Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b9/4bb5a7-346c-4195-9d0f-59f5984b64ea/1/RhTgRnEQVN7BS8zCeDKIuJodexE.roa
File:                     RhTgRnEQVN7BS8zCeDKIuJodexE.roa (raw, json)
Hash identifier:          kwTo3MfM5TV/NqXvs58S+K2AnfxciliE0IO9j6jlzFA=
Subject key identifier:   46:14:E0:46:71:10:54:DE:C1:4B:CC:C2:78:32:88:B8:9A:1D:7B:11
Certificate issuer:       /CN=d48a27f44b10404c52f6ffc4e08dc82bf8b5dee4
Certificate serial:       019420D65EED0F0A367CCAFFABFCFEB48A68
Authority key identifier: D4:8A:27:F4:4B:10:40:4C:52:F6:FF:C4:E0:8D:C8:2B:F8:B5:DE:E4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1Ion9EsQQExS9v_E4I3IK_i13uQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b9/4bb5a7-346c-4195-9d0f-59f5984b64ea/1/RhTgRnEQVN7BS8zCeDKIuJodexE.roa
Signing time:             Wed 01 Jan 2025 07:48:27 +0000
ROA not before:           Wed 01 Jan 2025 07:48:27 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     207645
IP address blocks:        94.176.96.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b9/4bb5a7-346c-4195-9d0f-59f5984b64ea/1/1Ion9EsQQExS9v_E4I3IK_i13uQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b9/4bb5a7-346c-4195-9d0f-59f5984b64ea/1/1Ion9EsQQExS9v_E4I3IK_i13uQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1Ion9EsQQExS9v_E4I3IK_i13uQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 02:00:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:d6:5e:ed:0f:0a:36:7c:ca:ff:ab:fc:fe:b4:8a:68
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d48a27f44b10404c52f6ffc4e08dc82bf8b5dee4
        Validity
            Not Before: Jan  1 07:48:27 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4614e046711054dec14bccc2783288b89a1d7b11
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:f3:22:b9:ab:d5:17:5a:4c:e4:9c:f5:67:f7:
                    38:a7:5c:52:c7:72:a7:74:1c:a5:0e:f6:14:b8:44:
                    ef:ce:69:70:1c:9b:18:d4:f4:a8:c0:df:c0:44:1d:
                    d6:b3:21:d4:6b:30:12:2d:7a:b7:a2:2c:7b:3e:2c:
                    36:ae:4a:e4:1e:53:71:cb:04:33:fb:71:a5:00:b3:
                    e8:83:fe:b5:b7:f8:4a:f4:56:ca:63:ad:29:5e:59:
                    3a:e6:3d:cf:5a:25:8b:26:3b:dc:21:0d:9b:07:cc:
                    eb:b7:3c:37:0e:c1:a0:c1:33:28:23:9e:12:12:cf:
                    16:ee:18:d3:5b:7a:f4:43:fc:2c:6b:8c:86:24:b8:
                    5b:30:c3:6c:f4:49:b4:71:d2:7d:6c:ec:50:e1:5b:
                    97:bb:4a:ca:bd:f0:c7:57:b5:11:13:fb:d4:36:44:
                    d6:7c:9b:53:7b:7d:89:e5:d1:c3:93:21:e0:f9:5f:
                    d4:79:3e:b7:df:84:b1:13:3a:41:08:ae:57:3f:b9:
                    54:33:55:0c:fb:ea:f6:cd:61:49:21:53:01:e2:49:
                    6f:57:64:48:6a:ba:2c:21:cc:6f:e7:33:67:fb:ce:
                    99:c4:18:59:43:e2:5b:ce:21:59:cf:75:1f:05:fa:
                    e2:ae:a0:d7:d4:28:41:2c:dc:dd:ba:52:78:8f:27:
                    20:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                46:14:E0:46:71:10:54:DE:C1:4B:CC:C2:78:32:88:B8:9A:1D:7B:11
            X509v3 Authority Key Identifier:
