Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ea/1f9493-d468-4a7c-8c4b-1ddec4cce24c/1/i5GppiHBLQmwOIDk0BFsCJHp2Fk.roa
File:                     i5GppiHBLQmwOIDk0BFsCJHp2Fk.roa (raw, json)
Hash identifier:          yjCNT9c5vaPwsaCe9fT0EpKbcmfr4jqgrLJp2CjaPGI=
Subject key identifier:   8B:91:A9:A6:21:C1:2D:09:B0:38:80:E4:D0:11:6C:08:91:E9:D8:59
Certificate issuer:       /CN=0671dcc7a9ac7351c71e0bc2278cf45fd020ae2e
Certificate serial:       01941F8C94EBC399E010A93AE029516250CA
Authority key identifier: 06:71:DC:C7:A9:AC:73:51:C7:1E:0B:C2:27:8C:F4:5F:D0:20:AE:2E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BnHcx6msc1HHHgvCJ4z0X9Agri4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ea/1f9493-d468-4a7c-8c4b-1ddec4cce24c/1/i5GppiHBLQmwOIDk0BFsCJHp2Fk.roa
Signing time:             Wed 01 Jan 2025 01:48:14 +0000
ROA not before:           Wed 01 Jan 2025 01:48:14 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     61317
IP address blocks:        194.143.210.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ea/1f9493-d468-4a7c-8c4b-1ddec4cce24c/1/BnHcx6msc1HHHgvCJ4z0X9Agri4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ea/1f9493-d468-4a7c-8c4b-1ddec4cce24c/1/BnHcx6msc1HHHgvCJ4z0X9Agri4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BnHcx6msc1HHHgvCJ4z0X9Agri4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 10:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:8c:94:eb:c3:99:e0:10:a9:3a:e0:29:51:62:50:ca
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0671dcc7a9ac7351c71e0bc2278cf45fd020ae2e
        Validity
            Not Before: Jan  1 01:48:14 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8b91a9a621c12d09b03880e4d0116c0891e9d859
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:b8:3e:3d:62:db:9b:a8:d5:fc:a9:49:8e:4d:
                    7b:cb:5f:43:4f:6f:d9:d5:6d:2a:2b:e3:5b:96:a9:
                    35:36:a1:e1:7d:90:75:cc:7a:f6:f2:29:18:ae:8c:
                    08:ae:9a:78:85:07:a0:30:de:06:ba:42:9f:c0:24:
                    2f:63:10:49:c1:0c:84:ca:65:fb:2a:5a:77:30:af:
                    ba:bc:c5:10:aa:56:ea:7b:45:e3:0b:3b:44:02:99:
                    fb:ab:fe:d1:b2:37:ae:a9:7e:19:00:94:93:d7:07:
                    ec:0e:0a:58:81:42:37:29:dc:9e:67:99:5c:b9:56:
                    d5:38:62:ea:f5:0c:f6:2e:93:24:92:a5:1c:db:14:
                    c0:13:94:f4:e2:72:a9:60:b1:9d:de:7c:45:a7:7c:
                    5b:1d:aa:a5:ad:88:50:ea:5c:51:95:67:41:62:6c:
                    71:e3:fe:c6:97:0a:3c:ef:db:e9:3b:0e:e3:ee:7d:
                    ad:56:aa:78:f5:e8:11:5f:ce:95:90:f6:57:83:0a:
                    93:97:1c:23:d0:03:86:f0:18:7d:1d:13:08:35:8c:
                    a2:15:59:c7:f9:a2:71:a9:29:a3:38:29:20:44:2a:
                    e7:a3:2e:a0:e5:3e:fc:3f:d9:c4:11:ba:37:e1:06:
                    21:84:70:3a:47:c8:e7:b2:12:44:94:bd:5e:d6:cd:
                    0b:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8B:91:A9:A6:21:C1:2D:09:B0:38:80:E4:D0:11:6C:08:91:E9:D8:59
            X509v3 Authority Key Identifier:
