Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/1tGBlFC-QDQyNnda0pqCTtQGKkg.roa
File:                     1tGBlFC-QDQyNnda0pqCTtQGKkg.roa (raw, json)
Hash identifier:          1bRwHQCfo4LHDCxjYU7ejdeJ8kiItfzlHTWosBrbK5A=
Subject key identifier:   D6:D1:81:94:50:BE:40:34:32:36:77:5A:D2:9A:82:4E:D4:06:2A:48
Certificate issuer:       /CN=618478f198fe569010c3df6219142f530c4f5e56
Certificate serial:       0194258F977CBFE1C7AF32E28F377CCA3C98
Authority key identifier: 61:84:78:F1:98:FE:56:90:10:C3:DF:62:19:14:2F:53:0C:4F:5E:56
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YYR48Zj-VpAQw99iGRQvUwxPXlY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/1tGBlFC-QDQyNnda0pqCTtQGKkg.roa
Signing time:             Thu 02 Jan 2025 05:49:14 +0000
ROA not before:           Thu 02 Jan 2025 05:49:14 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     52094
IP address blocks:        194.147.106.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/YYR48Zj-VpAQw99iGRQvUwxPXlY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/YYR48Zj-VpAQw99iGRQvUwxPXlY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YYR48Zj-VpAQw99iGRQvUwxPXlY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 12 Apr 2025 13:02:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:8f:97:7c:bf:e1:c7:af:32:e2:8f:37:7c:ca:3c:98
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=618478f198fe569010c3df6219142f530c4f5e56
        Validity
            Not Before: Jan  2 05:49:14 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d6d1819450be40343236775ad29a824ed4062a48
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:e0:64:65:b4:ad:2a:9d:e5:29:58:d1:48:49:
                    b4:8f:68:22:69:6e:65:d2:32:71:49:50:ae:c3:e7:
                    ae:ad:81:18:81:9c:c5:f1:54:89:1b:1e:67:72:29:
                    87:de:5c:df:67:5e:bc:27:d4:76:c5:96:ac:93:40:
                    f0:d6:02:ab:4f:7e:46:a7:df:a1:0f:08:ad:09:0e:
                    c0:cd:f6:c9:39:d2:72:3d:81:7a:86:8e:da:40:78:
                    72:52:43:53:d0:33:aa:5f:c0:98:1d:30:45:59:9c:
                    f5:23:ee:9c:a8:05:a2:19:f5:d9:c4:f4:33:7b:f4:
                    2c:7e:42:4b:f6:b3:16:ee:b4:7a:86:ca:35:2f:db:
                    42:28:2f:85:18:e8:35:ca:38:9c:55:d0:4a:b3:20:
                    ca:39:37:90:e9:60:c4:39:af:26:36:e9:ea:df:e3:
                    44:bf:b1:d8:eb:5b:8e:d1:43:03:12:6f:44:8a:03:
                    28:e8:16:32:36:fb:d4:9e:11:d0:9c:e3:cc:bd:be:
                    80:de:e0:ac:93:d7:c6:b2:58:c5:d6:15:d1:c0:0c:
                    95:c6:7e:fe:c3:9e:1b:2b:fe:ea:83:c0:04:fc:ea:
                    8a:38:4e:45:db:3a:3b:af:b9:68:3e:d1:f4:28:c6:
                    19:84:02:1d:62:98:eb:2e:38:92:15:03:14:c3:6e:
                    da:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D6:D1:81:94:50:BE:40:34:32:36:77:5A:D2:9A:82:4E:D4:06:2A:48
            X509v3 Authority Key Identifier:
                keyid:61:84:78:F1:98:FE:56:90:10:C3:DF:62:19:14:2F:53:0C:4F:5E:56

