Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f6/dbe446-9da3-4854-b5d3-25a38a246fa2/1/deCTZwf8Lo4tPBt2V0GwD8QTdjQ.roa
File:                     deCTZwf8Lo4tPBt2V0GwD8QTdjQ.roa (raw, json)
Hash identifier:          FyKYzrCJB3LXbVhWQRcS/ZI/wI5zOqLIDpvmKLMGaw0=
Subject key identifier:   75:E0:93:67:07:FC:2E:8E:2D:3C:1B:76:57:41:B0:0F:C4:13:76:34
Certificate issuer:       /CN=8b42c752a9b0983128b3d295e45ea16b33ee7df9
Certificate serial:       019421B24B2A7C9A5F9E48C0114C85956166
Authority key identifier: 8B:42:C7:52:A9:B0:98:31:28:B3:D2:95:E4:5E:A1:6B:33:EE:7D:F9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i0LHUqmwmDEos9KV5F6hazPuffk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f6/dbe446-9da3-4854-b5d3-25a38a246fa2/1/deCTZwf8Lo4tPBt2V0GwD8QTdjQ.roa
Signing time:             Wed 01 Jan 2025 11:48:40 +0000
ROA not before:           Wed 01 Jan 2025 11:48:40 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     41295
IP address blocks:        194.24.178.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f6/dbe446-9da3-4854-b5d3-25a38a246fa2/1/i0LHUqmwmDEos9KV5F6hazPuffk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f6/dbe446-9da3-4854-b5d3-25a38a246fa2/1/i0LHUqmwmDEos9KV5F6hazPuffk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i0LHUqmwmDEos9KV5F6hazPuffk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 18 Apr 2025 05:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:b2:4b:2a:7c:9a:5f:9e:48:c0:11:4c:85:95:61:66
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b42c752a9b0983128b3d295e45ea16b33ee7df9
        Validity
            Not Before: Jan  1 11:48:40 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=75e0936707fc2e8e2d3c1b765741b00fc4137634
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:4f:27:1c:58:14:47:fd:92:87:5f:c0:74:ca:
                    28:f9:de:92:be:38:ba:df:36:d5:9e:12:25:e7:57:
                    00:dc:78:8c:9d:1f:4b:b9:80:7e:19:46:a1:69:e2:
                    d9:06:71:cc:09:c9:2c:e7:ac:22:cd:5b:06:0a:90:
                    e7:da:5f:99:66:23:59:3b:bb:bf:38:5d:e8:33:be:
                    a8:86:d2:8a:18:ab:8d:1f:b7:71:03:b8:17:25:63:
                    a2:4c:4b:43:59:cc:f0:f1:8f:a9:73:6e:ff:d1:1d:
                    8c:d3:90:b6:d9:ce:11:31:e0:8e:d2:4e:a4:c0:d8:
                    a1:c3:50:42:15:3c:8e:1b:91:75:18:7e:a0:72:5d:
                    6e:ba:11:ce:ec:71:74:58:86:2f:f4:22:aa:fa:9d:
                    50:8d:50:9a:24:9d:b2:d9:02:a8:a4:2c:65:e9:32:
                    93:41:3f:ac:ae:88:05:c9:ea:87:82:1a:05:af:c3:
                    1c:5a:fc:99:ba:89:46:87:de:48:7b:9b:c7:37:f9:
                    21:aa:db:1c:01:90:e1:33:f2:9a:18:ee:de:b9:7b:
                    63:57:3a:b0:24:a6:e9:62:e0:ba:f3:a4:a5:94:69:
                    5b:a5:33:93:6e:0e:fb:65:1b:45:88:55:0b:d5:a8:
                    2c:3e:1b:68:3c:3f:c1:a5:41:dc:b4:10:22:e8:11:
                    74:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                75:E0:93:67:07:FC:2E:8E:2D:3C:1B:76:57:41:B0:0F:C4:13:76:34
            X509v3 Authority Key Identifier:
                keyid:8B:42:C7:52:A9:B0:98:31:28:B3:D2:95:E4:5E:A1:6B:33:EE:7D:F9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i0LHUqmwmDEos9KV5F6hazPuffk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f6/dbe446-9da3-4854-b5d3-25a38a246fa2/1/deCTZwf8Lo4tPBt2V0GwD8QTdjQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f6/dbe446-9da3-4854-b5d3-25a38a246fa2/1/i0LHUqmwmDEos9KV5F6hazPuffk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.24.178.0/23

    Signature Algorithm: sha256WithRSAEncryption
         72:42:7f:5f:a6:f2:eb:77:19:88:b7:07:56:39:fb:f5:61:90:
         fb:1e:d1:7e:01:89:3a:72:36:3d:c8:8a:37:ac:12:72:92:8d:
         b1:34:13:d6:38:99:a3:71:22:84:fb:f2:d3:76:36:f3:b7:e3:
         ed:eb:c9:c0:2f:26:01:38:d8:d7:2c:05:27:39:82:23:24:20:
         d2:54:d2:12:cc:1d:a8:94:e9:7e:e1:18:82:25:71:a9:e5:02:
         35:26:f0:94:5e:35:06:fb:60:27:23:eb:91:40:b2:98:41:f6:
         73:ac:c7:cb:2a:52:d7:56:a2:5b:b1:c5:2c:9c:49:0d:1c:cd:
         f0:6a:b0:3e:8e:04:45:9e:6b:d7:37:89:a6:7d:56:e2:73:78:
         fb:b9:c9:11:28:c1:d6:ec:d4:b9:cb:50:c6:fa:25:c2:76:c2:
         46:31:80:29:df:97:fd:12:42:da:81:ee:20:d1:12:ce:29:29:
         20:5c:06:c4:89:af:65:9c:64:fb:8f:0c:e9:8e:04:dc:8c:94:
         ec:cc:f4:1d:51:c2:1d:bc:fc:cc:60:9e:2c:39:74:c9:99:f4:
         aa:dd:3a:c7:df:c0:b1:a1:cf:5c:8d:38:77:6d:22:c2:1b:67:
         22:8b:d8:6e:d9:7b:65:30:c8:3f:15:af:ab:18:52:cb:49:87:
         d6:ee:86:3f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhsksqfJpfnkjAEUyFlWFmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhiNDJjNzUyYTliMDk4MzEyOGIzZDI5NWU0NWVhMTZiMzNl
ZTdkZjkwHhcNMjUwMTAxMTE0ODQwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NWUwOTM2NzA3ZmMyZThlMmQzYzFiNzY1NzQxYjAwZmM0MTM3NjM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk08nHFgUR/2Sh1/AdMoo+d6Svji6
3zbVnhIl51cA3HiMnR9LuYB+GUahaeLZBnHMCcks56wizVsGCpDn2l+ZZiNZO7u/
OF3oM76ohtKKGKuNH7dxA7gXJWOiTEtDWczw8Y+pc27/0R2M05C22c4RMeCO0k6k
wNihw1BCFTyOG5F1GH6gcl1uuhHO7HF0WIYv9CKq+p1QjVCaJJ2y2QKopCxl6TKT
QT+srogFyeqHghoFr8McWvyZuolGh95Ie5vHN/khqtscAZDhM/KaGO7euXtjVzqw
JKbpYuC686SllGlbpTOTbg77ZRtFiFUL1agsPhtoPD/BpUHctBAi6BF0kQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHXgk2cH/C6OLTwbdldBsA/EE3Y0MB8GA1UdIwQY
MBaAFItCx1KpsJgxKLPSleReoWsz7n35MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaTBMSFVxbXdtREVvczlLVjVGNmhhelB1ZmZrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNi9kYmU0NDYtOWRhMy00ODU0LWI1ZDMt
MjVhMzhhMjQ2ZmEyLzEvZGVDVFp3ZjhMbzR0UEJ0MlYwR3dEOFFUZGpRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNi9kYmU0NDYtOWRhMy00ODU0LWI1ZDMtMjVhMzhhMjQ2ZmEy
LzEvaTBMSFVxbXdtREVvczlLVjVGNmhhelB1ZmZrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwhiyMA0G
CSqGSIb3DQEBCwUAA4IBAQByQn9fpvLrdxmItwdWOfv1YZD7HtF+AYk6cjY9yIo3
rBJyko2xNBPWOJmjcSKE+/LTdjbzt+Pt68nALyYBONjXLAUnOYIjJCDSVNISzB2o
lOl+4RiCJXGp5QI1JvCUXjUG+2AnI+uRQLKYQfZzrMfLKlLXVqJbscUsnEkNHM3w
arA+jgRFnmvXN4mmfVbic3j7uckRKMHW7NS5y1DG+iXCdsJGMYAp35f9EkLage4g
0RLOKSkgXAbEia9lnGT7jwzpjgTcjJTszPQdUcIdvPzMYJ4sOXTJmfSq3TrH38Cx
oc9cjTh3bSLCG2cii9hu2XtlMMg/Fa+rGFLLSYfW7oY/
-----END CERTIFICATE-----