Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a9/43d301-f81a-492e-922c-c971dc713b1f/1/Keu4ORQGNbpvqRyHyCkLTUO_lOA.roa
File:                     Keu4ORQGNbpvqRyHyCkLTUO_lOA.roa (raw, json)
Hash identifier:          8AaJ0cxF0N1CmP6IwiLLt/ItfrvG5f97UQsDx1F7lhM=
Subject key identifier:   29:EB:B8:39:14:06:35:BA:6F:A9:1C:87:C8:29:0B:4D:43:BF:94:E0
Certificate issuer:       /CN=98f02b5cfb4172508e0737bf25cd5d22a01dc45a
Certificate serial:       019423693F6BCAB80EC71AB51BC850140280
Authority key identifier: 98:F0:2B:5C:FB:41:72:50:8E:07:37:BF:25:CD:5D:22:A0:1D:C4:5A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mPArXPtBclCOBze_Jc1dIqAdxFo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a9/43d301-f81a-492e-922c-c971dc713b1f/1/Keu4ORQGNbpvqRyHyCkLTUO_lOA.roa
Signing time:             Wed 01 Jan 2025 19:48:07 +0000
ROA not before:           Wed 01 Jan 2025 19:48:07 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     59796
IP address blocks:        193.104.120.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a9/43d301-f81a-492e-922c-c971dc713b1f/1/mPArXPtBclCOBze_Jc1dIqAdxFo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a9/43d301-f81a-492e-922c-c971dc713b1f/1/mPArXPtBclCOBze_Jc1dIqAdxFo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/mPArXPtBclCOBze_Jc1dIqAdxFo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 15 Mar 2025 01:01:55 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:69:3f:6b:ca:b8:0e:c7:1a:b5:1b:c8:50:14:02:80
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=98f02b5cfb4172508e0737bf25cd5d22a01dc45a
        Validity
            Not Before: Jan  1 19:48:07 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=29ebb839140635ba6fa91c87c8290b4d43bf94e0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:57:92:69:76:bb:f8:f2:d0:23:08:ac:9f:54:
                    98:da:dc:dd:61:3d:60:b7:bc:7f:4c:a7:38:d8:58:
                    26:62:8a:37:f7:bd:85:f2:ac:2f:bf:14:ac:4a:1f:
                    a3:a5:b3:f7:07:79:d4:6a:35:0b:1d:cc:4f:ee:30:
                    bb:36:e1:13:ea:68:04:ca:1e:86:ee:cc:b8:cb:96:
                    82:5d:1b:bd:e4:c8:8b:d4:f3:29:56:34:3f:6d:6a:
                    9f:23:f4:24:55:63:cf:d7:99:c0:b8:b2:44:08:95:
                    50:28:ae:47:cb:42:c3:2c:84:bf:8e:8e:a1:12:7b:
                    84:11:03:28:71:0e:a6:4c:c2:36:73:8d:37:26:8d:
                    67:aa:fb:ef:fa:88:52:07:fb:0a:e2:66:67:f9:cc:
                    e1:d7:e8:88:93:70:fe:47:1a:92:9d:14:c8:6c:20:
                    d1:e9:e9:4c:c9:e0:c7:59:b6:12:bc:a7:8d:cc:b9:
                    23:03:05:41:6d:98:3a:41:42:8e:62:51:07:01:c1:
                    06:f1:a7:e2:07:ac:65:8c:14:c5:c8:74:d7:b8:24:
                    19:ba:f6:bc:54:1a:4d:c1:8d:01:c9:5e:29:f1:d6:
                    5a:d2:89:6c:f7:81:0b:c6:84:4e:09:24:9f:31:1d:
                    94:fe:f2:b9:7e:e0:fa:ad:38:43:c5:c0:9e:da:c9:
                    53:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                29:EB:B8:39:14:06:35:BA:6F:A9:1C:87:C8:29:0B:4D:43:BF:94:E0
            X509v3 Authority Key Identifier:
