Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c7/7570e1-ae3d-4901-9c85-dcdc5cee276f/1/043uSXcEwcTZgUk5_ExSgvF0TDI.roa
File:                     043uSXcEwcTZgUk5_ExSgvF0TDI.roa (raw, json)
Hash identifier:          aKMAMHw8f6Tqa+Lu83OKVpFBIm3XSWZO6zpjohL8Alg=
Subject key identifier:   D3:8D:EE:49:77:04:C1:C4:D9:81:49:39:FC:4C:52:82:F1:74:4C:32
Certificate issuer:       /CN=295a92b778eddfa8dcd917cbb87cde31ba2c732f
Certificate serial:       0194282592F2A7D2EAC3BC2DD29EAC21D766
Authority key identifier: 29:5A:92:B7:78:ED:DF:A8:DC:D9:17:CB:B8:7C:DE:31:BA:2C:73:2F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KVqSt3jt36jc2RfLuHzeMboscy8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c7/7570e1-ae3d-4901-9c85-dcdc5cee276f/1/043uSXcEwcTZgUk5_ExSgvF0TDI.roa
Signing time:             Thu 02 Jan 2025 17:52:18 +0000
ROA not before:           Thu 02 Jan 2025 17:52:18 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     12306
IP address blocks:        194.56.221.0/24 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c7/7570e1-ae3d-4901-9c85-dcdc5cee276f/1/KVqSt3jt36jc2RfLuHzeMboscy8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c7/7570e1-ae3d-4901-9c85-dcdc5cee276f/1/KVqSt3jt36jc2RfLuHzeMboscy8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KVqSt3jt36jc2RfLuHzeMboscy8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 23:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:28:25:92:f2:a7:d2:ea:c3:bc:2d:d2:9e:ac:21:d7:66
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=295a92b778eddfa8dcd917cbb87cde31ba2c732f
        Validity
            Not Before: Jan  2 17:52:18 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d38dee497704c1c4d9814939fc4c5282f1744c32
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ed:ea:8e:ed:bd:bf:a8:40:5e:b5:01:ca:70:70:
                    02:25:67:50:7a:50:77:ab:51:d0:07:89:24:16:51:
                    41:01:74:55:e4:bf:c9:5d:77:30:32:a7:d9:36:36:
                    24:35:1d:b7:4f:24:15:9e:26:0a:81:cb:61:66:4d:
                    97:6b:ee:df:40:43:05:d7:3d:9c:ad:f7:05:da:fc:
                    9f:2f:09:99:60:a7:c5:15:02:07:5a:64:c4:b1:0a:
                    40:3a:33:ba:b2:87:f6:be:90:4c:55:62:70:1d:e9:
                    4a:76:89:e0:c4:69:83:65:a7:a8:a2:5d:bc:53:c2:
                    9b:cf:23:cc:29:fc:ed:74:75:b7:4a:4c:a2:f9:9a:
                    08:7b:17:ec:61:2c:b9:3b:aa:4f:0c:5d:7c:d5:90:
                    e2:af:9a:60:e8:ca:91:66:de:24:a2:8d:b6:ec:17:
                    6f:30:e6:83:12:7a:8d:de:81:47:44:76:83:12:14:
                    95:47:6b:e7:87:5e:2d:2c:68:22:46:2f:d6:85:e7:
                    dc:f6:c4:81:4e:fa:c6:c9:07:b5:27:94:d7:f7:5f:
                    c2:28:9b:31:19:26:41:79:1b:6d:e3:cf:82:b8:8b:
                    ef:1c:c7:99:67:70:de:78:eb:52:a9:25:e4:15:d1:
                    17:79:eb:3d:cf:78:bb:8b:17:4d:6c:cc:e0:06:f7:
                    6d:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D3:8D:EE:49:77:04:C1:C4:D9:81:49:39:FC:4C:52:82:F1:74:4C:32
            X509v3 Authority Key Identifier:
                keyid:29:5A:92:B7:78:ED:DF:A8:DC:D9:17:CB:B8:7C:DE:31:BA:2C:73:2F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KVqSt3jt36jc2RfLuHzeMboscy8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/7570e1-ae3d-4901-9c85-dcdc5cee276f/1/043uSXcEwcTZgUk5_ExSgvF0TDI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/7570e1-ae3d-4901-9c85-dcdc5cee276f/1/KVqSt3jt36jc2RfLuHzeMboscy8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.56.221.0/24

    Signature Algorithm: sha256WithRSAEncryption
         69:43:0f:cf:e8:06:dc:d6:d7:b2:fb:c5:f1:87:b6:3a:08:2a:
         ca:8e:d7:b5:6c:d3:6a:0c:a1:ab:7d:7a:34:98:27:ab:57:7e:
         47:47:3f:06:25:b2:fd:2b:e4:df:ad:b4:1e:a9:1b:98:cd:2f:
         6f:0f:b7:b7:62:5d:a6:e2:c5:94:1c:81:f3:1f:45:cc:5e:72:
         c8:a9:c0:44:87:09:e6:e1:72:d1:50:46:d9:21:ff:8e:8f:70:
         7c:19:28:64:c2:ea:2e:7f:b5:f0:e2:c7:7d:4d:7a:dc:82:d8:
         ce:a3:ad:c8:9d:b6:77:85:0f:41:62:27:6c:78:2d:cd:57:f7:
         54:8e:ad:0b:91:84:04:3b:af:28:06:41:e1:29:04:51:62:3b:
         fd:74:7c:ce:fb:56:b9:47:cf:93:d1:cb:6c:28:13:cd:9a:e4:
         3a:12:39:32:c3:d9:30:c5:72:96:3a:90:b0:80:1c:e7:3b:b6:
         57:b0:45:d1:d2:7c:c3:fe:84:36:d1:31:65:07:98:7c:2b:d5:
         71:cb:83:cf:20:8a:ad:a0:90:b0:99:f1:4e:6d:5c:fb:95:8e:
         35:bf:60:98:e0:83:02:32:b9:d7:f5:bb:01:dd:78:6c:a7:9b:
         5a:55:7a:06:ae:dd:14:42:ab:e1:96:ec:0d:90:79:6f:65:e4:
         01:fc:c1:75
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQoJZLyp9Lqw7wt0p6sIddmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI5NWE5MmI3NzhlZGRmYThkY2Q5MTdjYmI4N2NkZTMxYmEy
YzczMmYwHhcNMjUwMTAyMTc1MjE4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMzhkZWU0OTc3MDRjMWM0ZDk4MTQ5MzlmYzRjNTI4MmYxNzQ0YzMyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7eqO7b2/qEBetQHKcHACJWdQelB3
q1HQB4kkFlFBAXRV5L/JXXcwMqfZNjYkNR23TyQVniYKgcthZk2Xa+7fQEMF1z2c
rfcF2vyfLwmZYKfFFQIHWmTEsQpAOjO6sof2vpBMVWJwHelKdongxGmDZaeool28
U8KbzyPMKfztdHW3Skyi+ZoIexfsYSy5O6pPDF181ZDir5pg6MqRZt4koo227Bdv
MOaDEnqN3oFHRHaDEhSVR2vnh14tLGgiRi/Whefc9sSBTvrGyQe1J5TX91/CKJsx
GSZBeRtt48+CuIvvHMeZZ3DeeOtSqSXkFdEXees9z3i7ixdNbMzgBvdt2wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNON7kl3BMHE2YFJOfxMUoLxdEwyMB8GA1UdIwQY
MBaAFClakrd47d+o3NkXy7h83jG6LHMvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS1ZxU3QzanQzNmpjMlJmTHVIemVNYm9zY3k4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNy83NTcwZTEtYWUzZC00OTAxLTljODUt
ZGNkYzVjZWUyNzZmLzEvMDQzdVNYY0V3Y1RaZ1VrNV9FeFNndkYwVERJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNy83NTcwZTEtYWUzZC00OTAxLTljODUtZGNkYzVjZWUyNzZm
LzEvS1ZxU3QzanQzNmpjMlJmTHVIemVNYm9zY3k4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwjjdMA0G
CSqGSIb3DQEBCwUAA4IBAQBpQw/P6Abc1tey+8Xxh7Y6CCrKjte1bNNqDKGrfXo0
mCerV35HRz8GJbL9K+TfrbQeqRuYzS9vD7e3Yl2m4sWUHIHzH0XMXnLIqcBEhwnm
4XLRUEbZIf+Oj3B8GShkwuouf7Xw4sd9TXrcgtjOo63InbZ3hQ9BYidseC3NV/dU
jq0LkYQEO68oBkHhKQRRYjv9dHzO+1a5R8+T0ctsKBPNmuQ6Ejkyw9kwxXKWOpCw
gBznO7ZXsEXR0nzD/oQ20TFlB5h8K9Vxy4PPIIqtoJCwmfFObVz7lY41v2CY4IMC
MrnX9bsB3Xhsp5taVXoGrt0UQqvhluwNkHlvZeQB/MF1
-----END CERTIFICATE-----