Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/eb/aecab1-1de9-4bdf-9a10-23af55e0190d/1/TqE9tgmDpOyBnvYdZVmUJ-gUA3Q.roa
File:                     TqE9tgmDpOyBnvYdZVmUJ-gUA3Q.roa (raw, json)
Hash identifier:          g8rbpukbCZfVIUEVymsKLu6cA0WLzRwtCu3mx9X0/mM=
Subject key identifier:   4E:A1:3D:B6:09:83:A4:EC:81:9E:F6:1D:65:59:94:27:E8:14:03:74
Certificate issuer:       /CN=02fbd8d72bffbbcd77076a6a6cc994d364284916
Certificate serial:       0194228DFCCBC231A4F02CD771CC88A4EA17
Authority key identifier: 02:FB:D8:D7:2B:FF:BB:CD:77:07:6A:6A:6C:C9:94:D3:64:28:49:16
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/AvvY1yv_u813B2pqbMmU02QoSRY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/eb/aecab1-1de9-4bdf-9a10-23af55e0190d/1/TqE9tgmDpOyBnvYdZVmUJ-gUA3Q.roa
Signing time:             Wed 01 Jan 2025 15:48:38 +0000
ROA not before:           Wed 01 Jan 2025 15:48:38 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     206124
IP address blocks:        185.194.48.0/24 maxlen: 24
                          185.194.49.0/24 maxlen: 24
                          185.194.50.0/24 maxlen: 24
                          185.194.51.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/eb/aecab1-1de9-4bdf-9a10-23af55e0190d/1/AvvY1yv_u813B2pqbMmU02QoSRY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/eb/aecab1-1de9-4bdf-9a10-23af55e0190d/1/AvvY1yv_u813B2pqbMmU02QoSRY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/AvvY1yv_u813B2pqbMmU02QoSRY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 23:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:8d:fc:cb:c2:31:a4:f0:2c:d7:71:cc:88:a4:ea:17
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=02fbd8d72bffbbcd77076a6a6cc994d364284916
        Validity
            Not Before: Jan  1 15:48:38 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4ea13db60983a4ec819ef61d65599427e8140374
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:44:43:ac:8b:c9:e3:62:9a:95:f9:bc:66:d5:
                    91:c7:be:a4:9d:20:3b:c7:ce:34:a8:40:1e:95:05:
                    0a:c9:18:7e:ce:de:86:b7:98:43:79:a2:8b:f6:70:
                    80:5d:d6:58:4e:4c:92:0c:27:8d:96:bb:e0:7c:18:
                    b4:e7:ab:eb:bc:21:7c:30:e1:48:96:2e:34:ad:bb:
                    64:c7:00:b7:dd:b0:a1:71:84:12:3e:14:ed:b8:2f:
                    cc:67:81:dd:a6:f6:9a:c3:d7:94:61:ca:46:72:88:
                    a6:e8:d1:3f:b8:c5:c2:f3:be:21:0d:16:e4:b8:73:
                    d5:db:d1:d7:f1:a6:7f:dc:c3:12:67:1e:b2:e3:5e:
                    25:0a:ed:b9:75:c8:83:38:52:43:bd:21:b0:1c:97:
                    4a:74:dd:23:46:c6:25:f1:54:80:26:15:b3:dd:5e:
                    df:ab:36:e8:ba:0a:21:88:ae:4c:b6:92:be:2a:41:
                    d3:ff:d7:20:7f:c5:e2:92:fa:69:6e:6c:2f:aa:b2:
                    74:7b:15:1e:95:7d:7d:21:4c:83:62:8f:8b:df:d8:
                    c1:24:73:ab:69:4b:a3:eb:8a:1c:a4:55:3b:35:fe:
                    07:64:52:39:40:cf:32:d8:94:64:87:c6:9d:c1:6e:
                    d0:60:16:ac:d8:b1:c6:66:01:05:df:2c:06:02:82:
                    8d:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4E:A1:3D:B6:09:83:A4:EC:81:9E:F6:1D:65:59:94:27:E8:14:03:74