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YYR48Zj-VpAQw99iGRQvUwxPXlY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/1tGBlFC-QDQyNnda0pqCTtQGKkg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/YYR48Zj-VpAQw99iGRQvUwxPXlY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.147.106.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a3:3a:c0:55:83:ac:fe:a3:3f:d2:f3:26:3a:3a:1d:74:77:d6:
         ea:d2:bb:c2:d4:cc:fa:af:93:a6:7c:9b:11:f0:78:d0:40:ff:
         57:e1:42:b1:f2:d9:e6:05:d4:7f:6e:dc:99:4b:41:7a:20:8b:
         8b:41:e7:15:2d:b4:cb:7e:21:7b:b5:83:ae:ab:94:7c:f9:7c:
         47:0f:92:c1:19:9c:09:7c:39:19:1b:23:7e:8f:16:14:74:be:
         fa:c4:28:db:42:cc:e3:d9:64:d3:96:32:47:f9:1c:8d:ba:1e:
         f9:dd:3a:ac:f8:0f:85:e3:0e:55:a8:bd:bb:4a:2b:ae:b9:1b:
         bb:3b:d2:86:81:9a:3d:f8:f3:3e:35:ec:4d:fe:68:ee:f9:f2:
         4d:7b:41:9c:54:51:7a:f9:a3:52:67:93:4d:44:e3:b8:be:88:
         d5:b2:f2:15:01:aa:42:f2:33:bf:af:30:f8:d7:7c:03:ff:cf:
         40:f8:41:f7:3f:e6:9b:65:f3:a1:f6:61:ed:91:64:16:8c:58:
         7b:63:db:a1:c8:95:be:73:55:cd:82:f8:c1:9c:39:bd:20:78:
         c0:4a:64:6f:04:a0:ea:55:07:9c:ee:95:23:18:2f:68:f9:3d:
         96:bf:08:2d:ec:41:12:fb:8d:3b:d6:6b:98:01:5a:a6:d2:a8:
         9d:e7:ff:cd
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQlj5d8v+HHrzLijzd8yjyYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYxODQ3OGYxOThmZTU2OTAxMGMzZGY2MjE5MTQyZjUzMGM0
ZjVlNTYwHhcNMjUwMTAyMDU0OTE0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNmQxODE5NDUwYmU0MDM0MzIzNjc3NWFkMjlhODI0ZWQ0MDYyYTQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoeBkZbStKp3lKVjRSEm0j2giaW5l
0jJxSVCuw+eurYEYgZzF8VSJGx5ncimH3lzfZ168J9R2xZask0Dw1gKrT35Gp9+h
DwitCQ7AzfbJOdJyPYF6ho7aQHhyUkNT0DOqX8CYHTBFWZz1I+6cqAWiGfXZxPQz
e/QsfkJL9rMW7rR6hso1L9tCKC+FGOg1yjicVdBKsyDKOTeQ6WDEOa8mNunq3+NE
v7HY61uO0UMDEm9EigMo6BYyNvvUnhHQnOPMvb6A3uCsk9fGsljF1hXRwAyVxn7+
w54bK/7qg8AE/OqKOE5F2zo7r7loPtH0KMYZhAIdYpjrLjiSFQMUw27anQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNbRgZRQvkA0MjZ3WtKagk7UBipIMB8GA1UdIwQY
MBaAFGGEePGY/laQEMPfYhkUL1MMT15WMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWVlSNDhaai1WcEFRdzk5aUdSUXZVd3hQWGxZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMC81M2M3YjgtNWU0Yi00OWZkLThjOTEt
YmE5OGYxMTIyMTIxLzEvMXRHQmxGQy1RRFF5Tm5kYTBwcUNUdFFHS2tnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMC81M2M3YjgtNWU0Yi00OWZkLThjOTEtYmE5OGYxMTIyMTIx
LzEvWVlSNDhaai1WcEFRdzk5aUdSUXZVd3hQWGxZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwpNqMA0G
CSqGSIb3DQEBCwUAA4IBAQCjOsBVg6z+oz/S8yY6Oh10d9bq0rvC1Mz6r5OmfJsR
8HjQQP9X4UKx8tnmBdR/btyZS0F6IIuLQecVLbTLfiF7tYOuq5R8+XxHD5LBGZwJ
fDkZGyN+jxYUdL76xCjbQszj2WTTljJH+RyNuh753Tqs+A+F4w5VqL27SiuuuRu7
O9KGgZo9+PM+NexN/mju+fJNe0GcVFF6+aNSZ5NNROO4vojVsvIVAapC8jO/rzD4
13wD/89A+EH3P+abZfOh9mHtkWQWjFh7Y9uhyJW+c1XNgvjBnDm9IHjASmRvBKDq
VQec7pUjGC9o+T2Wvwgt7EES+4071muYAVqm0qid5//N
-----END CERTIFICATE-----