Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9b/ff3618-7032-4143-9374-ba1418d22087/1/jwOao49fuGzjzKpy4DVicXhqkq8.roa
File:                     jwOao49fuGzjzKpy4DVicXhqkq8.roa (raw, json)
Hash identifier:          vTxxc3wFEPVm9vo1ixcSgxSo2myxU1VuH0FNYAoBops=
Subject key identifier:   8F:03:9A:A3:8F:5F:B8:6C:E3:CC:AA:72:E0:35:62:71:78:6A:92:AF
Certificate issuer:       /CN=5ce1aae0c93ad04b7298082b68bf6a54fa68bcf0
Certificate serial:       0194266B54788CC1C2AC64352F137992B201
Authority key identifier: 5C:E1:AA:E0:C9:3A:D0:4B:72:98:08:2B:68:BF:6A:54:FA:68:BC:F0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XOGq4Mk60EtymAgraL9qVPpovPA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9b/ff3618-7032-4143-9374-ba1418d22087/1/jwOao49fuGzjzKpy4DVicXhqkq8.roa
Signing time:             Thu 02 Jan 2025 09:49:15 +0000
ROA not before:           Thu 02 Jan 2025 09:49:15 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     49282
IP address blocks:        185.196.102.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9b/ff3618-7032-4143-9374-ba1418d22087/1/XOGq4Mk60EtymAgraL9qVPpovPA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9b/ff3618-7032-4143-9374-ba1418d22087/1/XOGq4Mk60EtymAgraL9qVPpovPA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XOGq4Mk60EtymAgraL9qVPpovPA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:6b:54:78:8c:c1:c2:ac:64:35:2f:13:79:92:b2:01
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5ce1aae0c93ad04b7298082b68bf6a54fa68bcf0
        Validity
            Not Before: Jan  2 09:49:15 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8f039aa38f5fb86ce3ccaa72e0356271786a92af
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:71:d5:1e:00:79:22:79:2d:c1:ed:c0:59:05:
                    44:93:6c:0a:c8:16:6d:e4:b8:ee:93:5d:77:6c:18:
                    de:d6:c0:a3:4d:2e:6e:c9:d2:43:48:53:3e:9f:17:
                    f9:0c:0a:f4:a7:df:7b:3d:cc:0d:2a:6b:52:a5:c2:
                    65:2b:a7:e0:03:37:cd:71:85:68:32:3b:9a:e0:ab:
                    1b:7f:f5:dc:3a:c3:50:9b:db:34:47:32:a0:cd:1b:
                    18:57:4c:0d:0e:d5:05:54:49:cf:62:33:44:1a:5b:
                    0e:d8:9f:7a:19:99:9f:d0:1a:9c:29:45:c6:28:f5:
                    fb:b3:cc:84:2d:3b:80:43:dd:42:8b:ba:bb:d3:ff:
                    a4:ea:7f:81:c7:25:25:72:8b:eb:1a:2c:99:f6:c6:
                    51:f2:30:4d:18:6c:d7:f0:e0:ce:64:a3:e9:47:2f:
                    4e:c2:58:35:45:e7:06:c5:69:da:40:f2:4a:81:3d:
                    d7:20:19:a2:ae:5f:94:2d:7c:88:f9:93:97:b3:6f:
                    60:c7:f5:cb:7a:6a:d4:e6:59:53:1f:68:f1:61:02:
                    80:96:05:b8:9a:12:36:02:88:77:7b:5b:0a:37:6d:
                    d6:a9:47:de:5f:b5:00:b4:11:31:09:36:2d:98:4f:
                    dd:19:2f:7c:67:3d:7b:dc:c8:51:c9:bf:a8:22:02:
                    64:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8F:03:9A:A3:8F:5F:B8:6C:E3:CC:AA:72:E0:35:62:71:78:6A:92:AF
            X509v3 Authority Key Identifier:
                keyid:5C:E1:AA:E0:C9:3A:D0:4B:72:98:08:2B:68:BF:6A:54:FA:68:BC:F0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XOGq4Mk60EtymAgraL9qVPpovPA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/ff3618-7032-4143-9374-ba1418d22087/1/jwOao49fuGzjzKpy4DVicXhqkq8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/ff3618-7032-4143-9374-ba1418d22087/1/XOGq4Mk60EtymAgraL9qVPpovPA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.196.102.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6b:5e:d0:02:be:27:e1:e3:b5:d3:80:14:05:41:d2:24:39:6d:
         b2:50:f9:21:b4:2c:00:8e:30:fe:19:94:3a:9d:b6:a7:e9:47:
         55:cc:3e:80:52:0f:f2:70:20:95:b5:86:09:1b:8c:1c:6e:03:
         51:c4:c3:2c:a9:7b:f7:6b:a6:d8:94:15:07:dd:09:9c:67:6d:
         fc:a0:1c:04:92:b9:53:03:64:66:68:46:43:3f:29:a4:82:29:
         d7:77:59:09:c0:37:b1:3b:e5:84:8c:41:2b:1d:bd:d3:c2:29:
         6d:03:d9:42:e7:cc:b6:9a:89:b1:69:2f:8c:17:2e:20:62:f8:
         b9:45:ca:81:86:38:57:d6:f1:a6:0a:d9:20:f5:43:6f:e0:36:
         f2:81:df:ed:c8:78:60:9d:cc:86:ba:1d:22:4c:78:91:e6:d1:
         c6:8f:d5:e3:bf:38:c4:53:5e:0e:2b:11:4b:31:85:ff:27:70:
         21:42:33:d3:7b:2a:ff:6c:f1:cd:52:38:6e:ec:9f:c8:c0:09:
         11:84:e4:66:20:43:69:1c:70:58:da:f2:81:ad:15:6d:21:31:
         2e:cb:32:d9:80:10:8b:45:b1:f0:b0:9f:e4:1b:ea:b9:ac:60:
         ce:49:4c:27:da:e3:69:0f:01:02:e6:31:ab:07:44:95:97:7d:
         fb:9b:5a:09
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQma1R4jMHCrGQ1LxN5krIBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVjZTFhYWUwYzkzYWQwNGI3Mjk4MDgyYjY4YmY2YTU0ZmE2
OGJjZjAwHhcNMjUwMTAyMDk0OTE1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZjAzOWFhMzhmNWZiODZjZTNjY2FhNzJlMDM1NjI3MTc4NmE5MmFmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuXHVHgB5Inktwe3AWQVEk2wKyBZt
5Ljuk113bBje1sCjTS5uydJDSFM+nxf5DAr0p997PcwNKmtSpcJlK6fgAzfNcYVo
Mjua4Ksbf/XcOsNQm9s0RzKgzRsYV0wNDtUFVEnPYjNEGlsO2J96GZmf0BqcKUXG
KPX7s8yELTuAQ91Ci7q70/+k6n+BxyUlcovrGiyZ9sZR8jBNGGzX8ODOZKPpRy9O
wlg1RecGxWnaQPJKgT3XIBmirl+ULXyI+ZOXs29gx/XLemrU5llTH2jxYQKAlgW4
mhI2Aoh3e1sKN23WqUfeX7UAtBExCTYtmE/dGS98Zz173MhRyb+oIgJkLQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFI8DmqOPX7hs48yqcuA1YnF4apKvMB8GA1UdIwQY
MBaAFFzhquDJOtBLcpgIK2i/alT6aLzwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWE9HcTRNazYwRXR5bUFncmFMOXFWUHBvdlBBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Yi9mZjM2MTgtNzAzMi00MTQzLTkzNzQt
YmExNDE4ZDIyMDg3LzEvandPYW80OWZ1R3pqektweTREVmljWGhxa3E4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Yi9mZjM2MTgtNzAzMi00MTQzLTkzNzQtYmExNDE4ZDIyMDg3
LzEvWE9HcTRNazYwRXR5bUFncmFMOXFWUHBvdlBBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAucRmMA0G
CSqGSIb3DQEBCwUAA4IBAQBrXtACvifh47XTgBQFQdIkOW2yUPkhtCwAjjD+GZQ6
nban6UdVzD6AUg/ycCCVtYYJG4wcbgNRxMMsqXv3a6bYlBUH3QmcZ238oBwEkrlT
A2RmaEZDPymkginXd1kJwDexO+WEjEErHb3TwiltA9lC58y2momxaS+MFy4gYvi5
RcqBhjhX1vGmCtkg9UNv4Dbygd/tyHhgncyGuh0iTHiR5tHGj9XjvzjEU14OKxFL
MYX/J3AhQjPTeyr/bPHNUjhu7J/IwAkRhORmIENpHHBY2vKBrRVtITEuyzLZgBCL
RbHwsJ/kG+q5rGDOSUwn2uNpDwEC5jGrB0SVl337m1oJ
-----END CERTIFICATE-----