            X509v3 Authority Key Identifier:
                keyid:02:FB:D8:D7:2B:FF:BB:CD:77:07:6A:6A:6C:C9:94:D3:64:28:49:16

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/AvvY1yv_u813B2pqbMmU02QoSRY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/aecab1-1de9-4bdf-9a10-23af55e0190d/1/TqE9tgmDpOyBnvYdZVmUJ-gUA3Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/aecab1-1de9-4bdf-9a10-23af55e0190d/1/AvvY1yv_u813B2pqbMmU02QoSRY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.194.48.0/22

    Signature Algorithm: sha256WithRSAEncryption
         10:ab:bf:f8:f8:b3:cb:d4:7b:55:4d:0f:17:65:af:b0:43:c4:
         a0:69:a5:0a:16:81:e0:4e:05:88:8c:2f:e3:ca:39:cd:1b:3d:
         19:58:4a:66:a3:b8:3f:ba:a7:4f:bf:b3:5f:50:ce:f1:cb:9b:
         f4:93:ff:46:4e:32:3f:46:40:a6:f8:4c:68:14:4b:c8:35:15:
         dd:06:8b:64:c4:9f:dd:5a:92:08:c1:92:4e:c4:dc:34:e7:bd:
         2b:0c:dd:82:c9:d3:ea:ac:32:fd:33:d4:11:91:d7:16:3a:90:
         b9:13:7b:8c:63:d9:61:7a:0d:d4:af:7e:77:25:15:09:58:ba:
         31:6e:37:48:88:85:ce:ae:16:9e:83:92:21:97:c7:97:82:12:
         1a:c6:c7:16:a0:49:9f:f1:db:b1:dc:27:bf:aa:0e:71:fb:14:
         f3:f7:e6:27:d2:97:73:9b:23:94:78:f6:e0:69:6f:d8:e7:86:
         20:de:92:ca:15:33:5d:12:36:c5:b2:45:75:f0:e9:5f:ff:a7:
         48:62:79:45:27:42:80:01:9e:42:9d:9e:86:a1:2e:14:95:16:
         b4:09:a1:37:6a:b4:5a:53:f4:49:30:1e:1a:2c:01:d8:fc:08:
         18:0d:96:65:b3:38:c0:c1:11:3a:be:84:55:88:ff:91:93:dc:
         e0:7a:5e:8d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQijfzLwjGk8CzXccyIpOoXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAyZmJkOGQ3MmJmZmJiY2Q3NzA3NmE2YTZjYzk5NGQzNjQy
ODQ5MTYwHhcNMjUwMTAxMTU0ODM4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZWExM2RiNjA5ODNhNGVjODE5ZWY2MWQ2NTU5OTQyN2U4MTQwMzc0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr0RDrIvJ42Kalfm8ZtWRx76knSA7
x840qEAelQUKyRh+zt6Gt5hDeaKL9nCAXdZYTkySDCeNlrvgfBi056vrvCF8MOFI
li40rbtkxwC33bChcYQSPhTtuC/MZ4Hdpvaaw9eUYcpGcoim6NE/uMXC874hDRbk
uHPV29HX8aZ/3MMSZx6y414lCu25dciDOFJDvSGwHJdKdN0jRsYl8VSAJhWz3V7f
qzbougohiK5MtpK+KkHT/9cgf8XikvppbmwvqrJ0exUelX19IUyDYo+L39jBJHOr
aUuj64ocpFU7Nf4HZFI5QM8y2JRkh8adwW7QYBas2LHGZgEF3ywGAoKNdwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFE6hPbYJg6TsgZ72HWVZlCfoFAN0MB8GA1UdIwQY
MBaAFAL72Ncr/7vNdwdqamzJlNNkKEkWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQXZ2WTF5dl91ODEzQjJwcWJNbVUwMlFvU1JZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYi9hZWNhYjEtMWRlOS00YmRmLTlhMTAt
MjNhZjU1ZTAxOTBkLzEvVHFFOXRnbURwT3lCbnZZZFpWbVVKLWdVQTNRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYi9hZWNhYjEtMWRlOS00YmRmLTlhMTAtMjNhZjU1ZTAxOTBk
LzEvQXZ2WTF5dl91ODEzQjJwcWJNbVUwMlFvU1JZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCucIwMA0G
CSqGSIb3DQEBCwUAA4IBAQAQq7/4+LPL1HtVTQ8XZa+wQ8SgaaUKFoHgTgWIjC/j
yjnNGz0ZWEpmo7g/uqdPv7NfUM7xy5v0k/9GTjI/RkCm+ExoFEvINRXdBotkxJ/d
WpIIwZJOxNw0570rDN2CydPqrDL9M9QRkdcWOpC5E3uMY9lheg3Ur353JRUJWLox
bjdIiIXOrhaeg5Ihl8eXghIaxscWoEmf8dux3Ce/qg5x+xTz9+Yn0pdzmyOUePbg
aW/Y54Yg3pLKFTNdEjbFskV18Olf/6dIYnlFJ0KAAZ5CnZ6GoS4UlRa0CaE3arRa
U/RJMB4aLAHY/AgYDZZlszjAwRE6voRViP+Rk9zgel6N
-----END CERTIFICATE-----