Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a1/bdd2ba-a484-4b0d-ae9a-5d33e18a69a0/1/sO-QyC1vz5w60dvkaCQsXtLi8YA.roa
File:                     sO-QyC1vz5w60dvkaCQsXtLi8YA.roa (raw, json)
Hash identifier:          wtWXsxxZV53+P/qICncBE0LIXN7QWpyRCdTXr4pbwmE=
Subject key identifier:   B0:EF:90:C8:2D:6F:CF:9C:3A:D1:DB:E4:68:24:2C:5E:D2:E2:F1:80
Certificate issuer:       /CN=344718d135a09bb524706b4259cabcc626e514ef
Certificate serial:       019423D6F01EDDBE0EF5E45301C59E22796C
Authority key identifier: 34:47:18:D1:35:A0:9B:B5:24:70:6B:42:59:CA:BC:C6:26:E5:14:EF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NEcY0TWgm7UkcGtCWcq8xiblFO8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a1/bdd2ba-a484-4b0d-ae9a-5d33e18a69a0/1/sO-QyC1vz5w60dvkaCQsXtLi8YA.roa
Signing time:             Wed 01 Jan 2025 21:47:56 +0000
ROA not before:           Wed 01 Jan 2025 21:47:56 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     38915
IP address blocks:        194.104.157.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a1/bdd2ba-a484-4b0d-ae9a-5d33e18a69a0/1/NEcY0TWgm7UkcGtCWcq8xiblFO8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a1/bdd2ba-a484-4b0d-ae9a-5d33e18a69a0/1/NEcY0TWgm7UkcGtCWcq8xiblFO8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NEcY0TWgm7UkcGtCWcq8xiblFO8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 09:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:d6:f0:1e:dd:be:0e:f5:e4:53:01:c5:9e:22:79:6c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=344718d135a09bb524706b4259cabcc626e514ef
        Validity
            Not Before: Jan  1 21:47:56 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b0ef90c82d6fcf9c3ad1dbe468242c5ed2e2f180
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:91:e4:d9:68:94:d7:d7:b9:f2:97:21:ef:a0:
                    dc:e9:c5:7e:b1:ca:da:64:a5:1d:9d:73:01:1b:91:
                    33:d8:e4:55:c5:23:78:8f:dc:a6:3d:37:e1:db:f0:
                    f3:56:e2:78:5d:3d:95:52:19:55:62:9a:0a:bc:34:
                    1b:91:90:15:88:ed:f6:20:ce:6a:63:1d:ad:3c:e1:
                    64:13:1f:36:c4:5f:6b:e5:b7:0f:b2:3d:3f:c7:0b:
                    f8:38:b6:a6:6f:16:a6:66:66:9d:9d:93:92:ef:46:
                    73:09:c0:b2:6c:55:4d:d4:e4:2c:c1:2e:1e:03:96:
                    f5:57:68:a4:b3:ec:67:b5:9d:a6:97:af:bd:e3:77:
                    33:ae:19:30:26:e6:30:76:e2:0d:98:a4:d8:67:bb:
                    af:6a:7f:89:70:e2:5d:3b:e4:0e:de:4d:a0:48:69:
                    87:a7:6b:8e:92:88:f7:da:28:10:8e:fa:e6:3a:73:
                    5c:96:a8:5e:8b:dd:ab:b5:7c:c8:e0:89:71:25:94:
                    22:09:3e:b1:26:bb:0d:97:6d:75:d8:6c:d1:a6:fa:
                    fa:54:4a:56:de:b1:d6:de:e2:b8:1f:d0:b6:83:7e:
                    cc:e6:c8:87:0c:b6:80:85:38:98:82:b8:01:a8:47:
                    e2:b4:b3:a2:51:14:55:4c:ad:4d:61:da:f4:9b:62:
                    2a:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B0:EF:90:C8:2D:6F:CF:9C:3A:D1:DB:E4:68:24:2C:5E:D2:E2:F1:80
            X509v3 Authority Key Identifier:
                keyid:34:47:18:D1:35:A0:9B:B5:24:70:6B:42:59:CA:BC:C6:26:E5:14:EF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NEcY0TWgm7UkcGtCWcq8xiblFO8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a1/bdd2ba-a484-4b0d-ae9a-5d33e18a69a0/1/sO-QyC1vz5w60dvkaCQsXtLi8YA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a1/bdd2ba-a484-4b0d-ae9a-5d33e18a69a0/1/NEcY0TWgm7UkcGtCWcq8xiblFO8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.104.157.0/24

    Signature Algorithm: sha256WithRSAEncryption
         73:d2:27:73:73:9d:4e:e5:a8:93:1e:46:e6:b8:70:2a:7f:b8:
         46:16:7e:b2:33:b0:2f:64:9e:89:9a:1b:cf:98:7c:fd:31:36:
         2c:8e:e2:04:e2:ca:02:d9:49:2f:4c:0e:67:fc:99:44:3b:96:
         22:59:39:3a:fc:a3:45:e9:c4:63:45:c3:8e:e7:a8:69:8c:90:
         d1:54:30:0f:41:f0:6b:52:fb:f8:98:82:ac:3c:aa:a6:a4:67:
         f2:2e:f7:57:58:48:e3:c1:e2:c4:85:a0:6c:8b:7d:78:53:f8:
         56:70:d6:ff:d6:7e:c7:ab:25:86:e4:03:bd:28:64:f6:d2:e6:
         ee:9f:15:34:a1:f1:33:e5:fc:b7:2e:83:ed:6a:de:ef:3f:60:
         ec:3f:f6:91:f2:de:97:24:b8:7d:c4:2e:89:56:0f:62:6d:38:
         3d:01:cc:91:3d:d9:8b:07:7f:23:b3:59:00:13:31:6f:4e:1e:
         62:97:70:dd:4c:e5:ab:4f:14:a1:c1:da:74:f7:24:05:34:4f:
         9a:a0:66:15:7e:e8:d6:3e:75:b8:a8:75:c6:8c:87:fa:45:97:
         33:66:b6:ed:db:ec:ad:1c:7a:9b:54:70:6e:44:a5:c0:40:4b:
         fc:97:1e:72:6e:58:68:ca:b7:1c:2a:22:22:b9:80:1a:07:ba:
         0b:cd:54:57
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQj1vAe3b4O9eRTAcWeInlsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM0NDcxOGQxMzVhMDliYjUyNDcwNmI0MjU5Y2FiY2M2MjZl
NTE0ZWYwHhcNMjUwMTAxMjE0NzU2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMGVmOTBjODJkNmZjZjljM2FkMWRiZTQ2ODI0MmM1ZWQyZTJmMTgwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw5Hk2WiU19e58pch76Dc6cV+scra
ZKUdnXMBG5Ez2ORVxSN4j9ymPTfh2/DzVuJ4XT2VUhlVYpoKvDQbkZAViO32IM5q
Yx2tPOFkEx82xF9r5bcPsj0/xwv4OLambxamZmadnZOS70ZzCcCybFVN1OQswS4e
A5b1V2iks+xntZ2ml6+943czrhkwJuYwduINmKTYZ7uvan+JcOJdO+QO3k2gSGmH
p2uOkoj32igQjvrmOnNclqhei92rtXzI4IlxJZQiCT6xJrsNl2112GzRpvr6VEpW
3rHW3uK4H9C2g37M5siHDLaAhTiYgrgBqEfitLOiURRVTK1NYdr0m2IqXwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLDvkMgtb8+cOtHb5GgkLF7S4vGAMB8GA1UdIwQY
MBaAFDRHGNE1oJu1JHBrQlnKvMYm5RTvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTkVjWTBUV2dtN1VrY0d0Q1djcTh4aWJsRk84LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMS9iZGQyYmEtYTQ4NC00YjBkLWFlOWEt
NWQzM2UxOGE2OWEwLzEvc08tUXlDMXZ6NXc2MGR2a2FDUXNYdExpOFlBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMS9iZGQyYmEtYTQ4NC00YjBkLWFlOWEtNWQzM2UxOGE2OWEw
LzEvTkVjWTBUV2dtN1VrY0d0Q1djcTh4aWJsRk84LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwmidMA0G
CSqGSIb3DQEBCwUAA4IBAQBz0idzc51O5aiTHkbmuHAqf7hGFn6yM7AvZJ6JmhvP
mHz9MTYsjuIE4soC2UkvTA5n/JlEO5YiWTk6/KNF6cRjRcOO56hpjJDRVDAPQfBr
Uvv4mIKsPKqmpGfyLvdXWEjjweLEhaBsi314U/hWcNb/1n7HqyWG5AO9KGT20ubu
nxU0ofEz5fy3LoPtat7vP2DsP/aR8t6XJLh9xC6JVg9ibTg9AcyRPdmLB38js1kA
EzFvTh5il3DdTOWrTxShwdp09yQFNE+aoGYVfujWPnW4qHXGjIf6RZczZrbt2+yt
HHqbVHBuRKXAQEv8lx5yblhoyrccKiIiuYAaB7oLzVRX
-----END CERTIFICATE-----