Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/67d57e-f3de-4d10-bd9d-87a10bc68a37/1/RRFPoj_D2514uvr1pJ51Asozslw.roa
File:                     RRFPoj_D2514uvr1pJ51Asozslw.roa (raw, json)
Hash identifier:          EUwe8zILfT5h0ET/pLOGX/O1GKfRNQcxkScAvJ+rEAs=
Subject key identifier:   45:11:4F:A2:3F:C3:DB:9D:78:BA:FA:F5:A4:9E:75:02:CA:33:B2:5C
Certificate issuer:       /CN=b4112bb59b0627da23af90c0f0584b71b50f778f
Certificate serial:       019426D9A7BDA50E5568A4AA43DC5038BBF8
Authority key identifier: B4:11:2B:B5:9B:06:27:DA:23:AF:90:C0:F0:58:4B:71:B5:0F:77:8F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tBErtZsGJ9ojr5DA8FhLcbUPd48.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/67d57e-f3de-4d10-bd9d-87a10bc68a37/1/RRFPoj_D2514uvr1pJ51Asozslw.roa
Signing time:             Thu 02 Jan 2025 11:49:45 +0000
ROA not before:           Thu 02 Jan 2025 11:49:45 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     49537
IP address blocks:        194.169.214.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bc/67d57e-f3de-4d10-bd9d-87a10bc68a37/1/tBErtZsGJ9ojr5DA8FhLcbUPd48.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bc/67d57e-f3de-4d10-bd9d-87a10bc68a37/1/tBErtZsGJ9ojr5DA8FhLcbUPd48.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tBErtZsGJ9ojr5DA8FhLcbUPd48.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:d9:a7:bd:a5:0e:55:68:a4:aa:43:dc:50:38:bb:f8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b4112bb59b0627da23af90c0f0584b71b50f778f
        Validity
            Not Before: Jan  2 11:49:45 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=45114fa23fc3db9d78bafaf5a49e7502ca33b25c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:82:f5:61:17:6d:17:c6:a3:6f:7b:06:ff:a6:
                    bf:81:03:e2:11:d7:e6:4c:4f:b3:e1:f1:2b:30:ed:
                    39:ac:f5:7a:e2:d5:3a:92:d7:e9:42:c0:0c:d1:96:
                    19:f8:89:21:be:bd:6b:cc:91:d5:b3:cb:76:69:df:
                    50:ed:b4:0f:52:c4:b0:90:52:ca:83:5f:73:81:6f:
                    34:28:f6:98:39:0c:8c:93:4b:cc:eb:f2:b5:56:da:
                    8f:97:77:f4:44:56:52:78:31:55:58:6d:70:9a:36:
                    50:55:60:f3:1c:85:c0:dd:b1:f2:0c:15:e1:60:ef:
                    6f:94:1b:ad:8f:2f:a4:af:6f:37:27:62:2c:79:80:
                    ec:81:8b:f3:41:1c:3b:a5:f0:17:4f:53:bc:93:20:
                    59:e9:9f:8c:63:bb:5f:c7:91:3b:9d:02:c5:51:c6:
                    3d:fc:ce:01:85:7d:e4:d3:1d:82:61:7e:69:a4:23:
                    7a:e3:0b:d3:ef:b3:b1:20:a5:bc:58:a3:55:d1:2c:
                    e1:bf:95:7b:c5:f9:b1:2c:d3:67:d8:63:d5:f6:e8:
                    db:36:93:4a:82:9c:04:34:c2:ca:1c:6a:7b:9e:5b:
                    dc:e4:f3:9e:f9:c9:38:1d:d2:8c:53:42:3b:c8:d5:
                    0f:8f:b0:a0:0b:68:63:95:48:06:1f:75:c8:de:6a:
                    fa:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                45:11:4F:A2:3F:C3:DB:9D:78:BA:FA:F5:A4:9E:75:02:CA:33:B2:5C
            X509v3 Authority Key Identifier:
                keyid:B4:11:2B:B5:9B:06:27:DA:23:AF:90:C0:F0:58:4B:71:B5:0F:77:8F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tBErtZsGJ9ojr5DA8FhLcbUPd48.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/67d57e-f3de-4d10-bd9d-87a10bc68a37/1/RRFPoj_D2514uvr1pJ51Asozslw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/67d57e-f3de-4d10-bd9d-87a10bc68a37/1/tBErtZsGJ9ojr5DA8FhLcbUPd48.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.169.214.0/24

    Signature Algorithm: sha256WithRSAEncryption
         97:d4:ec:d4:61:99:77:8f:2d:11:df:4b:7c:ae:7c:a0:73:64:
         eb:10:5e:86:ed:b5:71:ae:b6:15:0f:7d:b6:3b:0d:6f:9e:7d:
         0e:e3:1d:6d:ce:c2:c1:6c:a6:77:cd:9d:fc:f2:e2:7c:02:b9:
         52:a0:3b:1c:1e:81:74:30:1d:37:c0:4a:4a:84:3d:4f:34:e5:
         83:22:9e:41:4c:10:2a:bf:03:e8:ab:ad:12:2c:3f:65:82:e8:
         8c:62:6e:7d:f3:85:9e:f0:de:0a:fc:ac:3a:06:f2:1f:7f:1d:
         01:d0:97:f5:22:0e:fd:d2:a0:c2:bd:c6:03:f5:4f:b0:82:88:
         23:a3:89:e4:da:40:11:20:b4:07:dd:31:54:55:60:eb:77:3f:
         d2:67:24:23:12:63:bb:58:f5:db:ae:1d:22:18:df:bb:91:ca:
         f9:55:67:6a:1c:5c:7f:72:b9:87:d7:09:61:49:72:55:3f:f8:
         a5:1c:d2:f4:33:1f:a6:b6:ae:44:55:40:c6:9d:8b:69:99:f2:
         2b:b5:50:59:e0:6b:01:22:a9:af:8b:9f:d6:1e:3f:9d:51:17:
         35:7f:06:2b:81:7a:ce:23:4f:88:3f:2b:5f:eb:c5:21:0c:57:
         54:6a:60:3c:e8:04:15:c7:9c:e5:0d:73:58:a1:ef:83:ce:19:
         2f:37:43:67
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQm2ae9pQ5VaKSqQ9xQOLv4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0MTEyYmI1OWIwNjI3ZGEyM2FmOTBjMGYwNTg0YjcxYjUw
Zjc3OGYwHhcNMjUwMTAyMTE0OTQ1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NTExNGZhMjNmYzNkYjlkNzhiYWZhZjVhNDllNzUwMmNhMzNiMjVjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA14L1YRdtF8ajb3sG/6a/gQPiEdfm
TE+z4fErMO05rPV64tU6ktfpQsAM0ZYZ+Ikhvr1rzJHVs8t2ad9Q7bQPUsSwkFLK
g19zgW80KPaYOQyMk0vM6/K1VtqPl3f0RFZSeDFVWG1wmjZQVWDzHIXA3bHyDBXh
YO9vlButjy+kr283J2IseYDsgYvzQRw7pfAXT1O8kyBZ6Z+MY7tfx5E7nQLFUcY9
/M4BhX3k0x2CYX5ppCN64wvT77OxIKW8WKNV0Szhv5V7xfmxLNNn2GPV9ujbNpNK
gpwENMLKHGp7nlvc5POe+ck4HdKMU0I7yNUPj7CgC2hjlUgGH3XI3mr6lwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEURT6I/w9udeLr69aSedQLKM7JcMB8GA1UdIwQY
MBaAFLQRK7WbBifaI6+QwPBYS3G1D3ePMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdEJFcnRac0dKOW9qcjVEQThGaExjYlVQZDQ4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy82N2Q1N2UtZjNkZS00ZDEwLWJkOWQt
ODdhMTBiYzY4YTM3LzEvUlJGUG9qX0QyNTE0dXZyMXBKNTFBc296c2x3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy82N2Q1N2UtZjNkZS00ZDEwLWJkOWQtODdhMTBiYzY4YTM3
LzEvdEJFcnRac0dKOW9qcjVEQThGaExjYlVQZDQ4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwqnWMA0G
CSqGSIb3DQEBCwUAA4IBAQCX1OzUYZl3jy0R30t8rnygc2TrEF6G7bVxrrYVD322
Ow1vnn0O4x1tzsLBbKZ3zZ388uJ8ArlSoDscHoF0MB03wEpKhD1PNOWDIp5BTBAq
vwPoq60SLD9lguiMYm5984We8N4K/Kw6BvIffx0B0Jf1Ig790qDCvcYD9U+wgogj
o4nk2kARILQH3TFUVWDrdz/SZyQjEmO7WPXbrh0iGN+7kcr5VWdqHFx/crmH1wlh
SXJVP/ilHNL0Mx+mtq5EVUDGnYtpmfIrtVBZ4GsBIqmvi5/WHj+dURc1fwYrgXrO
I0+IPytf68UhDFdUamA86AQVx5zlDXNYoe+DzhkvN0Nn
-----END CERTIFICATE-----