Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/be/1f6458-dc75-4add-ae72-91e3184bb0ab/1/nUjqwMGROu8lio8WlHgzqcbQHKM.roa
File:                     nUjqwMGROu8lio8WlHgzqcbQHKM.roa (raw, json)
Hash identifier:          UC2BaMoq+IhRonC2OdThJUbgN5G04G9A2iaqeo7sqnk=
Subject key identifier:   9D:48:EA:C0:C1:91:3A:EF:25:8A:8F:16:94:78:33:A9:C6:D0:1C:A3
Certificate issuer:       /CN=1aca63df248b7adf3ddd07e8c2d3eedd02cef933
Certificate serial:       0194221FCBEAE965F3A86FD8A88C4B2DFBDC
Authority key identifier: 1A:CA:63:DF:24:8B:7A:DF:3D:DD:07:E8:C2:D3:EE:DD:02:CE:F9:33
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Gspj3ySLet893QfowtPu3QLO-TM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/be/1f6458-dc75-4add-ae72-91e3184bb0ab/1/nUjqwMGROu8lio8WlHgzqcbQHKM.roa
Signing time:             Wed 01 Jan 2025 13:48:16 +0000
ROA not before:           Wed 01 Jan 2025 13:48:16 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     201488
IP address blocks:        94.42.89.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/be/1f6458-dc75-4add-ae72-91e3184bb0ab/1/Gspj3ySLet893QfowtPu3QLO-TM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/be/1f6458-dc75-4add-ae72-91e3184bb0ab/1/Gspj3ySLet893QfowtPu3QLO-TM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Gspj3ySLet893QfowtPu3QLO-TM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 18 Apr 2025 07:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:1f:cb:ea:e9:65:f3:a8:6f:d8:a8:8c:4b:2d:fb:dc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1aca63df248b7adf3ddd07e8c2d3eedd02cef933
        Validity
            Not Before: Jan  1 13:48:16 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9d48eac0c1913aef258a8f16947833a9c6d01ca3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:4e:a3:d9:30:3e:5c:52:83:a3:4a:6c:84:c6:
                    62:55:10:f0:54:a9:64:61:f5:91:94:95:56:37:0f:
                    86:4e:71:0a:90:46:16:38:49:dd:19:a1:a2:01:0c:
                    60:48:8d:66:0c:9b:4f:70:9c:65:bc:4b:44:58:d9:
                    21:17:08:6f:18:73:54:c8:df:57:70:34:7e:57:b6:
                    57:8e:66:34:bc:f5:6e:dc:94:39:f6:9c:7c:26:ca:
                    ee:e7:0a:ea:ae:88:92:d8:81:19:40:30:b0:ef:a8:
                    f4:81:0f:60:99:81:a6:a3:8a:bc:d5:76:0c:4f:40:
                    2b:9a:ca:aa:d5:f5:7c:87:2c:fa:70:6c:d2:04:a4:
                    32:3c:ce:ec:6b:21:bf:1e:19:53:e0:8b:59:ac:41:
                    23:63:49:64:5e:38:a5:da:7d:1b:90:01:b6:87:dc:
                    c5:87:32:94:b5:0d:ae:6f:6a:bc:66:83:60:8c:f7:
                    bc:91:a5:af:6c:5d:30:a8:29:58:c0:76:c9:20:7d:
                    38:ee:c2:b4:ce:e2:20:fa:7d:64:78:e6:51:62:66:
                    fc:ee:7c:f4:b1:3d:f6:1e:b3:4c:c0:7e:a0:80:57:
                    05:ca:59:eb:eb:6b:72:15:53:7b:20:aa:53:06:84:
                    af:56:37:c8:5e:23:c0:6d:19:6c:63:50:ae:a1:b2:
                    9f:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9D:48:EA:C0:C1:91:3A:EF:25:8A:8F:16:94:78:33:A9:C6:D0:1C:A3
            X509v3 Authority Key Identifier:
                keyid:1A:CA:63:DF:24:8B:7A:DF:3D:DD:07:E8:C2:D3:EE:DD:02:CE:F9:33

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Gspj3ySLet893QfowtPu3QLO-TM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/be/1f6458-dc75-4add-ae72-91e3184bb0ab/1/nUjqwMGROu8lio8WlHgzqcbQHKM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/be/1f6458-dc75-4add-ae72-91e3184bb0ab/1/Gspj3ySLet893QfowtPu3QLO-TM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.42.89.0/24

    Signature Algorithm: sha256WithRSAEncryption
         72:d1:a8:5f:ad:0b:dc:ae:2b:8a:77:f1:77:69:ca:73:2d:f3:
         e1:2b:8b:5b:f8:68:6e:42:ff:7a:93:03:98:36:76:4c:47:31:
         84:99:45:11:83:bb:47:68:60:f3:6a:75:95:c4:fb:d0:a8:69:
         e6:e1:4c:e3:2a:f7:1f:fa:ef:df:ff:29:b6:12:92:df:74:13:
         60:ef:b1:e2:dc:27:50:4f:28:17:21:86:f0:3d:fc:c6:0e:1b:
         d4:61:f4:13:0c:b9:25:3a:60:a0:2a:35:04:2c:4c:ad:43:2e:
         48:3c:38:30:da:be:90:54:11:39:0a:46:93:24:c6:2f:dc:f8:
         48:57:d9:e5:14:72:32:db:3c:b7:aa:f5:cd:a3:4b:db:31:b0:
         4a:0d:35:df:8d:89:5f:d5:0f:51:92:de:ef:16:52:3c:6b:2a:
         af:e8:bd:56:2f:68:cf:2b:84:08:3f:97:98:65:dd:eb:4f:28:
         10:61:7e:6c:6e:b9:a5:69:e4:51:c3:0a:87:23:da:c2:8b:e6:
         b2:9d:9c:77:bc:e3:ee:d0:0d:76:2f:31:2a:87:70:ea:18:d1:
         f4:e7:48:1a:cd:7e:75:34:6f:78:d9:80:2c:fa:48:0a:19:c2:
         b9:55:50:6b:f3:2c:6b:88:5b:5b:38:b3:0c:55:3d:e6:2f:fd:
         d0:3f:24:10
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQiH8vq6WXzqG/YqIxLLfvcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFhY2E2M2RmMjQ4YjdhZGYzZGRkMDdlOGMyZDNlZWRkMDJj
ZWY5MzMwHhcNMjUwMTAxMTM0ODE2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZDQ4ZWFjMGMxOTEzYWVmMjU4YThmMTY5NDc4MzNhOWM2ZDAxY2EzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsk6j2TA+XFKDo0pshMZiVRDwVKlk
YfWRlJVWNw+GTnEKkEYWOEndGaGiAQxgSI1mDJtPcJxlvEtEWNkhFwhvGHNUyN9X
cDR+V7ZXjmY0vPVu3JQ59px8Jsru5wrqroiS2IEZQDCw76j0gQ9gmYGmo4q81XYM
T0Armsqq1fV8hyz6cGzSBKQyPM7sayG/HhlT4ItZrEEjY0lkXjil2n0bkAG2h9zF
hzKUtQ2ub2q8ZoNgjPe8kaWvbF0wqClYwHbJIH047sK0zuIg+n1keOZRYmb87nz0
sT32HrNMwH6ggFcFylnr62tyFVN7IKpTBoSvVjfIXiPAbRlsY1CuobKftQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJ1I6sDBkTrvJYqPFpR4M6nG0ByjMB8GA1UdIwQY
MBaAFBrKY98ki3rfPd0H6MLT7t0CzvkzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR3NwajN5U0xldDg5M1Fmb3d0UHUzUUxPLVRNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZS8xZjY0NTgtZGM3NS00YWRkLWFlNzIt
OTFlMzE4NGJiMGFiLzEvblVqcXdNR1JPdThsaW84V2xIZ3pxY2JRSEtNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZS8xZjY0NTgtZGM3NS00YWRkLWFlNzItOTFlMzE4NGJiMGFi
LzEvR3NwajN5U0xldDg5M1Fmb3d0UHUzUUxPLVRNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXipZMA0G
CSqGSIb3DQEBCwUAA4IBAQBy0ahfrQvcriuKd/F3acpzLfPhK4tb+GhuQv96kwOY
NnZMRzGEmUURg7tHaGDzanWVxPvQqGnm4UzjKvcf+u/f/ym2EpLfdBNg77Hi3CdQ
TygXIYbwPfzGDhvUYfQTDLklOmCgKjUELEytQy5IPDgw2r6QVBE5CkaTJMYv3PhI
V9nlFHIy2zy3qvXNo0vbMbBKDTXfjYlf1Q9Rkt7vFlI8ayqv6L1WL2jPK4QIP5eY
Zd3rTygQYX5sbrmlaeRRwwqHI9rCi+aynZx3vOPu0A12LzEqh3DqGNH050gazX51
NG942YAs+kgKGcK5VVBr8yxriFtbOLMMVT3mL/3QPyQQ
-----END CERTIFICATE-----