Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e5/eb70a3-17e1-4d86-8b9e-6080952f0e04/1/1-L9qSgE09LkQG7Ea8EBDdDw4ino.roa
File:                     1-L9qSgE09LkQG7Ea8EBDdDw4ino.roa (raw, json)
Hash identifier:          L03XGEs9qhc6ohMjsbyVjgW+T6aNu0Or4uMNslNgGaI=
Subject key identifier:   F8:BF:6A:4A:01:34:F4:B9:10:1B:B1:1A:F0:40:43:74:3C:38:8A:7A
Certificate issuer:       /CN=4f8aea2f025f495beacee7ce5a8820519dda1370
Certificate serial:       0194266B112DFC17F832CE6E6F311B8119DB
Authority key identifier: 4F:8A:EA:2F:02:5F:49:5B:EA:CE:E7:CE:5A:88:20:51:9D:DA:13:70
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T4rqLwJfSVvqzufOWoggUZ3aE3A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e5/eb70a3-17e1-4d86-8b9e-6080952f0e04/1/1-L9qSgE09LkQG7Ea8EBDdDw4ino.roa
Signing time:             Thu 02 Jan 2025 09:48:58 +0000
ROA not before:           Thu 02 Jan 2025 09:48:58 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     399471
IP address blocks:        194.156.79.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e5/eb70a3-17e1-4d86-8b9e-6080952f0e04/1/T4rqLwJfSVvqzufOWoggUZ3aE3A.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e5/eb70a3-17e1-4d86-8b9e-6080952f0e04/1/T4rqLwJfSVvqzufOWoggUZ3aE3A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T4rqLwJfSVvqzufOWoggUZ3aE3A.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 12:01:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:6b:11:2d:fc:17:f8:32:ce:6e:6f:31:1b:81:19:db
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f8aea2f025f495beacee7ce5a8820519dda1370
        Validity
            Not Before: Jan  2 09:48:58 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f8bf6a4a0134f4b9101bb11af04043743c388a7a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:01:6e:5b:6b:5a:2a:fb:ff:de:4a:9f:89:06:
                    1c:52:4a:46:fa:1e:f4:60:e2:19:bd:a6:5d:9d:1c:
                    e2:2b:34:c9:6a:32:c2:60:10:ec:31:64:3b:17:09:
                    ae:21:3b:90:96:56:c7:ac:a2:03:91:ca:45:7f:72:
                    d7:9a:45:34:bc:75:16:11:70:69:f4:db:50:70:96:
                    ca:8d:3c:ab:11:67:e5:33:b1:73:77:8b:17:76:b0:
                    0c:59:de:5d:e5:20:e0:66:66:26:f0:41:76:7a:1a:
                    79:82:74:3e:d6:19:e9:cb:09:11:83:67:f5:9e:33:
                    c9:59:1e:83:06:c4:86:29:bb:f2:ab:b5:b6:10:74:
                    27:6e:28:9a:44:13:87:6c:5b:5c:af:ef:18:1e:f2:
                    c9:4a:68:38:ab:ca:a4:f4:5e:62:a2:71:8e:82:29:
                    00:71:6e:b5:26:2c:2f:22:56:de:ab:59:ca:97:9f:
                    9f:18:96:0c:56:6a:59:c9:63:2d:ed:ff:90:aa:a5:
                    0b:ee:4a:92:17:fd:19:89:15:17:5b:7d:4e:37:f5:
                    b8:10:7f:1d:94:46:da:c8:c8:08:8d:91:49:2d:02:
                    0d:8d:9e:76:4d:c1:58:f5:d7:f9:29:0e:e7:a3:ac:
                    58:0d:37:b2:a6:d0:f9:07:f2:3f:4c:2d:83:76:76:
                    c5:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F8:BF:6A:4A:01:34:F4:B9:10:1B:B1:1A:F0:40:43:74:3C:38:8A:7A
            X509v3 Authority Key Identifier:
                keyid:4F:8A:EA:2F:02:5F:49:5B:EA:CE:E7:CE:5A:88:20:51:9D:DA:13:70

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T4rqLwJfSVvqzufOWoggUZ3aE3A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e5/eb70a3-17e1-4d86-8b9e-6080952f0e04/1/1-L9qSgE09LkQG7Ea8EBDdDw4ino.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e5/eb70a3-17e1-4d86-8b9e-6080952f0e04/1/T4rqLwJfSVvqzufOWoggUZ3aE3A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.156.79.0/24

    Signature Algorithm: sha256WithRSAEncryption
         85:be:bd:dc:7f:de:5b:e0:5b:db:c7:1d:50:2e:3f:1b:e6:ec:
         d7:d8:63:96:6e:7f:84:98:4f:56:e4:3d:ae:84:fa:b4:de:ce:
         bb:ea:f6:de:33:8c:7a:39:56:bc:5b:87:80:6c:7d:4e:38:bc:
         51:f5:94:f1:74:88:33:6a:35:8d:a9:5b:39:eb:6e:d3:c0:d2:
         e0:be:ed:89:74:c2:82:c2:c7:c2:16:39:b6:50:ea:e1:f6:57:
         e7:37:a4:15:9e:c8:b0:f1:f5:3d:19:56:73:3a:08:95:c5:94:
         32:04:7c:d9:a2:aa:b7:ae:12:3f:5a:88:20:a0:cf:af:a7:c6:
         4f:49:43:92:1f:48:9f:9d:dd:63:7f:40:95:0a:17:61:e4:23:
         ec:88:9c:d3:ee:9e:c5:79:c0:e2:b8:98:9b:51:b6:52:d6:99:
         ae:70:5a:35:a2:0b:f6:8a:40:36:1f:23:8a:b9:de:63:bf:ef:
         24:6d:9e:51:fa:5d:be:8a:e1:36:9d:e3:53:3b:f7:e1:78:c5:
         f6:1f:24:58:a6:02:49:e6:2f:1c:60:54:eb:09:c9:bd:21:54:
         62:36:e1:15:43:4a:b4:ff:58:b7:17:13:3b:85:28:fb:21:c2:
         9d:c1:90:66:39:07:7d:87:ad:6c:08:e3:43:ab:7a:f5:ec:10:
         27:87:1e:e7
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZQmaxEt/Bf4Ms5ubzEbgRnbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmOGFlYTJmMDI1ZjQ5NWJlYWNlZTdjZTVhODgyMDUxOWRk
YTEzNzAwHhcNMjUwMTAyMDk0ODU4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmOGJmNmE0YTAxMzRmNGI5MTAxYmIxMWFmMDQwNDM3NDNjMzg4YTdhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsQFuW2taKvv/3kqfiQYcUkpG+h70
YOIZvaZdnRziKzTJajLCYBDsMWQ7FwmuITuQllbHrKIDkcpFf3LXmkU0vHUWEXBp
9NtQcJbKjTyrEWflM7Fzd4sXdrAMWd5d5SDgZmYm8EF2ehp5gnQ+1hnpywkRg2f1
njPJWR6DBsSGKbvyq7W2EHQnbiiaRBOHbFtcr+8YHvLJSmg4q8qk9F5ionGOgikA
cW61JiwvIlbeq1nKl5+fGJYMVmpZyWMt7f+QqqUL7kqSF/0ZiRUXW31ON/W4EH8d
lEbayMgIjZFJLQINjZ52TcFY9df5KQ7no6xYDTeyptD5B/I/TC2DdnbF6QIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFPi/akoBNPS5EBuxGvBAQ3Q8OIp6MB8GA1UdIwQY
MBaAFE+K6i8CX0lb6s7nzlqIIFGd2hNwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVDRycUx3SmZTVnZxenVmT1dvZ2dVWjNhRTNBLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNS9lYjcwYTMtMTdlMS00ZDg2LThiOWUt
NjA4MDk1MmYwZTA0LzEvMS1MOXFTZ0UwOUxrUUc3RWE4RUJEZER3NGluby5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvZTUvZWI3MGEzLTE3ZTEtNGQ4Ni04YjllLTYwODA5NTJmMGUw
NC8xL1Q0cnFMd0pmU1Z2cXp1Zk9Xb2dnVVozYUUzQS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAMKcTzAN
BgkqhkiG9w0BAQsFAAOCAQEAhb693H/eW+Bb28cdUC4/G+bs19hjlm5/hJhPVuQ9
roT6tN7Ou+r23jOMejlWvFuHgGx9Tji8UfWU8XSIM2o1jalbOetu08DS4L7tiXTC
gsLHwhY5tlDq4fZX5zekFZ7IsPH1PRlWczoIlcWUMgR82aKqt64SP1qIIKDPr6fG
T0lDkh9In53dY39AlQoXYeQj7Iic0+6exXnA4riYm1G2UtaZrnBaNaIL9opANh8j
irneY7/vJG2eUfpdvorhNp3jUzv34XjF9h8kWKYCSeYvHGBU6wnJvSFUYjbhFUNK
tP9YtxcTO4Uo+yHCncGQZjkHfYetbAjjQ6t69ewQJ4ce5w==
-----END CERTIFICATE-----