Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/1VN42y4Z2REMYUIAUO-FQ3bOWC0.roa
File:                     1VN42y4Z2REMYUIAUO-FQ3bOWC0.roa (raw, json)
Hash identifier:          6qEg4jC2u8D8FbWbpnDDZ3Eazxj0z5nf2TWdYrhE20s=
Subject key identifier:   D5:53:78:DB:2E:19:D9:11:0C:61:42:00:50:EF:85:43:76:CE:58:2D
Certificate issuer:       /CN=eebbf317e5faf5ef02c9cce79527d5e74b8abcc5
Certificate serial:       01942369C92F2E60B5BA828062A1252E9258
Authority key identifier: EE:BB:F3:17:E5:FA:F5:EF:02:C9:CC:E7:95:27:D5:E7:4B:8A:BC:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7rvzF-X69e8CycznlSfV50uKvMU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/1VN42y4Z2REMYUIAUO-FQ3bOWC0.roa
Signing time:             Wed 01 Jan 2025 19:48:42 +0000
ROA not before:           Wed 01 Jan 2025 19:48:42 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     43581
IP address blocks:        194.169.160.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/7rvzF-X69e8CycznlSfV50uKvMU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/7rvzF-X69e8CycznlSfV50uKvMU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7rvzF-X69e8CycznlSfV50uKvMU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 12:00:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:69:c9:2f:2e:60:b5:ba:82:80:62:a1:25:2e:92:58
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eebbf317e5faf5ef02c9cce79527d5e74b8abcc5
        Validity
            Not Before: Jan  1 19:48:42 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d55378db2e19d9110c61420050ef854376ce582d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:98:e5:f9:bd:41:cd:2b:c9:25:c7:55:e7:cf:
                    9d:c5:40:6b:64:b2:a4:6c:81:b6:aa:1e:f4:98:e7:
                    40:8e:1b:40:70:05:01:73:f9:03:58:9b:f6:d8:b0:
                    5a:ef:93:a1:5f:97:25:94:ac:04:30:9b:0d:c6:f0:
                    68:62:fc:80:a6:d6:86:d8:c9:0d:dc:cd:a6:d8:14:
                    df:71:3c:07:03:c0:8c:17:39:08:31:2d:77:3b:75:
                    6d:99:1c:51:23:4a:11:88:db:12:f1:d3:56:fb:0a:
                    00:de:3a:ac:3c:44:8d:12:f5:6b:6c:27:dd:db:a9:
                    aa:0b:eb:b4:0a:4b:52:cd:ee:69:5f:d9:1f:b2:c7:
                    f1:95:5e:30:28:7d:79:bf:cd:f0:fa:e8:81:f1:10:
                    af:5d:ae:a5:99:48:27:eb:10:79:61:69:4a:55:cf:
                    f8:df:98:95:78:92:42:f6:79:04:8b:35:61:00:da:
                    41:38:b0:6e:cd:58:89:fc:5b:12:ea:a9:df:64:e4:
                    81:da:6a:6a:52:ee:e3:02:43:d8:df:e5:32:86:93:
                    f9:d8:e5:1f:2d:3e:cf:b0:ad:7c:ac:b5:f7:89:b4:
                    58:fb:59:fb:e8:92:b2:37:9c:5f:99:21:aa:be:85:
                    f2:17:73:40:39:4d:d5:1f:db:ab:8f:88:46:ed:fe:
                    34:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D5:53:78:DB:2E:19:D9:11:0C:61:42:00:50:EF:85:43:76:CE:58:2D
            X509v3 Authority Key Identifier:
                keyid:EE:BB:F3:17:E5:FA:F5:EF:02:C9:CC:E7:95:27:D5:E7:4B:8A:BC:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7rvzF-X69e8CycznlSfV50uKvMU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/1VN42y4Z2REMYUIAUO-FQ3bOWC0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/7rvzF-X69e8CycznlSfV50uKvMU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.169.160.0/24

    Signature Algorithm: sha256WithRSAEncryption
         18:c3:4e:9a:65:74:99:71:ff:0c:5e:ca:82:c3:9f:c6:96:c8:
         65:eb:ab:33:67:a5:63:3d:fa:ef:b0:55:3b:e4:cc:9d:62:a7:
         a1:43:79:fa:f3:22:34:9f:7a:8b:3d:c8:63:91:e6:d1:71:3f:
         9b:d3:ac:13:4e:f1:21:50:1b:6d:37:f4:9f:2e:01:5e:3b:f9:
         4c:1f:d5:87:43:87:2a:67:82:a0:90:29:9d:62:24:db:53:7c:
         e9:a7:1c:6b:4f:ef:a2:80:aa:4e:97:4c:80:d8:b7:44:25:44:
         31:54:05:57:9f:3f:81:d6:1d:96:c5:b4:fb:ad:c9:a4:09:6e:
         38:8f:5d:a9:be:7e:e3:85:46:ed:d0:72:cd:a2:65:51:01:7f:
         db:4e:bb:cc:99:29:b8:6b:50:69:b3:48:cc:11:68:ce:61:43:
         f4:16:06:0a:5f:8b:9b:78:91:da:ec:71:cd:2b:79:5d:19:b1:
         00:4c:11:ec:68:c8:2a:4b:b3:38:31:15:19:07:26:08:75:8f:
         a8:8a:70:54:6b:c9:66:e0:44:54:07:8c:61:89:ab:fd:7d:c7:
         1b:78:ac:02:53:b8:e1:5f:13:83:e4:c6:8c:24:a9:f4:bd:96:
         4f:99:54:9a:4a:e3:c9:c9:2c:8d:b4:25:c9:bf:ce:7c:00:cb:
         9e:f0:3b:b4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQjackvLmC1uoKAYqElLpJYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVlYmJmMzE3ZTVmYWY1ZWYwMmM5Y2NlNzk1MjdkNWU3NGI4
YWJjYzUwHhcNMjUwMTAxMTk0ODQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNTUzNzhkYjJlMTlkOTExMGM2MTQyMDA1MGVmODU0Mzc2Y2U1ODJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxJjl+b1BzSvJJcdV58+dxUBrZLKk
bIG2qh70mOdAjhtAcAUBc/kDWJv22LBa75OhX5cllKwEMJsNxvBoYvyAptaG2MkN
3M2m2BTfcTwHA8CMFzkIMS13O3VtmRxRI0oRiNsS8dNW+woA3jqsPESNEvVrbCfd
26mqC+u0CktSze5pX9kfssfxlV4wKH15v83w+uiB8RCvXa6lmUgn6xB5YWlKVc/4
35iVeJJC9nkEizVhANpBOLBuzViJ/FsS6qnfZOSB2mpqUu7jAkPY3+UyhpP52OUf
LT7PsK18rLX3ibRY+1n76JKyN5xfmSGqvoXyF3NAOU3VH9urj4hG7f40iQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNVTeNsuGdkRDGFCAFDvhUN2zlgtMB8GA1UdIwQY
MBaAFO678xfl+vXvAsnM55Un1edLirzFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN3J2ekYtWDY5ZThDeWN6bmxTZlY1MHVLdk1VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZi82ZGVjNjMtYjlkOS00ODBiLWFlYjMt
NmZlOWJmNjA1NjFjLzEvMVZONDJ5NFoyUkVNWVVJQVVPLUZRM2JPV0MwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZi82ZGVjNjMtYjlkOS00ODBiLWFlYjMtNmZlOWJmNjA1NjFj
LzEvN3J2ekYtWDY5ZThDeWN6bmxTZlY1MHVLdk1VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwqmgMA0G
CSqGSIb3DQEBCwUAA4IBAQAYw06aZXSZcf8MXsqCw5/Glshl66szZ6VjPfrvsFU7
5MydYqehQ3n68yI0n3qLPchjkebRcT+b06wTTvEhUBttN/SfLgFeO/lMH9WHQ4cq
Z4KgkCmdYiTbU3zppxxrT++igKpOl0yA2LdEJUQxVAVXnz+B1h2WxbT7rcmkCW44
j12pvn7jhUbt0HLNomVRAX/bTrvMmSm4a1Bps0jMEWjOYUP0FgYKX4ubeJHa7HHN
K3ldGbEATBHsaMgqS7M4MRUZByYIdY+oinBUa8lm4ERUB4xhiav9fccbeKwCU7jh
XxOD5MaMJKn0vZZPmVSaSuPJySyNtCXJv858AMue8Du0
-----END CERTIFICATE-----