Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/fG28CbYtCoNDLEeMjDCSnqMHgYE.roa
File:                     fG28CbYtCoNDLEeMjDCSnqMHgYE.roa (raw, json)
Hash identifier:          FWkADt7Fm53oUW2a1i85r/Xc/nqpWNkUuEa8vlJ7R4I=
Subject key identifier:   7C:6D:BC:09:B6:2D:0A:83:43:2C:47:8C:8C:30:92:9E:A3:07:81:81
Certificate issuer:       /CN=2135c7f571eefeb67404ab6c45fd475551adaf1b
Certificate serial:       0194274861188E161FC5DC70B05F00A66B35
Authority key identifier: 21:35:C7:F5:71:EE:FE:B6:74:04:AB:6C:45:FD:47:55:51:AD:AF:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/fG28CbYtCoNDLEeMjDCSnqMHgYE.roa
Signing time:             Thu 02 Jan 2025 13:50:42 +0000
ROA not before:           Thu 02 Jan 2025 13:50:42 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     53007
IP address blocks:        194.132.122.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:48:61:18:8e:16:1f:c5:dc:70:b0:5f:00:a6:6b:35
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2135c7f571eefeb67404ab6c45fd475551adaf1b
        Validity
            Not Before: Jan  2 13:50:42 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=7c6dbc09b62d0a83432c478c8c30929ea3078181
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:71:59:4e:63:6c:bf:a9:06:4d:13:12:84:f7:
                    88:ab:ce:f2:eb:d1:a6:86:a2:71:81:a9:a3:57:36:
                    d7:32:14:25:60:de:89:0a:d1:5c:25:c3:e2:d7:2a:
                    3d:4a:78:4c:fb:f3:a0:f7:ce:cc:28:4e:50:0e:fe:
                    c3:10:1f:7e:f3:76:a8:f8:59:81:be:ce:fa:28:65:
                    47:25:9e:9d:df:2c:ef:99:44:22:f6:89:7f:57:3c:
                    b1:c6:b4:7b:48:b1:93:b8:86:96:bc:f4:a2:e5:30:
                    b7:0d:52:f9:d7:b9:49:f4:4a:02:3c:e0:f5:88:58:
                    e3:6a:3d:47:ce:ff:a1:34:63:0f:78:35:fa:87:12:
                    88:30:ab:87:e0:25:65:ab:85:09:81:44:61:4d:3e:
                    e4:67:d4:8e:dc:73:12:f1:a2:39:34:bf:11:6f:7d:
                    2a:c8:ac:c6:30:2c:6c:14:eb:45:eb:ac:6a:48:2d:
                    56:8a:c7:c2:e3:8b:f7:bd:bd:97:30:ed:5e:8d:57:
                    08:57:2b:60:8f:1e:5f:56:c5:73:40:89:0e:25:0a:
                    d0:2b:20:39:cb:ce:7e:d6:94:10:fd:90:e9:35:79:
                    bb:ba:d6:be:91:1b:c8:ea:e3:fa:c7:c9:b2:6e:bf:
                    37:2e:f6:d6:48:c4:ea:1e:9e:aa:b5:1c:df:be:8b:
                    98:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7C:6D:BC:09:B6:2D:0A:83:43:2C:47:8C:8C:30:92:9E:A3:07:81:81
            X509v3 Authority Key Identifier:
                keyid:21:35:C7:F5:71:EE:FE:B6:74:04:AB:6C:45:FD:47:55:51:AD:AF:1B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/fG28CbYtCoNDLEeMjDCSnqMHgYE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.132.122.0/24

