Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/59d555-20bd-4c42-84ba-72ce95ba9afa/1/rDCQZOSrxJZ5t1EHBcAmewJ2zuE.roa
File:                     rDCQZOSrxJZ5t1EHBcAmewJ2zuE.roa (raw, json)
Hash identifier:          5o5LCz2EfBpIGStnQttGujPIzxdxxRQF2IZp5UipRj0=
Subject key identifier:   AC:30:90:64:E4:AB:C4:96:79:B7:51:07:05:C0:26:7B:02:76:CE:E1
Certificate issuer:       /CN=1ad61a52f1082ecf4c97b5122b4611225073451b
Certificate serial:       019424449D08BD3F934F0AA79696E2DEB2E4
Authority key identifier: 1A:D6:1A:52:F1:08:2E:CF:4C:97:B5:12:2B:46:11:22:50:73:45:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GtYaUvEILs9Ml7USK0YRIlBzRRs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dd/59d555-20bd-4c42-84ba-72ce95ba9afa/1/rDCQZOSrxJZ5t1EHBcAmewJ2zuE.roa
Signing time:             Wed 01 Jan 2025 23:47:43 +0000
ROA not before:           Wed 01 Jan 2025 23:47:43 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     25540
IP address blocks:        141.98.172.0/24 maxlen: 24
                          2a09:28c0::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dd/59d555-20bd-4c42-84ba-72ce95ba9afa/1/GtYaUvEILs9Ml7USK0YRIlBzRRs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dd/59d555-20bd-4c42-84ba-72ce95ba9afa/1/GtYaUvEILs9Ml7USK0YRIlBzRRs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GtYaUvEILs9Ml7USK0YRIlBzRRs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 14 Mar 2025 00:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:44:9d:08:bd:3f:93:4f:0a:a7:96:96:e2:de:b2:e4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1ad61a52f1082ecf4c97b5122b4611225073451b
        Validity
            Not Before: Jan  1 23:47:43 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ac309064e4abc49679b7510705c0267b0276cee1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:ba:ae:36:b0:6d:44:ae:bb:dd:a3:59:ef:0b:
                    2c:35:7f:a8:63:0c:d8:54:6e:23:00:a4:d2:c0:6e:
                    54:2f:88:b4:3a:42:0d:b0:d0:0f:78:4f:e7:82:05:
                    ef:32:16:ef:f2:cd:c8:d4:7e:e6:fc:d8:22:f7:a1:
                    27:8d:c1:07:28:7e:51:9d:84:b7:8d:ce:b1:fe:1a:
                    cb:4f:7d:45:ea:78:95:95:21:c4:e5:f2:4e:2d:61:
                    9f:2b:9c:d4:b7:b7:ef:1b:fc:4e:ce:06:32:ac:7e:
                    2e:83:02:2f:5f:60:ab:41:aa:9c:e7:bf:50:1a:a8:
                    50:4f:2e:31:03:f0:2c:cc:18:14:18:cb:5d:06:42:
                    ec:11:1f:8a:cc:10:58:9e:47:e3:d0:0c:48:ff:99:
                    77:db:b4:1c:66:b5:21:fe:dc:49:84:b4:36:26:3b:
                    8c:d6:91:5e:18:ae:3f:d1:f2:07:ed:d4:d3:12:83:
                    bd:70:bb:5c:c2:9b:2b:38:a4:58:c0:d8:b5:ab:10:
                    af:86:f6:10:1a:a7:cb:20:f4:a1:87:68:1c:f5:e2:
                    2c:26:6b:6b:c5:f9:72:7a:25:ac:12:86:5f:ea:9b:
                    b2:98:be:64:13:65:66:65:c9:0d:18:1b:f1:29:90:
                    68:b6:ab:91:d3:9c:c8:86:81:94:f0:ef:e0:a5:ab:
                    3a:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AC:30:90:64:E4:AB:C4:96:79:B7:51:07:05:C0:26:7B:02:76:CE:E1
            X509v3 Authority Key Identifier:
