Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dc/34223a-e77e-4544-a207-fa1725034491/1/_rMAcV1Zh6HxKo_vwEpVhjFVwy8.roa
File:                     _rMAcV1Zh6HxKo_vwEpVhjFVwy8.roa (raw, json)
Hash identifier:          r1imevw1h8qWVS0OoTwBJnDWSm49xN9+9T+LLaWUqWk=
Subject key identifier:   FE:B3:00:71:5D:59:87:A1:F1:2A:8F:EF:C0:4A:55:86:31:55:C3:2F
Certificate issuer:       /CN=9d31c233cbd266db02620b9deb90d08e41692e67
Certificate serial:       019425208D1A5B9B8049838908C6A0A5DCD2
Authority key identifier: 9D:31:C2:33:CB:D2:66:DB:02:62:0B:9D:EB:90:D0:8E:41:69:2E:67
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nTHCM8vSZtsCYgud65DQjkFpLmc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dc/34223a-e77e-4544-a207-fa1725034491/1/_rMAcV1Zh6HxKo_vwEpVhjFVwy8.roa
Signing time:             Thu 02 Jan 2025 03:47:57 +0000
ROA not before:           Thu 02 Jan 2025 03:47:57 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     3303
IP address blocks:        194.124.243.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dc/34223a-e77e-4544-a207-fa1725034491/1/nTHCM8vSZtsCYgud65DQjkFpLmc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dc/34223a-e77e-4544-a207-fa1725034491/1/nTHCM8vSZtsCYgud65DQjkFpLmc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nTHCM8vSZtsCYgud65DQjkFpLmc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 10:07:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:20:8d:1a:5b:9b:80:49:83:89:08:c6:a0:a5:dc:d2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9d31c233cbd266db02620b9deb90d08e41692e67
        Validity
            Not Before: Jan  2 03:47:57 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=feb300715d5987a1f12a8fefc04a55863155c32f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f5:e6:0a:ca:80:0b:db:ad:de:3a:d8:1c:d5:e0:
                    19:38:f1:f8:75:c1:43:7f:ff:0e:1b:5d:fe:41:e9:
                    74:9c:80:63:6b:35:9d:63:ea:17:e0:ec:dc:46:86:
                    01:c8:47:b0:4b:4a:a8:a1:65:00:8b:eb:60:dc:c2:
                    55:89:6d:99:63:92:70:4e:66:aa:21:75:9d:97:b3:
                    f5:d7:cf:be:da:03:0f:8d:99:5b:94:d6:a2:38:16:
                    fd:b5:68:08:00:c2:65:b0:ef:6c:90:ec:05:e2:e9:
                    6d:56:00:a6:2b:20:f1:e7:98:25:88:6d:75:20:27:
                    7e:7b:7d:84:f6:d6:16:70:9a:cb:e4:8e:8a:3b:08:
                    f7:8a:4b:cd:4d:72:8c:2b:e9:f7:7b:ce:d5:df:89:
                    2a:cb:fa:3a:f4:3c:c5:80:c8:4b:e2:14:08:ca:9f:
                    31:98:a0:2c:30:65:c3:59:d1:9a:8a:25:bc:57:bc:
                    f4:8a:1e:8d:28:3b:ce:f6:5f:40:59:42:a3:69:17:
                    94:af:4f:70:c1:7b:d4:82:e1:08:43:95:b6:08:e4:
                    63:5e:46:c6:18:bb:31:41:eb:ed:15:49:e6:74:c6:
                    a3:b6:79:2d:d6:40:7e:48:b5:21:bb:11:f5:f4:73:
                    27:0a:78:8b:1a:c0:16:aa:22:66:81:4e:63:d8:ce:
                    af:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FE:B3:00:71:5D:59:87:A1:F1:2A:8F:EF:C0:4A:55:86:31:55:C3:2F
            X509v3 Authority Key Identifier:
                keyid:9D:31:C2:33:CB:D2:66:DB:02:62:0B:9D:EB:90:D0:8E:41:69:2E:67

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nTHCM8vSZtsCYgud65DQjkFpLmc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/34223a-e77e-4544-a207-fa1725034491/1/_rMAcV1Zh6HxKo_vwEpVhjFVwy8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/34223a-e77e-4544-a207-fa1725034491/1/nTHCM8vSZtsCYgud65DQjkFpLmc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.124.243.0/24

    Signature Algorithm: sha256WithRSAEncryption
         99:6f:4a:6a:df:14:ad:e9:b9:98:89:a3:70:26:2f:b2:dd:18:
         a2:61:26:e4:55:11:2b:3a:9d:6e:1c:cb:d5:2c:e4:39:1d:47:
         4e:03:ae:a6:74:df:76:2e:03:46:e9:c6:71:c6:94:ac:65:ec:
         48:b2:ad:74:e5:e0:d5:5b:ef:19:e3:f8:79:46:c7:7e:78:c8:
         ef:12:cc:7f:d7:8e:40:ad:40:c4:f0:0b:af:f6:81:db:c9:2d:
         f5:f2:18:aa:43:7b:ed:ac:6d:7c:78:58:77:de:80:6a:4c:47:
         63:65:8a:64:3b:f6:74:9a:1c:ee:3c:05:86:2a:92:fe:00:a4:
         48:9e:9e:3c:8b:f1:33:3e:c6:35:8f:c3:6a:ec:ca:62:b9:a1:
         12:57:23:d7:5e:c8:66:1f:35:d6:01:fa:98:0b:22:0e:8b:f7:
         e6:89:8e:5b:52:f7:99:90:6d:0c:5b:b5:f8:fd:9a:d9:cd:13:
         a2:1e:4b:44:28:7e:9e:48:5d:1d:39:c4:56:6d:63:ca:e3:57:
         17:d6:60:03:9f:7b:38:cf:1d:03:d3:60:f7:2f:7a:18:92:d7:
         04:4c:89:c3:26:6d:66:f1:72:9c:2f:0b:4a:51:25:e5:01:29:
         5e:0e:92:b4:a4:98:75:15:bc:c6:82:a7:c1:1f:9f:93:ed:43:
         c5:e2:08:a9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQlII0aW5uASYOJCMagpdzSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlkMzFjMjMzY2JkMjY2ZGIwMjYyMGI5ZGViOTBkMDhlNDE2
OTJlNjcwHhcNMjUwMTAyMDM0NzU3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZWIzMDA3MTVkNTk4N2ExZjEyYThmZWZjMDRhNTU4NjMxNTVjMzJmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA9eYKyoAL263eOtgc1eAZOPH4dcFD
f/8OG13+Qel0nIBjazWdY+oX4OzcRoYByEewS0qooWUAi+tg3MJViW2ZY5JwTmaq
IXWdl7P118++2gMPjZlblNaiOBb9tWgIAMJlsO9skOwF4ultVgCmKyDx55gliG11
ICd+e32E9tYWcJrL5I6KOwj3ikvNTXKMK+n3e87V34kqy/o69DzFgMhL4hQIyp8x
mKAsMGXDWdGaiiW8V7z0ih6NKDvO9l9AWUKjaReUr09wwXvUguEIQ5W2CORjXkbG
GLsxQevtFUnmdMajtnkt1kB+SLUhuxH19HMnCniLGsAWqiJmgU5j2M6vKQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFP6zAHFdWYeh8SqP78BKVYYxVcMvMB8GA1UdIwQY
MBaAFJ0xwjPL0mbbAmILneuQ0I5BaS5nMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvblRIQ004dlNadHNDWWd1ZDY1RFFqa0ZwTG1jLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYy8zNDIyM2EtZTc3ZS00NTQ0LWEyMDct
ZmExNzI1MDM0NDkxLzEvX3JNQWNWMVpoNkh4S29fdndFcFZoakZWd3k4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYy8zNDIyM2EtZTc3ZS00NTQ0LWEyMDctZmExNzI1MDM0NDkx
LzEvblRIQ004dlNadHNDWWd1ZDY1RFFqa0ZwTG1jLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwnzzMA0G
CSqGSIb3DQEBCwUAA4IBAQCZb0pq3xSt6bmYiaNwJi+y3RiiYSbkVRErOp1uHMvV
LOQ5HUdOA66mdN92LgNG6cZxxpSsZexIsq105eDVW+8Z4/h5Rsd+eMjvEsx/145A
rUDE8Auv9oHbyS318hiqQ3vtrG18eFh33oBqTEdjZYpkO/Z0mhzuPAWGKpL+AKRI
np48i/EzPsY1j8Nq7MpiuaESVyPXXshmHzXWAfqYCyIOi/fmiY5bUveZkG0MW7X4
/ZrZzROiHktEKH6eSF0dOcRWbWPK41cX1mADn3s4zx0D02D3L3oYktcETInDJm1m
8XKcLwtKUSXlASleDpK0pJh1FbzGgqfBH5+T7UPF4gip
-----END CERTIFICATE-----