Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/4xQgqEQ8SoGVO7wT2wP8gi6ue7o.roa
File:                     4xQgqEQ8SoGVO7wT2wP8gi6ue7o.roa (raw, json)
Hash identifier:          aiSK05epz+ihF4eEclD8/u/yrpMnJ9FtX++ku9vbaCw=
Subject key identifier:   E3:14:20:A8:44:3C:4A:81:95:3B:BC:13:DB:03:FC:82:2E:AE:7B:BA
Certificate issuer:       /CN=2135c7f571eefeb67404ab6c45fd475551adaf1b
Certificate serial:       019427485FDF7AFC814E2424C5EF184F8CB7
Authority key identifier: 21:35:C7:F5:71:EE:FE:B6:74:04:AB:6C:45:FD:47:55:51:AD:AF:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/4xQgqEQ8SoGVO7wT2wP8gi6ue7o.roa
Signing time:             Thu 02 Jan 2025 13:50:42 +0000
ROA not before:           Thu 02 Jan 2025 13:50:42 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     51634
IP address blocks:        194.71.27.0/24 maxlen: 24
                          194.132.174.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:48:5f:df:7a:fc:81:4e:24:24:c5:ef:18:4f:8c:b7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2135c7f571eefeb67404ab6c45fd475551adaf1b
        Validity
            Not Before: Jan  2 13:50:42 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e31420a8443c4a81953bbc13db03fc822eae7bba
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:ab:1d:cc:6d:f0:c0:e6:73:15:51:43:e2:ed:
                    e4:4d:1a:24:bf:06:97:92:41:45:c3:43:c9:ed:34:
                    a7:bf:13:a1:3a:09:2f:c4:d8:4c:9b:14:24:26:d0:
                    d6:65:b4:4e:25:03:93:9d:12:f8:cc:18:85:a2:e9:
                    36:5e:36:4d:ca:c9:fc:a5:ea:f5:db:e6:46:fa:36:
                    37:78:ba:24:bc:df:60:c1:eb:c6:41:c7:07:05:07:
                    aa:a0:d6:0f:a1:0f:a2:33:16:a4:df:4a:07:b0:f8:
                    13:15:3a:24:68:45:85:80:b3:a3:3b:07:9a:00:67:
                    ae:a4:cc:10:62:2b:e7:6f:d4:0c:b5:be:b1:63:b6:
                    f7:46:39:f0:fc:1b:05:75:79:79:44:ce:2e:21:53:
                    bf:3f:90:13:c2:50:1c:bd:b8:29:91:77:bd:87:e1:
                    f4:34:dd:8a:42:e1:25:06:c9:62:de:08:93:a6:84:
                    60:08:78:3e:ec:d6:2a:c0:30:e3:a8:c0:e1:a8:1e:
                    5b:32:83:2a:6a:68:73:ab:2e:db:f9:2d:a1:b6:f6:
                    02:09:a3:25:a8:d3:44:f1:e4:17:b2:63:c8:ed:9b:
                    a4:ce:a3:4b:4a:30:ab:d9:40:9b:47:73:19:e4:40:
                    78:d1:34:8f:e0:23:e3:32:4b:3c:a6:80:ef:3a:27:
                    b8:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E3:14:20:A8:44:3C:4A:81:95:3B:BC:13:DB:03:FC:82:2E:AE:7B:BA
            X509v3 Authority Key Identifier:
                keyid:21:35:C7:F5:71:EE:FE:B6:74:04:AB:6C:45:FD:47:55:51:AD:AF:1B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/4xQgqEQ8SoGVO7wT2wP8gi6ue7o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.71.27.0/24
