Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/nE4q77HuE9eMvcYlJ0VXC5AQzH4.roa
File:                     nE4q77HuE9eMvcYlJ0VXC5AQzH4.roa (raw, json)
Hash identifier:          xhWHmf0Wl/9mSIPxWksh0jgqlzI8er3WRgeIRoZRvn0=
Subject key identifier:   9C:4E:2A:EF:B1:EE:13:D7:8C:BD:C6:25:27:45:57:0B:90:10:CC:7E
Certificate issuer:       /CN=d475fb0934cf6a58dccef110875dbe5e3e8b6b75
Certificate serial:       01941F8CC0DE9AEA1EAFA271DA7897A3F532
Authority key identifier: D4:75:FB:09:34:CF:6A:58:DC:CE:F1:10:87:5D:BE:5E:3E:8B:6B:75
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1HX7CTTPaljczvEQh12-Xj6La3U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/nE4q77HuE9eMvcYlJ0VXC5AQzH4.roa
Signing time:             Wed 01 Jan 2025 01:48:25 +0000
ROA not before:           Wed 01 Jan 2025 01:48:25 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     206487
IP address blocks:        194.49.0.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/1HX7CTTPaljczvEQh12-Xj6La3U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/1HX7CTTPaljczvEQh12-Xj6La3U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1HX7CTTPaljczvEQh12-Xj6La3U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 17 Apr 2025 00:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:8c:c0:de:9a:ea:1e:af:a2:71:da:78:97:a3:f5:32
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d475fb0934cf6a58dccef110875dbe5e3e8b6b75
        Validity
            Not Before: Jan  1 01:48:25 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9c4e2aefb1ee13d78cbdc6252745570b9010cc7e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ea:2a:c8:46:2b:f3:16:7d:74:2e:23:38:1a:d7:
                    2f:62:24:db:28:b3:96:2b:94:2f:3c:37:26:c4:0c:
                    e0:21:7c:7a:0b:e6:b5:8f:39:00:91:31:f7:5b:03:
                    fe:0e:ba:4f:55:e2:f5:f4:e0:b6:63:5e:1c:5a:9b:
                    fe:1b:11:4e:9b:95:ed:f3:76:dd:3d:4a:3e:84:f7:
                    94:89:07:ac:52:37:da:c5:6a:03:6b:f8:97:3a:4c:
                    08:d7:38:30:53:96:60:02:a6:96:33:4e:d4:cf:84:
                    28:c5:3b:1e:42:b0:03:84:d6:d1:42:a4:35:d6:c5:
                    0f:6b:f7:61:ac:e3:4d:ff:3e:12:01:14:e8:7a:b4:
                    c5:dd:73:90:8a:4a:8f:93:56:35:b9:33:e6:af:e6:
                    b6:67:66:fc:2f:ee:53:1c:a8:5a:74:e4:da:30:59:
                    da:de:9f:c2:e6:a2:49:31:bb:2d:2b:ff:95:fe:69:
                    65:b3:0b:e3:2f:9b:63:3c:06:d7:88:ce:1e:f8:74:
                    cd:41:98:a8:b9:24:fe:0c:cb:20:5e:5a:ee:a0:f1:
                    2f:7a:93:d7:34:80:f0:e7:0a:20:df:00:d6:02:72:
                    60:c2:61:52:ea:ea:aa:2a:8a:f0:1d:3e:3f:6a:4a:
                    c0:a4:da:8d:01:db:a5:5e:c7:1c:13:74:43:c8:28:
                    6e:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9C:4E:2A:EF:B1:EE:13:D7:8C:BD:C6:25:27:45:57:0B:90:10:CC:7E
            X509v3 Authority Key Identifier:
                keyid:D4:75:FB:09:34:CF:6A:58:DC:CE:F1:10:87:5D:BE:5E:3E:8B:6B:75