                keyid:06:71:DC:C7:A9:AC:73:51:C7:1E:0B:C2:27:8C:F4:5F:D0:20:AE:2E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BnHcx6msc1HHHgvCJ4z0X9Agri4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ea/1f9493-d468-4a7c-8c4b-1ddec4cce24c/1/i5GppiHBLQmwOIDk0BFsCJHp2Fk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ea/1f9493-d468-4a7c-8c4b-1ddec4cce24c/1/BnHcx6msc1HHHgvCJ4z0X9Agri4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.143.210.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5a:45:bc:d6:8c:44:2d:e9:33:7e:ba:9c:1d:17:9f:93:80:a6:
         ce:e9:37:b4:22:73:8b:50:76:14:37:46:a6:46:4a:3b:19:2a:
         c7:2c:ef:ce:92:95:e7:d3:43:f0:93:8a:1c:dc:88:e9:71:01:
         7e:cf:60:eb:0e:25:3a:3d:78:ad:84:9e:71:14:45:97:a8:05:
         ad:d1:10:5d:bb:1f:8f:26:f6:c0:80:09:fa:9f:f3:ec:d3:cf:
         c4:2b:8d:9f:61:a1:2f:1e:c3:f9:29:9b:f5:d2:33:7a:83:9a:
         ad:a7:0d:64:f6:01:72:ac:a6:9f:3b:72:32:61:0e:5d:0c:44:
         0c:22:0e:83:c3:61:79:5f:32:a3:4a:f4:e3:9d:c5:ab:8d:03:
         8d:8a:55:06:0e:4f:d6:b9:ed:eb:d3:6a:f7:9d:e3:a6:c4:cc:
         94:1b:94:ac:ac:db:53:e9:b6:e1:86:fc:05:ef:c0:cf:c5:6d:
         3c:d8:4a:74:7b:ad:0e:20:8a:5a:e3:69:a9:88:16:27:ea:55:
         f0:0c:e6:9f:9d:14:be:fe:6e:32:ea:c2:b8:87:b3:93:af:56:
         4b:f9:51:a7:92:a5:18:6e:c6:7b:17:dc:d0:b3:b9:45:65:a0:
         ee:12:7d:3b:fb:e1:99:2e:ed:a9:b9:fa:8f:10:47:76:b9:f2:
         91:51:f5:a4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQfjJTrw5ngEKk64ClRYlDKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA2NzFkY2M3YTlhYzczNTFjNzFlMGJjMjI3OGNmNDVmZDAy
MGFlMmUwHhcNMjUwMTAxMDE0ODE0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YjkxYTlhNjIxYzEyZDA5YjAzODgwZTRkMDExNmMwODkxZTlkODU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnbg+PWLbm6jV/KlJjk17y19DT2/Z
1W0qK+Nblqk1NqHhfZB1zHr28ikYrowIrpp4hQegMN4GukKfwCQvYxBJwQyEymX7
Klp3MK+6vMUQqlbqe0XjCztEApn7q/7RsjeuqX4ZAJST1wfsDgpYgUI3KdyeZ5lc
uVbVOGLq9Qz2LpMkkqUc2xTAE5T04nKpYLGd3nxFp3xbHaqlrYhQ6lxRlWdBYmxx
4/7Glwo879vpOw7j7n2tVqp49egRX86VkPZXgwqTlxwj0AOG8Bh9HRMINYyiFVnH
+aJxqSmjOCkgRCrnoy6g5T78P9nEEbo34QYhhHA6R8jnshJElL1e1s0L5QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIuRqaYhwS0JsDiA5NARbAiR6dhZMB8GA1UdIwQY
MBaAFAZx3MeprHNRxx4LwieM9F/QIK4uMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQm5IY3g2bXNjMUhISGd2Q0o0ejBYOUFncmk0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYS8xZjk0OTMtZDQ2OC00YTdjLThjNGIt
MWRkZWM0Y2NlMjRjLzEvaTVHcHBpSEJMUW13T0lEazBCRnNDSkhwMkZrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYS8xZjk0OTMtZDQ2OC00YTdjLThjNGItMWRkZWM0Y2NlMjRj
LzEvQm5IY3g2bXNjMUhISGd2Q0o0ejBYOUFncmk0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwo/SMA0G
CSqGSIb3DQEBCwUAA4IBAQBaRbzWjEQt6TN+upwdF5+TgKbO6Te0InOLUHYUN0am
Rko7GSrHLO/OkpXn00Pwk4oc3IjpcQF+z2DrDiU6PXithJ5xFEWXqAWt0RBdux+P
JvbAgAn6n/Ps08/EK42fYaEvHsP5KZv10jN6g5qtpw1k9gFyrKafO3IyYQ5dDEQM
Ig6Dw2F5XzKjSvTjncWrjQONilUGDk/Wue3r02r3neOmxMyUG5SsrNtT6bbhhvwF
78DPxW082Ep0e60OIIpa42mpiBYn6lXwDOafnRS+/m4y6sK4h7OTr1ZL+VGnkqUY
bsZ7F9zQs7lFZaDuEn07++GZLu2pufqPEEd2ufKRUfWk
-----END CERTIFICATE-----