Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b4/f617a5-3240-48c4-b716-741c1d8dea2b/1/EB1wuDmeUHpHHXGPcvwMNdqGnvs.roa
File:                     EB1wuDmeUHpHHXGPcvwMNdqGnvs.roa (raw, json)
Hash identifier:          S/BpxLczs5GDrHvkHydPA/TMOCqSJ4TvOwz6gx4BBLU=
Subject key identifier:   10:1D:70:B8:39:9E:50:7A:47:1D:71:8F:72:FC:0C:35:DA:86:9E:FB
Certificate issuer:       /CN=c42708df93954aac601aef1835bd5d69245fb02f
Certificate serial:       0194221F9CAF762FAD1F2D7B15BCB5193A39
Authority key identifier: C4:27:08:DF:93:95:4A:AC:60:1A:EF:18:35:BD:5D:69:24:5F:B0:2F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xCcI35OVSqxgGu8YNb1daSRfsC8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b4/f617a5-3240-48c4-b716-741c1d8dea2b/1/EB1wuDmeUHpHHXGPcvwMNdqGnvs.roa
Signing time:             Wed 01 Jan 2025 13:48:04 +0000
ROA not before:           Wed 01 Jan 2025 13:48:04 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     203329
IP address blocks:        194.121.56.0/24 maxlen: 24
                          2001:678:f44::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b4/f617a5-3240-48c4-b716-741c1d8dea2b/1/xCcI35OVSqxgGu8YNb1daSRfsC8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b4/f617a5-3240-48c4-b716-741c1d8dea2b/1/xCcI35OVSqxgGu8YNb1daSRfsC8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xCcI35OVSqxgGu8YNb1daSRfsC8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 11 Apr 2025 17:00:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:1f:9c:af:76:2f:ad:1f:2d:7b:15:bc:b5:19:3a:39
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c42708df93954aac601aef1835bd5d69245fb02f
        Validity
            Not Before: Jan  1 13:48:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=101d70b8399e507a471d718f72fc0c35da869efb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:a1:69:a2:7d:ac:f8:cb:1e:46:19:57:5d:52:
                    d8:16:78:59:01:fd:89:06:50:b5:75:2d:a7:d4:88:
                    c2:93:40:ee:c5:66:c8:d1:ed:4d:0b:df:aa:0d:d9:
                    ca:64:12:9e:5b:79:a3:81:ee:51:bb:7d:f6:9c:cd:
                    1a:e4:53:6b:b6:0b:75:65:bf:38:c7:d1:29:68:44:
                    c5:13:93:09:f3:90:25:c3:84:79:50:e4:74:06:33:
                    fa:ec:d6:fa:eb:6c:3f:99:53:37:93:21:df:21:73:
                    97:22:57:f8:48:80:b3:b3:f2:e4:0d:55:fa:91:d5:
                    e9:cc:0c:0f:0b:4a:81:4b:4a:6f:ba:e7:9d:a6:f4:
                    e6:9a:de:1c:89:53:01:ce:02:89:91:fc:74:e5:f2:
                    2e:83:7b:db:36:4e:34:75:65:11:3b:ed:ae:d1:7d:
                    fc:70:65:f6:55:0a:6f:b4:a5:ba:81:83:b5:b3:e1:
                    97:d6:66:51:40:a4:85:46:b8:e2:90:95:c6:fa:ad:
                    ea:f4:6c:ca:5c:2b:2b:41:cc:83:45:e2:26:d8:f2:
                    4c:31:43:3e:ae:39:20:21:72:bb:21:2e:b4:e1:30:
                    0c:18:77:db:0e:e7:d5:36:78:f8:de:97:48:31:a2:
                    96:ce:ff:78:90:64:d8:e8:52:8d:95:26:8f:5f:72:
                    b5:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                10:1D:70:B8:39:9E:50:7A:47:1D:71:8F:72:FC:0C:35:DA:86:9E:FB
            X509v3 Authority Key Identifier:
