Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c5/9bcbaf-4993-4d08-b9a8-0355ef11589c/1/JtwVZJ2q-er-ZyfG4We1Ih9BT0U.roa
File:                     JtwVZJ2q-er-ZyfG4We1Ih9BT0U.roa (raw, json)
Hash identifier:          xnd0jnisgvFr2C1BnV+wtzkH+5RWNTZh9FBZUZ5Hu3E=
Subject key identifier:   26:DC:15:64:9D:AA:F9:EA:FE:67:27:C6:E1:67:B5:22:1F:41:4F:45
Certificate issuer:       /CN=48c39de25ffa7eaf02b2a6d8c2cf6e2ceb562bf3
Certificate serial:       019420D5B792A2380DA9DAA2C9D91EEEFA48
Authority key identifier: 48:C3:9D:E2:5F:FA:7E:AF:02:B2:A6:D8:C2:CF:6E:2C:EB:56:2B:F3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/SMOd4l_6fq8CsqbYws9uLOtWK_M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c5/9bcbaf-4993-4d08-b9a8-0355ef11589c/1/JtwVZJ2q-er-ZyfG4We1Ih9BT0U.roa
Signing time:             Wed 01 Jan 2025 07:47:44 +0000
ROA not before:           Wed 01 Jan 2025 07:47:44 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     42867
IP address blocks:        194.143.140.0/23 maxlen: 23
                          194.143.140.0/24 maxlen: 24
                          194.143.141.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c5/9bcbaf-4993-4d08-b9a8-0355ef11589c/1/SMOd4l_6fq8CsqbYws9uLOtWK_M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c5/9bcbaf-4993-4d08-b9a8-0355ef11589c/1/SMOd4l_6fq8CsqbYws9uLOtWK_M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/SMOd4l_6fq8CsqbYws9uLOtWK_M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 22 Feb 2025 07:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:d5:b7:92:a2:38:0d:a9:da:a2:c9:d9:1e:ee:fa:48
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=48c39de25ffa7eaf02b2a6d8c2cf6e2ceb562bf3
        Validity
            Not Before: Jan  1 07:47:44 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=26dc15649daaf9eafe6727c6e167b5221f414f45
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e5:b3:cd:51:9c:19:62:8c:8b:6f:e8:f5:e9:ba:
                    3d:19:16:af:9c:fb:29:f7:00:94:e0:6f:2b:13:03:
                    13:24:d1:2f:4f:f4:75:5c:2f:91:5f:cf:1d:34:09:
                    ca:1c:94:c0:85:b2:24:1b:92:81:ef:1a:8f:f7:c3:
                    fe:17:ee:81:28:8d:fa:2b:b1:e2:e9:76:19:82:10:
                    f7:78:22:02:0a:a6:3e:84:f5:fa:d8:bd:27:ae:02:
                    81:34:87:2a:34:a9:a0:f9:8b:76:2c:f3:5d:6e:af:
                    ef:e8:ca:63:61:d2:ae:ee:dd:86:2b:75:f2:61:da:
                    7b:72:e3:83:a6:85:aa:7c:5f:5f:db:a7:51:75:1a:
                    7d:17:7d:3d:b8:95:57:06:f7:6e:3d:03:6f:c6:e6:
                    f5:7c:28:a0:d3:90:e2:a4:eb:4e:b9:2b:2a:b7:bc:
                    57:70:e9:58:69:d2:d6:cb:8b:6a:da:c6:a9:1c:f6:
                    58:52:3f:1b:67:dd:00:d5:89:04:bd:b5:21:14:f1:
                    d6:71:d7:26:bc:d3:97:0c:86:8b:d2:28:f6:ae:ed:
                    68:d4:a8:3c:ce:c0:7d:70:0b:74:05:9e:95:46:27:
                    3c:63:32:cd:12:ac:de:c3:96:0b:15:e4:19:a7:99:
                    58:60:77:fa:d7:bc:ca:67:ea:6d:d3:67:89:84:25:
                    a8:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                26:DC:15:64:9D:AA:F9:EA:FE:67:27:C6:E1:67:B5:22:1F:41:4F:45
