Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c4/545258-f8a9-4ceb-b01b-c8df84e7ae29/1/Db4cgvqb5UOgeQz4JyUwJf6Q1lU.roa
File:                     Db4cgvqb5UOgeQz4JyUwJf6Q1lU.roa (raw, json)
Hash identifier:          zvZMT/bbatMS4tl05cs3bvS/uoQt4c5U4AeQiIO1dXo=
Subject key identifier:   0D:BE:1C:82:FA:9B:E5:43:A0:79:0C:F8:27:25:30:25:FE:90:D6:55
Certificate issuer:       /CN=2962478549d8cc264c2cc57dce71905d176fb88a
Certificate serial:       019422FB18F3FDBCC8552678834194BDE3E2
Authority key identifier: 29:62:47:85:49:D8:CC:26:4C:2C:C5:7D:CE:71:90:5D:17:6F:B8:8A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KWJHhUnYzCZMLMV9znGQXRdvuIo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c4/545258-f8a9-4ceb-b01b-c8df84e7ae29/1/Db4cgvqb5UOgeQz4JyUwJf6Q1lU.roa
Signing time:             Wed 01 Jan 2025 17:47:48 +0000
ROA not before:           Wed 01 Jan 2025 17:47:48 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     42909
IP address blocks:        194.0.1.0/24 maxlen: 24
                          2001:678:4::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c4/545258-f8a9-4ceb-b01b-c8df84e7ae29/1/KWJHhUnYzCZMLMV9znGQXRdvuIo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c4/545258-f8a9-4ceb-b01b-c8df84e7ae29/1/KWJHhUnYzCZMLMV9znGQXRdvuIo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KWJHhUnYzCZMLMV9znGQXRdvuIo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:fb:18:f3:fd:bc:c8:55:26:78:83:41:94:bd:e3:e2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2962478549d8cc264c2cc57dce71905d176fb88a
        Validity
            Not Before: Jan  1 17:47:48 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0dbe1c82fa9be543a0790cf827253025fe90d655
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:b2:6a:54:1c:c0:d8:e3:42:9e:84:b8:e5:8e:
                    ba:ae:30:eb:e0:54:85:87:c7:c1:1f:9a:f1:7d:d9:
                    c7:e4:23:c0:6f:75:1b:4b:9f:66:59:27:25:87:a3:
                    1c:8e:ff:c7:df:f5:11:78:73:e8:0e:23:46:41:49:
                    e2:39:9a:f1:8f:e9:e3:6b:cf:51:c0:65:ae:ad:89:
                    a0:a8:aa:5f:c2:57:99:46:28:df:e6:43:ac:5f:b2:
                    94:3e:8f:be:0f:ff:ab:2d:30:3c:a0:1d:80:99:bd:
                    90:15:13:fc:9f:69:e3:e9:9e:bb:d4:c1:f2:2a:f0:
                    29:ab:dd:e7:aa:2d:f8:4d:9b:3a:5e:da:24:a0:66:
                    df:a7:d1:b9:97:f2:8f:f8:e0:be:8d:d7:ae:76:4f:
                    8d:f9:68:1f:ae:0b:e0:19:51:82:97:fb:7c:ef:a3:
                    a1:3e:1b:e6:4c:b2:cb:95:a0:ac:a3:29:ce:38:2b:
                    43:0a:1a:c3:6a:08:d0:b5:82:64:5e:cb:a9:9d:90:
                    b4:a8:f8:d1:e1:f1:f7:e1:c6:39:39:38:a1:b1:7f:
                    9b:9b:7a:47:db:42:dc:08:10:65:7f:ba:37:b6:ed:
                    9e:e8:13:03:48:d6:b3:22:70:4b:3c:b8:2a:2b:6e:
                    50:14:ad:20:8c:9e:1f:e7:43:e5:c8:28:99:59:8e:
                    de:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0D:BE:1C:82:FA:9B:E5:43:A0:79:0C:F8:27:25:30:25:FE:90:D6:55
            X509v3 Authority Key Identifier:
                keyid:29:62:47:85:49:D8:CC:26:4C:2C:C5:7D:CE:71:90:5D:17:6F:B8:8A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KWJHhUnYzCZMLMV9znGQXRdvuIo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c4/545258-f8a9-4ceb-b01b-c8df84e7ae29/1/Db4cgvqb5UOgeQz4JyUwJf6Q1lU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c4/545258-f8a9-4ceb-b01b-c8df84e7ae29/1/KWJHhUnYzCZMLMV9znGQXRdvuIo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.0.1.0/24
                IPv6:
                  2001:678:4::/48

    Signature Algorithm: sha256WithRSAEncryption
         a1:e9:f5:e0:41:58:53:40:52:2f:cd:54:63:e3:25:69:78:c9:
         a0:bb:d9:13:33:c3:f2:a9:a5:db:9a:59:92:88:a5:5e:07:aa:
         55:12:38:e5:52:3f:9b:53:29:f7:5c:0f:be:b6:00:4d:97:bb:
         cc:01:b2:23:ae:57:6f:b1:ac:22:ff:f6:a2:a0:c4:44:d7:91:
         22:63:88:22:f8:c1:3d:2c:be:5c:fe:c1:79:8b:b8:f3:e2:84:
         28:52:bb:ee:6a:40:8f:c3:f3:fb:c9:52:ef:75:27:2c:1c:74:
         d3:4b:35:88:a1:8c:81:ca:2e:af:90:e2:5a:f1:42:3c:8a:d7:
         41:27:b7:d5:d3:e4:a9:b2:2e:69:a8:be:35:70:30:98:5d:59:
         5f:21:7e:d4:56:3c:92:69:b6:31:e8:85:b7:5e:c0:7f:c5:74:
         db:62:4a:9b:dc:18:f6:a3:04:7e:ae:5c:08:50:20:66:d6:72:
         76:21:5f:74:0d:69:44:01:6a:dd:d0:bd:f1:de:7c:f2:e5:07:
         02:27:3f:6e:a6:06:19:8d:68:01:f4:15:e4:40:69:ad:5e:66:
         b5:b3:b8:99:55:c2:0c:be:ed:31:1c:ab:ff:bd:aa:18:eb:17:
         e3:2a:82:be:5b:38:8f:96:0e:5b:3a:90:24:44:e1:45:bb:94:
         de:77:de:b1
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZQi+xjz/bzIVSZ4g0GUvePiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI5NjI0Nzg1NDlkOGNjMjY0YzJjYzU3ZGNlNzE5MDVkMTc2
ZmI4OGEwHhcNMjUwMTAxMTc0NzQ4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZGJlMWM4MmZhOWJlNTQzYTA3OTBjZjgyNzI1MzAyNWZlOTBkNjU1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx7JqVBzA2ONCnoS45Y66rjDr4FSF
h8fBH5rxfdnH5CPAb3UbS59mWSclh6Mcjv/H3/UReHPoDiNGQUniOZrxj+nja89R
wGWurYmgqKpfwleZRijf5kOsX7KUPo++D/+rLTA8oB2Amb2QFRP8n2nj6Z671MHy
KvApq93nqi34TZs6XtokoGbfp9G5l/KP+OC+jdeudk+N+WgfrgvgGVGCl/t876Oh
PhvmTLLLlaCsoynOOCtDChrDagjQtYJkXsupnZC0qPjR4fH34cY5OTihsX+bm3pH
20LcCBBlf7o3tu2e6BMDSNazInBLPLgqK25QFK0gjJ4f50PlyCiZWY7eoQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFA2+HIL6m+VDoHkM+CclMCX+kNZVMB8GA1UdIwQY
MBaAFCliR4VJ2MwmTCzFfc5xkF0Xb7iKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS1dKSGhVbll6Q1pNTE1WOXpuR1FYUmR2dUlvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNC81NDUyNTgtZjhhOS00Y2ViLWIwMWIt
YzhkZjg0ZTdhZTI5LzEvRGI0Y2d2cWI1VU9nZVF6NEp5VXdKZjZRMWxVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNC81NDUyNTgtZjhhOS00Y2ViLWIwMWItYzhkZjg0ZTdhZTI5
LzEvS1dKSGhVbll6Q1pNTE1WOXpuR1FYUmR2dUlvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAwgABMA8E
AgACMAkDBwAgAQZ4AAQwDQYJKoZIhvcNAQELBQADggEBAKHp9eBBWFNAUi/NVGPj
JWl4yaC72RMzw/KppduaWZKIpV4HqlUSOOVSP5tTKfdcD762AE2Xu8wBsiOuV2+x
rCL/9qKgxETXkSJjiCL4wT0svlz+wXmLuPPihChSu+5qQI/D8/vJUu91JywcdNNL
NYihjIHKLq+Q4lrxQjyK10Ent9XT5KmyLmmovjVwMJhdWV8hftRWPJJptjHohbde
wH/FdNtiSpvcGPajBH6uXAhQIGbWcnYhX3QNaUQBat3QvfHefPLlBwInP26mBhmN
aAH0FeRAaa1eZrWzuJlVwgy+7TEcq/+9qhjrF+Mqgr5bOI+WDls6kCRE4UW7lN53
3rE=
-----END CERTIFICATE-----