Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cf/fd362f-afcb-4cf5-98c6-0948989e6d55/1/1-kafx5uukED-cVD9M8HBDgaFgg0.roa
File:                     1-kafx5uukED-cVD9M8HBDgaFgg0.roa (raw, json)
Hash identifier:          PWocnJOuokdwKpwSEW7IFlIibLEN7/bxY0Rx7gU9odc=
Subject key identifier:   FA:46:9F:C7:9B:AE:90:40:FE:71:50:FD:33:C1:C1:0E:06:85:82:0D
Certificate issuer:       /CN=7c3d022a240ce71e0a6e1e9aae0112da840cc34b
Certificate serial:       01942143E607D0C2F1A1C9B49EEA930FF9F7
Authority key identifier: 7C:3D:02:2A:24:0C:E7:1E:0A:6E:1E:9A:AE:01:12:DA:84:0C:C3:4B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fD0CKiQM5x4Kbh6argES2oQMw0s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cf/fd362f-afcb-4cf5-98c6-0948989e6d55/1/1-kafx5uukED-cVD9M8HBDgaFgg0.roa
Signing time:             Wed 01 Jan 2025 09:48:05 +0000
ROA not before:           Wed 01 Jan 2025 09:48:05 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     44436
IP address blocks:        194.59.214.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cf/fd362f-afcb-4cf5-98c6-0948989e6d55/1/fD0CKiQM5x4Kbh6argES2oQMw0s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cf/fd362f-afcb-4cf5-98c6-0948989e6d55/1/fD0CKiQM5x4Kbh6argES2oQMw0s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fD0CKiQM5x4Kbh6argES2oQMw0s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:43:e6:07:d0:c2:f1:a1:c9:b4:9e:ea:93:0f:f9:f7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7c3d022a240ce71e0a6e1e9aae0112da840cc34b
        Validity
            Not Before: Jan  1 09:48:05 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=fa469fc79bae9040fe7150fd33c1c10e0685820d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:65:8c:02:70:5d:3e:ab:f2:7e:6f:92:22:7f:
                    c8:23:e7:b3:db:99:d6:08:73:2d:d2:53:9c:10:54:
                    db:82:9b:3b:ec:f2:b1:30:9b:67:a0:cb:27:bb:43:
                    37:2d:12:32:15:eb:10:56:21:a1:bf:bc:20:6a:64:
                    34:87:21:b4:ce:4d:5d:b5:7a:b8:bf:e7:1d:0e:43:
                    28:54:7e:0c:63:64:ef:2c:8d:07:a9:0c:48:46:5c:
                    cb:86:48:8b:4a:ee:6d:84:04:94:e6:e8:53:1f:b0:
                    e4:bd:a0:eb:69:89:58:32:e1:3e:a9:fa:75:88:66:
                    9e:58:dd:9d:d6:3b:86:7b:3c:96:76:fe:1f:7a:5c:
                    92:1b:88:99:7d:4e:c8:6a:3b:8f:2d:46:4c:7e:c6:
                    c1:f6:f6:69:c1:2a:73:66:ab:8c:c2:31:02:bf:4e:
                    ef:35:f4:5b:cb:89:23:6b:d6:5f:60:01:41:93:c9:
                    fd:bb:13:ff:12:ff:0a:2c:14:9a:29:69:32:c4:6a:
                    cd:dd:a4:d9:4e:80:ed:e0:48:98:6e:28:2f:b7:d2:
                    7a:05:56:11:77:16:94:4c:26:8e:7d:33:22:d9:73:
                    81:61:a3:a9:cd:24:fe:17:df:24:0e:7a:52:c7:46:
                    16:d5:b7:27:98:80:3a:ac:fc:1f:0e:de:01:13:f3:
                    34:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FA:46:9F:C7:9B:AE:90:40:FE:71:50:FD:33:C1:C1:0E:06:85:82:0D
            X509v3 Authority Key Identifier:
