Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/db/7c0274-74c6-4423-9a88-9a300b0a7ed2/1/_G1IwYuiPRKax01xXjjobsob6yw.roa
File:                     _G1IwYuiPRKax01xXjjobsob6yw.roa (raw, json)
Hash identifier:          LZnDAWxOXPzc+P38eGPHBFeaOSKoPBWPSSrjh5BR84Y=
Subject key identifier:   FC:6D:48:C1:8B:A2:3D:12:9A:C7:4D:71:5E:38:E8:6E:CA:1B:EB:2C
Certificate issuer:       /CN=c9d0e9234cc6721957a4ac213eac6753ed85eea7
Certificate serial:       0194266C2E0452B63F363CBCED2FB85AA4DD
Authority key identifier: C9:D0:E9:23:4C:C6:72:19:57:A4:AC:21:3E:AC:67:53:ED:85:EE:A7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ydDpI0zGchlXpKwhPqxnU-2F7qc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/db/7c0274-74c6-4423-9a88-9a300b0a7ed2/1/_G1IwYuiPRKax01xXjjobsob6yw.roa
Signing time:             Thu 02 Jan 2025 09:50:11 +0000
ROA not before:           Thu 02 Jan 2025 09:50:11 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     12480
IP address blocks:        194.59.13.0/24 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/db/7c0274-74c6-4423-9a88-9a300b0a7ed2/1/ydDpI0zGchlXpKwhPqxnU-2F7qc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/db/7c0274-74c6-4423-9a88-9a300b0a7ed2/1/ydDpI0zGchlXpKwhPqxnU-2F7qc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ydDpI0zGchlXpKwhPqxnU-2F7qc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:6c:2e:04:52:b6:3f:36:3c:bc:ed:2f:b8:5a:a4:dd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c9d0e9234cc6721957a4ac213eac6753ed85eea7
        Validity
            Not Before: Jan  2 09:50:11 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=fc6d48c18ba23d129ac74d715e38e86eca1beb2c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:e5:ff:9d:12:36:ce:e8:24:49:ff:c1:b7:6e:
                    16:ac:2c:0f:d7:72:78:30:49:52:98:1f:b8:d6:23:
                    df:3b:f3:80:28:72:6c:48:2a:39:a5:6f:50:3c:26:
                    0d:49:70:3a:4a:5d:15:df:a5:ec:5b:26:76:20:dc:
                    2a:20:74:79:6b:af:f8:65:14:6c:d8:89:32:cb:1b:
                    8b:f0:a7:5b:c5:19:56:5b:e1:f5:aa:ce:f1:26:15:
                    d5:f7:57:d6:2e:44:51:80:5c:cd:99:c1:8d:69:06:
                    ea:7d:a1:4b:e5:4b:a2:0a:f3:a5:a9:87:17:d5:c3:
                    05:d2:4e:5e:5c:f4:10:10:68:24:c9:a0:74:2d:a1:
                    d1:a7:03:0a:b5:40:50:09:54:76:b2:f0:7a:58:02:
                    ae:fc:a7:75:19:9f:8f:26:04:70:0d:c1:f3:bd:19:
                    f8:4f:b9:6b:40:c9:22:6b:18:5d:8b:3a:57:ba:f0:
                    c3:11:c9:4e:3c:60:f9:80:57:1f:f2:5c:f1:fd:7d:
                    d0:43:9c:72:4b:cb:ad:65:03:eb:1b:95:dd:2c:a8:
                    aa:04:ce:84:ca:5c:ba:12:07:d4:f6:fd:16:e6:47:
                    00:f5:cc:d5:e4:62:f5:a7:7b:e1:8d:fd:93:0a:ce:
                    b5:99:ea:ab:5c:ff:ac:61:48:9e:ce:98:69:d1:4b:
                    06:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FC:6D:48:C1:8B:A2:3D:12:9A:C7:4D:71:5E:38:E8:6E:CA:1B:EB:2C
            X509v3 Authority Key Identifier:
                keyid:C9:D0:E9:23:4C:C6:72:19:57:A4:AC:21:3E:AC:67:53:ED:85:EE:A7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ydDpI0zGchlXpKwhPqxnU-2F7qc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/db/7c0274-74c6-4423-9a88-9a300b0a7ed2/1/_G1IwYuiPRKax01xXjjobsob6yw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/db/7c0274-74c6-4423-9a88-9a300b0a7ed2/1/ydDpI0zGchlXpKwhPqxnU-2F7qc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.59.13.0/24

    Signature Algorithm: sha256WithRSAEncryption
         28:23:92:66:f8:04:06:74:29:1a:5d:23:12:d7:74:16:4d:bc:
         04:f6:12:95:89:4a:f6:89:d1:ff:09:32:22:37:65:66:8c:0e:
         4f:5c:e5:23:c4:25:bd:60:cb:06:b6:0d:27:cb:3f:34:80:6d:
         94:3c:7d:2b:5b:be:71:0a:88:4c:37:11:9b:a1:b0:32:63:b9:
         9b:5a:51:3e:d1:38:bf:eb:20:79:79:b0:c4:26:96:84:6a:74:
         a6:57:31:2c:40:5d:52:23:ff:82:66:9b:92:b4:be:f2:17:36:
         b0:dc:61:e3:d0:2f:7d:4c:73:58:fd:93:06:5b:ed:69:c7:95:
         21:72:73:e3:e0:55:31:4f:b6:6d:ff:a7:d2:dc:56:ae:b6:9f:
         06:04:bc:4a:6e:99:c1:92:81:fd:f4:ad:56:e6:00:70:85:85:
         cd:c1:c0:4b:76:39:bc:00:6d:58:20:55:43:43:62:61:ee:35:
         f6:d6:da:d2:b6:2c:cf:9d:76:8f:d0:f6:fc:a0:cc:51:83:98:
         6e:17:dc:45:bc:5a:b5:f1:1c:86:f8:c4:a4:a1:a2:e4:3e:58:
         d1:8f:7e:48:1b:bb:fd:9b:67:54:19:74:e2:6c:ec:57:99:55:
         6d:ee:6d:e9:cc:76:84:12:a9:1f:f5:09:57:dc:6e:63:c8:8b:
         48:ea:aa:7e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQmbC4EUrY/Njy87S+4WqTdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM5ZDBlOTIzNGNjNjcyMTk1N2E0YWMyMTNlYWM2NzUzZWQ4
NWVlYTcwHhcNMjUwMTAyMDk1MDExWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYzZkNDhjMThiYTIzZDEyOWFjNzRkNzE1ZTM4ZTg2ZWNhMWJlYjJjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAueX/nRI2zugkSf/Bt24WrCwP13J4
MElSmB+41iPfO/OAKHJsSCo5pW9QPCYNSXA6Sl0V36XsWyZ2INwqIHR5a6/4ZRRs
2IkyyxuL8KdbxRlWW+H1qs7xJhXV91fWLkRRgFzNmcGNaQbqfaFL5UuiCvOlqYcX
1cMF0k5eXPQQEGgkyaB0LaHRpwMKtUBQCVR2svB6WAKu/Kd1GZ+PJgRwDcHzvRn4
T7lrQMkiaxhdizpXuvDDEclOPGD5gFcf8lzx/X3QQ5xyS8utZQPrG5XdLKiqBM6E
yly6EgfU9v0W5kcA9czV5GL1p3vhjf2TCs61meqrXP+sYUiezphp0UsG6QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPxtSMGLoj0SmsdNcV446G7KG+ssMB8GA1UdIwQY
MBaAFMnQ6SNMxnIZV6SsIT6sZ1Pthe6nMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveWREcEkwekdjaGxYcEt3aFBxeG5VLTJGN3FjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYi83YzAyNzQtNzRjNi00NDIzLTlhODgt
OWEzMDBiMGE3ZWQyLzEvX0cxSXdZdWlQUktheDAxeFhqam9ic29iNnl3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYi83YzAyNzQtNzRjNi00NDIzLTlhODgtOWEzMDBiMGE3ZWQy
LzEveWREcEkwekdjaGxYcEt3aFBxeG5VLTJGN3FjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwjsNMA0G
CSqGSIb3DQEBCwUAA4IBAQAoI5Jm+AQGdCkaXSMS13QWTbwE9hKViUr2idH/CTIi
N2VmjA5PXOUjxCW9YMsGtg0nyz80gG2UPH0rW75xCohMNxGbobAyY7mbWlE+0Ti/
6yB5ebDEJpaEanSmVzEsQF1SI/+CZpuStL7yFzaw3GHj0C99THNY/ZMGW+1px5Uh
cnPj4FUxT7Zt/6fS3Fautp8GBLxKbpnBkoH99K1W5gBwhYXNwcBLdjm8AG1YIFVD
Q2Jh7jX21trStizPnXaP0Pb8oMxRg5huF9xFvFq18RyG+MSkoaLkPljRj35IG7v9
m2dUGXTibOxXmVVt7m3pzHaEEqkf9QlX3G5jyItI6qp+
-----END CERTIFICATE-----