Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f3/4e8d35-6f4f-4523-ab31-0e1a0cc83b19/1/1-sigTPJAC1PNSATn-sK6lRfTKyQ.roa
File:                     1-sigTPJAC1PNSATn-sK6lRfTKyQ.roa (raw, json)
Hash identifier:          jOHa8XaZlnY37LiuZhg9CFenWtMsktZUfeaX7d5RSx0=
Subject key identifier:   FA:C8:A0:4C:F2:40:0B:53:CD:48:04:E7:FA:C2:BA:95:17:D3:2B:24
Certificate issuer:       /CN=97bbfef91813d0e8f7eedf68ed569e7cfddf0cf0
Certificate serial:       0194228E10B79EC2C2798A532E0B3A1A673D
Authority key identifier: 97:BB:FE:F9:18:13:D0:E8:F7:EE:DF:68:ED:56:9E:7C:FD:DF:0C:F0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/l7v--RgT0Oj37t9o7VaefP3fDPA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f3/4e8d35-6f4f-4523-ab31-0e1a0cc83b19/1/1-sigTPJAC1PNSATn-sK6lRfTKyQ.roa
Signing time:             Wed 01 Jan 2025 15:48:43 +0000
ROA not before:           Wed 01 Jan 2025 15:48:43 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     51029
IP address blocks:        195.254.166.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f3/4e8d35-6f4f-4523-ab31-0e1a0cc83b19/1/l7v--RgT0Oj37t9o7VaefP3fDPA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f3/4e8d35-6f4f-4523-ab31-0e1a0cc83b19/1/l7v--RgT0Oj37t9o7VaefP3fDPA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/l7v--RgT0Oj37t9o7VaefP3fDPA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:8e:10:b7:9e:c2:c2:79:8a:53:2e:0b:3a:1a:67:3d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=97bbfef91813d0e8f7eedf68ed569e7cfddf0cf0
        Validity
            Not Before: Jan  1 15:48:43 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=fac8a04cf2400b53cd4804e7fac2ba9517d32b24
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:8b:5b:bc:ba:b9:82:9d:4f:08:2f:f6:17:fc:
                    73:71:ba:27:95:45:74:97:a0:e5:e7:4f:20:e6:fc:
                    25:97:2c:bd:9b:b8:60:80:53:dd:9c:f7:02:44:31:
                    b6:ec:f4:4a:50:f8:41:11:0c:2f:1d:4e:06:49:bd:
                    a6:7b:a3:52:92:6e:95:da:e1:31:40:56:b2:5b:2e:
                    0a:8e:51:98:45:aa:4d:0e:2c:b1:36:90:8e:7d:ae:
                    ee:33:f1:f1:b1:6c:c8:02:aa:09:a9:db:63:48:42:
                    21:db:1d:e0:1e:1b:7a:01:ca:f6:5b:68:38:ec:6d:
                    dc:18:46:ac:29:2d:11:ff:71:0a:a2:b9:69:e9:3e:
                    de:4c:99:25:e6:69:51:5c:66:82:b0:26:c8:d3:74:
                    8e:09:a7:5c:8a:03:2b:cf:2c:1d:88:40:6f:20:72:
                    e3:ba:7c:18:f6:04:f6:00:ba:8d:aa:76:28:c9:e2:
                    c9:47:0b:95:72:54:e5:c9:23:f3:32:27:69:45:94:
                    b9:c2:bb:f2:50:0a:4b:a2:b7:4d:4a:17:26:c8:e4:
                    f7:ec:f8:5d:1e:ac:8b:c7:60:11:28:08:65:5e:d0:
                    5b:13:96:b4:fe:fd:f2:48:01:1a:d6:ce:9c:04:a0:
                    9b:9b:29:1e:14:91:23:32:00:36:78:b3:23:e3:f9:
                    60:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FA:C8:A0:4C:F2:40:0B:53:CD:48:04:E7:FA:C2:BA:95:17:D3:2B:24
            X509v3 Authority Key Identifier:
                keyid:97:BB:FE:F9:18:13:D0:E8:F7:EE:DF:68:ED:56:9E:7C:FD:DF:0C:F0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/l7v--RgT0Oj37t9o7VaefP3fDPA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/4e8d35-6f4f-4523-ab31-0e1a0cc83b19/1/1-sigTPJAC1PNSATn-sK6lRfTKyQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/4e8d35-6f4f-4523-ab31-0e1a0cc83b19/1/l7v--RgT0Oj37t9o7VaefP3fDPA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.254.166.0/23

    Signature Algorithm: sha256WithRSAEncryption
         9e:b9:d1:6f:1c:ff:cb:cb:09:c7:53:5a:59:51:d6:e1:f7:26:
         31:74:30:d7:0a:13:27:c1:f8:f5:d6:99:5e:25:a8:a4:42:60:
         95:80:b9:43:0c:f0:a2:78:0a:d9:f5:c1:fb:e9:0e:79:e4:51:
         6e:94:1e:ca:0e:af:a6:2f:f0:c7:e3:1b:e3:42:04:4d:fd:a5:
         61:52:a7:6b:d9:48:0d:b8:4b:d1:20:0e:02:9d:10:b1:1c:7a:
         3f:ba:c7:c6:df:da:60:ab:99:f8:aa:c2:16:e8:7a:23:25:21:
         48:2b:8b:21:00:26:e2:8c:a1:12:98:fa:a6:cb:03:c9:67:42:
         70:49:aa:95:61:90:46:82:36:00:69:e6:cc:00:e4:d0:48:9e:
         52:d0:9a:bd:69:10:d4:47:79:de:3f:56:a7:a0:b4:49:be:a1:
         dc:de:eb:f2:fe:29:f3:48:8d:02:ef:6a:92:bb:a9:0c:6b:c7:
         ee:ef:58:7b:4c:19:52:57:75:8a:10:eb:c4:ee:c2:62:96:88:
         91:79:7e:0c:1d:c4:3e:1b:2a:75:e6:3a:1e:e1:7c:1e:0c:b9:
         49:08:1c:35:44:06:dd:9b:65:0a:22:3c:3f:3e:a6:f7:d5:06:
         6a:ef:d0:e0:fa:0c:49:8e:6c:18:c3:0d:29:23:82:35:fb:de:
         2b:ea:ff:5d
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZQijhC3nsLCeYpTLgs6Gmc9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk3YmJmZWY5MTgxM2QwZThmN2VlZGY2OGVkNTY5ZTdjZmRk
ZjBjZjAwHhcNMjUwMTAxMTU0ODQzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYWM4YTA0Y2YyNDAwYjUzY2Q0ODA0ZTdmYWMyYmE5NTE3ZDMyYjI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt4tbvLq5gp1PCC/2F/xzcbonlUV0
l6Dl508g5vwllyy9m7hggFPdnPcCRDG27PRKUPhBEQwvHU4GSb2me6NSkm6V2uEx
QFayWy4KjlGYRapNDiyxNpCOfa7uM/HxsWzIAqoJqdtjSEIh2x3gHht6Acr2W2g4
7G3cGEasKS0R/3EKorlp6T7eTJkl5mlRXGaCsCbI03SOCadcigMrzywdiEBvIHLj
unwY9gT2ALqNqnYoyeLJRwuVclTlySPzMidpRZS5wrvyUApLordNShcmyOT37Phd
HqyLx2ARKAhlXtBbE5a0/v3ySAEa1s6cBKCbmykeFJEjMgA2eLMj4/lgywIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFPrIoEzyQAtTzUgE5/rCupUX0yskMB8GA1UdIwQY
MBaAFJe7/vkYE9Do9+7faO1Wnnz93wzwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbDd2LS1SZ1QwT2ozN3Q5bzdWYWVmUDNmRFBBLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMy80ZThkMzUtNmY0Zi00NTIzLWFiMzEt
MGUxYTBjYzgzYjE5LzEvMS1zaWdUUEpBQzFQTlNBVG4tc0s2bFJmVEt5US5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvZjMvNGU4ZDM1LTZmNGYtNDUyMy1hYjMxLTBlMWEwY2M4M2Ix
OS8xL2w3di0tUmdUME9qMzd0OW83VmFlZlAzZkRQQS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAcP+pjAN
BgkqhkiG9w0BAQsFAAOCAQEAnrnRbxz/y8sJx1NaWVHW4fcmMXQw1woTJ8H49daZ
XiWopEJglYC5QwzwongK2fXB++kOeeRRbpQeyg6vpi/wx+Mb40IETf2lYVKna9lI
DbhL0SAOAp0QsRx6P7rHxt/aYKuZ+KrCFuh6IyUhSCuLIQAm4oyhEpj6pssDyWdC
cEmqlWGQRoI2AGnmzADk0EieUtCavWkQ1Ed53j9Wp6C0Sb6h3N7r8v4p80iNAu9q
krupDGvH7u9Ye0wZUld1ihDrxO7CYpaIkXl+DB3EPhsqdeY6HuF8Hgy5SQgcNUQG
3ZtlCiI8Pz6m99UGau/Q4PoMSY5sGMMNKSOCNfveK+r/XQ==
-----END CERTIFICATE-----