            X509v3 Authority Key Identifier:
                keyid:48:C3:9D:E2:5F:FA:7E:AF:02:B2:A6:D8:C2:CF:6E:2C:EB:56:2B:F3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SMOd4l_6fq8CsqbYws9uLOtWK_M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/9bcbaf-4993-4d08-b9a8-0355ef11589c/1/JtwVZJ2q-er-ZyfG4We1Ih9BT0U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/9bcbaf-4993-4d08-b9a8-0355ef11589c/1/SMOd4l_6fq8CsqbYws9uLOtWK_M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.143.140.0/23

    Signature Algorithm: sha256WithRSAEncryption
         6d:66:77:d8:6c:36:ff:80:7d:4e:d4:c7:24:ee:02:63:d7:06:
         27:d1:f7:30:34:ec:ea:ed:c3:e8:97:a3:a3:bd:66:0d:67:75:
         fe:52:bb:8f:e2:58:f7:0b:d2:d3:ad:6e:51:24:9f:22:69:71:
         05:d8:62:7b:35:09:24:74:f0:84:c9:27:ec:1a:1c:f1:d2:5e:
         7d:a7:b9:18:5a:c7:6c:a0:83:15:37:83:3b:5b:c2:03:ee:9f:
         9d:0f:68:69:06:be:12:05:f8:40:4a:ed:17:07:c4:68:f5:78:
         e0:64:af:bc:ee:d7:99:98:47:05:53:23:20:f3:de:34:33:12:
         ef:d0:96:46:be:fe:34:3f:56:da:bd:35:2f:de:86:55:e5:da:
         3f:f9:d5:1c:fd:55:af:f4:3b:25:81:da:d3:26:05:17:14:b7:
         d7:81:3f:e8:6d:11:a6:15:0b:ff:19:ec:8b:53:9e:8b:32:2c:
         b7:61:15:f2:aa:ab:22:21:61:ea:fa:49:d4:82:38:2e:8a:f3:
         ae:d6:e2:ea:f5:cc:62:3a:ea:3c:54:f0:8f:23:c7:bd:7e:dc:
         a2:e0:c5:70:ef:8f:9c:fb:52:b0:99:d3:43:68:4d:fd:f3:17:
         af:89:92:4c:bc:fb:ee:91:d9:4e:54:48:30:8b:ff:65:91:e0:
         2c:ab:1a:73
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQg1beSojgNqdqiydke7vpIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ4YzM5ZGUyNWZmYTdlYWYwMmIyYTZkOGMyY2Y2ZTJjZWI1
NjJiZjMwHhcNMjUwMTAxMDc0NzQ0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNmRjMTU2NDlkYWFmOWVhZmU2NzI3YzZlMTY3YjUyMjFmNDE0ZjQ1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5bPNUZwZYoyLb+j16bo9GRavnPsp
9wCU4G8rEwMTJNEvT/R1XC+RX88dNAnKHJTAhbIkG5KB7xqP98P+F+6BKI36K7Hi
6XYZghD3eCICCqY+hPX62L0nrgKBNIcqNKmg+Yt2LPNdbq/v6MpjYdKu7t2GK3Xy
Ydp7cuODpoWqfF9f26dRdRp9F309uJVXBvduPQNvxub1fCig05DipOtOuSsqt7xX
cOlYadLWy4tq2sapHPZYUj8bZ90A1YkEvbUhFPHWcdcmvNOXDIaL0ij2ru1o1Kg8
zsB9cAt0BZ6VRic8YzLNEqzew5YLFeQZp5lYYHf617zKZ+pt02eJhCWoqwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCbcFWSdqvnq/mcnxuFntSIfQU9FMB8GA1UdIwQY
MBaAFEjDneJf+n6vArKm2MLPbizrVivzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU01PZDRsXzZmcThDc3FiWXdzOXVMT3RXS19NLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNS85YmNiYWYtNDk5My00ZDA4LWI5YTgt
MDM1NWVmMTE1ODljLzEvSnR3VlpKMnEtZXItWnlmRzRXZTFJaDlCVDBVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNS85YmNiYWYtNDk5My00ZDA4LWI5YTgtMDM1NWVmMTE1ODlj
LzEvU01PZDRsXzZmcThDc3FiWXdzOXVMT3RXS19NLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwo+MMA0G
CSqGSIb3DQEBCwUAA4IBAQBtZnfYbDb/gH1O1Mck7gJj1wYn0fcwNOzq7cPol6Oj
vWYNZ3X+UruP4lj3C9LTrW5RJJ8iaXEF2GJ7NQkkdPCEySfsGhzx0l59p7kYWsds
oIMVN4M7W8ID7p+dD2hpBr4SBfhASu0XB8Ro9XjgZK+87teZmEcFUyMg8940MxLv
0JZGvv40P1bavTUv3oZV5do/+dUc/VWv9DslgdrTJgUXFLfXgT/obRGmFQv/GeyL
U56LMiy3YRXyqqsiIWHq+knUgjguivOu1uLq9cxiOuo8VPCPI8e9ftyi4MVw74+c
+1KwmdNDaE398xeviZJMvPvukdlOVEgwi/9lkeAsqxpz
-----END CERTIFICATE-----