Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b4/a5c3dd-9f98-4c7f-af43-4cec71210734/1/_oI-Lkb0IuWy-UHIoAbDqvwfl1s.roa
File:                     _oI-Lkb0IuWy-UHIoAbDqvwfl1s.roa (raw, json)
Hash identifier:          mRZXCcW1ghBXMTwSw7NYgVRMYeyGjl4gH8juqLCzVks=
Subject key identifier:   FE:82:3E:2E:46:F4:22:E5:B2:F9:41:C8:A0:06:C3:AA:FC:1F:97:5B
Certificate issuer:       /CN=b6b726f0592b504e723305f67bab5147d4ea696d
Certificate serial:       019421B1DA0E6313D0DE25783DEF318FE102
Authority key identifier: B6:B7:26:F0:59:2B:50:4E:72:33:05:F6:7B:AB:51:47:D4:EA:69:6D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/trcm8FkrUE5yMwX2e6tRR9TqaW0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b4/a5c3dd-9f98-4c7f-af43-4cec71210734/1/_oI-Lkb0IuWy-UHIoAbDqvwfl1s.roa
Signing time:             Wed 01 Jan 2025 11:48:11 +0000
ROA not before:           Wed 01 Jan 2025 11:48:11 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     50506
IP address blocks:        195.191.94.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b4/a5c3dd-9f98-4c7f-af43-4cec71210734/1/trcm8FkrUE5yMwX2e6tRR9TqaW0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b4/a5c3dd-9f98-4c7f-af43-4cec71210734/1/trcm8FkrUE5yMwX2e6tRR9TqaW0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/trcm8FkrUE5yMwX2e6tRR9TqaW0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Feb 2025 23:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:b1:da:0e:63:13:d0:de:25:78:3d:ef:31:8f:e1:02
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b6b726f0592b504e723305f67bab5147d4ea696d
        Validity
            Not Before: Jan  1 11:48:11 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=fe823e2e46f422e5b2f941c8a006c3aafc1f975b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:00:ee:cd:6f:60:61:59:84:cd:20:95:70:9e:
                    ba:ba:99:e0:df:af:1b:e1:96:a7:44:06:96:82:fe:
                    49:a8:4d:85:44:dc:58:af:69:14:3b:9f:9d:de:39:
                    2a:ee:b9:c0:f5:8f:94:eb:5b:83:e1:e6:ce:53:6a:
                    b5:d9:3a:55:76:14:83:11:7b:8b:10:17:4d:35:a2:
                    5e:75:91:49:37:03:31:24:14:f7:ac:04:7d:17:96:
                    9a:dd:cd:e8:a0:10:76:70:8d:d8:83:7a:e6:4c:99:
                    92:15:9c:4b:55:39:1d:f2:3a:24:8c:58:08:62:fe:
                    fa:bd:ec:69:50:25:cf:29:94:9c:99:f9:68:8f:90:
                    27:32:bc:69:8b:a3:69:9a:6e:25:d2:76:e9:d2:a2:
                    a8:c9:c0:e7:9b:40:b5:85:3b:16:c1:64:2b:09:4b:
                    d7:a3:79:fe:7e:57:a1:3b:5a:a3:c3:3c:5b:f5:d5:
                    3c:d4:50:a9:89:77:f4:99:ab:d5:54:21:ee:3e:01:
                    d0:aa:14:43:97:5d:bf:df:e9:55:7e:72:22:ef:66:
                    47:1f:29:85:39:32:34:c2:7d:ba:48:9e:00:6e:33:
                    fa:ac:90:4e:35:a9:f4:7e:b1:55:12:ec:84:44:e1:
                    01:c2:69:0e:d3:c3:51:63:00:d1:87:8d:d3:e8:e5:
                    8b:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FE:82:3E:2E:46:F4:22:E5:B2:F9:41:C8:A0:06:C3:AA:FC:1F:97:5B
            X509v3 Authority Key Identifier:
                keyid:B6:B7:26:F0:59:2B:50:4E:72:33:05:F6:7B:AB:51:47:D4:EA:69:6D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/trcm8FkrUE5yMwX2e6tRR9TqaW0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b4/a5c3dd-9f98-4c7f-af43-4cec71210734/1/_oI-Lkb0IuWy-UHIoAbDqvwfl1s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b4/a5c3dd-9f98-4c7f-af43-4cec71210734/1/trcm8FkrUE5yMwX2e6tRR9TqaW0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.191.94.0/23

    Signature Algorithm: sha256WithRSAEncryption
         38:34:49:93:fd:04:1f:1a:f0:5b:ad:08:9b:29:33:8d:3b:c2:
         9e:98:a0:05:36:d9:00:3e:89:7f:97:a6:51:e5:bd:d8:16:b1:
         42:8c:a2:c0:7e:01:4d:4d:91:3e:6e:e9:da:f4:8e:5e:c5:d1:
         4c:32:08:36:9a:1c:74:c6:be:3d:95:f5:eb:d4:84:70:f0:ba:
         a1:2c:e7:5a:fc:35:8c:4d:ae:cc:ef:9e:86:d1:2e:62:c6:26:
         f7:86:40:e9:72:6a:7a:18:fb:22:f8:60:29:00:40:ef:54:4e:
         13:c8:a8:9b:fb:13:b6:e3:35:50:93:72:a8:5d:b7:87:ed:86:
         15:0c:35:39:91:19:b4:b2:06:1d:55:c6:02:cb:1b:ec:ce:9c:
         c6:93:25:30:d8:a6:24:b8:e2:96:e9:39:65:7c:73:3c:5b:b0:
         15:48:2f:49:3e:72:cc:c5:75:06:55:ae:ab:64:f0:f3:5b:5b:
         78:ab:b8:56:20:87:fc:f5:4d:57:0f:03:9f:65:ab:17:e0:02:
         d2:b1:66:ae:bd:8e:6e:22:64:48:4b:a4:19:fc:9f:83:ec:d5:
         e2:7b:a6:00:f9:18:22:6c:22:8a:e4:e9:b9:2c:37:be:33:08:
         10:7b:e9:d7:bf:48:9e:6a:de:9d:09:d8:9c:69:b9:12:3c:b0:
         e2:bf:b9:7b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhsdoOYxPQ3iV4Pe8xj+ECMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI2YjcyNmYwNTkyYjUwNGU3MjMzMDVmNjdiYWI1MTQ3ZDRl
YTY5NmQwHhcNMjUwMTAxMTE0ODExWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZTgyM2UyZTQ2ZjQyMmU1YjJmOTQxYzhhMDA2YzNhYWZjMWY5NzViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAswDuzW9gYVmEzSCVcJ66upng368b
4ZanRAaWgv5JqE2FRNxYr2kUO5+d3jkq7rnA9Y+U61uD4ebOU2q12TpVdhSDEXuL
EBdNNaJedZFJNwMxJBT3rAR9F5aa3c3ooBB2cI3Yg3rmTJmSFZxLVTkd8jokjFgI
Yv76vexpUCXPKZScmfloj5AnMrxpi6Npmm4l0nbp0qKoycDnm0C1hTsWwWQrCUvX
o3n+flehO1qjwzxb9dU81FCpiXf0mavVVCHuPgHQqhRDl12/3+lVfnIi72ZHHymF
OTI0wn26SJ4AbjP6rJBONan0frFVEuyEROEBwmkO08NRYwDRh43T6OWL2QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFP6CPi5G9CLlsvlByKAGw6r8H5dbMB8GA1UdIwQY
MBaAFLa3JvBZK1BOcjMF9nurUUfU6mltMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdHJjbThGa3JVRTV5TXdYMmU2dFJSOVRxYVcwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNC9hNWMzZGQtOWY5OC00YzdmLWFmNDMt
NGNlYzcxMjEwNzM0LzEvX29JLUxrYjBJdVd5LVVISW9BYkRxdndmbDFzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNC9hNWMzZGQtOWY5OC00YzdmLWFmNDMtNGNlYzcxMjEwNzM0
LzEvdHJjbThGa3JVRTV5TXdYMmU2dFJSOVRxYVcwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBw79eMA0G
CSqGSIb3DQEBCwUAA4IBAQA4NEmT/QQfGvBbrQibKTONO8KemKAFNtkAPol/l6ZR
5b3YFrFCjKLAfgFNTZE+buna9I5exdFMMgg2mhx0xr49lfXr1IRw8LqhLOda/DWM
Ta7M756G0S5ixib3hkDpcmp6GPsi+GApAEDvVE4TyKib+xO24zVQk3KoXbeH7YYV
DDU5kRm0sgYdVcYCyxvszpzGkyUw2KYkuOKW6TllfHM8W7AVSC9JPnLMxXUGVa6r
ZPDzW1t4q7hWIIf89U1XDwOfZasX4ALSsWauvY5uImRIS6QZ/J+D7NXie6YA+Rgi
bCKK5Om5LDe+MwgQe+nXv0ieat6dCdicabkSPLDiv7l7
-----END CERTIFICATE-----