Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/94/f71cc2-b71d-4668-8661-0538e95f3f12/1/Cw1uuAeUBhAelOLTm4Dk1iRffEA.roa
File:                     Cw1uuAeUBhAelOLTm4Dk1iRffEA.roa (raw, json)
Hash identifier:          z7x5PkssyE32f3g9waLhPt3Hl1C8H5f4Iw04pNNOOB8=
Subject key identifier:   0B:0D:6E:B8:07:94:06:10:1E:94:E2:D3:9B:80:E4:D6:24:5F:7C:40
Certificate issuer:       /CN=4776afb74fad5baf0a6180b49510d8b8497df8d3
Certificate serial:       0194221FF1A2CAE234D88D8A03C7EE50DF9C
Authority key identifier: 47:76:AF:B7:4F:AD:5B:AF:0A:61:80:B4:95:10:D8:B8:49:7D:F8:D3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/R3avt0-tW68KYYC0lRDYuEl9-NM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/94/f71cc2-b71d-4668-8661-0538e95f3f12/1/Cw1uuAeUBhAelOLTm4Dk1iRffEA.roa
Signing time:             Wed 01 Jan 2025 13:48:26 +0000
ROA not before:           Wed 01 Jan 2025 13:48:26 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     203961
IP address blocks:        185.24.67.0/24 maxlen: 24
                          2a04:2b00:14aa::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/94/f71cc2-b71d-4668-8661-0538e95f3f12/1/R3avt0-tW68KYYC0lRDYuEl9-NM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/94/f71cc2-b71d-4668-8661-0538e95f3f12/1/R3avt0-tW68KYYC0lRDYuEl9-NM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/R3avt0-tW68KYYC0lRDYuEl9-NM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 17 Apr 2025 13:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:1f:f1:a2:ca:e2:34:d8:8d:8a:03:c7:ee:50:df:9c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4776afb74fad5baf0a6180b49510d8b8497df8d3
        Validity
            Not Before: Jan  1 13:48:26 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0b0d6eb8079406101e94e2d39b80e4d6245f7c40
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:89:48:89:0d:d7:50:c0:ad:10:89:4a:50:8e:
                    13:a5:da:86:e6:1f:55:f3:14:18:a2:cb:6e:ec:34:
                    18:09:c8:1b:90:67:1d:e9:ba:2d:dc:41:81:27:86:
                    bc:f7:0e:c5:cf:ce:fa:bb:2b:04:e9:56:7c:a2:80:
                    a0:24:b6:75:19:92:51:08:a2:dd:38:4e:9f:03:fe:
                    63:c9:1c:f2:45:22:d5:ac:82:e1:93:aa:a6:84:30:
                    d3:e3:bc:54:c3:01:4b:5f:ee:d2:fe:e8:e9:18:56:
                    09:23:67:d6:14:fa:40:39:a2:3b:20:7d:6e:38:b2:
                    5c:3a:ea:e0:af:ec:c8:e1:9e:16:6a:ae:34:37:ab:
                    06:bf:e2:17:57:26:59:39:f6:9a:76:90:c8:a5:cd:
                    f7:d3:b7:b7:ce:22:b5:cc:da:34:f9:41:9c:cc:3a:
                    08:d9:ca:8d:91:78:f4:3f:e1:9c:96:00:4e:83:bd:
                    b9:9f:24:b0:f5:78:ab:82:96:61:c6:9d:ae:dd:11:
                    84:0c:2a:26:25:e9:5a:c1:08:f4:dc:87:9e:16:3f:
                    89:3f:f9:af:b5:0f:dc:27:be:e9:5d:ff:fa:6e:dc:
                    38:34:0e:52:5a:83:cc:7d:a9:33:61:c4:27:cb:0c:
                    84:a2:fa:a1:0e:14:04:69:62:59:de:2f:01:1f:bf:
                    fd:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0B:0D:6E:B8:07:94:06:10:1E:94:E2:D3:9B:80:E4:D6:24:5F:7C:40
            X509v3 Authority Key Identifier:
                keyid:47:76:AF:B7:4F:AD:5B:AF:0A:61:80:B4:95:10:D8:B8:49:7D:F8:D3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/R3avt0-tW68KYYC0lRDYuEl9-NM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/94/f71cc2-b71d-4668-8661-0538e95f3f12/1/Cw1uuAeUBhAelOLTm4Dk1iRffEA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/94/f71cc2-b71d-4668-8661-0538e95f3f12/1/R3avt0-tW68KYYC0lRDYuEl9-NM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.24.67.0/24
                IPv6:
                  2a04:2b00:14aa::/48

    Signature Algorithm: sha256WithRSAEncryption
         72:27:92:80:73:6b:dc:15:a7:a7:c9:0d:17:b6:f2:df:cf:3a:
         a3:ca:f8:88:5f:59:fb:32:0c:84:61:00:13:41:50:70:ac:18:
         a9:2d:35:cc:df:57:3d:df:d4:de:2d:01:a2:23:29:1d:33:2d:
         f9:1b:5d:a4:ef:be:31:e7:a3:48:0a:b4:7b:ee:53:40:14:6f:
         5a:ee:15:e0:21:eb:e9:e1:89:31:82:ce:e1:11:13:77:9c:02:
         50:e1:27:8d:2a:35:4d:f4:e2:3c:1c:a1:f7:58:da:d4:d2:5e:
         b7:b1:d7:a7:3c:7a:54:de:29:f3:3c:d5:b5:63:01:9b:54:0f:
         d6:9a:28:1a:83:cc:41:88:9b:ca:0f:d2:d4:86:57:70:d6:bc:
         36:e0:82:f7:57:b6:ad:f7:7e:13:06:3d:7f:f7:b0:d1:20:fa:
         3d:f9:f2:20:51:19:32:69:61:26:a9:87:ea:03:59:fa:e6:39:
         66:db:26:68:e9:34:ba:70:4e:68:30:27:98:7a:d6:53:68:59:
         36:28:ca:3b:33:5a:14:20:6f:f7:2e:fb:9f:5a:a3:e8:72:0b:
         36:fb:24:e3:40:9b:74:e5:4f:31:e7:6c:92:bb:f8:ed:c4:da:
         46:b9:10:e5:c9:e4:ef:9f:85:89:62:b8:88:2c:2b:5d:0f:73:
         79:30:a5:fe
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZQiH/GiyuI02I2KA8fuUN+cMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ3NzZhZmI3NGZhZDViYWYwYTYxODBiNDk1MTBkOGI4NDk3
ZGY4ZDMwHhcNMjUwMTAxMTM0ODI2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYjBkNmViODA3OTQwNjEwMWU5NGUyZDM5YjgwZTRkNjI0NWY3YzQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmIlIiQ3XUMCtEIlKUI4TpdqG5h9V
8xQYostu7DQYCcgbkGcd6bot3EGBJ4a89w7Fz876uysE6VZ8ooCgJLZ1GZJRCKLd
OE6fA/5jyRzyRSLVrILhk6qmhDDT47xUwwFLX+7S/ujpGFYJI2fWFPpAOaI7IH1u
OLJcOurgr+zI4Z4Waq40N6sGv+IXVyZZOfaadpDIpc3307e3ziK1zNo0+UGczDoI
2cqNkXj0P+GclgBOg725nySw9XirgpZhxp2u3RGEDComJelawQj03IeeFj+JP/mv
tQ/cJ77pXf/6btw4NA5SWoPMfakzYcQnywyEovqhDhQEaWJZ3i8BH7/9ywIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFAsNbrgHlAYQHpTi05uA5NYkX3xAMB8GA1UdIwQY
MBaAFEd2r7dPrVuvCmGAtJUQ2LhJffjTMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUjNhdnQwLXRXNjhLWVlDMGxSRFl1RWw5LU5NLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85NC9mNzFjYzItYjcxZC00NjY4LTg2NjEt
MDUzOGU5NWYzZjEyLzEvQ3cxdXVBZVVCaEFlbE9MVG00RGsxaVJmZkVBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85NC9mNzFjYzItYjcxZC00NjY4LTg2NjEtMDUzOGU5NWYzZjEy
LzEvUjNhdnQwLXRXNjhLWVlDMGxSRFl1RWw5LU5NLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAuRhDMA8E
AgACMAkDBwAqBCsAFKowDQYJKoZIhvcNAQELBQADggEBAHInkoBza9wVp6fJDRe2
8t/POqPK+IhfWfsyDIRhABNBUHCsGKktNczfVz3f1N4tAaIjKR0zLfkbXaTvvjHn
o0gKtHvuU0AUb1ruFeAh6+nhiTGCzuERE3ecAlDhJ40qNU304jwcofdY2tTSXrex
16c8elTeKfM81bVjAZtUD9aaKBqDzEGIm8oP0tSGV3DWvDbggvdXtq33fhMGPX/3
sNEg+j358iBRGTJpYSaph+oDWfrmOWbbJmjpNLpwTmgwJ5h61lNoWTYoyjszWhQg
b/cu+59ao+hyCzb7JONAm3TlTzHnbJK7+O3E2ka5EOXJ5O+fhYliuIgsK10Pc3kw
pf4=
-----END CERTIFICATE-----