WithRSAEncryption
         44:32:8d:2b:47:21:1f:8e:49:7e:75:26:5f:ed:3d:88:4b:f2:
         1e:88:2e:13:dd:e1:3f:7c:c4:cc:31:bc:36:e5:e4:c2:51:a4:
         ce:51:cd:a1:31:4e:3a:41:85:5b:84:b4:a0:91:23:ed:1e:f2:
         1f:01:ae:b1:a8:dd:5f:7f:b0:68:ca:56:18:53:9c:73:4d:72:
         e4:0b:e5:4a:45:96:cd:5a:68:5d:80:67:2d:4f:c3:7d:78:e7:
         5c:a0:2c:29:9b:7a:a1:7e:c9:59:ec:34:b1:2b:f4:4f:b9:fa:
         92:1b:f3:48:de:43:e8:06:6a:f0:58:ab:21:5d:a8:06:ae:0c:
         61:3d:f6:f0:8a:d8:a6:1a:46:55:d1:3a:7c:ac:5d:37:a7:66:
         41:7b:df:d5:09:6a:06:94:41:87:5c:b5:21:92:de:09:b9:a5:
         92:34:5f:10:7e:d6:7a:a1:97:35:83:bf:08:63:58:d0:75:3f:
         fa:e0:34:04:f5:c6:97:89:d4:e7:68:6a:60:30:ec:64:c2:42:
         ab:d9:67:0e:df:b3:5d:a9:31:d8:3b:c3:d9:17:24:ac:3b:69:
         46:8d:b7:9d:bc:b4:fc:69:36:7a:91:8f:77:d2:0a:fc:5a:b1:
         66:8e:51:72:b4:de:ad:e3:bd:1f:c9:4b:7a:fa:ae:e8:a7:ae:
         17:b3:0c:8e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhsc/LLYBQJX/f/PxHFzWjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYwMmRhYzYwNWY0NjU5NzE4YzBhMTVlMWY3MzJjYmQ0ZjQ4
YWFlN2IwHhcNMjUwMTAxMTE0ODA4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZjJkNGYzMDU2N2JlZDNiZjAxMTEyMGVhYjdlYWZmNmFiN2YyMzQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3GhqMV906BLJLUTpKuUEIWQayMku
XqpSykqNjjPjEk7mXtvT4upQcOiamk9rSvZRWyTIFcDyuMukVfro7B3yhHaeFx2L
ci4xvjfN1+f7fbmy/CexU7LP8QITjbxpGs7K/nmAItiWTAw0esyx3qZMQZe4/3kv
IH/9STSYQoODxsCq+1UoYEEXnDzoG2o3q55Gl1dABvH8PY7Ld2KcOKXJQ4CRMONJ
8F2Z+jDTHeakB+TP+cLa/WdEHMTrJ4j2YcTQ6O0rTY2TI8wAOG6w6wwq5jUXAhR4
HDdS9DVqUbRikNyUQjThnn/UChfx3q5QzWVQ3B2ulvDKL7dpqMdVZ+sHZwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFO8tTzBWe+078BESDqt+r/arfyNIMB8GA1UdIwQY
MBaAFPAtrGBfRllxjAoV4fcyy9T0iq57MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOEMyc1lGOUdXWEdNQ2hYaDl6TEwxUFNLcm5zLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZC9lOTA5NzYtM2RkMS00NzE2LWJiZjYt
MjkyYWU0NmU2MzAyLzEvN3kxUE1GWjc3VHZ3RVJJT3EzNnY5cXRfSTBnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZC9lOTA5NzYtM2RkMS00NzE2LWJiZjYtMjkyYWU0NmU2MzAy
LzEvOEMyc1lGOUdXWEdNQ2hYaDl6TEwxUFNLcm5zLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwpUuMA0G
CSqGSIb3DQEBCwUAA4IBAQBEMo0rRyEfjkl+dSZf7T2IS/IeiC4T3eE/fMTMMbw2
5eTCUaTOUc2hMU46QYVbhLSgkSPtHvIfAa6xqN1ff7BoylYYU5xzTXLkC+VKRZbN
WmhdgGctT8N9eOdcoCwpm3qhfslZ7DSxK/RPufqSG/NI3kPoBmrwWKshXagGrgxh
PfbwitimGkZV0Tp8rF03p2ZBe9/VCWoGlEGHXLUhkt4JuaWSNF8QftZ6oZc1g78I
Y1jQdT/64DQE9caXidTnaGpgMOxkwkKr2WcO37NdqTHYO8PZFySsO2lGjbedvLT8
aTZ6kY930gr8WrFmjlFytN6t470fyUt6+q7op64XswyO
-----END CERTIFICATE-----