                keyid:C4:27:08:DF:93:95:4A:AC:60:1A:EF:18:35:BD:5D:69:24:5F:B0:2F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xCcI35OVSqxgGu8YNb1daSRfsC8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b4/f617a5-3240-48c4-b716-741c1d8dea2b/1/EB1wuDmeUHpHHXGPcvwMNdqGnvs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b4/f617a5-3240-48c4-b716-741c1d8dea2b/1/xCcI35OVSqxgGu8YNb1daSRfsC8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.121.56.0/24
                IPv6:
                  2001:678:f44::/48

    Signature Algorithm: sha256WithRSAEncryption
         16:7f:3b:e8:78:a8:f3:f2:ce:33:6d:fc:00:50:7b:1f:80:81:
         72:c7:86:36:75:97:67:da:7d:a2:3c:2f:aa:29:72:ff:e7:b1:
         8d:17:4e:11:48:60:ec:ba:05:07:8e:1a:75:ba:6a:3a:4d:89:
         d6:dd:28:91:a4:d9:c1:fa:bf:f3:55:2a:9b:68:ae:78:c3:e5:
         cb:4f:32:af:e2:9a:24:29:51:40:5b:b0:97:1f:57:de:77:f5:
         c8:8e:65:ae:53:0e:d5:41:0b:54:8b:e2:d3:6f:d6:8e:ac:53:
         0b:aa:4e:1b:1d:04:be:6e:f9:c9:49:5f:3b:e7:80:50:7b:76:
         70:eb:a3:2e:36:cc:21:56:71:b5:1e:11:34:c3:dd:76:c4:e5:
         5d:d3:80:02:fa:fa:62:7e:9b:cd:44:e5:c4:e3:61:0e:c9:df:
         8f:b6:5d:e5:76:0f:9e:44:6d:3e:66:57:25:06:ea:3f:ec:b2:
         b4:66:67:ca:58:4f:3e:7e:63:7e:cc:58:90:00:6e:ba:26:d9:
         d1:7a:88:ff:46:3b:4e:95:fd:3a:fe:f3:7b:eb:4e:a5:b4:5c:
         a9:58:7e:4c:56:0a:39:a1:91:0d:ed:d1:ee:16:74:75:11:98:
         d5:c0:9c:f1:75:aa:58:35:9c:93:22:b4:09:49:50:46:57:d9:
         5a:cd:87:e8
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZQiH5yvdi+tHy17Fby1GTo5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM0MjcwOGRmOTM5NTRhYWM2MDFhZWYxODM1YmQ1ZDY5MjQ1
ZmIwMmYwHhcNMjUwMTAxMTM0ODA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMDFkNzBiODM5OWU1MDdhNDcxZDcxOGY3MmZjMGMzNWRhODY5ZWZiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjaFpon2s+MseRhlXXVLYFnhZAf2J
BlC1dS2n1IjCk0DuxWbI0e1NC9+qDdnKZBKeW3mjge5Ru332nM0a5FNrtgt1Zb84
x9EpaETFE5MJ85Alw4R5UOR0BjP67Nb662w/mVM3kyHfIXOXIlf4SICzs/LkDVX6
kdXpzAwPC0qBS0pvuuedpvTmmt4ciVMBzgKJkfx05fIug3vbNk40dWURO+2u0X38
cGX2VQpvtKW6gYO1s+GX1mZRQKSFRrjikJXG+q3q9GzKXCsrQcyDReIm2PJMMUM+
rjkgIXK7IS604TAMGHfbDufVNnj43pdIMaKWzv94kGTY6FKNlSaPX3K1YwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFBAdcLg5nlB6Rx1xj3L8DDXahp77MB8GA1UdIwQY
MBaAFMQnCN+TlUqsYBrvGDW9XWkkX7AvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveENjSTM1T1ZTcXhnR3U4WU5iMWRhU1Jmc0M4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNC9mNjE3YTUtMzI0MC00OGM0LWI3MTYt
NzQxYzFkOGRlYTJiLzEvRUIxd3VEbWVVSHBISFhHUGN2d01OZHFHbnZzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNC9mNjE3YTUtMzI0MC00OGM0LWI3MTYtNzQxYzFkOGRlYTJi
LzEveENjSTM1T1ZTcXhnR3U4WU5iMWRhU1Jmc0M4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAwnk4MA8E
AgACMAkDBwAgAQZ4D0QwDQYJKoZIhvcNAQELBQADggEBABZ/O+h4qPPyzjNt/ABQ
ex+AgXLHhjZ1l2fafaI8L6opcv/nsY0XThFIYOy6BQeOGnW6ajpNidbdKJGk2cH6
v/NVKptornjD5ctPMq/imiQpUUBbsJcfV9539ciOZa5TDtVBC1SL4tNv1o6sUwuq
ThsdBL5u+clJXzvngFB7dnDroy42zCFWcbUeETTD3XbE5V3TgAL6+mJ+m81E5cTj
YQ7J34+2XeV2D55EbT5mVyUG6j/ssrRmZ8pYTz5+Y37MWJAAbrom2dF6iP9GO06V
/Tr+83vrTqW0XKlYfkxWCjmhkQ3t0e4WdHURmNXAnPF1qlg1nJMitAlJUEZX2VrN
h+g=
-----END CERTIFICATE-----