Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d2/081e96-10e1-4c97-b932-1daf80c519d0/1/1-jgtOPobXCJDbrHGNdmL9rzJbgM.roa
File:                     1-jgtOPobXCJDbrHGNdmL9rzJbgM.roa (raw, json)
Hash identifier:          uCWGxr32WWfEG1/b7Z2jim0tRFwDuOHUsX5k577/0+I=
Subject key identifier:   FA:38:2D:38:FA:1B:5C:22:43:6E:B1:C6:35:D9:8B:F6:BC:C9:6E:03
Certificate issuer:       /CN=743d850cd12a363ddcdb0dc273e1dfc863b705f7
Certificate serial:       019426D92E82351CDC0025BE810D3E56C65A
Authority key identifier: 74:3D:85:0C:D1:2A:36:3D:DC:DB:0D:C2:73:E1:DF:C8:63:B7:05:F7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dD2FDNEqNj3c2w3Cc-HfyGO3Bfc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d2/081e96-10e1-4c97-b932-1daf80c519d0/1/1-jgtOPobXCJDbrHGNdmL9rzJbgM.roa
Signing time:             Thu 02 Jan 2025 11:49:14 +0000
ROA not before:           Thu 02 Jan 2025 11:49:14 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     42415
IP address blocks:        194.6.255.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d2/081e96-10e1-4c97-b932-1daf80c519d0/1/dD2FDNEqNj3c2w3Cc-HfyGO3Bfc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d2/081e96-10e1-4c97-b932-1daf80c519d0/1/dD2FDNEqNj3c2w3Cc-HfyGO3Bfc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dD2FDNEqNj3c2w3Cc-HfyGO3Bfc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 13 Apr 2025 23:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:d9:2e:82:35:1c:dc:00:25:be:81:0d:3e:56:c6:5a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=743d850cd12a363ddcdb0dc273e1dfc863b705f7
        Validity
            Not Before: Jan  2 11:49:14 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=fa382d38fa1b5c22436eb1c635d98bf6bcc96e03
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:de:af:c0:5e:e6:57:16:86:82:f9:79:72:df:28:
                    52:a6:02:3c:a5:60:7c:9a:6d:ca:83:60:fc:d7:66:
                    bd:53:f3:9d:a2:91:9e:06:a0:23:ab:e3:4c:2b:da:
                    da:fb:c1:1e:13:58:5c:1b:4a:29:34:9a:e3:f0:a2:
                    2a:b2:5d:a8:68:b5:5b:97:f9:58:f9:db:60:ed:ac:
                    b2:11:dc:b0:3c:eb:eb:93:ff:67:9a:13:3e:39:45:
                    8a:d2:bd:1a:7f:e5:71:ea:d5:d9:54:1a:a5:d9:85:
                    5f:f0:3b:00:5f:38:a3:24:4e:47:1b:e5:b4:4e:f7:
                    95:8a:99:df:75:f7:7b:cc:88:35:59:ee:41:77:86:
                    7b:92:1c:a9:e9:73:1d:d5:f0:78:02:d8:09:40:f4:
                    3b:7f:08:bd:80:02:a2:f6:6d:04:37:98:4c:e4:fd:
                    6a:c9:48:36:7b:02:09:76:77:2a:28:36:77:63:2a:
                    72:2f:23:38:20:2e:48:1e:3f:6c:70:af:92:ed:fd:
                    24:53:a2:be:c6:17:57:c9:d2:14:50:8c:da:02:cf:
                    57:96:dd:f1:98:63:e3:04:47:0c:72:13:e0:56:20:
                    94:4f:5a:2d:f4:7d:05:69:00:86:2e:eb:52:79:bc:
                    e7:b3:f4:0e:70:88:00:c7:46:c2:3b:5f:33:62:5b:
                    39:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FA:38:2D:38:FA:1B:5C:22:43:6E:B1:C6:35:D9:8B:F6:BC:C9:6E:03
            X509v3 Authority Key Identifier:
