Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8d/e90976-3dd1-4716-bbf6-292ae46e6302/1/pW41aiqhh4TGOa0SfOJoWwzIC9A.roa
File:                     pW41aiqhh4TGOa0SfOJoWwzIC9A.roa (raw, json)
Hash identifier:          NOVcfPSERPAJVKGKnsOL5db9Ocxsd5SZKJKLS2fsK1w=
Subject key identifier:   A5:6E:35:6A:2A:A1:87:84:C6:39:AD:12:7C:E2:68:5B:0C:C8:0B:D0
Certificate issuer:       /CN=f02dac605f4659718c0a15e1f732cbd4f48aae7b
Certificate serial:       019421B1D1B455048ADED6F19483D66DE518
Authority key identifier: F0:2D:AC:60:5F:46:59:71:8C:0A:15:E1:F7:32:CB:D4:F4:8A:AE:7B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8C2sYF9GWXGMChXh9zLL1PSKrns.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8d/e90976-3dd1-4716-bbf6-292ae46e6302/1/pW41aiqhh4TGOa0SfOJoWwzIC9A.roa
Signing time:             Wed 01 Jan 2025 11:48:09 +0000
ROA not before:           Wed 01 Jan 2025 11:48:09 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     25539
IP address blocks:        195.56.68.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8d/e90976-3dd1-4716-bbf6-292ae46e6302/1/8C2sYF9GWXGMChXh9zLL1PSKrns.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8d/e90976-3dd1-4716-bbf6-292ae46e6302/1/8C2sYF9GWXGMChXh9zLL1PSKrns.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8C2sYF9GWXGMChXh9zLL1PSKrns.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 14 Apr 2025 08:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:b1:d1:b4:55:04:8a:de:d6:f1:94:83:d6:6d:e5:18
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f02dac605f4659718c0a15e1f732cbd4f48aae7b
        Validity
            Not Before: Jan  1 11:48:09 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a56e356a2aa18784c639ad127ce2685b0cc80bd0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:0b:db:ed:34:16:c6:88:08:99:f0:47:be:42:
                    62:43:43:52:8a:e2:cc:44:58:b1:b4:e4:2a:c1:00:
                    89:10:cd:8b:78:b0:9c:33:75:51:b0:be:0e:a6:a1:
                    5a:2f:2c:b6:0e:1b:e4:a4:47:a4:8f:97:6a:21:3b:
                    f5:24:bb:ea:64:1a:fe:e1:0e:37:59:bd:61:e5:d1:
                    8d:6b:82:4b:5b:35:06:90:8c:82:cc:5c:2e:81:3a:
                    19:14:e2:68:20:ce:19:6e:f0:96:17:35:cb:2b:25:
                    4c:5e:ad:77:fc:c1:fb:39:ec:16:00:10:64:3f:08:
                    3b:6c:2a:60:45:51:c1:5b:2f:86:2d:94:f2:84:ba:
                    ae:40:cd:3f:9c:4c:28:ea:62:30:9c:79:c6:74:7c:
                    3b:6c:a0:c1:ec:76:76:13:a9:1a:74:7d:ad:d8:16:
                    7d:3d:23:25:c8:36:93:d8:e4:d1:15:68:bc:5b:ac:
                    34:73:d0:13:c7:13:1a:3c:65:95:0f:20:78:51:bf:
                    1d:34:89:fd:af:38:74:b2:b1:7f:a4:3b:db:e2:c4:
                    6f:e1:1b:8f:50:a9:c0:cc:11:f5:af:8a:41:1a:dd:
                    71:f5:39:b7:5b:14:2d:8f:ba:0d:34:93:4d:a9:3a:
                    42:22:9d:c1:9d:30:4f:23:ce:20:48:f8:2c:bd:88:
                    0f:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A5:6E:35:6A:2A:A1:87:84:C6:39:AD:12:7C:E2:68:5B:0C:C8:0B:D0
            X509v3 Authority Key Identifier:
                keyid:F0:2D:AC:60:5F:46:59:71:8C:0A:15:E1:F7:32:CB:D4:F4:8A:AE:7B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8C2sYF9GWXGMChXh9zLL1PSKrns.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8d/e90976-3dd1-4716-bbf6-292ae46e6302/1/pW41aiqhh4TGOa0SfOJoWwzIC9A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8d/e90976-3dd1-4716-bbf6-292ae46e6302/1/8C2sYF9GWXGMChXh9zLL1PSKrns.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.56.68.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8b:ee:99:54:16:7a:d5:0c:fd:64:09:2d:c3:1c:5c:e3:f5:37:
         95:6f:2e:0e:ad:08:c4:75:89:0f:2f:0f:4f:10:5b:ac:0d:19:
         c7:25:13:e0:6a:8c:37:7b:77:f4:95:37:d5:1c:15:8d:25:d0:
         5e:9c:a1:ef:15:08:33:67:48:c4:96:32:4e:90:59:46:40:c3:
         34:b8:e2:eb:bb:74:76:b1:53:24:c6:08:e5:37:d2:72:8b:0e:
         9c:14:f6:2b:86:f7:12:81:78:08:1f:50:6d:97:a5:f2:18:27:
         a4:b6:22:59:e3:6a:84:a4:3d:44:a7:8e:15:54:d0:34:62:d1:
         c1:a2:78:3e:eb:f2:f0:9c:d8:c5:24:81:0e:ac:a7:12:81:d4:
         ba:a7:aa:7f:ae:0b:53:e9:0d:c8:d6:f6:58:42:24:28:7c:10:
         34:81:de:43:b8:4f:45:3e:e2:d6:3d:7c:8a:91:3f:6f:25:a3:
         9d:4e:04:94:05:fb:91:ba:06:ed:95:8e:ad:74:31:c1:39:2e:
         e0:0b:94:46:2c:61:f5:38:f4:cb:22:ef:6c:d3:d7:45:3b:3d:
         85:2f:65:5e:1f:1d:c7:df:33:52:f9:a1:d9:b8:c4:97:38:fd:
         1a:2a:79:1e:ed:05:ea:6a:87:61:76:e3:7f:c2:8d:03:f9:23:
         ce:2e:08:a5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhsdG0VQSK3tbxlIPWbeUYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYwMmRhYzYwNWY0NjU5NzE4YzBhMTVlMWY3MzJjYmQ0ZjQ4
YWFlN2IwHhcNMjUwMTAxMTE0ODA5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNTZlMzU2YTJhYTE4Nzg0YzYzOWFkMTI3Y2UyNjg1YjBjYzgwYmQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1Qvb7TQWxogImfBHvkJiQ0NSiuLM
RFixtOQqwQCJEM2LeLCcM3VRsL4OpqFaLyy2DhvkpEekj5dqITv1JLvqZBr+4Q43
Wb1h5dGNa4JLWzUGkIyCzFwugToZFOJoIM4ZbvCWFzXLKyVMXq13/MH7OewWABBk
Pwg7bCpgRVHBWy+GLZTyhLquQM0/nEwo6mIwnHnGdHw7bKDB7HZ2E6kadH2t2BZ9
PSMlyDaT2OTRFWi8W6w0c9ATxxMaPGWVDyB4Ub8dNIn9rzh0srF/pDvb4sRv4RuP
UKnAzBH1r4pBGt1x9Tm3WxQtj7oNNJNNqTpCIp3BnTBPI84gSPgsvYgPJwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKVuNWoqoYeExjmtEnziaFsMyAvQMB8GA1UdIwQY
MBaAFPAtrGBfRllxjAoV4fcyy9T0iq57MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOEMyc1lGOUdXWEdNQ2hYaDl6TEwxUFNLcm5zLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZC9lOTA5NzYtM2RkMS00NzE2LWJiZjYt
MjkyYWU0NmU2MzAyLzEvcFc0MWFpcWhoNFRHT2EwU2ZPSm9Xd3pJQzlBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZC9lOTA5NzYtM2RkMS00NzE2LWJiZjYtMjkyYWU0NmU2MzAy
LzEvOEMyc1lGOUdXWEdNQ2hYaDl6TEwxUFNLcm5zLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwzhEMA0G
CSqGSIb3DQEBCwUAA4IBAQCL7plUFnrVDP1kCS3DHFzj9TeVby4OrQjEdYkPLw9P
EFusDRnHJRPgaow3e3f0lTfVHBWNJdBenKHvFQgzZ0jEljJOkFlGQMM0uOLru3R2
sVMkxgjlN9Jyiw6cFPYrhvcSgXgIH1Btl6XyGCektiJZ42qEpD1Ep44VVNA0YtHB
ong+6/LwnNjFJIEOrKcSgdS6p6p/rgtT6Q3I1vZYQiQofBA0gd5DuE9FPuLWPXyK
kT9vJaOdTgSUBfuRugbtlY6tdDHBOS7gC5RGLGH1OPTLIu9s09dFOz2FL2VeHx3H
3zNS+aHZuMSXOP0aKnke7QXqaodhduN/wo0D+SPOLgil
-----END CERTIFICATE-----