Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ef/6107e4-4393-4cbe-a6c2-27c1a35976de/1/1ovUioPSRpwIq2x5dlTtKSWuJt4.roa
File:                     1ovUioPSRpwIq2x5dlTtKSWuJt4.roa (raw, json)
Hash identifier:          glwS98kItQ5aoRJZQt2/p+Tl6Vu2+KBQ6fnWyRCpxeE=
Subject key identifier:   D6:8B:D4:8A:83:D2:46:9C:08:AB:6C:79:76:54:ED:29:25:AE:26:DE
Certificate issuer:       /CN=2940b694bba095344e4bdb99f51e1f1023be57ce
Certificate serial:       01941F8C61854677386E9B361034442921F2
Authority key identifier: 29:40:B6:94:BB:A0:95:34:4E:4B:DB:99:F5:1E:1F:10:23:BE:57:CE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KUC2lLuglTROS9uZ9R4fECO-V84.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ef/6107e4-4393-4cbe-a6c2-27c1a35976de/1/1ovUioPSRpwIq2x5dlTtKSWuJt4.roa
Signing time:             Wed 01 Jan 2025 01:48:01 +0000
ROA not before:           Wed 01 Jan 2025 01:48:01 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     56791
IP address blocks:        185.134.121.0/24 maxlen: 32
                          185.134.122.0/23 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ef/6107e4-4393-4cbe-a6c2-27c1a35976de/1/KUC2lLuglTROS9uZ9R4fECO-V84.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ef/6107e4-4393-4cbe-a6c2-27c1a35976de/1/KUC2lLuglTROS9uZ9R4fECO-V84.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KUC2lLuglTROS9uZ9R4fECO-V84.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 13:00:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:8c:61:85:46:77:38:6e:9b:36:10:34:44:29:21:f2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2940b694bba095344e4bdb99f51e1f1023be57ce
        Validity
            Not Before: Jan  1 01:48:01 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d68bd48a83d2469c08ab6c797654ed2925ae26de
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:9f:1e:dd:ea:02:c1:9e:03:25:5c:3d:51:8c:
                    19:94:83:67:92:23:c7:a8:f8:4d:d3:ad:c2:c6:b1:
                    8d:14:4e:6c:58:f6:58:48:bc:a4:1f:42:b3:7c:8f:
                    42:9c:13:33:a8:37:b4:f1:40:6a:ad:30:5c:fb:9a:
                    9e:a6:4c:9f:7b:80:b0:56:29:05:58:bd:4a:ed:dd:
                    c9:c5:be:e5:06:35:16:67:05:7d:d2:3a:5d:d6:69:
                    09:a8:be:a6:54:d6:a5:8a:d0:a7:49:48:2c:41:de:
                    16:df:a8:95:89:77:53:5b:65:c7:4c:61:6e:37:ee:
                    fd:29:85:cc:04:05:21:3b:6f:ea:16:49:92:55:48:
                    ab:2d:02:f6:c8:db:fb:d0:c4:9e:12:6f:0b:b1:f2:
                    23:ca:47:23:a7:57:0c:96:9b:a2:a5:91:8b:31:70:
                    9d:61:80:00:a5:d3:b2:fb:6a:4a:19:2b:66:84:ac:
                    10:a7:87:98:3d:29:30:3a:27:58:10:98:af:77:f2:
                    fb:4a:f2:bb:bd:5d:44:7f:1c:2b:a1:f3:26:8f:42:
                    06:ac:d2:c6:cf:52:16:10:4e:33:8d:86:e6:40:e3:
                    29:80:1c:d0:02:0c:ee:c5:f0:df:ee:0c:18:37:ae:
                    cf:82:e2:33:cd:68:84:c6:0b:5f:a1:1a:0b:61:cf:
                    29:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D6:8B:D4:8A:83:D2:46:9C:08:AB:6C:79:76:54:ED:29:25:AE:26:DE
            X509v3 Authority Key Identifier:
                keyid:29:40:B6:94:BB:A0:95:34:4E:4B:DB:99:F5:1E:1F:10:23:BE:57:CE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KUC2lLuglTROS9uZ9R4fECO-V84.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ef/6107e4-4393-4cbe-a6c2-27c1a35976de/1/1ovUioPSRpwIq2x5dlTtKSWuJt4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ef/6107e4-4393-4cbe-a6c2-27c1a35976de/1/KUC2lLuglTROS9uZ9R4fECO-V84.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.134.121.0-185.134.123.255

    Signature Algorithm: sha256WithRSAEncryption
         49:d7:6f:ee:84:8e:d6:96:70:bb:49:2e:2e:9b:b6:54:05:e6:
         40:74:a6:e9:13:6c:4b:b3:7d:ea:8c:55:79:b7:e1:22:78:2d:
         50:4c:20:70:63:b5:8d:a1:f6:ad:a8:1d:6b:26:d9:3d:04:a8:
         ce:e0:e5:0d:73:21:5b:ee:27:23:32:c7:f2:a1:78:b5:d8:0c:
         83:44:10:06:ea:f5:00:1c:3c:81:ec:bd:da:d9:17:9a:15:b0:
         a7:a3:97:11:f6:5e:f1:a4:59:7b:b3:61:09:60:b4:9b:18:77:
         62:99:63:53:ce:8b:e3:2c:d5:25:eb:01:f5:c4:c3:b9:b5:03:
         99:89:9d:aa:af:34:64:4a:ec:0d:34:e9:1f:69:3e:26:fc:10:
         70:9e:f7:9d:97:39:c6:b9:86:f9:d9:9b:b0:4b:0e:7f:00:d1:
         c8:5e:90:8a:56:a4:3f:b4:2b:6d:86:fd:4c:73:ae:7e:a7:82:
         d5:14:5b:aa:20:ea:ec:70:4b:40:ce:fa:a8:3a:92:37:60:75:
         36:63:09:3c:a3:c8:c3:02:e5:ee:e2:6f:29:92:be:24:2f:b7:
         2b:8f:13:db:1f:fb:73:17:bc:e5:f6:e7:e4:83:eb:7b:1f:c0:
         fe:47:d3:17:c2:a2:20:4e:dc:45:92:c7:43:fd:59:21:b6:6e:
         f8:14:4f:ab
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZQfjGGFRnc4bps2EDREKSHyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI5NDBiNjk0YmJhMDk1MzQ0ZTRiZGI5OWY1MWUxZjEwMjNi
ZTU3Y2UwHhcNMjUwMTAxMDE0ODAxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNjhiZDQ4YTgzZDI0NjljMDhhYjZjNzk3NjU0ZWQyOTI1YWUyNmRlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA058e3eoCwZ4DJVw9UYwZlINnkiPH
qPhN063CxrGNFE5sWPZYSLykH0KzfI9CnBMzqDe08UBqrTBc+5qepkyfe4CwVikF
WL1K7d3Jxb7lBjUWZwV90jpd1mkJqL6mVNalitCnSUgsQd4W36iViXdTW2XHTGFu
N+79KYXMBAUhO2/qFkmSVUirLQL2yNv70MSeEm8LsfIjykcjp1cMlpuipZGLMXCd
YYAApdOy+2pKGStmhKwQp4eYPSkwOidYEJivd/L7SvK7vV1EfxwrofMmj0IGrNLG
z1IWEE4zjYbmQOMpgBzQAgzuxfDf7gwYN67PguIzzWiExgtfoRoLYc8pwQIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFNaL1IqD0kacCKtseXZU7SklribeMB8GA1UdIwQY
MBaAFClAtpS7oJU0TkvbmfUeHxAjvlfOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS1VDMmxMdWdsVFJPUzl1WjlSNGZFQ08tVjg0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZi82MTA3ZTQtNDM5My00Y2JlLWE2YzIt
MjdjMWEzNTk3NmRlLzEvMW92VWlvUFNScHdJcTJ4NWRsVHRLU1d1SnQ0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZi82MTA3ZTQtNDM5My00Y2JlLWE2YzItMjdjMWEzNTk3NmRl
LzEvS1VDMmxMdWdsVFJPUzl1WjlSNGZFQ08tVjg0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBAC5hnkD
BAK5hngwDQYJKoZIhvcNAQELBQADggEBAEnXb+6EjtaWcLtJLi6btlQF5kB0pukT
bEuzfeqMVXm34SJ4LVBMIHBjtY2h9q2oHWsm2T0EqM7g5Q1zIVvuJyMyx/KheLXY
DINEEAbq9QAcPIHsvdrZF5oVsKejlxH2XvGkWXuzYQlgtJsYd2KZY1POi+Ms1SXr
AfXEw7m1A5mJnaqvNGRK7A006R9pPib8EHCe952XOca5hvnZm7BLDn8A0chekIpW
pD+0K22G/Uxzrn6ngtUUW6og6uxwS0DO+qg6kjdgdTZjCTyjyMMC5e7ibymSviQv
tyuPE9sf+3MXvOX25+SD63sfwP5H0xfCoiBO3EWSx0P9WSG2bvgUT6s=
-----END CERTIFICATE-----