                keyid:7C:3D:02:2A:24:0C:E7:1E:0A:6E:1E:9A:AE:01:12:DA:84:0C:C3:4B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fD0CKiQM5x4Kbh6argES2oQMw0s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cf/fd362f-afcb-4cf5-98c6-0948989e6d55/1/1-kafx5uukED-cVD9M8HBDgaFgg0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cf/fd362f-afcb-4cf5-98c6-0948989e6d55/1/fD0CKiQM5x4Kbh6argES2oQMw0s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.59.214.0/24

    Signature Algorithm: sha256WithRSAEncryption
         90:8d:09:61:7e:6f:e0:79:f7:18:f7:0e:81:41:3b:19:f4:7b:
         7b:76:8e:6a:0b:30:e2:af:7d:8f:9f:78:39:40:4c:8b:ad:d6:
         43:41:e5:a7:01:25:80:5a:0b:23:a7:30:24:80:a9:38:fc:9f:
         58:b3:d4:db:54:dc:a2:ae:af:da:96:9a:9f:4e:d0:f8:bc:6d:
         c5:1a:50:5d:f5:16:5f:ca:64:12:4a:50:b9:9d:a7:bb:8e:b6:
         46:1a:c3:fb:4d:7c:94:e0:7f:8c:da:27:02:8d:b5:10:c1:a8:
         ca:60:b9:07:74:79:43:7f:a1:e7:e5:1a:c4:1b:8b:4c:61:b9:
         07:22:6a:6c:02:fe:cf:e8:0c:21:bf:56:58:f9:1d:c9:28:15:
         65:a0:bd:e1:50:df:05:87:6b:f1:ed:6d:db:8f:77:7e:86:3e:
         5f:2a:dc:dc:03:1b:dc:67:04:1f:83:90:0a:3c:3b:d6:51:b6:
         23:05:18:a9:47:26:71:ae:f3:29:31:fa:ce:a4:f6:83:20:84:
         90:e1:28:c6:7f:15:56:0d:20:fe:51:76:c8:dc:3e:cb:4f:52:
         c3:09:8e:aa:d2:02:44:02:ff:02:45:bf:c4:9e:ed:6c:d5:3c:
         96:cf:65:a7:1a:1d:3d:db:13:24:1e:68:df:30:d9:d0:3b:1d:
         1f:92:64:5e
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZQhQ+YH0MLxocm0nuqTD/n3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdjM2QwMjJhMjQwY2U3MWUwYTZlMWU5YWFlMDExMmRhODQw
Y2MzNGIwHhcNMjUwMTAxMDk0ODA1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYTQ2OWZjNzliYWU5MDQwZmU3MTUwZmQzM2MxYzEwZTA2ODU4MjBkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyGWMAnBdPqvyfm+SIn/II+ez25nW
CHMt0lOcEFTbgps77PKxMJtnoMsnu0M3LRIyFesQViGhv7wgamQ0hyG0zk1dtXq4
v+cdDkMoVH4MY2TvLI0HqQxIRlzLhkiLSu5thASU5uhTH7DkvaDraYlYMuE+qfp1
iGaeWN2d1juGezyWdv4felySG4iZfU7IajuPLUZMfsbB9vZpwSpzZquMwjECv07v
NfRby4kja9ZfYAFBk8n9uxP/Ev8KLBSaKWkyxGrN3aTZToDt4EiYbigvt9J6BVYR
dxaUTCaOfTMi2XOBYaOpzST+F98kDnpSx0YW1bcnmIA6rPwfDt4BE/M0QQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFPpGn8ebrpBA/nFQ/TPBwQ4GhYINMB8GA1UdIwQY
MBaAFHw9AiokDOceCm4emq4BEtqEDMNLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZkQwQ0tpUU01eDRLYmg2YXJnRVMyb1FNdzBzLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZi9mZDM2MmYtYWZjYi00Y2Y1LTk4YzYt
MDk0ODk4OWU2ZDU1LzEvMS1rYWZ4NXV1a0VELWNWRDlNOEhCRGdhRmdnMC5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvY2YvZmQzNjJmLWFmY2ItNGNmNS05OGM2LTA5NDg5ODllNmQ1
NS8xL2ZEMENLaVFNNXg0S2JoNmFyZ0VTMm9RTXcwcy5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAMI71jAN
BgkqhkiG9w0BAQsFAAOCAQEAkI0JYX5v4Hn3GPcOgUE7GfR7e3aOagsw4q99j594
OUBMi63WQ0HlpwElgFoLI6cwJICpOPyfWLPU21Tcoq6v2paan07Q+LxtxRpQXfUW
X8pkEkpQuZ2nu462RhrD+018lOB/jNonAo21EMGoymC5B3R5Q3+h5+UaxBuLTGG5
ByJqbAL+z+gMIb9WWPkdySgVZaC94VDfBYdr8e1t2493foY+Xyrc3AMb3GcEH4OQ
Cjw71lG2IwUYqUcmca7zKTH6zqT2gyCEkOEoxn8VVg0g/lF2yNw+y09SwwmOqtIC
RAL/AkW/xJ7tbNU8ls9lpxodPdsTJB5o3zDZ0DsdH5JkXg==
-----END CERTIFICATE-----