Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/0ca59b-32d1-46a2-be48-0c33e1264d7f/1/1-d2k_vU-BkEDRcLdH-TIekg9VxQ.roa
File:                     1-d2k_vU-BkEDRcLdH-TIekg9VxQ.roa (raw, json)
Hash identifier:          BNmjLGfRynwPkim2jPmJ7ZmYJ2M4K6NMjQ6A9ZIWsHE=
Subject key identifier:   F9:DD:A4:FE:F5:3E:06:41:03:45:C2:DD:1F:E4:C8:7A:48:3D:57:14
Certificate issuer:       /CN=bb936933dc3aa03b3daa06e5b3873f35bdab55d2
Certificate serial:       0194228E2641DA1D4882408A0D73300A2350
Authority key identifier: BB:93:69:33:DC:3A:A0:3B:3D:AA:06:E5:B3:87:3F:35:BD:AB:55:D2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/u5NpM9w6oDs9qgbls4c_Nb2rVdI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/0ca59b-32d1-46a2-be48-0c33e1264d7f/1/1-d2k_vU-BkEDRcLdH-TIekg9VxQ.roa
Signing time:             Wed 01 Jan 2025 15:48:48 +0000
ROA not before:           Wed 01 Jan 2025 15:48:48 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     49556
IP address blocks:        194.39.248.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/0ca59b-32d1-46a2-be48-0c33e1264d7f/1/u5NpM9w6oDs9qgbls4c_Nb2rVdI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/0ca59b-32d1-46a2-be48-0c33e1264d7f/1/u5NpM9w6oDs9qgbls4c_Nb2rVdI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/u5NpM9w6oDs9qgbls4c_Nb2rVdI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 17 Apr 2025 21:57:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:8e:26:41:da:1d:48:82:40:8a:0d:73:30:0a:23:50
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bb936933dc3aa03b3daa06e5b3873f35bdab55d2
        Validity
            Not Before: Jan  1 15:48:48 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f9dda4fef53e06410345c2dd1fe4c87a483d5714
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:4d:8a:ad:ac:ac:c6:3b:0d:61:df:e5:e1:b1:
                    52:c5:29:c0:bd:91:8f:bb:1e:96:12:98:9e:63:2e:
                    c7:7d:71:00:64:4e:2e:8b:c5:c6:af:47:7d:e5:1b:
                    e5:ec:34:6f:04:f8:7a:f3:a1:68:6c:06:35:a0:e9:
                    cc:fb:e3:ce:f5:f1:ee:d7:c2:a8:6c:7b:bc:70:03:
                    7e:f3:c3:26:7a:68:1e:01:f0:e7:ff:4b:6d:b4:49:
                    a6:2f:91:f1:21:ed:c0:34:a0:42:2e:4d:68:a4:80:
                    ee:9c:19:88:14:75:b1:3d:62:3d:97:3d:84:5f:b6:
                    2d:04:46:69:54:78:e5:8b:4f:67:e5:9f:f7:3e:da:
                    3f:94:3e:03:22:d5:b5:47:f3:e1:75:30:28:87:d0:
                    a6:d9:95:3a:36:72:83:a9:d0:80:bd:97:39:cc:a0:
                    72:ab:37:86:9d:75:9e:2e:ec:86:cc:4e:06:44:94:
                    6c:91:c2:00:b0:24:1a:4a:10:1b:f7:ff:d2:06:5a:
                    99:94:15:a3:a7:d7:9e:ba:23:8d:b0:4c:5e:f0:7c:
                    0e:57:1c:dd:6b:42:ab:b4:b8:f6:b4:37:19:14:d5:
                    be:43:ba:3f:d1:a9:fc:de:a3:b5:7d:1b:7a:ce:89:
                    68:c2:74:1b:33:63:c0:48:31:64:d6:3a:50:34:0e:
                    81:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F9:DD:A4:FE:F5:3E:06:41:03:45:C2:DD:1F:E4:C8:7A:48:3D:57:14
            X509v3 Authority Key Identifier:
                keyid:BB:93:69:33:DC:3A:A0:3B:3D:AA:06:E5:B3:87:3F:35:BD:AB:55:D2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/u5NpM9w6oDs9qgbls4c_Nb2rVdI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/0ca59b-32d1-46a2-be48-0c33e1264d7f/1/1-d2k_vU-BkEDRcLdH-TIekg9VxQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/0ca59b-32d1-46a2-be48-0c33e1264d7f/1/u5NpM9w6oDs9qgbls4c_Nb2rVdI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.39.248.0/24

    Signature Algorithm: sha256WithRSAEncryption
         73:aa:94:0b:f0:f8:e9:4d:f7:d1:85:73:af:85:e4:45:98:4a:
         ba:42:b8:f6:a2:05:db:a9:02:9a:2a:7e:bc:da:ce:22:62:61:
         cd:f6:81:a0:d2:bc:1c:d7:4a:1b:1d:64:9c:78:b2:35:e1:b8:
         3a:4f:df:5a:db:b6:81:8d:92:32:17:57:82:c1:0e:d6:af:ea:
         77:78:e9:1f:c6:c6:72:60:7f:d8:54:ca:93:bb:a9:9f:38:d5:
         54:37:4c:11:9f:bd:65:20:00:00:85:a8:b4:3e:07:aa:5c:50:
         2a:cf:83:4e:39:de:6a:f3:14:c9:c3:83:b3:6f:8f:c8:b3:be:
         6b:00:91:16:cd:ac:2d:c6:0d:b1:d9:c1:d4:27:ac:c7:36:1e:
         a0:cb:93:8d:f5:ba:55:fd:34:0b:d1:0a:73:df:78:62:fe:14:
         1a:cf:5f:f3:8e:74:0b:6c:d1:7e:9f:72:fc:3e:7e:5e:5a:0e:
         37:7b:02:1b:3e:3a:64:0d:d1:a6:58:e1:df:0e:8f:e1:aa:f9:
         21:73:01:16:12:f1:a8:ad:1a:b0:3e:cc:92:3a:b0:93:63:c5:
         3e:a1:77:83:b3:c6:09:c3:b3:1a:e0:4b:90:c6:c8:1e:b5:a4:
         38:73:74:ef:b5:b0:9d:11:cf:c7:87:d4:39:92:f1:b3:fc:cf:
         54:a9:96:a2
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZQijiZB2h1IgkCKDXMwCiNQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJiOTM2OTMzZGMzYWEwM2IzZGFhMDZlNWIzODczZjM1YmRh
YjU1ZDIwHhcNMjUwMTAxMTU0ODQ4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmOWRkYTRmZWY1M2UwNjQxMDM0NWMyZGQxZmU0Yzg3YTQ4M2Q1NzE0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz02KraysxjsNYd/l4bFSxSnAvZGP
ux6WEpieYy7HfXEAZE4ui8XGr0d95Rvl7DRvBPh686FobAY1oOnM++PO9fHu18Ko
bHu8cAN+88MmemgeAfDn/0tttEmmL5HxIe3ANKBCLk1opIDunBmIFHWxPWI9lz2E
X7YtBEZpVHjli09n5Z/3Pto/lD4DItW1R/PhdTAoh9Cm2ZU6NnKDqdCAvZc5zKBy
qzeGnXWeLuyGzE4GRJRskcIAsCQaShAb9//SBlqZlBWjp9eeuiONsExe8HwOVxzd
a0KrtLj2tDcZFNW+Q7o/0an83qO1fRt6zolownQbM2PASDFk1jpQNA6BpQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFPndpP71PgZBA0XC3R/kyHpIPVcUMB8GA1UdIwQY
MBaAFLuTaTPcOqA7PaoG5bOHPzW9q1XSMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdTVOcE05dzZvRHM5cWdibHM0Y19OYjJyVmRJLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi8wY2E1OWItMzJkMS00NmEyLWJlNDgt
MGMzM2UxMjY0ZDdmLzEvMS1kMmtfdlUtQmtFRFJjTGRILVRJZWtnOVZ4US5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvOTIvMGNhNTliLTMyZDEtNDZhMi1iZTQ4LTBjMzNlMTI2NGQ3
Zi8xL3U1TnBNOXc2b0RzOXFnYmxzNGNfTmIyclZkSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAMIn+DAN
BgkqhkiG9w0BAQsFAAOCAQEAc6qUC/D46U330YVzr4XkRZhKukK49qIF26kCmip+
vNrOImJhzfaBoNK8HNdKGx1knHiyNeG4Ok/fWtu2gY2SMhdXgsEO1q/qd3jpH8bG
cmB/2FTKk7upnzjVVDdMEZ+9ZSAAAIWotD4HqlxQKs+DTjneavMUycODs2+PyLO+
awCRFs2sLcYNsdnB1CesxzYeoMuTjfW6Vf00C9EKc994Yv4UGs9f8450C2zRfp9y
/D5+XloON3sCGz46ZA3Rpljh3w6P4ar5IXMBFhLxqK0asD7Mkjqwk2PFPqF3g7PG
CcOzGuBLkMbIHrWkOHN077WwnRHPx4fUOZLxs/zPVKmWog==
-----END CERTIFICATE-----