Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c4/11e5b3-43aa-4279-9441-7e8c6d4d9bef/1/54NJy94JvBBL15s0csboVd4UQiE.roa
File:                     54NJy94JvBBL15s0csboVd4UQiE.roa (raw, json)
Hash identifier:          wn2NTaQY7LuuAW+WGTrkVMpGh4ZshJJa9jmzKiQ5he0=
Subject key identifier:   E7:83:49:CB:DE:09:BC:10:4B:D7:9B:34:72:C6:E8:55:DE:14:42:21
Certificate issuer:       /CN=ffdec4a46a6e6e4f9a92d0ba2e0b3ab5658be1bd
Certificate serial:       019423D75F329A9E84C8CE64C00289414A4A
Authority key identifier: FF:DE:C4:A4:6A:6E:6E:4F:9A:92:D0:BA:2E:0B:3A:B5:65:8B:E1:BD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_97EpGpubk-aktC6Lgs6tWWL4b0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c4/11e5b3-43aa-4279-9441-7e8c6d4d9bef/1/54NJy94JvBBL15s0csboVd4UQiE.roa
Signing time:             Wed 01 Jan 2025 21:48:24 +0000
ROA not before:           Wed 01 Jan 2025 21:48:24 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     136620
IP address blocks:        144.48.63.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c4/11e5b3-43aa-4279-9441-7e8c6d4d9bef/1/_97EpGpubk-aktC6Lgs6tWWL4b0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c4/11e5b3-43aa-4279-9441-7e8c6d4d9bef/1/_97EpGpubk-aktC6Lgs6tWWL4b0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_97EpGpubk-aktC6Lgs6tWWL4b0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 10:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:d7:5f:32:9a:9e:84:c8:ce:64:c0:02:89:41:4a:4a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ffdec4a46a6e6e4f9a92d0ba2e0b3ab5658be1bd
        Validity
            Not Before: Jan  1 21:48:24 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e78349cbde09bc104bd79b3472c6e855de144221
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:34:4e:0b:03:00:ea:9e:44:a8:50:93:16:4e:
                    60:76:7b:b7:b5:18:db:6f:af:cc:19:4e:70:a5:6f:
                    d8:ea:f9:b1:69:90:31:3c:c8:e2:14:fd:48:c7:d7:
                    8a:4d:8c:69:08:aa:eb:b6:9a:0d:8f:63:dc:de:31:
                    41:70:32:7f:eb:d3:ec:84:b0:6c:81:a0:8a:d1:82:
                    b4:b7:14:bd:91:f6:17:22:e9:76:46:16:39:bf:ee:
                    29:7a:a7:32:aa:a8:56:a6:66:6c:e7:da:93:7c:d8:
                    b7:e1:96:d4:c0:6d:b9:7e:32:8b:e9:ba:93:6a:f5:
                    a3:f1:f4:a6:a0:9a:6f:a4:5c:47:ee:6f:0f:24:9d:
                    5e:4c:e5:76:81:12:56:5d:38:7c:7d:79:00:0a:a0:
                    13:8d:82:7f:6d:fc:e8:30:ed:3c:8a:30:ba:46:c6:
                    d5:f9:4a:64:f0:fb:7a:a0:d6:c2:f7:c3:47:c1:b9:
                    26:05:3a:c3:22:cb:65:7c:43:ab:08:1c:d4:06:f6:
                    bd:c7:15:76:13:3a:db:3d:b4:a4:9a:d9:74:02:a1:
                    2c:51:dc:7e:e4:09:e8:61:49:f0:b3:3a:3d:5c:8b:
                    17:b9:e4:e1:93:c6:78:24:a6:5d:da:5f:af:49:41:
                    0c:14:3c:2f:d3:5b:22:4e:dc:55:7e:50:c5:27:dc:
                    07:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E7:83:49:CB:DE:09:BC:10:4B:D7:9B:34:72:C6:E8:55:DE:14:42:21
            X509v3 Authority Key Identifier:
                keyid:FF:DE:C4:A4:6A:6E:6E:4F:9A:92:D0:BA:2E:0B:3A:B5:65:8B:E1:BD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_97EpGpubk-aktC6Lgs6tWWL4b0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c4/11e5b3-43aa-4279-9441-7e8c6d4d9bef/1/54NJy94JvBBL15s0csboVd4UQiE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c4/11e5b3-43aa-4279-9441-7e8c6d4d9bef/1/_97EpGpubk-aktC6Lgs6tWWL4b0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  144.48.63.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c4:87:65:06:b0:5f:18:7f:1b:8a:6c:f1:5e:b3:40:a0:af:5d:
         52:47:41:43:d7:6d:a8:42:8f:e9:fb:fd:44:4a:d5:3a:be:c2:
         00:f1:a8:62:45:6c:0b:df:a2:d5:0e:03:27:44:ae:34:61:0b:
         90:8f:2f:8e:fb:9a:75:5b:b0:ef:30:cc:48:8c:76:9d:e9:14:
         6a:e9:b4:b5:07:7a:37:fa:c1:71:f5:e1:ac:aa:74:5c:0a:fd:
         d0:6c:b3:51:24:fb:49:15:2e:1f:d9:90:85:04:ec:72:b8:95:
         29:b1:65:98:da:e9:a3:8e:06:c0:5e:fb:48:08:21:df:82:55:
         c2:6f:81:a5:ba:ff:ae:3e:c3:f4:ac:77:51:f3:e7:52:af:fb:
         f7:86:32:7e:c7:94:06:36:9d:5e:6c:59:d3:92:04:bb:59:a7:
         b2:25:f8:d5:6a:c6:b8:21:12:6d:fc:54:a4:e9:36:fd:5c:7c:
         36:c9:03:f7:0d:67:a9:f1:0c:f9:b3:b7:53:20:70:9b:5c:e3:
         ed:04:af:1b:b2:61:4b:24:40:aa:10:86:f9:04:5d:ef:8b:bc:
         29:90:0a:be:86:75:42:67:b2:e6:02:89:eb:70:32:d2:cf:61:
         a7:f0:b5:e5:e8:09:31:6f:57:2c:17:12:ff:97:14:2d:94:03:
         81:b7:62:8a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQj118ymp6EyM5kwAKJQUpKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZmZGVjNGE0NmE2ZTZlNGY5YTkyZDBiYTJlMGIzYWI1NjU4
YmUxYmQwHhcNMjUwMTAxMjE0ODI0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNzgzNDljYmRlMDliYzEwNGJkNzliMzQ3MmM2ZTg1NWRlMTQ0MjIxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAujROCwMA6p5EqFCTFk5gdnu3tRjb
b6/MGU5wpW/Y6vmxaZAxPMjiFP1Ix9eKTYxpCKrrtpoNj2Pc3jFBcDJ/69PshLBs
gaCK0YK0txS9kfYXIul2RhY5v+4peqcyqqhWpmZs59qTfNi34ZbUwG25fjKL6bqT
avWj8fSmoJpvpFxH7m8PJJ1eTOV2gRJWXTh8fXkACqATjYJ/bfzoMO08ijC6RsbV
+Upk8Pt6oNbC98NHwbkmBTrDIstlfEOrCBzUBva9xxV2EzrbPbSkmtl0AqEsUdx+
5AnoYUnwszo9XIsXueThk8Z4JKZd2l+vSUEMFDwv01siTtxVflDFJ9wHCwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOeDScveCbwQS9ebNHLG6FXeFEIhMB8GA1UdIwQY
MBaAFP/exKRqbm5PmpLQui4LOrVli+G9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvXzk3RXBHcHViay1ha3RDNkxnczZ0V1dMNGIwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNC8xMWU1YjMtNDNhYS00Mjc5LTk0NDEt
N2U4YzZkNGQ5YmVmLzEvNTROSnk5NEp2QkJMMTVzMGNzYm9WZDRVUWlFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNC8xMWU1YjMtNDNhYS00Mjc5LTk0NDEtN2U4YzZkNGQ5YmVm
LzEvXzk3RXBHcHViay1ha3RDNkxnczZ0V1dMNGIwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAkDA/MA0G
CSqGSIb3DQEBCwUAA4IBAQDEh2UGsF8YfxuKbPFes0Cgr11SR0FD122oQo/p+/1E
StU6vsIA8ahiRWwL36LVDgMnRK40YQuQjy+O+5p1W7DvMMxIjHad6RRq6bS1B3o3
+sFx9eGsqnRcCv3QbLNRJPtJFS4f2ZCFBOxyuJUpsWWY2umjjgbAXvtICCHfglXC
b4Gluv+uPsP0rHdR8+dSr/v3hjJ+x5QGNp1ebFnTkgS7WaeyJfjVasa4IRJt/FSk
6Tb9XHw2yQP3DWep8Qz5s7dTIHCbXOPtBK8bsmFLJECqEIb5BF3vi7wpkAq+hnVC
Z7LmAonrcDLSz2Gn8LXl6Akxb1csFxL/lxQtlAOBt2KK
-----END CERTIFICATE-----