Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c9/75ba72-d7b2-4283-9f0b-e3e5fa36bb2f/1/U2CfkbTtx4yBkybUh2khtkvWGcw.roa
File:                     U2CfkbTtx4yBkybUh2khtkvWGcw.roa (raw, json)
Hash identifier:          2JyqA2QMb2RljPRBnX+Xy8q+isyJqjDkSXr9/EJxr0I=
Subject key identifier:   53:60:9F:91:B4:ED:C7:8C:81:93:26:D4:87:69:21:B6:4B:D6:19:CC
Certificate issuer:       /CN=52302a45d0568486051a7ec466f03108c320b4c4
Certificate serial:       019424B3AEC335038461E0CEC7A393A697E0
Authority key identifier: 52:30:2A:45:D0:56:84:86:05:1A:7E:C4:66:F0:31:08:C3:20:B4:C4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/UjAqRdBWhIYFGn7EZvAxCMMgtMQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c9/75ba72-d7b2-4283-9f0b-e3e5fa36bb2f/1/U2CfkbTtx4yBkybUh2khtkvWGcw.roa
Signing time:             Thu 02 Jan 2025 01:49:02 +0000
ROA not before:           Thu 02 Jan 2025 01:49:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     14618
IP address blocks:        94.124.112.0/24 maxlen: 24
                          2a0c:b280::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c9/75ba72-d7b2-4283-9f0b-e3e5fa36bb2f/1/UjAqRdBWhIYFGn7EZvAxCMMgtMQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c9/75ba72-d7b2-4283-9f0b-e3e5fa36bb2f/1/UjAqRdBWhIYFGn7EZvAxCMMgtMQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/UjAqRdBWhIYFGn7EZvAxCMMgtMQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 16:01:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:b3:ae:c3:35:03:84:61:e0:ce:c7:a3:93:a6:97:e0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=52302a45d0568486051a7ec466f03108c320b4c4
        Validity
            Not Before: Jan  2 01:49:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=53609f91b4edc78c819326d4876921b64bd619cc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:24:48:06:80:d5:6c:05:a3:a6:00:6b:b1:53:
                    43:63:ff:02:c5:52:f4:0c:f4:21:b1:be:2a:b1:62:
                    64:51:45:3e:33:21:b9:d6:10:3f:74:b7:12:77:42:
                    49:4d:7d:4a:28:2c:f5:1d:90:19:72:6f:4f:6b:2c:
                    93:a1:df:f9:8b:96:32:d3:c7:c3:6d:4b:c7:d0:80:
                    94:04:fc:78:58:d8:7f:ac:88:62:71:f2:6d:e6:3e:
                    33:e0:69:26:41:4c:ea:96:58:7d:6d:0a:35:53:0a:
                    64:b6:e9:84:d2:88:15:91:5a:4e:c9:4a:51:89:d5:
                    c1:73:57:3c:ba:39:a4:25:f7:91:d5:32:ac:f6:55:
                    b4:b4:4a:d8:a2:03:80:66:39:38:65:97:63:a0:71:
                    5d:ec:5a:c8:c4:c9:95:5a:9b:99:82:58:e8:ee:db:
                    fb:9d:2e:a6:b8:75:78:2b:4d:7c:db:83:8e:68:a7:
                    a0:78:1d:36:da:a4:51:da:e7:7f:4e:06:09:9e:97:
                    f2:59:de:28:d7:37:9a:8a:53:e4:64:08:1d:d3:8e:
                    3d:1f:e4:d3:83:ab:e1:60:2a:62:37:ac:43:49:85:
                    05:05:60:de:b3:3e:c7:e1:ff:71:65:7c:bf:73:56:
                    e8:18:b6:71:0c:b9:8e:21:97:d3:d2:1d:cf:f4:09:
                    f8:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                53:60:9F:91:B4:ED:C7:8C:81:93:26:D4:87:69:21:B6:4B:D6:19:CC
            X509v3 Authority Key Identifier:
                keyid:52:30:2A:45:D0:56:84:86:05:1A:7E:C4:66:F0:31:08:C3:20:B4:C4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UjAqRdBWhIYFGn7EZvAxCMMgtMQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c9/75ba72-d7b2-4283-9f0b-e3e5fa36bb2f/1/U2CfkbTtx4yBkybUh2khtkvWGcw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c9/75ba72-d7b2-4283-9f0b-e3e5fa36bb2f/1/UjAqRdBWhIYFGn7EZvAxCMMgtMQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.124.112.0/24
                IPv6:
                  2a0c:b280::/48

    Signature Algorithm: sha256WithRSAEncryption
         9f:40:21:84:ae:db:a2:4d:23:c8:6e:67:1b:17:77:3a:8e:27:
         22:70:35:bb:bc:a3:02:52:ed:e9:0b:29:c5:94:bb:e4:fe:93:
         54:5e:ee:64:ce:89:df:c4:2d:06:4d:6e:9e:1d:14:7e:2d:23:
         66:f4:f8:44:d4:51:f1:54:6b:13:9a:0c:20:01:f5:8e:27:f4:
         41:d8:99:94:20:71:f6:32:47:b8:97:b3:9d:2e:17:3e:96:fa:
         36:c1:4f:cf:26:37:e9:1d:2c:9e:29:95:87:30:75:4c:47:91:
         76:09:86:0e:2d:12:80:74:18:fd:2a:a0:02:e9:db:8f:95:4d:
         fd:25:98:85:ee:05:82:7b:bf:b1:37:49:44:ba:f7:42:d1:9e:
         08:bc:f9:60:20:bf:66:a2:17:51:58:52:b6:41:e6:b6:ca:be:
         33:1a:56:eb:75:d8:d3:18:ef:43:ea:7e:e8:9b:45:32:07:37:
         2b:c1:88:6f:6b:dc:38:a7:93:22:31:f6:48:cd:d7:e3:53:ed:
         c6:76:8f:68:0f:ad:00:a9:34:4d:58:ca:28:67:f5:2f:9e:33:
         2b:44:4a:ea:35:cc:72:a0:3a:5f:4d:69:81:b9:0b:62:3e:54:
         6e:10:f0:e5:90:34:c3:3e:35:3d:65:23:d0:ff:9d:52:5c:2a:
         3e:06:4b:46
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZQks67DNQOEYeDOx6OTppfgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUyMzAyYTQ1ZDA1Njg0ODYwNTFhN2VjNDY2ZjAzMTA4YzMy
MGI0YzQwHhcNMjUwMTAyMDE0OTAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MzYwOWY5MWI0ZWRjNzhjODE5MzI2ZDQ4NzY5MjFiNjRiZDYxOWNjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzCRIBoDVbAWjpgBrsVNDY/8CxVL0
DPQhsb4qsWJkUUU+MyG51hA/dLcSd0JJTX1KKCz1HZAZcm9PayyTod/5i5Yy08fD
bUvH0ICUBPx4WNh/rIhicfJt5j4z4GkmQUzqllh9bQo1UwpktumE0ogVkVpOyUpR
idXBc1c8ujmkJfeR1TKs9lW0tErYogOAZjk4ZZdjoHFd7FrIxMmVWpuZgljo7tv7
nS6muHV4K01824OOaKegeB022qRR2ud/TgYJnpfyWd4o1zeailPkZAgd0449H+TT
g6vhYCpiN6xDSYUFBWDesz7H4f9xZXy/c1boGLZxDLmOIZfT0h3P9An49wIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFFNgn5G07ceMgZMm1IdpIbZL1hnMMB8GA1UdIwQY
MBaAFFIwKkXQVoSGBRp+xGbwMQjDILTEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVWpBcVJkQldoSVlGR243RVp2QXhDTU1ndE1RLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOS83NWJhNzItZDdiMi00MjgzLTlmMGIt
ZTNlNWZhMzZiYjJmLzEvVTJDZmtiVHR4NHlCa3liVWgya2h0a3ZXR2N3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOS83NWJhNzItZDdiMi00MjgzLTlmMGItZTNlNWZhMzZiYjJm
LzEvVWpBcVJkQldoSVlGR243RVp2QXhDTU1ndE1RLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAXnxwMA8E
AgACMAkDBwAqDLKAAAAwDQYJKoZIhvcNAQELBQADggEBAJ9AIYSu26JNI8huZxsX
dzqOJyJwNbu8owJS7ekLKcWUu+T+k1Re7mTOid/ELQZNbp4dFH4tI2b0+ETUUfFU
axOaDCAB9Y4n9EHYmZQgcfYyR7iXs50uFz6W+jbBT88mN+kdLJ4plYcwdUxHkXYJ
hg4tEoB0GP0qoALp24+VTf0lmIXuBYJ7v7E3SUS690LRngi8+WAgv2aiF1FYUrZB
5rbKvjMaVut12NMY70PqfuibRTIHNyvBiG9r3DinkyIx9kjN1+NT7cZ2j2gPrQCp
NE1Yyihn9S+eMytESuo1zHKgOl9NaYG5C2I+VG4Q8OWQNMM+NT1lI9D/nVJcKj4G
S0Y=
-----END CERTIFICATE-----