Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/97/b5fb58-928c-438f-bcef-858f8aca323f/1/jkZUIqdvougoYWTFFIYTmQ_0c3I.roa
File:                     jkZUIqdvougoYWTFFIYTmQ_0c3I.roa (raw, json)
Hash identifier:          FvJzMAch2URVowys51R40ZrFG4sKpVwuQwZnFuBLSQ4=
Subject key identifier:   8E:46:54:22:A7:6F:A2:E8:28:61:64:C5:14:86:13:99:0F:F4:73:72
Certificate issuer:       /CN=4c9fbe4756028fa4187a399595fac65c3c1c43c6
Certificate serial:       0194282841E5F50835048F99519835CA307E
Authority key identifier: 4C:9F:BE:47:56:02:8F:A4:18:7A:39:95:95:FA:C6:5C:3C:1C:43:C6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TJ--R1YCj6QYejmVlfrGXDwcQ8Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/97/b5fb58-928c-438f-bcef-858f8aca323f/1/jkZUIqdvougoYWTFFIYTmQ_0c3I.roa
Signing time:             Thu 02 Jan 2025 17:55:14 +0000
ROA not before:           Thu 02 Jan 2025 17:55:14 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     43872
IP address blocks:        84.38.246.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/97/b5fb58-928c-438f-bcef-858f8aca323f/1/TJ--R1YCj6QYejmVlfrGXDwcQ8Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/97/b5fb58-928c-438f-bcef-858f8aca323f/1/TJ--R1YCj6QYejmVlfrGXDwcQ8Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TJ--R1YCj6QYejmVlfrGXDwcQ8Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 16 Apr 2025 08:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:28:28:41:e5:f5:08:35:04:8f:99:51:98:35:ca:30:7e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4c9fbe4756028fa4187a399595fac65c3c1c43c6
        Validity
            Not Before: Jan  2 17:55:14 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8e465422a76fa2e8286164c5148613990ff47372
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:7b:28:f8:15:e6:96:e6:ad:4d:a8:0c:a0:55:
                    a7:10:5f:0b:44:fa:13:ee:cf:19:3b:62:9c:ce:f5:
                    75:fc:89:42:2b:b9:9c:75:7e:67:23:b8:8c:4c:ba:
                    c0:59:86:84:02:b6:c3:12:bd:e5:cb:cb:bb:e4:ff:
                    bd:93:90:67:76:e4:54:34:ac:da:08:40:71:46:f6:
                    e2:ff:47:48:1c:a8:21:13:01:86:23:11:30:50:df:
                    25:0f:56:f9:0b:98:97:d1:44:55:42:3a:1b:50:f8:
                    3f:cf:8c:1b:8e:28:1b:27:86:5f:0c:1f:ee:c3:27:
                    16:7d:e4:16:84:29:bd:db:0a:08:0c:85:3f:41:21:
                    bc:98:63:d2:46:ac:51:68:48:0d:ae:65:08:cd:71:
                    e3:7d:98:d6:ed:59:50:31:9c:7d:99:51:d7:80:63:
                    37:c7:c3:ca:0a:98:ed:e2:2f:dd:ab:5a:97:bb:2c:
                    c3:c1:2d:9d:53:ba:3f:fa:8b:37:43:4c:34:08:d0:
                    c0:f6:2f:6e:13:1b:15:b9:2e:5e:03:c9:57:93:87:
                    bd:f6:a2:fd:7d:49:fb:88:7a:7e:3d:47:7d:40:9c:
                    3e:ab:f2:06:c1:38:39:63:65:8f:2e:a0:9b:9a:d8:
                    ca:b7:ea:0a:28:33:19:0d:e0:bd:e0:6c:75:66:12:
                    9f:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8E:46:54:22:A7:6F:A2:E8:28:61:64:C5:14:86:13:99:0F:F4:73:72
            X509v3 Authority Key Identifier:
                keyid:4C:9F:BE:47:56:02:8F:A4:18:7A:39:95:95:FA:C6:5C:3C:1C:43:C6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TJ--R1YCj6QYejmVlfrGXDwcQ8Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/97/b5fb58-928c-438f-bcef-858f8aca323f/1/jkZUIqdvougoYWTFFIYTmQ_0c3I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/97/b5fb58-928c-438f-bcef-858f8aca323f/1/TJ--R1YCj6QYejmVlfrGXDwcQ8Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.38.246.0/24

    Signature Algorithm: sha256WithRSAEncryption
         35:00:72:64:7d:fa:44:87:0a:fd:77:a8:cc:7c:e0:f5:32:15:
         09:6d:34:0a:af:7c:e1:34:9d:06:5a:46:2f:89:52:80:c8:ca:
         a5:f7:bb:5d:a9:9e:a7:61:df:ab:e2:c2:f4:01:53:96:31:90:
         16:28:b8:6d:2a:22:fe:00:49:d4:48:90:e7:7c:52:ab:e5:95:
         ed:08:65:6e:df:e3:71:b7:35:fc:a6:40:02:fa:03:3a:d3:0f:
         31:07:9b:0b:74:8d:26:ce:ff:4a:e8:7d:84:65:83:69:64:3d:
         90:9e:4d:7d:34:fe:8a:34:e4:1a:64:26:e5:c2:a8:7d:0b:05:
         66:ea:b9:c8:01:c1:8f:aa:45:53:70:00:8f:fd:67:21:6f:37:
         27:7d:33:43:72:3b:22:42:bf:f7:ca:01:b7:de:f1:3b:e8:ac:
         d2:e1:53:75:53:a8:69:f5:44:81:c3:ad:fa:7f:29:40:d9:ea:
         e0:42:7a:f9:53:fb:45:a2:e1:a9:1f:5c:c9:62:fb:a2:11:ca:
         53:0f:21:8c:75:01:7e:d2:72:b0:b4:36:2f:51:0d:d4:c8:2b:
         0c:96:4f:f8:75:69:e4:aa:89:76:24:40:2a:fa:e1:6c:51:ee:
         93:08:cb:01:36:0a:91:d8:db:b6:02:ef:c9:2a:0a:29:44:78:
         d0:71:08:1b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQoKEHl9Qg1BI+ZUZg1yjB+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRjOWZiZTQ3NTYwMjhmYTQxODdhMzk5NTk1ZmFjNjVjM2Mx
YzQzYzYwHhcNMjUwMTAyMTc1NTE0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZTQ2NTQyMmE3NmZhMmU4Mjg2MTY0YzUxNDg2MTM5OTBmZjQ3MzcyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1Xso+BXmluatTagMoFWnEF8LRPoT
7s8ZO2KczvV1/IlCK7mcdX5nI7iMTLrAWYaEArbDEr3ly8u75P+9k5BnduRUNKza
CEBxRvbi/0dIHKghEwGGIxEwUN8lD1b5C5iX0URVQjobUPg/z4wbjigbJ4ZfDB/u
wycWfeQWhCm92woIDIU/QSG8mGPSRqxRaEgNrmUIzXHjfZjW7VlQMZx9mVHXgGM3
x8PKCpjt4i/dq1qXuyzDwS2dU7o/+os3Q0w0CNDA9i9uExsVuS5eA8lXk4e99qL9
fUn7iHp+PUd9QJw+q/IGwTg5Y2WPLqCbmtjKt+oKKDMZDeC94Gx1ZhKfdQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFI5GVCKnb6LoKGFkxRSGE5kP9HNyMB8GA1UdIwQY
MBaAFEyfvkdWAo+kGHo5lZX6xlw8HEPGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVEotLVIxWUNqNlFZZWptVmxmckdYRHdjUThZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Ny9iNWZiNTgtOTI4Yy00MzhmLWJjZWYt
ODU4ZjhhY2EzMjNmLzEvamtaVUlxZHZvdWdvWVdURkZJWVRtUV8wYzNJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Ny9iNWZiNTgtOTI4Yy00MzhmLWJjZWYtODU4ZjhhY2EzMjNm
LzEvVEotLVIxWUNqNlFZZWptVmxmckdYRHdjUThZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVCb2MA0G
CSqGSIb3DQEBCwUAA4IBAQA1AHJkffpEhwr9d6jMfOD1MhUJbTQKr3zhNJ0GWkYv
iVKAyMql97tdqZ6nYd+r4sL0AVOWMZAWKLhtKiL+AEnUSJDnfFKr5ZXtCGVu3+Nx
tzX8pkAC+gM60w8xB5sLdI0mzv9K6H2EZYNpZD2Qnk19NP6KNOQaZCblwqh9CwVm
6rnIAcGPqkVTcACP/WchbzcnfTNDcjsiQr/3ygG33vE76KzS4VN1U6hp9USBw636
fylA2ergQnr5U/tFouGpH1zJYvuiEcpTDyGMdQF+0nKwtDYvUQ3UyCsMlk/4dWnk
qol2JEAq+uFsUe6TCMsBNgqR2Nu2Au/JKgopRHjQcQgb
-----END CERTIFICATE-----