Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bd/7ed7b1-b8f3-43f3-96e3-1dc54d1c03a3/1/CmDicAfDfoz93maibb20vLFeJSE.roa
File:                     CmDicAfDfoz93maibb20vLFeJSE.roa (raw, json)
Hash identifier:          T8rIp3ZOIEv2U6cB/WhgBqnN/oGzchfMmPBfz5rrS5E=
Subject key identifier:   0A:60:E2:70:07:C3:7E:8C:FD:DE:66:A2:6D:BD:B4:BC:B1:5E:25:21
Certificate issuer:       /CN=4c3789ecf67e04298c5ee44c67d8fb7f5d6d95a1
Certificate serial:       0194214461B9ABA2FC30CD753D19EB1535E5
Authority key identifier: 4C:37:89:EC:F6:7E:04:29:8C:5E:E4:4C:67:D8:FB:7F:5D:6D:95:A1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TDeJ7PZ-BCmMXuRMZ9j7f11tlaE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bd/7ed7b1-b8f3-43f3-96e3-1dc54d1c03a3/1/CmDicAfDfoz93maibb20vLFeJSE.roa
Signing time:             Wed 01 Jan 2025 09:48:36 +0000
ROA not before:           Wed 01 Jan 2025 09:48:36 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     48279
IP address blocks:        94.154.192.0/18 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bd/7ed7b1-b8f3-43f3-96e3-1dc54d1c03a3/1/TDeJ7PZ-BCmMXuRMZ9j7f11tlaE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bd/7ed7b1-b8f3-43f3-96e3-1dc54d1c03a3/1/TDeJ7PZ-BCmMXuRMZ9j7f11tlaE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TDeJ7PZ-BCmMXuRMZ9j7f11tlaE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 13 Mar 2025 21:01:07 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:44:61:b9:ab:a2:fc:30:cd:75:3d:19:eb:15:35:e5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4c3789ecf67e04298c5ee44c67d8fb7f5d6d95a1
        Validity
            Not Before: Jan  1 09:48:36 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0a60e27007c37e8cfdde66a26dbdb4bcb15e2521
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e2:43:09:c0:5a:b0:b1:25:e0:15:59:7f:33:b9:
                    37:fb:ff:a1:39:73:93:93:ec:ff:b1:b7:49:26:06:
                    cb:a0:04:c1:00:5f:bf:3f:61:92:05:80:9e:23:c8:
                    5a:f6:c3:23:d6:cf:23:3d:da:a7:de:11:0c:9b:95:
                    d4:eb:ba:d6:6b:98:7a:cd:00:98:5a:57:41:39:32:
                    46:5e:70:6c:8c:75:f8:25:0e:04:58:4b:3f:67:96:
                    70:ab:5e:4b:28:71:9e:df:10:ff:13:ee:db:82:ac:
                    9a:8a:ac:1d:d3:8a:89:df:c2:b7:1a:00:cf:47:74:
                    bf:30:b7:37:a6:81:64:8f:73:f3:f4:4b:3a:27:00:
                    92:e0:e0:71:fd:94:f5:91:53:2f:68:55:6d:f2:7b:
                    33:dd:7c:cf:e8:a4:02:60:10:51:4a:ab:9d:2f:c7:
                    be:32:aa:8b:28:9d:ed:3e:31:fc:4b:87:bb:08:17:
                    6d:e0:b3:3e:37:ea:c0:88:d0:ea:26:8a:d0:67:6f:
                    62:b3:d8:8f:be:62:f1:68:6f:b1:aa:4d:67:a2:54:
                    72:d4:54:96:07:99:20:79:c8:2c:13:52:f8:6e:4a:
                    8d:46:4e:2f:05:fe:5b:70:2d:02:a2:b8:8d:45:fc:
                    97:71:b8:ea:23:bd:9d:e2:08:a0:04:c6:64:d5:6a:
                    e1:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0A:60:E2:70:07:C3:7E:8C:FD:DE:66:A2:6D:BD:B4:BC:B1:5E:25:21
            X509v3 Authority Key Identifier:
                keyid:4C:37:89:EC:F6:7E:04:29:8C:5E:E4:4C:67:D8:FB:7F:5D:6D:95:A1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TDeJ7PZ-BCmMXuRMZ9j7f11tlaE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bd/7ed7b1-b8f3-43f3-96e3-1dc54d1c03a3/1/CmDicAfDfoz93maibb20vLFeJSE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bd/7ed7b1-b8f3-43f3-96e3-1dc54d1c03a3/1/TDeJ7PZ-BCmMXuRMZ9j7f11tlaE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.154.192.0/18

    Signature Algorithm: sha256WithRSAEncryption
         85:c1:b0:c5:e4:61:a2:b1:10:ec:1a:95:2b:f4:1f:02:a2:8e:
         fc:2c:64:e6:ed:59:b6:17:84:53:8a:1b:55:90:b4:02:3b:71:
         df:05:bb:b0:05:19:7c:89:86:2d:4e:8c:53:fc:a6:c2:e4:ad:
         38:59:71:f5:dc:8c:bd:48:b2:c0:8e:25:0d:78:99:ab:a8:bf:
         1c:b1:6b:bc:e5:03:66:4c:ae:6a:00:7e:31:fb:6d:b2:aa:3a:
         94:1b:34:5a:dc:3d:c1:f7:16:23:d2:a8:43:52:97:92:fa:ac:
         46:f4:ae:45:97:f3:e2:da:8f:8e:d3:77:a0:16:c1:99:1b:0b:
         bb:d5:b3:d9:f4:28:44:27:39:16:8c:45:3f:8f:1c:7c:13:ab:
         e3:69:e6:1b:22:2f:53:f4:ed:f3:3b:e9:42:06:68:68:66:6f:
         35:65:ea:aa:5f:33:8e:2b:73:eb:c9:e3:8c:78:f4:40:0d:29:
         80:99:92:1b:ce:36:34:83:76:ae:c7:c9:59:66:4f:aa:b4:1d:
         de:49:44:14:23:51:50:43:4f:43:a2:ed:bc:10:c2:7a:d8:2f:
         f6:b8:a2:5b:d4:0e:f5:fa:9b:c3:9f:f9:14:53:f4:0c:dd:ac:
         df:4d:db:a9:f4:f5:9f:b0:ef:81:f0:d1:2b:47:68:24:f4:2f:
         16:85:4f:5f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhRGG5q6L8MM11PRnrFTXlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRjMzc4OWVjZjY3ZTA0Mjk4YzVlZTQ0YzY3ZDhmYjdmNWQ2
ZDk1YTEwHhcNMjUwMTAxMDk0ODM2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYTYwZTI3MDA3YzM3ZThjZmRkZTY2YTI2ZGJkYjRiY2IxNWUyNTIxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4kMJwFqwsSXgFVl/M7k3+/+hOXOT
k+z/sbdJJgbLoATBAF+/P2GSBYCeI8ha9sMj1s8jPdqn3hEMm5XU67rWa5h6zQCY
WldBOTJGXnBsjHX4JQ4EWEs/Z5Zwq15LKHGe3xD/E+7bgqyaiqwd04qJ38K3GgDP
R3S/MLc3poFkj3Pz9Es6JwCS4OBx/ZT1kVMvaFVt8nsz3XzP6KQCYBBRSqudL8e+
MqqLKJ3tPjH8S4e7CBdt4LM+N+rAiNDqJorQZ29is9iPvmLxaG+xqk1nolRy1FSW
B5kgecgsE1L4bkqNRk4vBf5bcC0CoriNRfyXcbjqI72d4gigBMZk1WrhJwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFApg4nAHw36M/d5mom29tLyxXiUhMB8GA1UdIwQY
MBaAFEw3iez2fgQpjF7kTGfY+39dbZWhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVERlSjdQWi1CQ21NWHVSTVo5ajdmMTF0bGFFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZC83ZWQ3YjEtYjhmMy00M2YzLTk2ZTMt
MWRjNTRkMWMwM2EzLzEvQ21EaWNBZkRmb3o5M21haWJiMjB2TEZlSlNFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZC83ZWQ3YjEtYjhmMy00M2YzLTk2ZTMtMWRjNTRkMWMwM2Ez
LzEvVERlSjdQWi1CQ21NWHVSTVo5ajdmMTF0bGFFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQGXprAMA0G
CSqGSIb3DQEBCwUAA4IBAQCFwbDF5GGisRDsGpUr9B8Coo78LGTm7Vm2F4RTihtV
kLQCO3HfBbuwBRl8iYYtToxT/KbC5K04WXH13Iy9SLLAjiUNeJmrqL8csWu85QNm
TK5qAH4x+22yqjqUGzRa3D3B9xYj0qhDUpeS+qxG9K5Fl/Pi2o+O03egFsGZGwu7
1bPZ9ChEJzkWjEU/jxx8E6vjaeYbIi9T9O3zO+lCBmhoZm81ZeqqXzOOK3PryeOM
ePRADSmAmZIbzjY0g3aux8lZZk+qtB3eSUQUI1FQQ09Dou28EMJ62C/2uKJb1A71
+pvDn/kUU/QM3azfTdup9PWfsO+B8NErR2gk9C8WhU9f
-----END CERTIFICATE-----