Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/90/d20c0e-6385-4ab7-b5ff-d15bdb886c6d/1/wD9ir4CCy4E7zOefD7Z-y5RvpRY.roa
File:                     wD9ir4CCy4E7zOefD7Z-y5RvpRY.roa (raw, json)
Hash identifier:          7sn9k3wlZ/27RuueZ6o2qKtcwJI5H5fdnvFFf1ud6xU=
Subject key identifier:   C0:3F:62:AF:80:82:CB:81:3B:CC:E7:9F:0F:B6:7E:CB:94:6F:A5:16
Certificate issuer:       /CN=0bd64fe7f438782ec8afa9eef5487b5db80e4dea
Certificate serial:       01942C1046317FA111508A5FC47976ACBCFD
Authority key identifier: 0B:D6:4F:E7:F4:38:78:2E:C8:AF:A9:EE:F5:48:7B:5D:B8:0E:4D:EA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/C9ZP5_Q4eC7Ir6nu9Uh7XbgOTeo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/90/d20c0e-6385-4ab7-b5ff-d15bdb886c6d/1/wD9ir4CCy4E7zOefD7Z-y5RvpRY.roa
Signing time:             Fri 03 Jan 2025 12:07:31 +0000
ROA not before:           Fri 03 Jan 2025 12:07:31 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     49556
IP address blocks:        194.32.213.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/90/d20c0e-6385-4ab7-b5ff-d15bdb886c6d/1/C9ZP5_Q4eC7Ir6nu9Uh7XbgOTeo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/90/d20c0e-6385-4ab7-b5ff-d15bdb886c6d/1/C9ZP5_Q4eC7Ir6nu9Uh7XbgOTeo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/C9ZP5_Q4eC7Ir6nu9Uh7XbgOTeo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:2c:10:46:31:7f:a1:11:50:8a:5f:c4:79:76:ac:bc:fd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0bd64fe7f438782ec8afa9eef5487b5db80e4dea
        Validity
            Not Before: Jan  3 12:07:31 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c03f62af8082cb813bcce79f0fb67ecb946fa516
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:90:b9:dd:43:4b:2c:58:53:46:2d:75:d6:6a:
                    b3:a1:cb:1e:4e:63:a4:f6:d1:7a:5b:73:a4:6c:28:
                    81:d1:15:3b:59:53:1c:8a:8a:8a:fc:81:58:cb:38:
                    4a:93:4a:a5:84:9e:b1:56:37:37:dc:fe:55:1e:1d:
                    76:4b:bd:e9:cf:db:91:01:23:be:b9:f3:bd:62:72:
                    e0:2d:d8:c3:29:4d:81:3e:45:54:55:a4:1e:c0:33:
                    cd:c0:89:47:51:24:00:2f:07:db:ba:7b:30:a7:e4:
                    cd:76:29:e6:98:55:7f:ff:9b:cb:c5:0f:99:31:5e:
                    15:c9:f6:95:04:a0:38:c7:9f:07:a7:61:97:38:72:
                    71:8f:22:87:d9:4d:b6:ae:9c:f9:c3:99:b7:64:55:
                    24:bb:ac:13:98:b1:fe:a0:32:d2:4e:d7:fc:55:12:
                    fc:a6:bf:7f:12:1f:e8:03:e1:23:20:04:df:94:ef:
                    30:58:e1:18:bd:1e:b6:df:a1:5b:2e:5a:77:07:e0:
                    17:f8:84:11:a0:0f:9d:17:39:ae:e4:39:06:45:b2:
                    6c:49:06:75:46:c9:b4:87:d2:99:53:cf:71:e6:41:
                    94:1f:e3:bd:a1:14:42:6b:7b:d6:ec:af:d1:8c:b2:
                    c6:fb:36:65:4c:d5:f0:c2:42:3b:4e:f4:6f:e5:5e:
                    b7:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C0:3F:62:AF:80:82:CB:81:3B:CC:E7:9F:0F:B6:7E:CB:94:6F:A5:16
            X509v3 Authority Key Identifier:
                keyid:0B:D6:4F:E7:F4:38:78:2E:C8:AF:A9:EE:F5:48:7B:5D:B8:0E:4D:EA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/C9ZP5_Q4eC7Ir6nu9Uh7XbgOTeo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/90/d20c0e-6385-4ab7-b5ff-d15bdb886c6d/1/wD9ir4CCy4E7zOefD7Z-y5RvpRY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/90/d20c0e-6385-4ab7-b5ff-d15bdb886c6d/1/C9ZP5_Q4eC7Ir6nu9Uh7XbgOTeo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.32.213.0/24

    Signature Algorithm: sha256WithRSAEncryption
         26:2c:cb:b1:4c:79:f8:89:68:72:e7:b5:ed:c0:ff:57:c1:5a:
         b4:dc:71:25:ef:b9:99:e7:5b:55:41:d1:a5:55:ab:34:77:b3:
         1b:9c:9c:79:2a:55:b9:b9:89:ad:18:ec:36:4a:98:97:cf:9a:
         fe:80:7f:50:a7:5d:78:8b:4e:04:29:d0:dd:2f:40:eb:e8:e0:
         88:ad:68:91:09:2a:f9:68:40:1b:63:5d:e5:14:2f:61:71:4d:
         99:98:72:2d:5a:dc:28:4d:87:fd:ee:4f:cb:df:2d:0a:11:40:
         53:1b:7c:f1:40:8d:cc:ef:48:4b:68:22:24:98:61:4c:e1:2b:
         27:61:6e:2a:27:42:e8:08:9f:f5:c2:b3:32:55:e1:88:17:7c:
         5d:e4:3e:38:07:93:f3:08:91:0d:7d:72:8d:11:b0:08:64:3e:
         d7:3b:b5:85:8b:2f:f5:ec:00:37:a8:56:da:bf:31:da:06:40:
         9d:09:d3:58:17:0a:82:59:f6:7c:c0:f8:5a:23:6d:41:86:68:
         4a:f5:51:13:7f:47:92:0d:93:e1:fa:0b:7b:60:c7:07:7f:6e:
         f8:ca:a2:b3:67:c2:d0:de:d0:b6:d7:4c:4d:32:3c:25:0b:68:
         48:95:ca:06:f2:5d:12:58:36:0b:ca:be:43:d6:b6:3f:f8:6f:
         4f:76:a9:4b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQsEEYxf6ERUIpfxHl2rLz9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBiZDY0ZmU3ZjQzODc4MmVjOGFmYTllZWY1NDg3YjVkYjgw
ZTRkZWEwHhcNMjUwMTAzMTIwNzMxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMDNmNjJhZjgwODJjYjgxM2JjY2U3OWYwZmI2N2VjYjk0NmZhNTE2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr5C53UNLLFhTRi111mqzocseTmOk
9tF6W3OkbCiB0RU7WVMcioqK/IFYyzhKk0qlhJ6xVjc33P5VHh12S73pz9uRASO+
ufO9YnLgLdjDKU2BPkVUVaQewDPNwIlHUSQALwfbunswp+TNdinmmFV//5vLxQ+Z
MV4VyfaVBKA4x58Hp2GXOHJxjyKH2U22rpz5w5m3ZFUku6wTmLH+oDLSTtf8VRL8
pr9/Eh/oA+EjIATflO8wWOEYvR6236FbLlp3B+AX+IQRoA+dFzmu5DkGRbJsSQZ1
Rsm0h9KZU89x5kGUH+O9oRRCa3vW7K/RjLLG+zZlTNXwwkI7TvRv5V63jwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMA/Yq+AgsuBO8znnw+2fsuUb6UWMB8GA1UdIwQY
MBaAFAvWT+f0OHguyK+p7vVIe124Dk3qMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQzlaUDVfUTRlQzdJcjZudTlVaDdYYmdPVGVvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85MC9kMjBjMGUtNjM4NS00YWI3LWI1ZmYt
ZDE1YmRiODg2YzZkLzEvd0Q5aXI0Q0N5NEU3ek9lZkQ3Wi15NVJ2cFJZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85MC9kMjBjMGUtNjM4NS00YWI3LWI1ZmYtZDE1YmRiODg2YzZk
LzEvQzlaUDVfUTRlQzdJcjZudTlVaDdYYmdPVGVvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwiDVMA0G
CSqGSIb3DQEBCwUAA4IBAQAmLMuxTHn4iWhy57XtwP9XwVq03HEl77mZ51tVQdGl
Vas0d7MbnJx5KlW5uYmtGOw2SpiXz5r+gH9Qp114i04EKdDdL0Dr6OCIrWiRCSr5
aEAbY13lFC9hcU2ZmHItWtwoTYf97k/L3y0KEUBTG3zxQI3M70hLaCIkmGFM4Ssn
YW4qJ0LoCJ/1wrMyVeGIF3xd5D44B5PzCJENfXKNEbAIZD7XO7WFiy/17AA3qFba
vzHaBkCdCdNYFwqCWfZ8wPhaI21BhmhK9VETf0eSDZPh+gt7YMcHf274yqKzZ8LQ
3tC210xNMjwlC2hIlcoG8l0SWDYLyr5D1rY/+G9PdqlL
-----END CERTIFICATE-----