Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/da/7a7dc1-e168-4d47-b46d-40ea80892f03/1/is_XEdqOSIZdOdAUliJ38zXn5ZE.roa
File:                     is_XEdqOSIZdOdAUliJ38zXn5ZE.roa (raw, json)
Hash identifier:          +WoDzk7VKcG/lDal047Esdi6HVzF1DiurqrDKoqvrhI=
Subject key identifier:   8A:CF:D7:11:DA:8E:48:86:5D:39:D0:14:96:22:77:F3:35:E7:E5:91
Certificate issuer:       /CN=59d36a21e9b368d748bab8c77bebdde2c227c6c3
Certificate serial:       0194228E05F53A334B1CFC17D6D46CB78B26
Authority key identifier: 59:D3:6A:21:E9:B3:68:D7:48:BA:B8:C7:7B:EB:DD:E2:C2:27:C6:C3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WdNqIemzaNdIurjHe-vd4sInxsM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/da/7a7dc1-e168-4d47-b46d-40ea80892f03/1/is_XEdqOSIZdOdAUliJ38zXn5ZE.roa
Signing time:             Wed 01 Jan 2025 15:48:40 +0000
ROA not before:           Wed 01 Jan 2025 15:48:40 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     207465
IP address blocks:        194.147.139.0/24 maxlen: 24
                          2a07:e480:2::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/da/7a7dc1-e168-4d47-b46d-40ea80892f03/1/WdNqIemzaNdIurjHe-vd4sInxsM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/da/7a7dc1-e168-4d47-b46d-40ea80892f03/1/WdNqIemzaNdIurjHe-vd4sInxsM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WdNqIemzaNdIurjHe-vd4sInxsM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:8e:05:f5:3a:33:4b:1c:fc:17:d6:d4:6c:b7:8b:26
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=59d36a21e9b368d748bab8c77bebdde2c227c6c3
        Validity
            Not Before: Jan  1 15:48:40 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8acfd711da8e48865d39d014962277f335e7e591
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:1b:0c:5e:06:8d:c6:af:06:5c:76:cf:5c:4d:
                    1e:80:ef:b3:1a:45:0a:23:22:0d:ab:b2:1f:22:30:
                    6a:2a:e3:19:03:86:c6:77:e2:40:c5:c7:52:a1:9d:
                    46:9d:a9:51:36:89:1e:62:d4:a0:fb:cd:34:ff:b3:
                    91:f4:a3:f1:dc:8a:fe:dc:95:1b:e2:52:80:ca:e4:
                    25:9d:75:31:fc:c0:d4:8d:23:0b:df:83:f7:bb:f1:
                    bb:f1:ee:9e:1f:b3:45:d5:d3:78:78:65:83:0d:5c:
                    08:4a:65:93:aa:6d:26:1b:f5:1f:81:c2:d5:5a:f4:
                    c5:66:75:cf:dc:22:fd:3c:d4:6a:28:96:25:1b:55:
                    22:ed:ea:74:7d:dc:c8:51:3e:7d:c2:de:75:cd:3a:
                    43:bc:d0:85:f1:57:b6:37:6e:f8:80:b6:a0:de:d6:
                    6e:4b:16:d4:ed:92:ac:7b:5d:a1:ab:43:c2:ff:e7:
                    1e:50:3c:a7:c6:ad:7f:d2:50:ff:63:15:c1:ee:65:
                    09:0f:1d:85:7c:5c:a9:c1:0b:1a:b0:28:19:0f:ed:
                    81:8f:d3:58:30:76:a0:62:51:5d:67:f6:32:4f:60:
                    06:15:eb:6e:dd:b9:51:cd:ae:25:eb:45:d1:43:80:
                    b9:3c:2f:c2:ba:bc:2b:11:b5:8a:f5:aa:7b:45:a7:
                    ed:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8A:CF:D7:11:DA:8E:48:86:5D:39:D0:14:96:22:77:F3:35:E7:E5:91
            X509v3 Authority Key Identifier:
                keyid:59:D3:6A:21:E9:B3:68:D7:48:BA:B8:C7:7B:EB:DD:E2:C2:27:C6:C3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WdNqIemzaNdIurjHe-vd4sInxsM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/da/7a7dc1-e168-4d47-b46d-40ea80892f03/1/is_XEdqOSIZdOdAUliJ38zXn5ZE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/da/7a7dc1-e168-4d47-b46d-40ea80892f03/1/WdNqIemzaNdIurjHe-vd4sInxsM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.147.139.0/24
                IPv6:
                  2a07:e480:2::/48

    Signature Algorithm: sha256WithRSAEncryption
         50:fa:3e:55:36:fa:d6:03:6a:18:48:e3:6f:36:e4:d8:3c:dd:
         59:27:43:4e:0a:1e:0b:30:f0:a9:62:e9:8a:00:2b:26:80:0d:
         ae:54:cd:d6:eb:14:36:db:16:4a:af:4a:f3:dd:90:a1:18:6d:
         33:a3:25:db:b2:70:01:fa:79:53:32:00:95:8e:af:72:8a:72:
         3a:91:6e:80:bd:b0:e4:b9:0b:62:c9:35:b8:c5:ad:08:4c:50:
         ec:9f:b7:c5:20:d3:3f:50:29:b1:11:50:19:81:72:aa:61:86:
         62:0d:79:de:78:68:35:d2:fd:c1:3f:ec:f6:67:f8:cd:73:a8:
         23:b7:c3:79:50:41:e3:e1:63:1a:18:5b:f4:63:6a:c3:8a:07:
         3b:52:b1:4d:ac:e6:86:30:62:7b:60:cc:18:d9:45:a6:00:2d:
         1a:97:25:b6:88:5f:d6:3e:7c:de:07:70:28:be:90:74:38:2d:
         41:80:7c:95:c5:89:9b:7b:c3:4a:ef:e7:6d:c8:95:cb:78:db:
         16:3e:c8:e2:1c:3c:55:0b:9d:b4:5a:b5:d7:04:f4:88:79:6f:
         0d:8e:5f:f6:24:34:83:95:35:fb:80:a0:6f:a7:f3:d5:0c:9c:
         1f:78:d9:93:85:23:3e:7b:8e:ef:a4:3f:fa:2a:4f:9a:8b:20:
         51:88:e0:32
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZQijgX1OjNLHPwX1tRst4smMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU5ZDM2YTIxZTliMzY4ZDc0OGJhYjhjNzdiZWJkZGUyYzIy
N2M2YzMwHhcNMjUwMTAxMTU0ODQwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YWNmZDcxMWRhOGU0ODg2NWQzOWQwMTQ5NjIyNzdmMzM1ZTdlNTkxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyBsMXgaNxq8GXHbPXE0egO+zGkUK
IyINq7IfIjBqKuMZA4bGd+JAxcdSoZ1GnalRNokeYtSg+800/7OR9KPx3Ir+3JUb
4lKAyuQlnXUx/MDUjSML34P3u/G78e6eH7NF1dN4eGWDDVwISmWTqm0mG/UfgcLV
WvTFZnXP3CL9PNRqKJYlG1Ui7ep0fdzIUT59wt51zTpDvNCF8Ve2N274gLag3tZu
SxbU7ZKse12hq0PC/+ceUDynxq1/0lD/YxXB7mUJDx2FfFypwQsasCgZD+2Bj9NY
MHagYlFdZ/YyT2AGFetu3blRza4l60XRQ4C5PC/CurwrEbWK9ap7RaftVwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFIrP1xHajkiGXTnQFJYid/M15+WRMB8GA1UdIwQY
MBaAFFnTaiHps2jXSLq4x3vr3eLCJ8bDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV2ROcUllbXphTmRJdXJqSGUtdmQ0c0lueHNNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYS83YTdkYzEtZTE2OC00ZDQ3LWI0NmQt
NDBlYTgwODkyZjAzLzEvaXNfWEVkcU9TSVpkT2RBVWxpSjM4elhuNVpFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYS83YTdkYzEtZTE2OC00ZDQ3LWI0NmQtNDBlYTgwODkyZjAz
LzEvV2ROcUllbXphTmRJdXJqSGUtdmQ0c0lueHNNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAwpOLMA8E
AgACMAkDBwAqB+SAAAIwDQYJKoZIhvcNAQELBQADggEBAFD6PlU2+tYDahhI4282
5Ng83VknQ04KHgsw8Kli6YoAKyaADa5UzdbrFDbbFkqvSvPdkKEYbTOjJduycAH6
eVMyAJWOr3KKcjqRboC9sOS5C2LJNbjFrQhMUOyft8Ug0z9QKbERUBmBcqphhmIN
ed54aDXS/cE/7PZn+M1zqCO3w3lQQePhYxoYW/RjasOKBztSsU2s5oYwYntgzBjZ
RaYALRqXJbaIX9Y+fN4HcCi+kHQ4LUGAfJXFiZt7w0rv523Ilct42xY+yOIcPFUL
nbRatdcE9Ih5bw2OX/YkNIOVNfuAoG+n89UMnB942ZOFIz57ju+kP/oqT5qLIFGI
4DI=
-----END CERTIFICATE-----