                keyid:98:F0:2B:5C:FB:41:72:50:8E:07:37:BF:25:CD:5D:22:A0:1D:C4:5A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mPArXPtBclCOBze_Jc1dIqAdxFo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/43d301-f81a-492e-922c-c971dc713b1f/1/Keu4ORQGNbpvqRyHyCkLTUO_lOA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/43d301-f81a-492e-922c-c971dc713b1f/1/mPArXPtBclCOBze_Jc1dIqAdxFo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.104.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         81:c3:8e:5f:bd:ea:fc:2d:b4:af:38:a7:33:54:ce:9e:99:5e:
         7f:49:0a:6e:ef:5e:3e:78:54:62:27:4f:63:ff:42:f6:44:0b:
         26:2e:d0:cb:59:8d:c1:20:98:69:44:46:63:d0:c1:23:49:c5:
         b3:62:a0:be:d7:52:94:d5:3d:9b:28:ec:cc:96:84:be:3a:4d:
         db:73:ce:fc:5c:24:2f:26:59:5e:69:3a:f5:12:c4:c8:03:5c:
         c2:0f:c3:d5:0b:4d:c8:27:2a:1e:87:7f:ea:b5:10:ba:6c:0b:
         62:55:fd:f0:f9:32:6c:ee:66:2d:b2:01:37:79:fc:05:8d:c6:
         65:1a:25:32:7f:d0:ce:6a:51:d0:e2:7d:62:31:d9:61:e4:68:
         25:28:e7:43:48:ea:5e:f1:7c:b0:4b:f6:17:cb:6f:9a:3a:9b:
         04:b1:05:84:10:3e:86:66:b6:b7:fe:01:2a:e0:cb:09:40:e2:
         41:fb:d0:21:4e:03:30:a6:d6:ad:f2:f4:97:d2:c7:0f:29:71:
         2a:b6:c3:34:c3:12:e7:b8:56:88:cb:0a:00:f7:84:97:72:0c:
         02:91:f4:12:92:d9:e0:c7:0b:2b:f9:38:b9:30:c1:39:3b:f5:
         40:30:50:7e:aa:3d:43:e8:b2:6b:2e:ad:ca:6c:20:cc:ab:43:
         7e:9e:a5:ea
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQjaT9ryrgOxxq1G8hQFAKAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk4ZjAyYjVjZmI0MTcyNTA4ZTA3MzdiZjI1Y2Q1ZDIyYTAx
ZGM0NWEwHhcNMjUwMTAxMTk0ODA3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOWViYjgzOTE0MDYzNWJhNmZhOTFjODdjODI5MGI0ZDQzYmY5NGUwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA11eSaXa7+PLQIwisn1SY2tzdYT1g
t7x/TKc42FgmYoo3972F8qwvvxSsSh+jpbP3B3nUajULHcxP7jC7NuET6mgEyh6G
7sy4y5aCXRu95MiL1PMpVjQ/bWqfI/QkVWPP15nAuLJECJVQKK5Hy0LDLIS/jo6h
EnuEEQMocQ6mTMI2c403Jo1nqvvv+ohSB/sK4mZn+czh1+iIk3D+RxqSnRTIbCDR
6elMyeDHWbYSvKeNzLkjAwVBbZg6QUKOYlEHAcEG8afiB6xljBTFyHTXuCQZuva8
VBpNwY0ByV4p8dZa0ols94ELxoROCSSfMR2U/vK5fuD6rThDxcCe2slTYwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCnruDkUBjW6b6kch8gpC01Dv5TgMB8GA1UdIwQY
MBaAFJjwK1z7QXJQjgc3vyXNXSKgHcRaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbVBBclhQdEJjbENPQnplX0pjMWRJcUFkeEZvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOS80M2QzMDEtZjgxYS00OTJlLTkyMmMt
Yzk3MWRjNzEzYjFmLzEvS2V1NE9SUUdOYnB2cVJ5SHlDa0xUVU9fbE9BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hOS80M2QzMDEtZjgxYS00OTJlLTkyMmMtYzk3MWRjNzEzYjFm
LzEvbVBBclhQdEJjbENPQnplX0pjMWRJcUFkeEZvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwWh4MA0G
CSqGSIb3DQEBCwUAA4IBAQCBw45fver8LbSvOKczVM6emV5/SQpu714+eFRiJ09j
/0L2RAsmLtDLWY3BIJhpREZj0MEjScWzYqC+11KU1T2bKOzMloS+Ok3bc878XCQv
JlleaTr1EsTIA1zCD8PVC03IJyoeh3/qtRC6bAtiVf3w+TJs7mYtsgE3efwFjcZl
GiUyf9DOalHQ4n1iMdlh5GglKOdDSOpe8XywS/YXy2+aOpsEsQWEED6GZra3/gEq
4MsJQOJB+9AhTgMwptat8vSX0scPKXEqtsM0wxLnuFaIywoA94SXcgwCkfQSktng
xwsr+Ti5MME5O/VAMFB+qj1D6LJrLq3KbCDMq0N+nqXq
-----END CERTIFICATE-----