Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c8/a9c6da-8ea0-46b7-a1a6-99acb99ce754/1/sRd8z-EwhK3ouHw5BHpNBODZ84A.roa
File:                     sRd8z-EwhK3ouHw5BHpNBODZ84A.roa (raw, json)
Hash identifier:          +GNZIrXZ+Z4Q7XssnknpArc2GHObDsmt3A6ibn+MYt0=
Subject key identifier:   B1:17:7C:CF:E1:30:84:AD:E8:B8:7C:39:04:7A:4D:04:E0:D9:F3:80
Certificate issuer:       /CN=93677d7cb9271ce361256e9833cc7b14fd023ebe
Certificate serial:       01947347048C77A8DF8B54661B71C1D2FD2A
Authority key identifier: 93:67:7D:7C:B9:27:1C:E3:61:25:6E:98:33:CC:7B:14:FD:02:3E:BE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/k2d9fLknHONhJW6YM8x7FP0CPr4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c8/a9c6da-8ea0-46b7-a1a6-99acb99ce754/1/sRd8z-EwhK3ouHw5BHpNBODZ84A.roa
Signing time:             Fri 17 Jan 2025 08:00:21 +0000
ROA not before:           Fri 17 Jan 2025 08:00:21 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     6939
IP address blocks:        194.41.112.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c8/a9c6da-8ea0-46b7-a1a6-99acb99ce754/1/k2d9fLknHONhJW6YM8x7FP0CPr4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c8/a9c6da-8ea0-46b7-a1a6-99acb99ce754/1/k2d9fLknHONhJW6YM8x7FP0CPr4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/k2d9fLknHONhJW6YM8x7FP0CPr4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 12:00:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:73:47:04:8c:77:a8:df:8b:54:66:1b:71:c1:d2:fd:2a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=93677d7cb9271ce361256e9833cc7b14fd023ebe
        Validity
            Not Before: Jan 17 08:00:21 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b1177ccfe13084ade8b87c39047a4d04e0d9f380
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:7a:53:25:e3:b0:fa:c3:3d:78:0d:bc:12:f0:
                    66:f0:32:79:e3:66:09:4b:6b:4e:dd:0f:77:e4:cd:
                    82:71:4e:3b:1a:e0:c6:27:f0:dc:52:18:3e:bc:cf:
                    c8:f4:19:9a:dc:d6:93:d9:b7:3b:1c:a7:9c:f1:85:
                    b6:3e:38:5e:be:fd:e7:ac:3a:ec:d1:cd:03:20:56:
                    24:14:86:f1:4f:5a:98:40:10:13:83:7d:bf:ee:de:
                    0d:6e:06:a6:4a:b3:4c:74:97:57:70:6a:8c:aa:59:
                    b9:13:42:fe:35:00:a5:9e:8e:79:f9:72:1f:ce:9f:
                    37:39:2c:90:e8:a8:36:fb:e8:c5:51:25:c6:f8:ab:
                    8b:5f:04:ae:ec:54:5d:2d:4c:f7:6d:7c:83:3d:db:
                    a3:92:b8:c4:84:8a:d4:6b:25:4e:e5:df:ce:0c:95:
                    55:41:04:73:51:71:85:ea:1d:4f:fa:bb:fb:da:ad:
                    20:e3:47:c3:ae:82:ff:f4:28:9f:7b:91:22:68:12:
                    2d:ba:97:39:db:ab:98:11:fa:17:a2:5b:fe:b9:d2:
                    1c:2a:ce:69:0d:01:df:62:c4:44:45:72:68:b9:2c:
                    ae:ec:d4:be:b2:8d:fd:30:0f:31:86:e5:2f:de:f7:
                    50:98:7c:31:e2:5e:62:2f:5c:81:e1:82:27:2b:f4:
                    b7:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B1:17:7C:CF:E1:30:84:AD:E8:B8:7C:39:04:7A:4D:04:E0:D9:F3:80
            X509v3 Authority Key Identifier:
                keyid:93:67:7D:7C:B9:27:1C:E3:61:25:6E:98:33:CC:7B:14:FD:02:3E:BE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/k2d9fLknHONhJW6YM8x7FP0CPr4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/a9c6da-8ea0-46b7-a1a6-99acb99ce754/1/sRd8z-EwhK3ouHw5BHpNBODZ84A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/a9c6da-8ea0-46b7-a1a6-99acb99ce754/1/k2d9fLknHONhJW6YM8x7FP0CPr4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.41.112.0/22

    Signature Algorithm: sha256WithRSAEncryption
         84:2c:61:36:fe:9e:06:ff:f4:90:10:d9:a7:0f:1e:25:ad:bd:
         9d:87:53:e3:72:0e:02:84:0d:42:2c:0d:ea:c3:60:9a:97:9b:
         31:a5:fe:ba:6a:7c:3d:0d:c8:26:62:bc:13:1f:5e:0b:9a:fc:
         ef:e8:db:44:b0:e0:15:1e:e0:4e:6b:5d:39:c4:6e:02:42:61:
         da:2f:05:fa:ca:ec:d9:62:d9:9a:ab:92:ee:ca:8b:38:b9:fd:
         64:4a:8c:29:f9:15:00:69:21:38:e0:39:3a:10:23:50:39:a3:
         ba:1d:75:77:d6:4e:d4:c2:1f:43:f4:39:df:bd:dc:67:ea:6d:
         37:a6:b1:94:59:ca:54:0c:15:30:7c:26:0c:c9:54:e8:5a:5c:
         09:c2:ff:ff:93:6b:f2:cd:5b:a9:1d:82:25:9a:71:f5:d1:0a:
         c9:51:71:3d:bf:7f:23:22:d5:1f:f9:e8:1b:3e:86:b9:9b:56:
         35:0a:31:ec:9e:f4:7f:3f:13:08:d9:04:27:9c:7a:d2:51:d6:
         95:ce:6c:ba:2b:fa:d8:9a:d9:0a:f3:02:a0:ae:9b:d4:98:b6:
         02:fd:27:7d:76:e4:22:3d:5a:59:9f:bd:f4:40:15:cd:79:d2:
         35:5a:cf:db:a6:01:d4:81:ae:1d:99:9d:4f:c4:48:8d:3b:38:
         52:69:38:45
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZRzRwSMd6jfi1RmG3HB0v0qMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkzNjc3ZDdjYjkyNzFjZTM2MTI1NmU5ODMzY2M3YjE0ZmQw
MjNlYmUwHhcNMjUwMTE3MDgwMDIxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMTE3N2NjZmUxMzA4NGFkZThiODdjMzkwNDdhNGQwNGUwZDlmMzgwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz3pTJeOw+sM9eA28EvBm8DJ542YJ
S2tO3Q935M2CcU47GuDGJ/DcUhg+vM/I9Bma3NaT2bc7HKec8YW2Pjhevv3nrDrs
0c0DIFYkFIbxT1qYQBATg32/7t4NbgamSrNMdJdXcGqMqlm5E0L+NQClno55+XIf
zp83OSyQ6Kg2++jFUSXG+KuLXwSu7FRdLUz3bXyDPdujkrjEhIrUayVO5d/ODJVV
QQRzUXGF6h1P+rv72q0g40fDroL/9Cife5EiaBItupc526uYEfoXolv+udIcKs5p
DQHfYsRERXJouSyu7NS+so39MA8xhuUv3vdQmHwx4l5iL1yB4YInK/S3CQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLEXfM/hMISt6Lh8OQR6TQTg2fOAMB8GA1UdIwQY
MBaAFJNnfXy5JxzjYSVumDPMexT9Aj6+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvazJkOWZMa25IT05oSlc2WU04eDdGUDBDUHI0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOC9hOWM2ZGEtOGVhMC00NmI3LWExYTYt
OTlhY2I5OWNlNzU0LzEvc1JkOHotRXdoSzNvdUh3NUJIcE5CT0RaODRBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOC9hOWM2ZGEtOGVhMC00NmI3LWExYTYtOTlhY2I5OWNlNzU0
LzEvazJkOWZMa25IT05oSlc2WU04eDdGUDBDUHI0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCwilwMA0G
CSqGSIb3DQEBCwUAA4IBAQCELGE2/p4G//SQENmnDx4lrb2dh1Pjcg4ChA1CLA3q
w2Cal5sxpf66anw9DcgmYrwTH14Lmvzv6NtEsOAVHuBOa105xG4CQmHaLwX6yuzZ
Ytmaq5Luyos4uf1kSowp+RUAaSE44Dk6ECNQOaO6HXV31k7Uwh9D9Dnfvdxn6m03
prGUWcpUDBUwfCYMyVToWlwJwv//k2vyzVupHYIlmnH10QrJUXE9v38jItUf+egb
Poa5m1Y1CjHsnvR/PxMI2QQnnHrSUdaVzmy6K/rYmtkK8wKgrpvUmLYC/Sd9duQi
PVpZn730QBXNedI1Ws/bpgHUga4dmZ1PxEiNOzhSaThF
-----END CERTIFICATE-----