    Signature Algorithm: sha256WithRSAEncryption
         30:c4:0d:95:91:2b:fe:21:31:7d:70:a4:74:84:65:c3:52:a3:
         cd:fe:2e:8b:9f:d0:fc:94:f4:ab:44:58:34:40:ff:f6:25:27:
         ed:9f:d1:4f:0a:80:3a:c0:77:b9:b3:d0:52:c7:8f:7e:69:a9:
         bf:8d:6a:98:9d:36:33:51:4c:e9:6f:be:2d:db:d9:8f:34:fb:
         fd:50:3b:fa:de:fd:82:a6:74:65:5e:65:ce:9d:25:ee:da:95:
         65:05:21:c2:04:9e:7a:b0:a9:7f:37:fd:93:bb:4a:bf:68:19:
         8c:66:a3:1a:1d:9e:27:c9:a2:96:39:32:2a:e3:15:89:b8:f4:
         e9:f0:61:a5:0f:37:58:3e:0c:4d:38:e2:0f:f5:19:db:6e:29:
         e7:61:40:08:20:f2:52:f9:d6:44:50:c4:34:77:d9:18:e5:db:
         a5:b0:f5:a0:1b:de:e2:27:25:d8:c0:a6:86:d7:d7:fc:4a:a9:
         57:86:86:51:cf:49:24:af:57:aa:cf:fa:60:84:2e:82:ff:3f:
         89:49:cc:d9:8c:eb:70:96:5a:2d:77:c5:d1:33:e7:be:27:63:
         32:c8:51:00:07:a6:69:53:97:70:ec:f2:e5:12:67:16:15:a4:
         06:ab:c8:b4:bc:21:c2:7f:f4:0f:37:0b:d8:85:c0:ca:2e:13:
         91:f2:7f:17
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQnSGEYjhYfxdxwsF8Apms1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIxMzVjN2Y1NzFlZWZlYjY3NDA0YWI2YzQ1ZmQ0NzU1NTFh
ZGFmMWIwHhcNMjUwMTAyMTM1MDQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YzZkYmMwOWI2MmQwYTgzNDMyYzQ3OGM4YzMwOTI5ZWEzMDc4MTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnHFZTmNsv6kGTRMShPeIq87y69Gm
hqJxgamjVzbXMhQlYN6JCtFcJcPi1yo9SnhM+/Og987MKE5QDv7DEB9+83ao+FmB
vs76KGVHJZ6d3yzvmUQi9ol/VzyxxrR7SLGTuIaWvPSi5TC3DVL517lJ9EoCPOD1
iFjjaj1Hzv+hNGMPeDX6hxKIMKuH4CVlq4UJgURhTT7kZ9SO3HMS8aI5NL8Rb30q
yKzGMCxsFOtF66xqSC1WisfC44v3vb2XMO1ejVcIVytgjx5fVsVzQIkOJQrQKyA5
y85+1pQQ/ZDpNXm7uta+kRvI6uP6x8mybr83LvbWSMTqHp6qtRzfvouYhwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHxtvAm2LQqDQyxHjIwwkp6jB4GBMB8GA1UdIwQY
MBaAFCE1x/Vx7v62dASrbEX9R1VRra8bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSVRYSDlYSHVfclowQkt0c1JmMUhWVkd0cnhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kOS82ODBiNzgtOTZhZi00YTg1LWFjMDIt
OTQzZDAzMzIxMzI2LzEvZkcyOENiWXRDb05ETEVlTWpEQ1NucU1IZ1lFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kOS82ODBiNzgtOTZhZi00YTg1LWFjMDItOTQzZDAzMzIxMzI2
LzEvSVRYSDlYSHVfclowQkt0c1JmMUhWVkd0cnhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwoR6MA0G
CSqGSIb3DQEBCwUAA4IBAQAwxA2VkSv+ITF9cKR0hGXDUqPN/i6Ln9D8lPSrRFg0
QP/2JSftn9FPCoA6wHe5s9BSx49+aam/jWqYnTYzUUzpb74t29mPNPv9UDv63v2C
pnRlXmXOnSXu2pVlBSHCBJ56sKl/N/2Tu0q/aBmMZqMaHZ4nyaKWOTIq4xWJuPTp
8GGlDzdYPgxNOOIP9RnbbinnYUAIIPJS+dZEUMQ0d9kY5dulsPWgG97iJyXYwKaG
19f8SqlXhoZRz0kkr1eqz/pghC6C/z+JSczZjOtwllotd8XRM+e+J2MyyFEAB6Zp
U5dw7PLlEmcWFaQGq8i0vCHCf/QPNwvYhcDKLhOR8n8X
-----END CERTIFICATE-----