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1HX7CTTPaljczvEQh12-Xj6La3U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/nE4q77HuE9eMvcYlJ0VXC5AQzH4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/1HX7CTTPaljczvEQh12-Xj6La3U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.49.0.0/22

    Signature Algorithm: sha256WithRSAEncryption
         2e:a3:ae:00:3e:c1:da:ad:d4:c6:07:58:c1:09:c5:73:fe:c7:
         51:49:81:d8:52:c4:cc:68:b9:82:cb:73:7d:66:26:47:2d:77:
         a9:73:67:65:89:79:b9:e3:14:34:a3:fb:dc:f6:f0:e4:ce:e3:
         e2:33:c7:82:8c:6e:c3:4f:3c:32:b5:d4:8e:3c:c1:9c:92:29:
         66:b0:74:1e:42:cd:b5:d6:0e:8e:16:bb:8c:ef:9c:5c:aa:83:
         71:58:3a:de:de:2b:ab:80:b8:4b:6f:7f:4a:14:f5:07:f6:79:
         17:2e:d3:9e:49:8b:d4:85:c2:8e:99:8b:b4:74:78:ca:2b:16:
         ae:89:6f:71:6e:f8:64:61:03:68:11:c4:76:bd:f3:94:73:89:
         0c:68:1d:3d:3c:fa:93:9d:80:d8:16:06:04:10:79:65:b7:53:
         11:1f:5b:9c:bc:7d:15:f0:a4:1c:a2:b4:8e:63:5e:c6:33:81:
         28:7c:97:10:83:a2:eb:68:fe:01:25:a4:d4:cb:41:40:7a:e1:
         50:a7:bf:d8:6b:23:52:16:a6:bf:d1:6d:7a:0c:37:a7:73:40:
         f6:63:ea:6f:a7:f0:d3:76:0f:84:d1:ce:ba:45:c6:34:69:93:
         f9:a1:f0:1f:a8:fd:d1:37:6d:64:9c:cc:2a:1f:e7:5f:96:1e:
         bc:15:e1:a0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQfjMDemuoer6Jx2niXo/UyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ0NzVmYjA5MzRjZjZhNThkY2NlZjExMDg3NWRiZTVlM2U4
YjZiNzUwHhcNMjUwMTAxMDE0ODI1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YzRlMmFlZmIxZWUxM2Q3OGNiZGM2MjUyNzQ1NTcwYjkwMTBjYzdlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6irIRivzFn10LiM4GtcvYiTbKLOW
K5QvPDcmxAzgIXx6C+a1jzkAkTH3WwP+DrpPVeL19OC2Y14cWpv+GxFOm5Xt83bd
PUo+hPeUiQesUjfaxWoDa/iXOkwI1zgwU5ZgAqaWM07Uz4QoxTseQrADhNbRQqQ1
1sUPa/dhrONN/z4SARToerTF3XOQikqPk1Y1uTPmr+a2Z2b8L+5THKhadOTaMFna
3p/C5qJJMbstK/+V/mllswvjL5tjPAbXiM4e+HTNQZiouST+DMsgXlruoPEvepPX
NIDw5wog3wDWAnJgwmFS6uqqKorwHT4/akrApNqNAdulXsccE3RDyChu5QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJxOKu+x7hPXjL3GJSdFVwuQEMx+MB8GA1UdIwQY
MBaAFNR1+wk0z2pY3M7xEIddvl4+i2t1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMUhYN0NUVFBhbGpjenZFUWgxMi1YajZMYTNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOC9iZmY0YWEtNGYwNy00MTI5LThhZDYt
Yzc5MTRhYjY0MjczLzEvbkU0cTc3SHVFOWVNdmNZbEowVlhDNUFRekg0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOC9iZmY0YWEtNGYwNy00MTI5LThhZDYtYzc5MTRhYjY0Mjcz
LzEvMUhYN0NUVFBhbGpjenZFUWgxMi1YajZMYTNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCwjEAMA0G
CSqGSIb3DQEBCwUAA4IBAQAuo64APsHardTGB1jBCcVz/sdRSYHYUsTMaLmCy3N9
ZiZHLXepc2dliXm54xQ0o/vc9vDkzuPiM8eCjG7DTzwytdSOPMGckilmsHQeQs21
1g6OFruM75xcqoNxWDre3iurgLhLb39KFPUH9nkXLtOeSYvUhcKOmYu0dHjKKxau
iW9xbvhkYQNoEcR2vfOUc4kMaB09PPqTnYDYFgYEEHllt1MRH1ucvH0V8KQcorSO
Y17GM4EofJcQg6LraP4BJaTUy0FAeuFQp7/YayNSFqa/0W16DDenc0D2Y+pvp/DT
dg+E0c66RcY0aZP5ofAfqP3RN21knMwqH+dflh68FeGg
-----END CERTIFICATE-----