Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f5/082ae3-361b-4fcf-9f3a-be5ed6761411/1/lOnxViznHLEoAyPam_W4fa_SC2w.roa
File:                     lOnxViznHLEoAyPam_W4fa_SC2w.roa (raw, json)
Hash identifier:          9BCM5+Jiz3egzCFeLDqHjHDQAVUeCPf+h8/byU9pFAw=
Subject key identifier:   94:E9:F1:56:2C:E7:1C:B1:28:03:23:DA:9B:F5:B8:7D:AF:D2:0B:6C
Certificate issuer:       /CN=99956edfd46d7820616c567074d1c4b754f1cc0b
Certificate serial:       01945F13F75A792E4E073F604200AC246A80
Authority key identifier: 99:95:6E:DF:D4:6D:78:20:61:6C:56:70:74:D1:C4:B7:54:F1:CC:0B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mZVu39RteCBhbFZwdNHEt1TxzAs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f5/082ae3-361b-4fcf-9f3a-be5ed6761411/1/lOnxViznHLEoAyPam_W4fa_SC2w.roa
Signing time:             Mon 13 Jan 2025 09:52:11 +0000
ROA not before:           Mon 13 Jan 2025 09:52:11 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     29143
IP address blocks:        194.48.68.0/22 maxlen: 22
                          194.48.72.0/21 maxlen: 21
                          194.48.80.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f5/082ae3-361b-4fcf-9f3a-be5ed6761411/1/mZVu39RteCBhbFZwdNHEt1TxzAs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f5/082ae3-361b-4fcf-9f3a-be5ed6761411/1/mZVu39RteCBhbFZwdNHEt1TxzAs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/mZVu39RteCBhbFZwdNHEt1TxzAs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:5f:13:f7:5a:79:2e:4e:07:3f:60:42:00:ac:24:6a:80
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=99956edfd46d7820616c567074d1c4b754f1cc0b
        Validity
            Not Before: Jan 13 09:52:11 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=94e9f1562ce71cb1280323da9bf5b87dafd20b6c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:86:c4:29:ec:01:93:b0:bf:23:29:98:ec:c8:
                    4f:ef:25:1d:95:ae:37:f6:41:f7:af:a7:d2:c3:5a:
                    42:5b:6e:40:2e:e2:a6:ba:ef:52:9f:cf:85:2c:8e:
                    db:3e:45:f2:fb:fd:b7:79:ba:a8:c0:f7:9f:ce:e9:
                    88:3d:93:cc:6e:d9:f1:b6:77:25:28:3c:34:17:c4:
                    b7:0b:6a:1c:60:0b:b7:a7:ee:75:a6:a1:4d:ff:f5:
                    1d:79:90:31:9d:32:ff:d4:26:8a:ea:85:d1:16:93:
                    04:7e:74:36:37:19:fe:38:e8:d6:84:93:18:47:52:
                    38:8e:1c:0a:21:ab:13:44:40:4b:fa:83:bf:b1:11:
                    91:79:7b:a6:35:e4:07:51:c5:3c:e3:2a:e5:b8:f4:
                    fd:8c:f2:34:36:37:4f:3a:66:ae:15:b5:89:2b:be:
                    d9:85:13:a9:3f:d5:52:21:82:83:57:03:ad:56:f7:
                    a9:52:b7:a5:2f:99:ad:5d:3d:e4:a2:35:1e:ac:fb:
                    b6:2f:76:20:c8:1c:17:42:a1:c5:0a:85:99:9d:e4:
                    1f:cf:0f:8f:a8:c5:02:03:1c:44:ba:1e:d2:23:c1:
                    54:c3:ac:da:b2:37:1e:b2:f2:51:7e:ff:61:56:b5:
                    1d:ef:3e:81:10:6a:20:e6:2f:cc:04:f6:f4:d5:ba:
                    b5:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                94:E9:F1:56:2C:E7:1C:B1:28:03:23:DA:9B:F5:B8:7D:AF:D2:0B:6C
            X509v3 Authority Key Identifier:
                keyid:99:95:6E:DF:D4:6D:78:20:61:6C:56:70:74:D1:C4:B7:54:F1:CC:0B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mZVu39RteCBhbFZwdNHEt1TxzAs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f5/082ae3-361b-4fcf-9f3a-be5ed6761411/1/lOnxViznHLEoAyPam_W4fa_SC2w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f5/082ae3-361b-4fcf-9f3a-be5ed6761411/1/mZVu39RteCBhbFZwdNHEt1TxzAs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.48.68.0-194.48.83.255

    Signature Algorithm: sha256WithRSAEncryption
         88:24:88:eb:24:a2:3e:e6:f7:72:ab:3f:57:5f:f9:cf:70:a0:
         0a:81:49:12:ca:57:f6:b4:a4:8c:d1:fb:9a:66:b5:53:d3:9e:
         79:4e:db:fc:81:cb:08:68:00:bf:f0:a6:6e:60:4a:7b:24:32:
         38:eb:3c:70:04:42:70:54:d1:78:9d:e5:c5:8c:e0:ff:a2:91:
         0b:a3:48:cb:08:c9:21:96:4f:2e:09:75:32:0b:3e:48:0a:b2:
         f7:c8:bc:cf:20:d3:1b:db:65:16:83:f6:0e:e7:84:db:63:63:
         c3:5e:4a:3b:c8:ee:89:2a:8d:76:d4:bd:e0:83:b1:3f:37:52:
         0c:1d:b8:ac:0a:9c:c3:3d:94:00:5f:f1:ef:8c:4f:9b:f3:81:
         f8:89:54:58:8b:04:41:ce:55:88:50:fe:48:52:bb:b1:f6:1d:
         ab:28:1a:40:66:6e:8f:ee:d2:bf:b6:e7:59:c3:fb:6c:9a:0e:
         3f:34:0f:d9:a7:9f:be:c9:64:10:7a:bf:8c:21:89:7f:e2:29:
         97:74:a6:4b:96:82:cd:9a:42:28:90:81:59:0c:11:83:56:2b:
         f1:83:5c:f9:92:40:b7:d1:cf:27:93:4b:08:51:66:20:56:bc:
         72:10:2f:96:1d:e6:8a:34:c5:63:3f:37:14:38:c0:b8:75:bb:
         b5:93:11:a1
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZRfE/daeS5OBz9gQgCsJGqAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk5OTU2ZWRmZDQ2ZDc4MjA2MTZjNTY3MDc0ZDFjNGI3NTRm
MWNjMGIwHhcNMjUwMTEzMDk1MjExWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NGU5ZjE1NjJjZTcxY2IxMjgwMzIzZGE5YmY1Yjg3ZGFmZDIwYjZjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxYbEKewBk7C/IymY7MhP7yUdla43
9kH3r6fSw1pCW25ALuKmuu9Sn8+FLI7bPkXy+/23ebqowPefzumIPZPMbtnxtncl
KDw0F8S3C2ocYAu3p+51pqFN//UdeZAxnTL/1CaK6oXRFpMEfnQ2Nxn+OOjWhJMY
R1I4jhwKIasTREBL+oO/sRGReXumNeQHUcU84yrluPT9jPI0NjdPOmauFbWJK77Z
hROpP9VSIYKDVwOtVvepUrelL5mtXT3kojUerPu2L3YgyBwXQqHFCoWZneQfzw+P
qMUCAxxEuh7SI8FUw6zasjcesvJRfv9hVrUd7z6BEGog5i/MBPb01bq1GwIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFJTp8VYs5xyxKAMj2pv1uH2v0gtsMB8GA1UdIwQY
MBaAFJmVbt/UbXggYWxWcHTRxLdU8cwLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbVpWdTM5UnRlQ0JoYkZad2ROSEV0MVR4ekFzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNS8wODJhZTMtMzYxYi00ZmNmLTlmM2Et
YmU1ZWQ2NzYxNDExLzEvbE9ueFZpem5ITEVvQXlQYW1fVzRmYV9TQzJ3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNS8wODJhZTMtMzYxYi00ZmNmLTlmM2EtYmU1ZWQ2NzYxNDEx
LzEvbVpWdTM5UnRlQ0JoYkZad2ROSEV0MVR4ekFzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBALCMEQD
BALCMFAwDQYJKoZIhvcNAQELBQADggEBAIgkiOskoj7m93KrP1df+c9woAqBSRLK
V/a0pIzR+5pmtVPTnnlO2/yBywhoAL/wpm5gSnskMjjrPHAEQnBU0Xid5cWM4P+i
kQujSMsIySGWTy4JdTILPkgKsvfIvM8g0xvbZRaD9g7nhNtjY8NeSjvI7okqjXbU
veCDsT83UgwduKwKnMM9lABf8e+MT5vzgfiJVFiLBEHOVYhQ/khSu7H2HasoGkBm
bo/u0r+251nD+2yaDj80D9mnn77JZBB6v4whiX/iKZd0pkuWgs2aQiiQgVkMEYNW
K/GDXPmSQLfRzyeTSwhRZiBWvHIQL5Yd5oo0xWM/NxQ4wLh1u7WTEaE=
-----END CERTIFICATE-----