                keyid:1A:D6:1A:52:F1:08:2E:CF:4C:97:B5:12:2B:46:11:22:50:73:45:1B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GtYaUvEILs9Ml7USK0YRIlBzRRs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/59d555-20bd-4c42-84ba-72ce95ba9afa/1/rDCQZOSrxJZ5t1EHBcAmewJ2zuE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/59d555-20bd-4c42-84ba-72ce95ba9afa/1/GtYaUvEILs9Ml7USK0YRIlBzRRs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.98.172.0/24
                IPv6:
                  2a09:28c0::/48

    Signature Algorithm: sha256WithRSAEncryption
         d5:bc:ba:0a:e4:96:d7:cc:9a:44:4f:53:8e:f4:53:cd:16:7b:
         71:28:20:9b:e7:7f:42:13:a0:a6:67:ec:f3:cb:dc:eb:45:5d:
         31:5b:fe:95:c5:17:5a:86:1f:a3:67:01:a5:e1:96:a4:28:89:
         64:7d:8a:db:81:73:e0:98:ee:30:d1:f3:b5:1e:c2:52:50:9c:
         a3:4f:67:c9:a5:bf:fa:3d:60:d1:6e:a1:71:c0:01:08:22:65:
         2e:78:3c:6a:bc:8c:f2:ad:be:0a:0e:ca:ba:75:b2:48:8a:77:
         34:48:57:ee:29:87:34:67:e2:8b:b4:31:dd:36:06:d3:8f:11:
         d0:59:9e:fb:0e:48:35:09:37:86:40:b6:5c:3b:fa:21:5c:24:
         33:7d:62:c3:2f:ce:08:9d:f5:55:13:cd:30:e6:45:e8:a2:4d:
         b1:ea:43:a6:e9:e9:6b:77:e8:c9:d2:3c:30:6d:1e:b6:0f:73:
         89:bd:5e:a0:bd:32:b0:2c:e1:b9:e2:19:41:ee:7d:ae:33:31:
         d3:33:f0:6c:0a:3c:a9:1c:e5:de:ee:92:36:6d:bc:51:01:30:
         37:5e:f9:3c:c2:78:98:26:f2:e3:8f:33:d1:21:89:f4:27:1b:
         6d:8e:40:84:d8:b1:4b:01:2b:ce:63:da:ee:74:d3:73:54:ae:
         d7:38:cd:2d
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZQkRJ0IvT+TTwqnlpbi3rLkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFhZDYxYTUyZjEwODJlY2Y0Yzk3YjUxMjJiNDYxMTIyNTA3
MzQ1MWIwHhcNMjUwMTAxMjM0NzQzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYzMwOTA2NGU0YWJjNDk2NzliNzUxMDcwNWMwMjY3YjAyNzZjZWUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoLquNrBtRK673aNZ7wssNX+oYwzY
VG4jAKTSwG5UL4i0OkINsNAPeE/nggXvMhbv8s3I1H7m/Ngi96EnjcEHKH5RnYS3
jc6x/hrLT31F6niVlSHE5fJOLWGfK5zUt7fvG/xOzgYyrH4ugwIvX2CrQaqc579Q
GqhQTy4xA/AszBgUGMtdBkLsER+KzBBYnkfj0AxI/5l327QcZrUh/txJhLQ2JjuM
1pFeGK4/0fIH7dTTEoO9cLtcwpsrOKRYwNi1qxCvhvYQGqfLIPShh2gc9eIsJmtr
xflyeiWsEoZf6puymL5kE2VmZckNGBvxKZBotquR05zIhoGU8O/gpas6bwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFKwwkGTkq8SWebdRBwXAJnsCds7hMB8GA1UdIwQY
MBaAFBrWGlLxCC7PTJe1EitGESJQc0UbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR3RZYVV2RUlMczlNbDdVU0swWVJJbEJ6UlJzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC81OWQ1NTUtMjBiZC00YzQyLTg0YmEt
NzJjZTk1YmE5YWZhLzEvckRDUVpPU3J4Slo1dDFFSEJjQW1ld0oyenVFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC81OWQ1NTUtMjBiZC00YzQyLTg0YmEtNzJjZTk1YmE5YWZh
LzEvR3RZYVV2RUlMczlNbDdVU0swWVJJbEJ6UlJzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAjWKsMA8E
AgACMAkDBwAqCSjAAAAwDQYJKoZIhvcNAQELBQADggEBANW8ugrkltfMmkRPU470
U80We3EoIJvnf0IToKZn7PPL3OtFXTFb/pXFF1qGH6NnAaXhlqQoiWR9ituBc+CY
7jDR87UewlJQnKNPZ8mlv/o9YNFuoXHAAQgiZS54PGq8jPKtvgoOyrp1skiKdzRI
V+4phzRn4ou0Md02BtOPEdBZnvsOSDUJN4ZAtlw7+iFcJDN9YsMvzgid9VUTzTDm
ReiiTbHqQ6bp6Wt36MnSPDBtHrYPc4m9XqC9MrAs4bniGUHufa4zMdMz8GwKPKkc
5d7ukjZtvFEBMDde+TzCeJgm8uOPM9EhifQnG22OQITYsUsBK85j2u5003NUrtc4
zS0=
-----END CERTIFICATE-----