                keyid:74:3D:85:0C:D1:2A:36:3D:DC:DB:0D:C2:73:E1:DF:C8:63:B7:05:F7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dD2FDNEqNj3c2w3Cc-HfyGO3Bfc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d2/081e96-10e1-4c97-b932-1daf80c519d0/1/1-jgtOPobXCJDbrHGNdmL9rzJbgM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d2/081e96-10e1-4c97-b932-1daf80c519d0/1/dD2FDNEqNj3c2w3Cc-HfyGO3Bfc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.6.255.0/24

    Signature Algorithm: sha256WithRSAEncryption
         06:55:b4:0c:a2:a6:18:7a:0a:cd:db:87:01:88:16:db:c1:32:
         41:8b:50:f0:4e:db:18:80:8f:32:b6:53:aa:3e:e8:ae:ed:f2:
         53:23:f6:30:98:cf:b4:fd:d9:7a:a1:c5:9f:64:be:69:3c:cc:
         5c:ab:09:4e:b2:86:cd:77:58:f9:ad:77:08:c5:5e:5b:5d:ec:
         a6:89:13:24:ee:d9:85:17:67:fc:59:7d:c6:0f:57:33:ce:d5:
         ca:25:65:0f:a9:69:17:e8:b1:21:41:f7:14:ed:61:28:19:61:
         fe:13:41:55:7e:ad:d3:ac:fd:b1:37:75:bb:4f:54:3d:2c:ac:
         18:41:44:e3:50:51:8b:8e:e1:bf:64:df:07:af:ef:9b:56:ff:
         a1:10:9c:75:7e:13:24:c6:5f:90:2e:70:2f:67:3b:04:00:91:
         2e:55:8f:00:62:39:08:cd:04:06:9b:86:d7:12:62:b2:50:77:
         1a:e3:55:d8:c8:bd:f4:2d:b3:1f:ab:13:c9:13:d1:44:5a:42:
         e2:ac:ab:f6:e1:20:d1:ff:7f:99:43:06:64:e5:18:ec:04:df:
         9a:14:b0:91:ad:c0:c0:2e:b0:50:89:03:9a:10:c1:32:81:38:
         d6:a1:d6:d2:41:3e:53:30:21:a5:7e:ce:08:80:83:a2:10:e1:
         5a:d5:d5:11
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZQm2S6CNRzcACW+gQ0+VsZaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc0M2Q4NTBjZDEyYTM2M2RkY2RiMGRjMjczZTFkZmM4NjNi
NzA1ZjcwHhcNMjUwMTAyMTE0OTE0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYTM4MmQzOGZhMWI1YzIyNDM2ZWIxYzYzNWQ5OGJmNmJjYzk2ZTAzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3q/AXuZXFoaC+Xly3yhSpgI8pWB8
mm3Kg2D812a9U/OdopGeBqAjq+NMK9ra+8EeE1hcG0opNJrj8KIqsl2oaLVbl/lY
+dtg7ayyEdywPOvrk/9nmhM+OUWK0r0af+Vx6tXZVBql2YVf8DsAXzijJE5HG+W0
TveVipnfdfd7zIg1We5Bd4Z7khyp6XMd1fB4AtgJQPQ7fwi9gAKi9m0EN5hM5P1q
yUg2ewIJdncqKDZ3YypyLyM4IC5IHj9scK+S7f0kU6K+xhdXydIUUIzaAs9Xlt3x
mGPjBEcMchPgViCUT1ot9H0FaQCGLutSebzns/QOcIgAx0bCO18zYls5oQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFPo4LTj6G1wiQ26xxjXZi/a8yW4DMB8GA1UdIwQY
MBaAFHQ9hQzRKjY93NsNwnPh38hjtwX3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZEQyRkRORXFOajNjMnczQ2MtSGZ5R08zQmZjLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMi8wODFlOTYtMTBlMS00Yzk3LWI5MzIt
MWRhZjgwYzUxOWQwLzEvMS1qZ3RPUG9iWENKRGJySEdOZG1MOXJ6SmJnTS5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvZDIvMDgxZTk2LTEwZTEtNGM5Ny1iOTMyLTFkYWY4MGM1MTlk
MC8xL2REMkZETkVxTmozYzJ3M0NjLUhmeUdPM0JmYy5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAMIG/zAN
BgkqhkiG9w0BAQsFAAOCAQEABlW0DKKmGHoKzduHAYgW28EyQYtQ8E7bGICPMrZT
qj7oru3yUyP2MJjPtP3ZeqHFn2S+aTzMXKsJTrKGzXdY+a13CMVeW13spokTJO7Z
hRdn/Fl9xg9XM87VyiVlD6lpF+ixIUH3FO1hKBlh/hNBVX6t06z9sTd1u09UPSys
GEFE41BRi47hv2TfB6/vm1b/oRCcdX4TJMZfkC5wL2c7BACRLlWPAGI5CM0EBpuG
1xJislB3GuNV2Mi99C2zH6sTyRPRRFpC4qyr9uEg0f9/mUMGZOUY7ATfmhSwka3A
wC6wUIkDmhDBMoE41qHW0kE+UzAhpX7OCICDohDhWtXVEQ==
-----END CERTIFICATE-----