Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bd/cac9c4-f9bb-46d4-bb62-475adf3aa7b1/1/3EU0oyFeuVgyRfJv8cphRhidY_4.roa
File:                     3EU0oyFeuVgyRfJv8cphRhidY_4.roa (raw, json)
Hash identifier:          uUVRINmwKIXEw7WBi5QJ2PuB8r4TwtW/ERy1bKhXTs0=
Subject key identifier:   DC:45:34:A3:21:5E:B9:58:32:45:F2:6F:F1:CA:61:46:18:9D:63:FE
Certificate issuer:       /CN=5e066de9829b761edce171e8ea3c5935e44f4e9a
Certificate serial:       0194266B8EDF13FE1D24F43D892B2E745CFE
Authority key identifier: 5E:06:6D:E9:82:9B:76:1E:DC:E1:71:E8:EA:3C:59:35:E4:4F:4E:9A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XgZt6YKbdh7c4XHo6jxZNeRPTpo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bd/cac9c4-f9bb-46d4-bb62-475adf3aa7b1/1/3EU0oyFeuVgyRfJv8cphRhidY_4.roa
Signing time:             Thu 02 Jan 2025 09:49:30 +0000
ROA not before:           Thu 02 Jan 2025 09:49:30 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     1299
IP address blocks:        194.120.173.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bd/cac9c4-f9bb-46d4-bb62-475adf3aa7b1/1/XgZt6YKbdh7c4XHo6jxZNeRPTpo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bd/cac9c4-f9bb-46d4-bb62-475adf3aa7b1/1/XgZt6YKbdh7c4XHo6jxZNeRPTpo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XgZt6YKbdh7c4XHo6jxZNeRPTpo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 03:01:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:6b:8e:df:13:fe:1d:24:f4:3d:89:2b:2e:74:5c:fe
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5e066de9829b761edce171e8ea3c5935e44f4e9a
        Validity
            Not Before: Jan  2 09:49:30 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=dc4534a3215eb9583245f26ff1ca6146189d63fe
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:28:16:0d:bf:13:9f:94:f0:dc:e2:7a:62:d4:
                    12:be:f7:4e:fa:49:50:8b:79:08:33:5e:ae:cf:71:
                    e2:58:a9:9f:a6:98:41:39:a2:17:ce:7c:34:0d:9b:
                    a8:a7:81:22:2e:3c:95:c6:7f:fe:87:6a:6e:9f:fa:
                    46:40:8b:46:fd:21:86:6d:04:56:17:69:90:50:2e:
                    34:e0:61:1b:50:d9:1f:2e:06:3c:1c:56:82:59:c2:
                    d2:be:1c:2c:15:05:d3:a0:22:9c:02:a0:de:28:08:
                    01:ab:35:38:92:e8:75:49:d4:97:79:05:b4:56:6f:
                    56:f9:32:cd:4c:b7:ae:7d:53:db:20:48:1a:ff:ad:
                    0d:06:94:79:10:dc:a4:09:5e:b4:ab:b4:09:c1:d7:
                    f4:d8:b2:e8:77:32:3c:77:d9:ff:79:3c:23:6d:e6:
                    ad:d8:2b:6f:e4:57:ec:d8:16:43:d2:72:1a:cd:a6:
                    1c:d9:87:f0:0d:b3:e2:6c:95:f4:7c:45:0a:cd:70:
                    29:e5:30:01:1b:17:4b:5a:c2:03:e2:4e:48:58:fb:
                    d0:d9:09:a3:f2:3a:97:51:c1:0e:fd:20:f0:33:bd:
                    4e:04:67:4f:fa:d2:1e:b5:da:7c:2c:fe:4b:6c:2e:
                    92:34:c8:1e:6d:a6:d9:96:04:72:75:cf:90:09:3b:
                    5c:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DC:45:34:A3:21:5E:B9:58:32:45:F2:6F:F1:CA:61:46:18:9D:63:FE
            X509v3 Authority Key Identifier:
