Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b2/669ace-f864-44d7-a07e-80597eb44426/1/sjAjhtjT9idj_VOPKz21hZUiTyM.roa
File:                     sjAjhtjT9idj_VOPKz21hZUiTyM.roa (raw, json)
Hash identifier:          GIvaCG/17riJHZiERj633+3ciTXhudtU1ZczZq4oF9g=
Subject key identifier:   B2:30:23:86:D8:D3:F6:27:63:FD:53:8F:2B:3D:B5:85:95:22:4F:23
Certificate issuer:       /CN=caf17800f1943af1c514284cc3be780e9c21dd78
Certificate serial:       01942067F6A8B188628E012FC5474923CB7C
Authority key identifier: CA:F1:78:00:F1:94:3A:F1:C5:14:28:4C:C3:BE:78:0E:9C:21:DD:78
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/yvF4APGUOvHFFChMw754Dpwh3Xg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b2/669ace-f864-44d7-a07e-80597eb44426/1/sjAjhtjT9idj_VOPKz21hZUiTyM.roa
Signing time:             Wed 01 Jan 2025 05:47:51 +0000
ROA not before:           Wed 01 Jan 2025 05:47:51 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     39658
IP address blocks:        194.50.107.0/24 maxlen: 24
                          2a01:9080::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b2/669ace-f864-44d7-a07e-80597eb44426/1/yvF4APGUOvHFFChMw754Dpwh3Xg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b2/669ace-f864-44d7-a07e-80597eb44426/1/yvF4APGUOvHFFChMw754Dpwh3Xg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/yvF4APGUOvHFFChMw754Dpwh3Xg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 17:00:07 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:67:f6:a8:b1:88:62:8e:01:2f:c5:47:49:23:cb:7c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=caf17800f1943af1c514284cc3be780e9c21dd78
        Validity
            Not Before: Jan  1 05:47:51 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b2302386d8d3f62763fd538f2b3db58595224f23
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:62:37:bd:47:ff:3b:6d:b0:30:e7:4c:96:86:
                    0a:b5:09:07:d3:f3:c4:ce:ac:99:ac:6f:94:91:ec:
                    16:0b:e4:6c:1e:c3:42:09:07:d1:0c:b8:a2:3f:4d:
                    a6:8c:2b:6c:b7:e7:62:3f:e7:fb:39:3a:07:60:18:
                    79:1d:48:ff:c1:4a:aa:f1:b2:ce:96:9e:22:d5:48:
                    88:5a:ba:ba:69:09:22:77:47:42:14:b7:3f:17:91:
                    7f:6e:d3:56:4a:17:32:9f:ea:23:90:c0:9f:39:61:
                    ce:7d:0b:ca:55:79:9a:9d:67:9c:bb:e8:8e:c5:22:
                    a5:60:59:f6:63:4a:3a:88:ad:92:af:7e:d8:79:86:
                    a4:7f:23:7f:66:42:d8:a7:02:46:44:a4:d6:2d:ab:
                    17:f3:9d:33:08:3a:eb:a5:8a:e3:20:4e:f6:27:65:
                    02:8b:4b:c1:4e:4e:28:a6:a7:d9:e4:8f:ba:51:52:
                    84:bd:4e:0d:ba:67:d8:18:57:2c:a8:3c:8b:85:e6:
                    a1:46:d3:53:c1:3d:73:24:39:cf:0e:9c:a0:14:d8:
                    fd:c9:7a:42:0f:12:89:2e:e7:dc:d9:44:1a:61:af:
                    6a:11:6c:47:7e:5d:41:fb:9f:46:c5:30:c9:43:d5:
                    5e:99:55:bd:19:29:e9:a3:bc:5c:51:21:f9:a1:95:
                    72:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B2:30:23:86:D8:D3:F6:27:63:FD:53:8F:2B:3D:B5:85:95:22:4F:23
            X509v3 Authority Key Identifier:
                keyid:CA:F1:78:00:F1:94:3A:F1:C5:14:28:4C:C3:BE:78:0E:9C:21:DD:78

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/yvF4APGUOvHFFChMw754Dpwh3Xg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/669ace-f864-44d7-a07e-80597eb44426/1/sjAjhtjT9idj_VOPKz21hZUiTyM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/669ace-f864-44d7-a07e-80597eb44426/1/yvF4APGUOvHFFChMw754Dpwh3Xg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.50.107.0/24
                IPv6:
                  2a01:9080::/32

    Signature Algorithm: sha256WithRSAEncryption
         1f:b5:78:27:d5:ce:cc:83:ac:6e:d8:fe:ec:38:a5:7f:7f:ff:
         8c:a0:93:77:ec:48:6a:d9:28:e7:40:4a:8b:d1:28:bd:3a:77:
         3f:c2:c3:00:69:c9:2c:07:f5:93:d2:b7:e4:7a:ee:d8:e9:41:
         26:96:21:0a:92:ad:cb:2e:75:cd:40:8c:66:3f:e4:26:c6:23:
         6b:c5:3e:ba:be:1a:b0:a6:ab:2e:ea:d9:35:df:43:2e:39:65:
         20:ec:86:e9:d6:9d:ae:51:92:ea:37:61:ee:1e:90:0d:a9:e6:
         81:69:3d:24:c1:cf:d0:34:65:90:76:b8:58:60:d4:c3:97:be:
         f5:b1:f4:e9:6a:c3:5b:59:e6:84:e7:26:7b:f5:a9:ab:41:fe:
         fd:a3:74:62:44:3f:a4:6a:39:f4:75:2c:42:10:35:0f:21:a0:
         93:f5:66:e9:50:e8:5d:fe:20:62:3e:ea:d5:59:ea:13:00:bb:
         3a:af:97:30:6b:74:5a:11:93:1a:ef:5d:f3:1d:a5:7e:86:45:
         34:a1:a4:7b:6f:88:83:82:a3:bd:47:92:be:b3:ea:e8:60:8c:
         cd:11:87:4b:a4:bd:32:ab:66:a3:d1:14:28:36:77:3e:22:9b:
         c1:97:58:ce:cb:a6:69:d9:38:3c:fa:de:bc:76:11:1c:1f:07:
         b8:b6:3d:3d
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQgZ/aosYhijgEvxUdJI8t8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNhZjE3ODAwZjE5NDNhZjFjNTE0Mjg0Y2MzYmU3ODBlOWMy
MWRkNzgwHhcNMjUwMTAxMDU0NzUxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMjMwMjM4NmQ4ZDNmNjI3NjNmZDUzOGYyYjNkYjU4NTk1MjI0ZjIzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqmI3vUf/O22wMOdMloYKtQkH0/PE
zqyZrG+UkewWC+RsHsNCCQfRDLiiP02mjCtst+diP+f7OToHYBh5HUj/wUqq8bLO
lp4i1UiIWrq6aQkid0dCFLc/F5F/btNWShcyn+ojkMCfOWHOfQvKVXmanWecu+iO
xSKlYFn2Y0o6iK2Sr37YeYakfyN/ZkLYpwJGRKTWLasX850zCDrrpYrjIE72J2UC
i0vBTk4opqfZ5I+6UVKEvU4NumfYGFcsqDyLheahRtNTwT1zJDnPDpygFNj9yXpC
DxKJLufc2UQaYa9qEWxHfl1B+59GxTDJQ9VemVW9GSnpo7xcUSH5oZVy0wIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFLIwI4bY0/YnY/1Tjys9tYWVIk8jMB8GA1UdIwQY
MBaAFMrxeADxlDrxxRQoTMO+eA6cId14MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveXZGNEFQR1VPdkhGRkNoTXc3NTREcHdoM1hnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMi82NjlhY2UtZjg2NC00NGQ3LWEwN2Ut
ODA1OTdlYjQ0NDI2LzEvc2pBamh0alQ5aWRqX1ZPUEt6MjFoWlVpVHlNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMi82NjlhY2UtZjg2NC00NGQ3LWEwN2UtODA1OTdlYjQ0NDI2
LzEveXZGNEFQR1VPdkhGRkNoTXc3NTREcHdoM1hnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAwjJrMA0E
AgACMAcDBQAqAZCAMA0GCSqGSIb3DQEBCwUAA4IBAQAftXgn1c7Mg6xu2P7sOKV/
f/+MoJN37Ehq2SjnQEqL0Si9Onc/wsMAacksB/WT0rfkeu7Y6UEmliEKkq3LLnXN
QIxmP+QmxiNrxT66vhqwpqsu6tk130MuOWUg7Ibp1p2uUZLqN2HuHpANqeaBaT0k
wc/QNGWQdrhYYNTDl771sfTpasNbWeaE5yZ79amrQf79o3RiRD+kajn0dSxCEDUP
IaCT9WbpUOhd/iBiPurVWeoTALs6r5cwa3RaEZMa713zHaV+hkU0oaR7b4iDgqO9
R5K+s+roYIzNEYdLpL0yq2aj0RQoNnc+IpvBl1jOy6Zp2Tg8+t68dhEcHwe4tj09
-----END CERTIFICATE-----