Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/Dw7uOZiHh8LZib0u1Aa-Bjhiu6M.roa
File:                     Dw7uOZiHh8LZib0u1Aa-Bjhiu6M.roa (raw, json)
Hash identifier:          Brbd6h3DS2Vw/Ipq1zV0fa/tXgI6XWS0m2yNaZRsJBY=
Subject key identifier:   0F:0E:EE:39:98:87:87:C2:D9:89:BD:2E:D4:06:BE:06:38:62:BB:A3
Certificate issuer:       /CN=b4f96345d3f22edb395d247f7b86d2d73e4a0091
Certificate serial:       019423D728B4F63D18B4447AB1449AA82DCD
Authority key identifier: B4:F9:63:45:D3:F2:2E:DB:39:5D:24:7F:7B:86:D2:D7:3E:4A:00:91
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/Dw7uOZiHh8LZib0u1Aa-Bjhiu6M.roa
Signing time:             Wed 01 Jan 2025 21:48:10 +0000
ROA not before:           Wed 01 Jan 2025 21:48:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     209962
IP address blocks:        194.36.176.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/tPljRdPyLts5XSR_e4bS1z5KAJE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/tPljRdPyLts5XSR_e4bS1z5KAJE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 10:07:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:d7:28:b4:f6:3d:18:b4:44:7a:b1:44:9a:a8:2d:cd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b4f96345d3f22edb395d247f7b86d2d73e4a0091
        Validity
            Not Before: Jan  1 21:48:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0f0eee39988787c2d989bd2ed406be063862bba3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:8b:5d:c2:a7:e7:22:ea:ce:6d:a6:23:ff:28:
                    63:c2:45:d7:da:3d:80:59:95:b9:7a:18:7b:68:02:
                    ee:b3:8e:ae:4a:9d:21:0c:8e:cd:51:43:fd:88:63:
                    90:e5:ba:5d:6c:50:48:88:0e:ed:c6:48:73:c5:01:
                    84:00:68:0a:08:52:0e:ed:5b:39:d4:16:45:74:7d:
                    c4:20:36:37:73:ba:b1:9d:ce:5c:d5:50:26:c7:84:
                    aa:e2:37:f0:ba:d8:b6:ba:11:24:80:a0:de:8b:a3:
                    c2:a4:4e:55:b5:06:35:31:ac:ed:f1:24:d6:cb:67:
                    d9:92:48:fa:31:9b:e6:7b:d4:3d:f3:4f:ea:cc:1a:
                    d3:7d:b9:b9:f3:ba:7b:7b:87:43:b6:e8:e9:59:8d:
                    14:a9:00:31:6c:12:34:e6:33:2a:c6:9e:47:18:cd:
                    36:e2:08:26:6c:ce:a1:bf:ac:00:0c:de:5f:da:c3:
                    17:16:d2:72:9e:12:67:e5:e6:50:1d:43:34:e4:5f:
                    3a:20:f7:89:33:fc:7f:26:2f:3f:2d:f9:9d:f6:d8:
                    b7:55:33:e6:57:95:54:14:82:4c:a8:b5:c3:0d:28:
                    ef:1f:76:f2:5c:d9:16:76:d2:77:fe:1f:ec:ed:3f:
                    b5:de:b7:b9:cf:56:16:d8:9d:cb:9c:17:18:ab:8c:
                    25:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0F:0E:EE:39:98:87:87:C2:D9:89:BD:2E:D4:06:BE:06:38:62:BB:A3
            X509v3 Authority Key Identifier:
                keyid:B4:F9:63:45:D3:F2:2E:DB:39:5D:24:7F:7B:86:D2:D7:3E:4A:00:91

