Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/260cf2-8850-43f8-a7f2-9273fc016f7d/1/0fnHFCseCp-dowzjSO_W0ajo1TU.roa
File:                     0fnHFCseCp-dowzjSO_W0ajo1TU.roa (raw, json)
Hash identifier:          6EWDnuvDaw8wNIkQ3MlMpyUilwRHG1UBmr10Bi9Kodc=
Subject key identifier:   D1:F9:C7:14:2B:1E:0A:9F:9D:A3:0C:E3:48:EF:D6:D1:A8:E8:D5:35
Certificate issuer:       /CN=526c618d15bb712e3ebae06a8b181697a5e407b8
Certificate serial:       019421B19E1B21DFD590D51B35B8026C9394
Authority key identifier: 52:6C:61:8D:15:BB:71:2E:3E:BA:E0:6A:8B:18:16:97:A5:E4:07:B8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/UmxhjRW7cS4-uuBqixgWl6XkB7g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dd/260cf2-8850-43f8-a7f2-9273fc016f7d/1/0fnHFCseCp-dowzjSO_W0ajo1TU.roa
Signing time:             Wed 01 Jan 2025 11:47:55 +0000
ROA not before:           Wed 01 Jan 2025 11:47:55 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213123
IP address blocks:        94.231.197.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dd/260cf2-8850-43f8-a7f2-9273fc016f7d/1/UmxhjRW7cS4-uuBqixgWl6XkB7g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dd/260cf2-8850-43f8-a7f2-9273fc016f7d/1/UmxhjRW7cS4-uuBqixgWl6XkB7g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/UmxhjRW7cS4-uuBqixgWl6XkB7g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:b1:9e:1b:21:df:d5:90:d5:1b:35:b8:02:6c:93:94
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=526c618d15bb712e3ebae06a8b181697a5e407b8
        Validity
            Not Before: Jan  1 11:47:55 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d1f9c7142b1e0a9f9da30ce348efd6d1a8e8d535
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:a4:b6:6a:21:3d:d3:1d:eb:a9:e1:7f:60:bf:
                    8c:c7:c5:80:ed:0d:24:d3:a0:a4:c9:8e:a8:78:5a:
                    d7:87:6f:55:22:42:23:d3:50:ff:db:73:43:3e:ae:
                    93:ff:fa:de:4e:22:d7:84:22:23:d0:17:27:53:e8:
                    e1:7f:cc:d7:f8:78:5c:2e:d5:30:c8:a0:23:25:c7:
                    31:3c:9e:40:61:52:c1:27:cb:53:07:9b:ca:e5:a6:
                    96:1b:c8:22:ba:4b:e1:e4:0b:b7:23:a4:dd:37:ac:
                    ac:91:99:6b:68:4f:86:43:98:6b:56:76:7e:6c:4d:
                    60:e9:59:3f:7b:9e:44:f4:a5:78:01:0f:54:64:f5:
                    28:09:9f:27:f9:dc:78:15:84:11:32:77:0b:56:e6:
                    c8:ff:3c:16:fa:86:dc:1a:7d:99:61:06:54:f5:ad:
                    99:b0:e1:2b:9a:ed:f9:90:bb:0f:c7:c0:6c:50:15:
                    cb:fb:14:cb:0a:c0:a9:ba:dc:55:79:a4:84:60:f1:
                    00:63:9b:be:c9:33:c4:cf:9c:8e:ce:1b:91:f9:47:
                    f8:b6:ad:e4:0c:1c:1e:e6:55:a2:56:8b:1e:96:7e:
                    f4:c0:d8:d3:ef:15:ec:6b:cf:57:9d:c6:93:96:bd:
                    84:f4:2a:56:ec:f9:84:9b:60:24:bd:59:d1:7c:82:
                    08:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D1:F9:C7:14:2B:1E:0A:9F:9D:A3:0C:E3:48:EF:D6:D1:A8:E8:D5:35
            X509v3 Authority Key Identifier:
                keyid:52:6C:61:8D:15:BB:71:2E:3E:BA:E0:6A:8B:18:16:97:A5:E4:07:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UmxhjRW7cS4-uuBqixgWl6XkB7g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/260cf2-8850-43f8-a7f2-9273fc016f7d/1/0fnHFCseCp-dowzjSO_W0ajo1TU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/260cf2-8850-43f8-a7f2-9273fc016f7d/1/UmxhjRW7cS4-uuBqixgWl6XkB7g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.231.197.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2f:0e:2c:b2:ca:e6:97:3e:45:37:ef:4a:74:c5:d6:3a:50:80:
         80:f3:b3:7d:9f:36:48:ed:0e:72:99:a5:79:c1:ac:47:12:4d:
         96:96:8a:5e:0f:57:99:4c:af:68:c1:d9:99:49:62:8d:35:89:
         66:50:aa:9c:a1:55:f0:5b:ef:18:df:45:e3:18:bb:20:ff:3a:
         65:f3:3c:6a:62:4c:93:8e:cc:f1:f2:6e:43:4b:66:fd:28:67:
         5a:ec:40:63:d5:5a:84:fa:6c:2d:21:bf:db:c9:db:79:69:fc:
         9d:b8:31:a9:13:3d:f6:48:52:91:df:c1:92:31:1c:87:f0:e4:
         b7:81:8a:0a:12:c8:1a:6c:cf:d6:83:97:33:20:3c:22:29:64:
         77:13:b3:1d:5d:ed:3c:38:b9:7e:bc:8c:1d:78:2e:fe:6c:18:
         b5:54:41:b2:63:4e:44:f1:dd:dd:28:62:47:dd:72:49:62:b7:
         a9:74:e2:0d:34:a3:10:5a:89:f3:66:fd:20:f3:ab:fd:53:72:
         59:22:9e:5d:12:af:0e:81:84:9f:ca:20:1e:72:57:aa:46:24:
         34:44:6e:e0:1c:c8:99:f2:be:07:35:5f:c0:7e:1b:88:d3:eb:
         08:3d:61:ab:7b:2d:82:00:da:56:14:0a:5e:0f:31:86:7b:18:
         ee:68:15:39
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhsZ4bId/VkNUbNbgCbJOUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUyNmM2MThkMTViYjcxMmUzZWJhZTA2YThiMTgxNjk3YTVl
NDA3YjgwHhcNMjUwMTAxMTE0NzU1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMWY5YzcxNDJiMWUwYTlmOWRhMzBjZTM0OGVmZDZkMWE4ZThkNTM1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx6S2aiE90x3rqeF/YL+Mx8WA7Q0k
06CkyY6oeFrXh29VIkIj01D/23NDPq6T//reTiLXhCIj0BcnU+jhf8zX+HhcLtUw
yKAjJccxPJ5AYVLBJ8tTB5vK5aaWG8giukvh5Au3I6TdN6yskZlraE+GQ5hrVnZ+
bE1g6Vk/e55E9KV4AQ9UZPUoCZ8n+dx4FYQRMncLVubI/zwW+obcGn2ZYQZU9a2Z
sOErmu35kLsPx8BsUBXL+xTLCsCputxVeaSEYPEAY5u+yTPEz5yOzhuR+Uf4tq3k
DBwe5lWiVoseln70wNjT7xXsa89XncaTlr2E9CpW7PmEm2AkvVnRfIII0wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNH5xxQrHgqfnaMM40jv1tGo6NU1MB8GA1UdIwQY
MBaAFFJsYY0Vu3EuPrrgaosYFpel5Ae4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVW14aGpSVzdjUzQtdXVCcWl4Z1dsNlhrQjdnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC8yNjBjZjItODg1MC00M2Y4LWE3ZjIt
OTI3M2ZjMDE2ZjdkLzEvMGZuSEZDc2VDcC1kb3d6alNPX1cwYWpvMVRVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC8yNjBjZjItODg1MC00M2Y4LWE3ZjItOTI3M2ZjMDE2Zjdk
LzEvVW14aGpSVzdjUzQtdXVCcWl4Z1dsNlhrQjdnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXufFMA0G
CSqGSIb3DQEBCwUAA4IBAQAvDiyyyuaXPkU370p0xdY6UICA87N9nzZI7Q5ymaV5
waxHEk2WlopeD1eZTK9owdmZSWKNNYlmUKqcoVXwW+8Y30XjGLsg/zpl8zxqYkyT
jszx8m5DS2b9KGda7EBj1VqE+mwtIb/bydt5afyduDGpEz32SFKR38GSMRyH8OS3
gYoKEsgabM/Wg5czIDwiKWR3E7MdXe08OLl+vIwdeC7+bBi1VEGyY05E8d3dKGJH
3XJJYrepdOINNKMQWonzZv0g86v9U3JZIp5dEq8OgYSfyiAecleqRiQ0RG7gHMiZ
8r4HNV/AfhuI0+sIPWGrey2CANpWFApeDzGGexjuaBU5
-----END CERTIFICATE-----