                  194.132.174.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8d:39:82:61:b3:b4:2d:3b:68:3e:61:f4:58:89:a9:7a:25:9a:
         47:cb:d0:61:85:43:aa:10:9c:4e:a4:a7:70:96:82:19:98:0b:
         a6:57:89:85:a3:90:56:ba:99:4f:52:ce:5d:8d:58:b0:76:2f:
         64:18:da:3c:5b:8b:62:fb:1c:23:9c:f8:49:50:0d:cb:64:19:
         36:56:bc:bf:2d:dd:5c:0a:7b:43:3c:e2:66:a3:a7:fe:2c:db:
         17:fe:2e:79:f2:0b:c6:46:4e:29:f3:1c:4b:4e:84:f6:21:65:
         d3:91:64:18:90:88:8b:2b:eb:af:68:54:74:38:3a:12:17:19:
         71:c9:c1:8b:b0:88:ae:28:46:ca:85:74:44:f9:8f:25:4e:12:
         41:de:f0:8f:ee:2e:5a:01:9b:39:4a:b8:23:96:d9:8c:9e:d3:
         bb:a0:09:95:28:7c:53:78:96:6c:b7:75:0c:4f:23:f2:69:41:
         b3:12:02:6d:54:0a:06:97:4d:9f:23:53:d0:08:d4:43:31:d4:
         12:53:d8:38:6a:9a:59:91:22:6a:51:72:cc:2e:6a:51:61:db:
         6e:ac:b0:de:b7:b1:1c:2d:2c:60:72:06:c1:45:00:e9:ec:4b:
         33:27:b2:12:8c:13:ca:ce:b2:4b:d7:31:bc:bc:56:9b:db:81:
         ca:75:9c:24
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQnSF/fevyBTiQkxe8YT4y3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIxMzVjN2Y1NzFlZWZlYjY3NDA0YWI2YzQ1ZmQ0NzU1NTFh
ZGFmMWIwHhcNMjUwMTAyMTM1MDQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMzE0MjBhODQ0M2M0YTgxOTUzYmJjMTNkYjAzZmM4MjJlYWU3YmJhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvasdzG3wwOZzFVFD4u3kTRokvwaX
kkFFw0PJ7TSnvxOhOgkvxNhMmxQkJtDWZbROJQOTnRL4zBiFouk2XjZNysn8per1
2+ZG+jY3eLokvN9gwevGQccHBQeqoNYPoQ+iMxak30oHsPgTFTokaEWFgLOjOwea
AGeupMwQYivnb9QMtb6xY7b3Rjnw/BsFdXl5RM4uIVO/P5ATwlAcvbgpkXe9h+H0
NN2KQuElBsli3giTpoRgCHg+7NYqwDDjqMDhqB5bMoMqamhzqy7b+S2htvYCCaMl
qNNE8eQXsmPI7ZukzqNLSjCr2UCbR3MZ5EB40TSP4CPjMks8poDvOie43wIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFOMUIKhEPEqBlTu8E9sD/IIurnu6MB8GA1UdIwQY
MBaAFCE1x/Vx7v62dASrbEX9R1VRra8bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSVRYSDlYSHVfclowQkt0c1JmMUhWVkd0cnhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kOS82ODBiNzgtOTZhZi00YTg1LWFjMDIt
OTQzZDAzMzIxMzI2LzEvNHhRZ3FFUThTb0dWTzd3VDJ3UDhnaTZ1ZTdvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kOS82ODBiNzgtOTZhZi00YTg1LWFjMDItOTQzZDAzMzIxMzI2
LzEvSVRYSDlYSHVfclowQkt0c1JmMUhWVkd0cnhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAwkcbAwQA
woSuMA0GCSqGSIb3DQEBCwUAA4IBAQCNOYJhs7QtO2g+YfRYial6JZpHy9BhhUOq
EJxOpKdwloIZmAumV4mFo5BWuplPUs5djViwdi9kGNo8W4ti+xwjnPhJUA3LZBk2
Vry/Ld1cCntDPOJmo6f+LNsX/i558gvGRk4p8xxLToT2IWXTkWQYkIiLK+uvaFR0
ODoSFxlxycGLsIiuKEbKhXRE+Y8lThJB3vCP7i5aAZs5SrgjltmMntO7oAmVKHxT
eJZst3UMTyPyaUGzEgJtVAoGl02fI1PQCNRDMdQSU9g4appZkSJqUXLMLmpRYdtu
rLDet7EcLSxgcgbBRQDp7EszJ7ISjBPKzrJL1zG8vFab24HKdZwk
-----END CERTIFICATE-----