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/Dw7uOZiHh8LZib0u1Aa-Bjhiu6M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/tPljRdPyLts5XSR_e4bS1z5KAJE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.36.176.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8e:e9:1d:26:2e:60:75:4a:cf:bf:ef:31:c0:76:64:5b:82:ee:
         09:11:3e:f6:f3:91:04:59:4e:a2:30:41:fb:eb:f0:0a:10:3c:
         44:ea:c7:76:8d:da:5c:8b:d1:cb:ca:17:84:ee:b1:34:87:73:
         96:81:74:a6:40:ec:94:9d:df:9f:47:fe:3a:bb:34:f3:61:86:
         f9:0f:1f:c3:ea:a8:e5:e2:a5:e6:4f:bb:5d:06:0c:59:5a:09:
         89:1f:52:f4:43:0f:7f:ea:fa:7a:f5:e6:f6:58:35:96:b2:b8:
         44:5c:11:d4:ed:d4:44:03:fe:3b:b0:2e:96:42:99:b0:37:72:
         32:cf:2b:b0:71:30:4e:d5:0f:53:5a:46:94:00:e3:56:45:92:
         f4:2f:20:1d:09:6b:bf:4a:81:36:69:43:f9:9f:b4:e4:dd:e2:
         24:fd:b7:ea:b2:01:33:c8:1b:83:35:6a:87:48:af:de:de:e6:
         b0:c6:6b:98:a6:e9:61:fe:a0:e7:85:77:1c:23:49:1a:83:da:
         1f:1b:2c:91:11:4a:b3:49:8d:43:b3:5f:70:13:22:37:f0:d4:
         6f:26:a3:93:7e:7a:a2:ca:ab:1c:3f:82:f9:0f:a4:07:43:84:
         da:10:e4:b3:33:02:27:61:ac:7b:98:93:39:4f:99:72:f8:db:
         ee:70:af:f1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQj1yi09j0YtER6sUSaqC3NMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0Zjk2MzQ1ZDNmMjJlZGIzOTVkMjQ3ZjdiODZkMmQ3M2U0
YTAwOTEwHhcNMjUwMTAxMjE0ODEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZjBlZWUzOTk4ODc4N2MyZDk4OWJkMmVkNDA2YmUwNjM4NjJiYmEzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoItdwqfnIurObaYj/yhjwkXX2j2A
WZW5ehh7aALus46uSp0hDI7NUUP9iGOQ5bpdbFBIiA7txkhzxQGEAGgKCFIO7Vs5
1BZFdH3EIDY3c7qxnc5c1VAmx4Sq4jfwuti2uhEkgKDei6PCpE5VtQY1Mazt8STW
y2fZkkj6MZvme9Q980/qzBrTfbm587p7e4dDtujpWY0UqQAxbBI05jMqxp5HGM02
4ggmbM6hv6wADN5f2sMXFtJynhJn5eZQHUM05F86IPeJM/x/Ji8/Lfmd9ti3VTPm
V5VUFIJMqLXDDSjvH3byXNkWdtJ3/h/s7T+13re5z1YW2J3LnBcYq4wlQwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFA8O7jmYh4fC2Ym9LtQGvgY4YrujMB8GA1UdIwQY
MBaAFLT5Y0XT8i7bOV0kf3uG0tc+SgCRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdFBsalJkUHlMdHM1WFNSX2U0YlMxejVLQUpFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNS84ZTEyMWQtNzNiMy00MzhhLTgzYzQt
NmZjMzQzZDc3Y2QyLzEvRHc3dU9aaUhoOExaaWIwdTFBYS1CamhpdTZNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNS84ZTEyMWQtNzNiMy00MzhhLTgzYzQtNmZjMzQzZDc3Y2Qy
LzEvdFBsalJkUHlMdHM1WFNSX2U0YlMxejVLQUpFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwiSwMA0G
CSqGSIb3DQEBCwUAA4IBAQCO6R0mLmB1Ss+/7zHAdmRbgu4JET7285EEWU6iMEH7
6/AKEDxE6sd2jdpci9HLyheE7rE0h3OWgXSmQOyUnd+fR/46uzTzYYb5Dx/D6qjl
4qXmT7tdBgxZWgmJH1L0Qw9/6vp69eb2WDWWsrhEXBHU7dREA/47sC6WQpmwN3Iy
zyuwcTBO1Q9TWkaUAONWRZL0LyAdCWu/SoE2aUP5n7Tk3eIk/bfqsgEzyBuDNWqH
SK/e3uawxmuYpulh/qDnhXccI0kag9ofGyyREUqzSY1Ds19wEyI38NRvJqOTfnqi
yqscP4L5D6QHQ4TaEOSzMwInYax7mJM5T5ly+NvucK/x
-----END CERTIFICATE-----