                keyid:D4:8A:27:F4:4B:10:40:4C:52:F6:FF:C4:E0:8D:C8:2B:F8:B5:DE:E4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1Ion9EsQQExS9v_E4I3IK_i13uQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b9/4bb5a7-346c-4195-9d0f-59f5984b64ea/1/RhTgRnEQVN7BS8zCeDKIuJodexE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b9/4bb5a7-346c-4195-9d0f-59f5984b64ea/1/1Ion9EsQQExS9v_E4I3IK_i13uQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.176.96.0/24

    Signature Algorithm: sha256WithRSAEncryption
         39:98:dc:62:a6:2a:d7:fb:56:67:95:ef:d9:cb:b1:9e:0d:c4:
         a2:14:ed:28:4e:0f:7c:18:7c:e8:52:32:bc:55:19:69:9d:c1:
         88:05:17:4e:bb:e9:7a:29:ec:88:8e:47:2d:23:29:c2:76:de:
         1c:60:a6:1e:60:e9:46:4d:4e:b1:96:1a:e1:36:bc:2e:0b:2a:
         d9:4f:4f:0b:fc:65:81:bd:c8:ce:ea:e2:ea:68:ec:a2:53:aa:
         d8:15:e7:14:3c:8b:a6:da:b1:75:21:3c:39:91:f2:a6:74:a4:
         5b:27:86:e5:6d:95:1b:f1:91:ae:8d:8a:e0:53:be:40:62:36:
         a5:dc:8b:7f:be:23:c4:b7:68:13:24:c4:d0:48:60:20:b2:db:
         cd:e4:93:d8:46:8b:da:cf:e2:27:d9:c6:37:d5:90:67:f9:eb:
         6c:23:64:51:4c:dd:6d:72:57:99:5e:cc:be:d5:a9:12:ed:81:
         75:83:f8:32:bb:39:9c:8b:34:22:2b:0b:60:43:b6:b5:63:ae:
         65:20:d6:92:1f:cc:d7:79:b9:a7:03:5a:ce:12:8e:78:56:e1:
         5b:84:37:de:34:f8:cb:78:8a:3b:45:ed:10:d4:41:3c:8c:9b:
         76:56:c3:39:af:16:f2:7d:19:33:db:17:08:fa:95:7b:84:cc:
         1b:0b:6e:84
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQg1l7tDwo2fMr/q/z+tIpoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ0OGEyN2Y0NGIxMDQwNGM1MmY2ZmZjNGUwOGRjODJiZjhi
NWRlZTQwHhcNMjUwMTAxMDc0ODI3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NjE0ZTA0NjcxMTA1NGRlYzE0YmNjYzI3ODMyODhiODlhMWQ3YjExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj/MiuavVF1pM5Jz1Z/c4p1xSx3Kn
dBylDvYUuETvzmlwHJsY1PSowN/ARB3WsyHUazASLXq3oix7Piw2rkrkHlNxywQz
+3GlALPog/61t/hK9FbKY60pXlk65j3PWiWLJjvcIQ2bB8zrtzw3DsGgwTMoI54S
Es8W7hjTW3r0Q/wsa4yGJLhbMMNs9Em0cdJ9bOxQ4VuXu0rKvfDHV7URE/vUNkTW
fJtTe32J5dHDkyHg+V/UeT6334SxEzpBCK5XP7lUM1UM++r2zWFJIVMB4klvV2RI
arosIcxv5zNn+86ZxBhZQ+JbziFZz3UfBfrirqDX1ChBLNzdulJ4jycg6QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEYU4EZxEFTewUvMwngyiLiaHXsRMB8GA1UdIwQY
MBaAFNSKJ/RLEEBMUvb/xOCNyCv4td7kMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMUlvbjlFc1FRRXhTOXZfRTRJM0lLX2kxM3VRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOS80YmI1YTctMzQ2Yy00MTk1LTlkMGYt
NTlmNTk4NGI2NGVhLzEvUmhUZ1JuRVFWTjdCUzh6Q2VES0l1Sm9kZXhFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOS80YmI1YTctMzQ2Yy00MTk1LTlkMGYtNTlmNTk4NGI2NGVh
LzEvMUlvbjlFc1FRRXhTOXZfRTRJM0lLX2kxM3VRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXrBgMA0G
CSqGSIb3DQEBCwUAA4IBAQA5mNxipirX+1Znle/Zy7GeDcSiFO0oTg98GHzoUjK8
VRlpncGIBRdOu+l6KeyIjkctIynCdt4cYKYeYOlGTU6xlhrhNrwuCyrZT08L/GWB
vcjO6uLqaOyiU6rYFecUPIum2rF1ITw5kfKmdKRbJ4blbZUb8ZGujYrgU75AYjal
3It/viPEt2gTJMTQSGAgstvN5JPYRovaz+In2cY31ZBn+etsI2RRTN1tcleZXsy+
1akS7YF1g/gyuzmcizQiKwtgQ7a1Y65lINaSH8zXebmnA1rOEo54VuFbhDfeNPjL
eIo7Re0Q1EE8jJt2VsM5rxbyfRkz2xcI+pV7hMwbC26E
-----END CERTIFICATE-----