Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f3/26c0f9-24a4-46fd-8042-b72e5fef886a/1/cSxqzHQIFX03E67QT7FwyB0-2wc.roa
File:                     cSxqzHQIFX03E67QT7FwyB0-2wc.roa (raw, json)
Hash identifier:          ehpsqzEAcx4o5Hfss771kB3qGbR5m4ewO+AFeZ/9pUw=
Subject key identifier:   71:2C:6A:CC:74:08:15:7D:37:13:AE:D0:4F:B1:70:C8:1D:3E:DB:07
Certificate issuer:       /CN=27e711ce34026e57af3290c7de2cd21dc671e0fc
Certificate serial:       01942827D3599A52589887353E2E991900B1
Authority key identifier: 27:E7:11:CE:34:02:6E:57:AF:32:90:C7:DE:2C:D2:1D:C6:71:E0:FC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/J-cRzjQCblevMpDH3izSHcZx4Pw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f3/26c0f9-24a4-46fd-8042-b72e5fef886a/1/cSxqzHQIFX03E67QT7FwyB0-2wc.roa
Signing time:             Thu 02 Jan 2025 17:54:46 +0000
ROA not before:           Thu 02 Jan 2025 17:54:46 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     51224
IP address blocks:        194.13.70.0/24 maxlen: 24
                          194.13.71.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f3/26c0f9-24a4-46fd-8042-b72e5fef886a/1/J-cRzjQCblevMpDH3izSHcZx4Pw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f3/26c0f9-24a4-46fd-8042-b72e5fef886a/1/J-cRzjQCblevMpDH3izSHcZx4Pw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/J-cRzjQCblevMpDH3izSHcZx4Pw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 23:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:28:27:d3:59:9a:52:58:98:87:35:3e:2e:99:19:00:b1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=27e711ce34026e57af3290c7de2cd21dc671e0fc
        Validity
            Not Before: Jan  2 17:54:46 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=712c6acc7408157d3713aed04fb170c81d3edb07
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:ea:8e:96:8a:dc:40:7d:e7:65:95:93:e0:96:
                    3b:db:90:a1:20:f9:e0:c6:23:cc:8b:ea:31:a4:81:
                    66:10:8b:84:75:da:cf:b8:ab:c9:4e:bb:90:00:87:
                    fb:4c:b0:7b:93:03:ad:8d:b3:a5:6b:b6:61:58:6a:
                    ae:ad:06:c1:15:db:d1:4e:f1:ff:eb:03:06:4c:46:
                    8e:ab:ac:82:42:08:c4:df:70:d6:f9:5f:c0:d3:71:
                    03:3a:91:51:55:c6:e8:9a:93:43:35:2a:18:96:ec:
                    82:79:a4:f6:99:35:6e:f6:4d:e0:dc:ad:a0:a6:f7:
                    0f:26:00:04:03:43:6e:69:53:72:cf:cc:ad:5f:7a:
                    f9:eb:f6:63:1d:9c:ff:06:f5:cf:c8:d3:a0:3c:28:
                    9e:7a:d8:da:0a:7e:50:57:6c:a0:d0:68:3e:fa:af:
                    02:13:d6:04:81:16:5e:bb:50:5c:41:0b:cb:a2:c5:
                    f2:56:4b:3c:a1:f3:47:10:fb:f2:0d:41:1b:8f:1f:
                    91:7e:68:fa:4b:dd:f2:a2:50:af:b4:a8:ea:3f:c3:
                    50:35:84:31:c0:31:76:ac:d9:61:b0:de:1e:78:7e:
                    57:3d:f6:b2:39:f2:83:90:4d:0e:1c:62:bc:1c:ad:
                    4b:a1:21:1f:43:65:5e:12:ff:1f:df:f8:a8:d8:59:
                    b1:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                71:2C:6A:CC:74:08:15:7D:37:13:AE:D0:4F:B1:70:C8:1D:3E:DB:07
            X509v3 Authority Key Identifier:
                keyid:27:E7:11:CE:34:02:6E:57:AF:32:90:C7:DE:2C:D2:1D:C6:71:E0:FC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/J-cRzjQCblevMpDH3izSHcZx4Pw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/26c0f9-24a4-46fd-8042-b72e5fef886a/1/cSxqzHQIFX03E67QT7FwyB0-2wc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/26c0f9-24a4-46fd-8042-b72e5fef886a/1/J-cRzjQCblevMpDH3izSHcZx4Pw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.13.70.0/23

    Signature Algorithm: sha256WithRSAEncryption
         2b:f8:37:3e:c6:0a:41:25:88:7b:8b:ee:75:e4:b4:11:d9:4a:
         d1:2a:50:f1:27:ef:15:a3:84:df:1c:b0:f1:3f:b3:55:01:55:
         ac:10:9e:ea:97:e5:73:e3:cc:7e:26:01:0a:09:94:f2:38:ed:
         f2:70:78:ae:a6:7b:6e:01:94:80:ce:36:e6:2d:27:cf:61:98:
         6e:c1:9e:d5:2c:5b:44:17:71:04:49:f4:c1:9c:34:ef:8d:86:
         ea:d5:f1:dd:4f:91:92:b3:ca:61:cf:15:2b:8d:46:17:89:67:
         74:14:5a:1e:39:15:c5:bd:27:9a:6b:f5:47:43:83:71:da:ae:
         94:52:4b:18:fe:15:2d:18:73:c2:96:f4:87:1e:55:9d:f5:32:
         c8:3d:b4:cd:c4:03:07:1b:a6:28:49:1a:dc:4b:c3:e6:69:35:
         a1:5a:9f:b9:6d:33:e5:ab:79:82:12:ba:d1:23:2a:98:22:26:
         f6:7b:ee:83:df:d3:5a:22:a0:05:b3:63:4f:c5:9f:6e:46:c8:
         c8:50:39:d6:00:fb:1e:1a:e5:ee:de:20:2e:cf:9f:35:82:c5:
         02:72:0b:ca:cd:b6:bf:c2:9b:18:93:19:a3:0c:ba:07:3c:a3:
         f2:d4:98:d0:62:0b:ef:a6:87:6e:52:fc:be:ed:bf:66:01:71:
         dd:b6:a1:41
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQoJ9NZmlJYmIc1Pi6ZGQCxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI3ZTcxMWNlMzQwMjZlNTdhZjMyOTBjN2RlMmNkMjFkYzY3
MWUwZmMwHhcNMjUwMTAyMTc1NDQ2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MTJjNmFjYzc0MDgxNTdkMzcxM2FlZDA0ZmIxNzBjODFkM2VkYjA3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiOqOlorcQH3nZZWT4JY725ChIPng
xiPMi+oxpIFmEIuEddrPuKvJTruQAIf7TLB7kwOtjbOla7ZhWGqurQbBFdvRTvH/
6wMGTEaOq6yCQgjE33DW+V/A03EDOpFRVcbompNDNSoYluyCeaT2mTVu9k3g3K2g
pvcPJgAEA0NuaVNyz8ytX3r56/ZjHZz/BvXPyNOgPCieetjaCn5QV2yg0Gg++q8C
E9YEgRZeu1BcQQvLosXyVks8ofNHEPvyDUEbjx+Rfmj6S93yolCvtKjqP8NQNYQx
wDF2rNlhsN4eeH5XPfayOfKDkE0OHGK8HK1LoSEfQ2VeEv8f3/io2FmxsQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHEsasx0CBV9NxOu0E+xcMgdPtsHMB8GA1UdIwQY
MBaAFCfnEc40Am5XrzKQx94s0h3GceD8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSi1jUnpqUUNibGV2TXBESDNpelNIY1p4NFB3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMy8yNmMwZjktMjRhNC00NmZkLTgwNDIt
YjcyZTVmZWY4ODZhLzEvY1N4cXpIUUlGWDAzRTY3UVQ3Rnd5QjAtMndjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMy8yNmMwZjktMjRhNC00NmZkLTgwNDItYjcyZTVmZWY4ODZh
LzEvSi1jUnpqUUNibGV2TXBESDNpelNIY1p4NFB3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwg1GMA0G
CSqGSIb3DQEBCwUAA4IBAQAr+Dc+xgpBJYh7i+515LQR2UrRKlDxJ+8Vo4TfHLDx
P7NVAVWsEJ7ql+Vz48x+JgEKCZTyOO3ycHiupntuAZSAzjbmLSfPYZhuwZ7VLFtE
F3EESfTBnDTvjYbq1fHdT5GSs8phzxUrjUYXiWd0FFoeORXFvSeaa/VHQ4Nx2q6U
UksY/hUtGHPClvSHHlWd9TLIPbTNxAMHG6YoSRrcS8PmaTWhWp+5bTPlq3mCErrR
IyqYIib2e+6D39NaIqAFs2NPxZ9uRsjIUDnWAPseGuXu3iAuz581gsUCcgvKzba/
wpsYkxmjDLoHPKPy1JjQYgvvpoduUvy+7b9mAXHdtqFB
-----END CERTIFICATE-----