Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dc/ca2ace-94ad-44cb-9809-f48d4babd50f/1/nevmretTwrxwqsKKQjHFsjVUEY0.roa
File:                     nevmretTwrxwqsKKQjHFsjVUEY0.roa (raw, json)
Hash identifier:          fWFJu1Hs2S96Xtm1+v7RRTX9W7ZYHV7fdQSuyQbPzQU=
Subject key identifier:   9D:EB:E6:AD:EB:53:C2:BC:70:AA:C2:8A:42:31:C5:B2:35:54:11:8D
Certificate issuer:       /CN=1fc8ed466de2e6ca5964d1eed0f240ddd251de48
Certificate serial:       0194282523E3F0E957C88B49D0D7B7C960A9
Authority key identifier: 1F:C8:ED:46:6D:E2:E6:CA:59:64:D1:EE:D0:F2:40:DD:D2:51:DE:48
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/H8jtRm3i5spZZNHu0PJA3dJR3kg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dc/ca2ace-94ad-44cb-9809-f48d4babd50f/1/nevmretTwrxwqsKKQjHFsjVUEY0.roa
Signing time:             Thu 02 Jan 2025 17:51:50 +0000
ROA not before:           Thu 02 Jan 2025 17:51:50 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     51948
IP address blocks:        91.219.104.0/22 maxlen: 22
                          185.240.8.0/22 maxlen: 22
                          195.242.64.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dc/ca2ace-94ad-44cb-9809-f48d4babd50f/1/H8jtRm3i5spZZNHu0PJA3dJR3kg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dc/ca2ace-94ad-44cb-9809-f48d4babd50f/1/H8jtRm3i5spZZNHu0PJA3dJR3kg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/H8jtRm3i5spZZNHu0PJA3dJR3kg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 23:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:28:25:23:e3:f0:e9:57:c8:8b:49:d0:d7:b7:c9:60:a9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1fc8ed466de2e6ca5964d1eed0f240ddd251de48
        Validity
            Not Before: Jan  2 17:51:50 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9debe6adeb53c2bc70aac28a4231c5b23554118d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:4e:73:d1:13:25:c2:48:79:39:e6:db:03:47:
                    94:05:e0:0d:3a:86:d9:01:ea:a7:2a:6b:7c:39:e6:
                    04:2b:0d:ff:fd:50:d2:74:74:bc:d7:f7:d9:95:2c:
                    be:91:0b:9b:6e:63:1f:30:1c:23:ed:8e:cc:af:e2:
                    7b:38:2e:c7:37:d5:2e:85:32:56:e2:01:a5:5e:4a:
                    95:73:9d:32:27:7e:b2:78:82:f7:0a:a8:f2:9b:bc:
                    de:29:3e:4f:a5:dd:cc:84:37:88:f1:e2:45:c5:b3:
                    f4:30:d3:09:90:32:67:07:92:32:a6:5a:60:19:f7:
                    c7:89:e0:6c:bb:02:f1:90:b5:f3:f4:4e:62:bb:a4:
                    0f:d8:c3:0d:ec:7e:20:10:7d:f8:a9:54:3b:53:6f:
                    8f:13:2c:9f:1c:06:59:25:bb:0f:f8:49:50:ab:6e:
                    4b:56:6b:2c:c7:96:6a:b4:49:ab:84:35:fb:dd:0d:
                    1e:6d:04:d3:67:c1:f1:72:1c:30:63:9a:30:40:1f:
                    48:94:69:56:fa:e4:fa:94:0d:b1:b1:d0:f2:cf:03:
                    9f:4c:31:65:bd:bd:e2:9f:b2:6a:c1:c8:43:ba:10:
                    d9:c3:25:28:ba:47:26:76:90:62:48:49:86:f4:b5:
                    7d:65:ef:a3:6a:c9:67:15:df:90:23:3b:68:3b:51:
                    04:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9D:EB:E6:AD:EB:53:C2:BC:70:AA:C2:8A:42:31:C5:B2:35:54:11:8D
            X509v3 Authority Key Identifier:
                keyid:1F:C8:ED:46:6D:E2:E6:CA:59:64:D1:EE:D0:F2:40:DD:D2:51:DE:48

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/H8jtRm3i5spZZNHu0PJA3dJR3kg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/ca2ace-94ad-44cb-9809-f48d4babd50f/1/nevmretTwrxwqsKKQjHFsjVUEY0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/ca2ace-94ad-44cb-9809-f48d4babd50f/1/H8jtRm3i5spZZNHu0PJA3dJR3kg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.219.104.0/22
                  185.240.8.0/22
                  195.242.64.0/23

    Signature Algorithm: sha256WithRSAEncryption
         4c:7d:4d:2b:0e:7f:ff:26:1d:a4:71:35:e3:82:a1:2a:25:23:
         03:44:49:ff:dd:ce:28:53:03:ae:d3:07:77:93:86:25:55:68:
         5c:3a:fc:fb:a2:60:6f:1f:ac:2e:b7:2b:2d:f8:1b:db:ce:a8:
         c8:f2:1c:6e:05:b7:e7:19:b7:e0:5e:89:e2:8d:30:27:06:64:
         33:7d:28:bd:aa:31:19:15:7d:56:d2:8c:39:00:99:bc:9a:ff:
         ac:58:e0:e4:b1:79:43:1c:50:8b:0d:6d:1c:3b:b8:65:40:55:
         18:25:ed:f1:83:59:6e:88:75:8f:d1:b0:12:a3:b6:6f:e1:8e:
         0f:44:53:de:24:90:9e:34:2b:56:4c:21:e1:d5:fe:73:39:4a:
         6a:7f:2d:a1:a4:14:7c:dd:9c:ef:33:5d:8c:47:7a:9f:52:36:
         be:6a:9d:23:2f:8e:e0:da:de:c6:01:87:d8:f9:9f:ae:da:2b:
         1b:5e:46:7f:c5:75:56:f0:9d:5e:b0:00:ec:a0:aa:86:75:4d:
         62:89:29:40:ce:75:ae:96:e5:f7:4b:6b:db:e6:34:d5:13:9a:
         c9:b7:a4:be:23:62:89:60:c3:98:aa:7c:ab:d9:6b:05:b0:3f:
         69:38:ec:7b:70:7a:d2:37:92:b6:7c:43:bd:0f:57:60:ee:60:
         d1:28:1e:14
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZQoJSPj8OlXyItJ0Ne3yWCpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFmYzhlZDQ2NmRlMmU2Y2E1OTY0ZDFlZWQwZjI0MGRkZDI1
MWRlNDgwHhcNMjUwMTAyMTc1MTUwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZGViZTZhZGViNTNjMmJjNzBhYWMyOGE0MjMxYzViMjM1NTQxMThkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs05z0RMlwkh5OebbA0eUBeANOobZ
AeqnKmt8OeYEKw3//VDSdHS81/fZlSy+kQubbmMfMBwj7Y7Mr+J7OC7HN9UuhTJW
4gGlXkqVc50yJ36yeIL3Cqjym7zeKT5Ppd3MhDeI8eJFxbP0MNMJkDJnB5Iyplpg
GffHieBsuwLxkLXz9E5iu6QP2MMN7H4gEH34qVQ7U2+PEyyfHAZZJbsP+ElQq25L
Vmssx5ZqtEmrhDX73Q0ebQTTZ8HxchwwY5owQB9IlGlW+uT6lA2xsdDyzwOfTDFl
vb3in7JqwchDuhDZwyUoukcmdpBiSEmG9LV9Ze+jaslnFd+QIztoO1EECQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFJ3r5q3rU8K8cKrCikIxxbI1VBGNMB8GA1UdIwQY
MBaAFB/I7UZt4ubKWWTR7tDyQN3SUd5IMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSDhqdFJtM2k1c3BaWk5IdTBQSkEzZEpSM2tnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYy9jYTJhY2UtOTRhZC00NGNiLTk4MDkt
ZjQ4ZDRiYWJkNTBmLzEvbmV2bXJldFR3cnh3cXNLS1FqSEZzalZVRVkwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYy9jYTJhY2UtOTRhZC00NGNiLTk4MDktZjQ4ZDRiYWJkNTBm
LzEvSDhqdFJtM2k1c3BaWk5IdTBQSkEzZEpSM2tnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQCW9toAwQC
ufAIAwQBw/JAMA0GCSqGSIb3DQEBCwUAA4IBAQBMfU0rDn//Jh2kcTXjgqEqJSMD
REn/3c4oUwOu0wd3k4YlVWhcOvz7omBvH6wutyst+BvbzqjI8hxuBbfnGbfgXoni
jTAnBmQzfSi9qjEZFX1W0ow5AJm8mv+sWODksXlDHFCLDW0cO7hlQFUYJe3xg1lu
iHWP0bASo7Zv4Y4PRFPeJJCeNCtWTCHh1f5zOUpqfy2hpBR83ZzvM12MR3qfUja+
ap0jL47g2t7GAYfY+Z+u2isbXkZ/xXVW8J1esADsoKqGdU1iiSlAznWuluX3S2vb
5jTVE5rJt6S+I2KJYMOYqnyr2WsFsD9pOOx7cHrSN5K2fEO9D1dg7mDRKB4U
-----END CERTIFICATE-----