Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bf/f1af90-355c-484b-b923-d31d4cb1b129/1/DIrH-kP5nT3HJlZe7jZz_CkvjFY.roa
File:                     DIrH-kP5nT3HJlZe7jZz_CkvjFY.roa (raw, json)
Hash identifier:          gKZZgzAyp+INbVPVuZgOHUrKZ9VQYbL1/WwPWyMWDfc=
Subject key identifier:   0C:8A:C7:FA:43:F9:9D:3D:C7:26:56:5E:EE:36:73:FC:29:2F:8C:56
Certificate issuer:       /CN=30309941a6d84fa4dbddaf0f4ecd99f9f043cfdc
Certificate serial:       019423D6D5764F2F4E8E02D11C251C0366E5
Authority key identifier: 30:30:99:41:A6:D8:4F:A4:DB:DD:AF:0F:4E:CD:99:F9:F0:43:CF:DC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MDCZQabYT6Tb3a8PTs2Z-fBDz9w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bf/f1af90-355c-484b-b923-d31d4cb1b129/1/DIrH-kP5nT3HJlZe7jZz_CkvjFY.roa
Signing time:             Wed 01 Jan 2025 21:47:49 +0000
ROA not before:           Wed 01 Jan 2025 21:47:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     209011
IP address blocks:        94.177.128.0/24 maxlen: 24
                          194.28.44.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bf/f1af90-355c-484b-b923-d31d4cb1b129/1/MDCZQabYT6Tb3a8PTs2Z-fBDz9w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bf/f1af90-355c-484b-b923-d31d4cb1b129/1/MDCZQabYT6Tb3a8PTs2Z-fBDz9w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MDCZQabYT6Tb3a8PTs2Z-fBDz9w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 22 Feb 2025 03:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:d6:d5:76:4f:2f:4e:8e:02:d1:1c:25:1c:03:66:e5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=30309941a6d84fa4dbddaf0f4ecd99f9f043cfdc
        Validity
            Not Before: Jan  1 21:47:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0c8ac7fa43f99d3dc726565eee3673fc292f8c56
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:d1:7e:47:f6:3d:74:67:06:75:30:e0:3d:86:
                    71:21:7a:d0:cf:71:86:df:1b:02:2e:8c:83:14:fd:
                    d8:0f:b2:f6:e6:e1:12:2c:8e:66:dd:33:1c:29:90:
                    2b:3f:00:eb:bc:e1:8d:a1:db:0c:5e:b3:4b:6b:84:
                    b5:1b:e7:10:8a:01:06:b1:cd:35:b8:ab:57:e0:f1:
                    e9:e1:02:be:82:17:8a:01:bf:9a:90:30:57:64:9f:
                    08:06:98:ad:bc:ca:db:5b:03:d8:69:b1:97:dd:67:
                    8f:4a:8c:be:bc:84:a6:d8:61:45:c2:f2:dd:7c:03:
                    ad:85:ae:e2:13:d3:c3:c0:bf:73:f5:e2:64:d6:9d:
                    80:b6:91:f6:f8:25:b9:82:61:37:a2:93:c0:08:d1:
                    42:e2:50:e4:8e:02:1b:55:62:88:10:84:7e:d7:24:
                    2a:68:57:7f:71:3d:79:be:ef:ee:5f:7e:66:e4:ad:
                    ec:fe:16:38:31:18:90:86:33:89:b1:4b:ba:fc:df:
                    a3:50:ef:b6:4c:9d:7b:a4:0b:c7:59:c6:59:71:8d:
                    8c:9f:6f:ce:22:b3:12:52:b8:9c:0c:48:19:2d:dc:
                    45:5f:f8:4d:ec:c4:92:f6:9e:83:40:75:5b:91:71:
                    cb:63:16:68:09:57:7d:0e:81:45:cd:55:fa:6a:c8:
                    78:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0C:8A:C7:FA:43:F9:9D:3D:C7:26:56:5E:EE:36:73:FC:29:2F:8C:56
            X509v3 Authority Key Identifier:
                keyid:30:30:99:41:A6:D8:4F:A4:DB:DD:AF:0F:4E:CD:99:F9:F0:43:CF:DC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MDCZQabYT6Tb3a8PTs2Z-fBDz9w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/f1af90-355c-484b-b923-d31d4cb1b129/1/DIrH-kP5nT3HJlZe7jZz_CkvjFY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/f1af90-355c-484b-b923-d31d4cb1b129/1/MDCZQabYT6Tb3a8PTs2Z-fBDz9w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.177.128.0/24
                  194.28.44.0/24

    Signature Algorithm: sha256WithRSAEncryption
         60:65:bd:24:78:a6:e2:8f:1d:a1:0e:51:6b:4d:54:f8:26:19:
         97:28:eb:bc:f5:86:b6:93:26:03:42:5b:3a:25:f4:60:af:c9:
         49:26:80:0f:22:5e:d6:34:a2:38:64:7c:fb:fb:ee:d9:cc:6b:
         c0:c1:0c:7d:54:cb:c7:b9:55:82:cb:10:12:7a:31:00:a0:dc:
         cb:0a:b4:44:06:43:2a:48:81:dd:f0:33:76:1d:7c:37:aa:a4:
         77:ec:87:24:ee:18:ad:c6:37:c7:e5:a5:fb:45:36:a4:17:93:
         70:13:c8:da:28:5d:e6:c3:da:b4:49:ba:47:ac:5e:d7:f3:9c:
         10:46:aa:93:08:b2:1a:9f:de:89:15:e1:c2:85:0a:f4:ab:8a:
         a1:60:28:01:8c:30:fe:ca:67:fd:db:21:0f:d7:09:21:77:dc:
         d3:87:84:0a:b0:a0:69:cf:17:92:63:9a:3e:2f:3e:72:76:f3:
         54:15:b6:fe:67:09:39:21:48:2c:94:f0:fb:11:50:14:30:79:
         c3:0e:b3:3f:f8:14:04:25:2c:ff:d6:a9:ab:8b:80:9d:86:fd:
         74:d0:28:f4:a1:dd:de:97:a0:ed:ae:77:97:f5:10:db:da:66:
         b9:2b:5b:c6:4c:9f:37:c4:5d:91:14:4e:17:b0:e1:d7:30:09:
         49:33:7b:02
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQj1tV2Ty9OjgLRHCUcA2blMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMwMzA5OTQxYTZkODRmYTRkYmRkYWYwZjRlY2Q5OWY5ZjA0
M2NmZGMwHhcNMjUwMTAxMjE0NzQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYzhhYzdmYTQzZjk5ZDNkYzcyNjU2NWVlZTM2NzNmYzI5MmY4YzU2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0dF+R/Y9dGcGdTDgPYZxIXrQz3GG
3xsCLoyDFP3YD7L25uESLI5m3TMcKZArPwDrvOGNodsMXrNLa4S1G+cQigEGsc01
uKtX4PHp4QK+gheKAb+akDBXZJ8IBpitvMrbWwPYabGX3WePSoy+vISm2GFFwvLd
fAOtha7iE9PDwL9z9eJk1p2AtpH2+CW5gmE3opPACNFC4lDkjgIbVWKIEIR+1yQq
aFd/cT15vu/uX35m5K3s/hY4MRiQhjOJsUu6/N+jUO+2TJ17pAvHWcZZcY2Mn2/O
IrMSUricDEgZLdxFX/hN7MSS9p6DQHVbkXHLYxZoCVd9DoFFzVX6ash4cQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFAyKx/pD+Z09xyZWXu42c/wpL4xWMB8GA1UdIwQY
MBaAFDAwmUGm2E+k292vD07NmfnwQ8/cMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTURDWlFhYllUNlRiM2E4UFRzMlotZkJEejl3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZi9mMWFmOTAtMzU1Yy00ODRiLWI5MjMt
ZDMxZDRjYjFiMTI5LzEvRElySC1rUDVuVDNISmxaZTdqWnpfQ2t2akZZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZi9mMWFmOTAtMzU1Yy00ODRiLWI5MjMtZDMxZDRjYjFiMTI5
LzEvTURDWlFhYllUNlRiM2E4UFRzMlotZkJEejl3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAXrGAAwQA
whwsMA0GCSqGSIb3DQEBCwUAA4IBAQBgZb0keKbijx2hDlFrTVT4JhmXKOu89Ya2
kyYDQls6JfRgr8lJJoAPIl7WNKI4ZHz7++7ZzGvAwQx9VMvHuVWCyxASejEAoNzL
CrREBkMqSIHd8DN2HXw3qqR37Ick7hitxjfH5aX7RTakF5NwE8jaKF3mw9q0SbpH
rF7X85wQRqqTCLIan96JFeHChQr0q4qhYCgBjDD+ymf92yEP1wkhd9zTh4QKsKBp
zxeSY5o+Lz5ydvNUFbb+Zwk5IUgslPD7EVAUMHnDDrM/+BQEJSz/1qmri4Cdhv10
0Cj0od3el6DtrneX9RDb2ma5K1vGTJ83xF2RFE4XsOHXMAlJM3sC
-----END CERTIFICATE-----