                keyid:5E:06:6D:E9:82:9B:76:1E:DC:E1:71:E8:EA:3C:59:35:E4:4F:4E:9A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XgZt6YKbdh7c4XHo6jxZNeRPTpo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bd/cac9c4-f9bb-46d4-bb62-475adf3aa7b1/1/3EU0oyFeuVgyRfJv8cphRhidY_4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bd/cac9c4-f9bb-46d4-bb62-475adf3aa7b1/1/XgZt6YKbdh7c4XHo6jxZNeRPTpo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.120.173.0/24

    Signature Algorithm: sha256WithRSAEncryption
         71:ae:0c:24:84:03:db:2e:2e:55:55:5e:3b:a6:d5:94:64:cf:
         b7:81:16:4f:aa:5c:a4:c7:f4:08:27:9b:5c:9e:8c:73:80:40:
         b7:1a:75:77:a5:c8:87:6d:bf:37:6b:6d:ee:5d:bf:66:7b:43:
         bf:c8:6a:22:15:da:60:3c:e7:bf:39:35:1e:88:68:c4:bc:91:
         ac:cd:02:84:d4:7d:85:e5:a6:94:6b:43:66:08:7e:e6:75:1f:
         b7:dc:ef:49:30:dc:38:85:5a:bb:bf:2b:d6:46:15:06:3a:ef:
         8c:6b:e2:8d:87:98:91:ff:57:f1:05:3a:c1:42:a9:f4:b5:7a:
         81:8d:e4:30:15:82:a0:22:d1:b5:29:e1:f3:44:75:40:6c:53:
         2f:7e:fa:93:8b:9b:e6:0c:05:f4:f4:7f:c4:4a:b6:52:4e:1f:
         36:2e:ef:0b:c3:57:e3:ed:65:f4:cd:42:3d:da:46:b0:c2:c9:
         be:a4:49:79:66:c9:9b:f1:60:88:9a:31:7c:fc:61:f2:e5:b4:
         50:2d:52:5c:a4:da:3a:2d:b2:e4:08:a1:c3:39:65:58:ba:6a:
         7e:ba:34:74:c9:55:8e:53:7d:2c:d3:e0:e6:a9:d9:78:a9:cd:
         ef:4b:27:d4:44:0a:d2:48:5b:80:d7:8b:f0:69:1b:30:4f:9e:
         e4:53:c7:bb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQma47fE/4dJPQ9iSsudFz+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVlMDY2ZGU5ODI5Yjc2MWVkY2UxNzFlOGVhM2M1OTM1ZTQ0
ZjRlOWEwHhcNMjUwMTAyMDk0OTMwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYzQ1MzRhMzIxNWViOTU4MzI0NWYyNmZmMWNhNjE0NjE4OWQ2M2ZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwygWDb8Tn5Tw3OJ6YtQSvvdO+klQ
i3kIM16uz3HiWKmfpphBOaIXznw0DZuop4EiLjyVxn/+h2pun/pGQItG/SGGbQRW
F2mQUC404GEbUNkfLgY8HFaCWcLSvhwsFQXToCKcAqDeKAgBqzU4kuh1SdSXeQW0
Vm9W+TLNTLeufVPbIEga/60NBpR5ENykCV60q7QJwdf02LLodzI8d9n/eTwjbeat
2Ctv5Ffs2BZD0nIazaYc2YfwDbPibJX0fEUKzXAp5TABGxdLWsID4k5IWPvQ2Qmj
8jqXUcEO/SDwM71OBGdP+tIetdp8LP5LbC6SNMgebabZlgRydc+QCTtc4QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNxFNKMhXrlYMkXyb/HKYUYYnWP+MB8GA1UdIwQY
MBaAFF4GbemCm3Ye3OFx6Oo8WTXkT06aMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWGdadDZZS2JkaDdjNFhIbzZqeFpOZVJQVHBvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZC9jYWM5YzQtZjliYi00NmQ0LWJiNjIt
NDc1YWRmM2FhN2IxLzEvM0VVMG95RmV1Vmd5UmZKdjhjcGhSaGlkWV80LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZC9jYWM5YzQtZjliYi00NmQ0LWJiNjItNDc1YWRmM2FhN2Ix
LzEvWGdadDZZS2JkaDdjNFhIbzZqeFpOZVJQVHBvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwnitMA0G
CSqGSIb3DQEBCwUAA4IBAQBxrgwkhAPbLi5VVV47ptWUZM+3gRZPqlykx/QIJ5tc
noxzgEC3GnV3pciHbb83a23uXb9me0O/yGoiFdpgPOe/OTUeiGjEvJGszQKE1H2F
5aaUa0NmCH7mdR+33O9JMNw4hVq7vyvWRhUGOu+Ma+KNh5iR/1fxBTrBQqn0tXqB
jeQwFYKgItG1KeHzRHVAbFMvfvqTi5vmDAX09H/ESrZSTh82Lu8Lw1fj7WX0zUI9
2kawwsm+pEl5Zsmb8WCImjF8/GHy5bRQLVJcpNo6LbLkCKHDOWVYump+ujR0yVWO
U30s0+Dmqdl4qc3vSyfURArSSFuA14vwaRswT57kU8e7
-----END CERTIFICATE-----