Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e1/d92919-962b-448d-98db-5990ea58e030/1/i6WUIDE1FurqyNNZ1EYEHsIVqvc.roa
File:                     i6WUIDE1FurqyNNZ1EYEHsIVqvc.roa (raw, json)
Hash identifier:          n8PwD1+DrWnTVld/M9MqGCrSY8HTEouEds18pHnIKJc=
Subject key identifier:   8B:A5:94:20:31:35:16:EA:EA:C8:D3:59:D4:46:04:1E:C2:15:AA:F7
Certificate issuer:       /CN=43c16595966afb0bacf1d7937f245d6a052221a3
Certificate serial:       0194228E166B911FAB5B97C4095B3E6A6981
Authority key identifier: 43:C1:65:95:96:6A:FB:0B:AC:F1:D7:93:7F:24:5D:6A:05:22:21:A3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Q8FllZZq-wus8deTfyRdagUiIaM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e1/d92919-962b-448d-98db-5990ea58e030/1/i6WUIDE1FurqyNNZ1EYEHsIVqvc.roa
Signing time:             Wed 01 Jan 2025 15:48:44 +0000
ROA not before:           Wed 01 Jan 2025 15:48:44 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     60542
IP address blocks:        194.50.197.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e1/d92919-962b-448d-98db-5990ea58e030/1/Q8FllZZq-wus8deTfyRdagUiIaM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e1/d92919-962b-448d-98db-5990ea58e030/1/Q8FllZZq-wus8deTfyRdagUiIaM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Q8FllZZq-wus8deTfyRdagUiIaM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 10:07:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:8e:16:6b:91:1f:ab:5b:97:c4:09:5b:3e:6a:69:81
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=43c16595966afb0bacf1d7937f245d6a052221a3
        Validity
            Not Before: Jan  1 15:48:44 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8ba59420313516eaeac8d359d446041ec215aaf7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:52:19:fb:b2:33:0a:71:0e:37:d1:82:20:cb:
                    40:8f:7d:da:0e:49:2d:d7:16:16:33:f2:a8:e5:8e:
                    2b:89:c6:f2:06:11:b0:d4:ec:31:ab:8d:1c:fb:6c:
                    fa:8b:5d:af:42:8b:b0:7b:46:a0:3b:21:bc:79:4d:
                    0b:b2:41:d8:b5:36:34:ea:66:57:9e:b7:d8:8e:49:
                    2c:d6:6a:c6:3e:11:11:60:7e:5c:e5:b3:3b:49:e1:
                    d3:38:ca:c8:13:80:2b:bc:dd:48:ea:d0:e5:1c:99:
                    80:80:ef:89:1e:a6:f1:53:20:9c:68:87:86:c1:10:
                    d3:a8:ca:e6:89:c5:02:d3:fb:0f:36:d0:cb:5d:07:
                    66:de:36:3f:22:f7:d3:86:cb:58:a9:87:33:cb:40:
                    1c:66:02:b8:c3:31:1e:78:32:bd:f2:4b:ea:be:dd:
                    28:22:2c:0b:c5:ab:9f:a7:91:4e:31:cc:62:9c:aa:
                    55:64:a9:19:9c:18:77:59:df:9e:fa:11:b2:6d:cb:
                    9b:be:0e:fc:d5:39:bc:79:81:2e:00:df:35:61:ea:
                    ca:c0:56:21:21:91:e0:6e:a1:cb:ca:72:ab:6d:65:
                    3f:15:a5:f3:60:7c:41:3a:70:f1:68:29:4a:9d:a4:
                    ef:a4:84:05:48:52:76:f0:64:91:fd:81:91:c7:4d:
                    01:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8B:A5:94:20:31:35:16:EA:EA:C8:D3:59:D4:46:04:1E:C2:15:AA:F7
            X509v3 Authority Key Identifier:
                keyid:43:C1:65:95:96:6A:FB:0B:AC:F1:D7:93:7F:24:5D:6A:05:22:21:A3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Q8FllZZq-wus8deTfyRdagUiIaM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e1/d92919-962b-448d-98db-5990ea58e030/1/i6WUIDE1FurqyNNZ1EYEHsIVqvc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e1/d92919-962b-448d-98db-5990ea58e030/1/Q8FllZZq-wus8deTfyRdagUiIaM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.50.197.0/24

    Signature Algorithm: sha256WithRSAEncryption
         95:a2:ce:89:d2:91:86:38:95:67:76:a5:e8:08:80:30:ad:15:
         d9:a6:d4:38:cf:8e:28:56:f8:dd:58:ab:49:ba:5c:0f:5e:f2:
         ca:e3:d7:25:45:e2:24:e6:58:1c:df:a3:7b:af:82:72:4d:a7:
         dd:cf:52:8f:77:35:21:9f:84:f2:f8:d4:51:2f:1a:a6:78:e4:
         cc:00:ab:a5:b5:5a:98:e2:b0:f6:03:cd:a1:af:27:19:9f:90:
         13:50:51:41:dd:d3:b2:c9:f2:90:b1:88:96:25:7b:c2:2b:f9:
         10:4c:8d:bb:d8:71:6d:f7:f6:62:0b:81:1b:53:d8:36:48:54:
         ce:ef:d2:51:02:2e:5c:c2:b9:57:3c:03:83:de:86:62:bb:43:
         06:6d:09:a1:3d:b1:2a:b2:3f:20:44:b9:13:4c:33:fb:80:2d:
         ff:8d:3d:e4:bf:0d:99:fb:f1:a3:15:41:0c:72:27:51:5d:eb:
         24:f4:1d:f3:13:63:9f:37:49:75:48:47:0f:e9:bd:a8:70:1b:
         09:aa:5a:aa:d4:8d:d2:55:53:02:fd:f2:db:f1:5e:09:f7:5f:
         be:47:49:26:61:cf:1e:57:9c:a6:d5:a1:54:ff:ba:de:fb:4e:
         4c:a2:b4:18:92:e7:83:6e:08:41:21:78:fc:4c:58:8d:9c:aa:
         16:eb:50:83
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQijhZrkR+rW5fECVs+ammBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQzYzE2NTk1OTY2YWZiMGJhY2YxZDc5MzdmMjQ1ZDZhMDUy
MjIxYTMwHhcNMjUwMTAxMTU0ODQ0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YmE1OTQyMDMxMzUxNmVhZWFjOGQzNTlkNDQ2MDQxZWMyMTVhYWY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA01IZ+7IzCnEON9GCIMtAj33aDkkt
1xYWM/Ko5Y4ricbyBhGw1Owxq40c+2z6i12vQouwe0agOyG8eU0LskHYtTY06mZX
nrfYjkks1mrGPhERYH5c5bM7SeHTOMrIE4ArvN1I6tDlHJmAgO+JHqbxUyCcaIeG
wRDTqMrmicUC0/sPNtDLXQdm3jY/IvfThstYqYczy0AcZgK4wzEeeDK98kvqvt0o
IiwLxaufp5FOMcxinKpVZKkZnBh3Wd+e+hGybcubvg781Tm8eYEuAN81YerKwFYh
IZHgbqHLynKrbWU/FaXzYHxBOnDxaClKnaTvpIQFSFJ28GSR/YGRx00BEwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIullCAxNRbq6sjTWdRGBB7CFar3MB8GA1UdIwQY
MBaAFEPBZZWWavsLrPHXk38kXWoFIiGjMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUThGbGxaWnEtd3VzOGRlVGZ5UmRhZ1VpSWFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMS9kOTI5MTktOTYyYi00NDhkLTk4ZGIt
NTk5MGVhNThlMDMwLzEvaTZXVUlERTFGdXJxeU5OWjFFWUVIc0lWcXZjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMS9kOTI5MTktOTYyYi00NDhkLTk4ZGItNTk5MGVhNThlMDMw
LzEvUThGbGxaWnEtd3VzOGRlVGZ5UmRhZ1VpSWFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwjLFMA0G
CSqGSIb3DQEBCwUAA4IBAQCVos6J0pGGOJVndqXoCIAwrRXZptQ4z44oVvjdWKtJ
ulwPXvLK49clReIk5lgc36N7r4JyTafdz1KPdzUhn4Ty+NRRLxqmeOTMAKultVqY
4rD2A82hrycZn5ATUFFB3dOyyfKQsYiWJXvCK/kQTI272HFt9/ZiC4EbU9g2SFTO
79JRAi5cwrlXPAOD3oZiu0MGbQmhPbEqsj8gRLkTTDP7gC3/jT3kvw2Z+/GjFUEM
cidRXesk9B3zE2OfN0l1SEcP6b2ocBsJqlqq1I3SVVMC/fLb8V4J91++R0kmYc8e
V5ym1aFU/7re+05MorQYkueDbghBIXj8TFiNnKoW61CD
-----END CERTIFICATE-----