Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e0/6c59cb-84ef-4218-8d7b-ff41d817b443/1/aSUDb8sQcFUdmzbKm4gdVmu_3-w.roa
File:                     aSUDb8sQcFUdmzbKm4gdVmu_3-w.roa (raw, json)
Hash identifier:          8GJtsZCv+fojGQVCn6tX0KvBg6L31AUzVNGq91VjeYY=
Subject key identifier:   69:25:03:6F:CB:10:70:55:1D:9B:36:CA:9B:88:1D:56:6B:BF:DF:EC
Certificate issuer:       /CN=d1c7581439a3aa12fea1cd587ec84b7509a3fc7a
Certificate serial:       01941F8C19D103A23497E8DD2707815EF789
Authority key identifier: D1:C7:58:14:39:A3:AA:12:FE:A1:CD:58:7E:C8:4B:75:09:A3:FC:7A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0cdYFDmjqhL-oc1YfshLdQmj_Ho.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e0/6c59cb-84ef-4218-8d7b-ff41d817b443/1/aSUDb8sQcFUdmzbKm4gdVmu_3-w.roa
Signing time:             Wed 01 Jan 2025 01:47:42 +0000
ROA not before:           Wed 01 Jan 2025 01:47:42 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     48152
IP address blocks:        194.116.128.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e0/6c59cb-84ef-4218-8d7b-ff41d817b443/1/0cdYFDmjqhL-oc1YfshLdQmj_Ho.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e0/6c59cb-84ef-4218-8d7b-ff41d817b443/1/0cdYFDmjqhL-oc1YfshLdQmj_Ho.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0cdYFDmjqhL-oc1YfshLdQmj_Ho.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 14 Apr 2025 18:31:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:8c:19:d1:03:a2:34:97:e8:dd:27:07:81:5e:f7:89
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d1c7581439a3aa12fea1cd587ec84b7509a3fc7a
        Validity
            Not Before: Jan  1 01:47:42 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6925036fcb1070551d9b36ca9b881d566bbfdfec
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:95:f9:bb:5b:6e:26:b4:be:85:05:fa:70:70:
                    92:e1:18:75:a0:ba:eb:64:28:cd:fc:00:9d:51:ad:
                    19:c6:e0:08:f1:d7:13:06:f5:75:1d:6b:38:21:36:
                    4f:d5:53:63:98:cd:ac:9f:99:b7:78:41:56:50:e4:
                    19:4f:8f:1c:0e:1e:77:69:f7:c4:4e:b1:38:68:d7:
                    2c:06:15:fa:f6:57:21:48:eb:4e:40:3d:c7:9a:bc:
                    68:05:b9:70:df:bd:65:85:01:47:35:a3:af:18:3c:
                    f6:5f:14:21:0e:d7:9f:f9:51:43:db:05:9b:d6:cf:
                    0e:8c:8f:5d:99:9d:bf:70:c8:8d:82:f8:b7:bf:89:
                    0c:55:b6:24:22:f9:a6:8a:42:b5:31:c8:1d:de:15:
                    7f:c7:bd:8b:10:ab:18:7e:40:73:6b:de:e4:a3:49:
                    0a:b4:72:f1:a8:fb:ad:67:9f:a5:15:5d:19:90:86:
                    8b:a9:65:a0:91:89:c7:ff:a3:81:41:92:3d:f8:75:
                    4f:67:6b:7a:2c:fb:20:67:89:b9:18:96:10:68:2f:
                    17:7f:26:97:92:a9:b6:85:2f:fd:bf:d6:27:51:83:
                    1e:ac:25:19:7e:4c:33:14:60:4b:73:1f:a0:4c:28:
                    79:5e:cd:7f:be:63:65:89:38:c9:06:4e:ad:99:4f:
                    d2:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                69:25:03:6F:CB:10:70:55:1D:9B:36:CA:9B:88:1D:56:6B:BF:DF:EC
            X509v3 Authority Key Identifier:
                keyid:D1:C7:58:14:39:A3:AA:12:FE:A1:CD:58:7E:C8:4B:75:09:A3:FC:7A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0cdYFDmjqhL-oc1YfshLdQmj_Ho.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e0/6c59cb-84ef-4218-8d7b-ff41d817b443/1/aSUDb8sQcFUdmzbKm4gdVmu_3-w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e0/6c59cb-84ef-4218-8d7b-ff41d817b443/1/0cdYFDmjqhL-oc1YfshLdQmj_Ho.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.116.128.0/23

    Signature Algorithm: sha256WithRSAEncryption
         4d:10:7f:2c:cd:26:43:ac:dd:c1:ea:f3:a4:0c:8f:84:22:00:
         4c:0c:5f:82:9c:78:98:ab:00:3c:2f:4d:2b:db:1b:39:f9:4c:
         8a:3e:dc:b9:ed:8d:11:3a:8c:fb:41:cf:67:e9:92:f7:b7:22:
         34:40:c9:22:11:e0:c2:dd:98:dd:53:7c:01:2c:30:6b:e9:be:
         91:ce:8b:52:d7:33:c4:78:59:cb:3d:c6:58:e8:21:7d:e0:9f:
         c1:3a:07:13:f2:06:15:0f:73:e8:5d:ca:92:fe:68:9c:7b:54:
         ca:6c:12:8e:8b:bb:c9:73:11:c0:7b:60:a3:f7:8e:f8:8f:76:
         59:db:6b:bd:e9:fd:19:ae:5a:68:3e:81:33:d3:f2:5c:78:80:
         cf:02:e1:61:15:06:96:6c:e3:7e:a9:f2:91:cf:da:84:7f:10:
         5e:28:9a:45:24:4c:e6:36:e5:b2:f7:ee:a0:de:5b:fd:f7:69:
         ec:c0:c8:8b:3c:4e:6b:11:4f:92:55:e0:08:e2:70:07:c9:73:
         fe:22:df:9d:bc:9c:46:b8:8f:35:50:ed:9f:b3:05:c2:d4:12:
         fe:2f:88:a8:25:b5:1d:df:77:12:0a:8d:2c:16:43:86:6e:18:
         c4:fa:70:dd:ff:4e:27:e2:ff:83:f1:39:33:43:53:26:81:0b:
         e8:b8:2b:d4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQfjBnRA6I0l+jdJweBXveJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQxYzc1ODE0MzlhM2FhMTJmZWExY2Q1ODdlYzg0Yjc1MDlh
M2ZjN2EwHhcNMjUwMTAxMDE0NzQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2OTI1MDM2ZmNiMTA3MDU1MWQ5YjM2Y2E5Yjg4MWQ1NjZiYmZkZmVjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyZX5u1tuJrS+hQX6cHCS4Rh1oLrr
ZCjN/ACdUa0ZxuAI8dcTBvV1HWs4ITZP1VNjmM2sn5m3eEFWUOQZT48cDh53affE
TrE4aNcsBhX69lchSOtOQD3HmrxoBblw371lhQFHNaOvGDz2XxQhDtef+VFD2wWb
1s8OjI9dmZ2/cMiNgvi3v4kMVbYkIvmmikK1Mcgd3hV/x72LEKsYfkBza97ko0kK
tHLxqPutZ5+lFV0ZkIaLqWWgkYnH/6OBQZI9+HVPZ2t6LPsgZ4m5GJYQaC8XfyaX
kqm2hS/9v9YnUYMerCUZfkwzFGBLcx+gTCh5Xs1/vmNliTjJBk6tmU/SewIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGklA2/LEHBVHZs2ypuIHVZrv9/sMB8GA1UdIwQY
MBaAFNHHWBQ5o6oS/qHNWH7IS3UJo/x6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMGNkWUZEbWpxaEwtb2MxWWZzaExkUW1qX0hvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMC82YzU5Y2ItODRlZi00MjE4LThkN2It
ZmY0MWQ4MTdiNDQzLzEvYVNVRGI4c1FjRlVkbXpiS200Z2RWbXVfMy13LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMC82YzU5Y2ItODRlZi00MjE4LThkN2ItZmY0MWQ4MTdiNDQz
LzEvMGNkWUZEbWpxaEwtb2MxWWZzaExkUW1qX0hvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwnSAMA0G
CSqGSIb3DQEBCwUAA4IBAQBNEH8szSZDrN3B6vOkDI+EIgBMDF+CnHiYqwA8L00r
2xs5+UyKPty57Y0ROoz7Qc9n6ZL3tyI0QMkiEeDC3ZjdU3wBLDBr6b6RzotS1zPE
eFnLPcZY6CF94J/BOgcT8gYVD3PoXcqS/mice1TKbBKOi7vJcxHAe2Cj9474j3ZZ
22u96f0ZrlpoPoEz0/JceIDPAuFhFQaWbON+qfKRz9qEfxBeKJpFJEzmNuWy9+6g
3lv992nswMiLPE5rEU+SVeAI4nAHyXP+It+dvJxGuI81UO2fswXC1BL+L4ioJbUd
33cSCo0sFkOGbhjE+nDd/04n4v+D8TkzQ1MmgQvouCvU
-----END CERTIFICATE-----