Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f7/763921-3cd7-466b-864b-188c4a78cd62/1/CvkJme1LUR6Yylremh6T0ANylCI.roa
File:                     CvkJme1LUR6Yylremh6T0ANylCI.roa (raw, json)
Hash identifier:          5zy6xol1m9FQbb/9TEgVPc4ZpyQ53XwKiYadQ98VX1U=
Subject key identifier:   0A:F9:09:99:ED:4B:51:1E:98:CA:5A:DE:9A:1E:93:D0:03:72:94:22
Certificate issuer:       /CN=66626623084e6cf116674a3fd0a9951cac0dedc0
Certificate serial:       019420681D73B81426B700B116B22ADD3486
Authority key identifier: 66:62:66:23:08:4E:6C:F1:16:67:4A:3F:D0:A9:95:1C:AC:0D:ED:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ZmJmIwhObPEWZ0o_0KmVHKwN7cA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f7/763921-3cd7-466b-864b-188c4a78cd62/1/CvkJme1LUR6Yylremh6T0ANylCI.roa
Signing time:             Wed 01 Jan 2025 05:48:01 +0000
ROA not before:           Wed 01 Jan 2025 05:48:01 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     197312
IP address blocks:        194.147.254.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f7/763921-3cd7-466b-864b-188c4a78cd62/1/ZmJmIwhObPEWZ0o_0KmVHKwN7cA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f7/763921-3cd7-466b-864b-188c4a78cd62/1/ZmJmIwhObPEWZ0o_0KmVHKwN7cA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ZmJmIwhObPEWZ0o_0KmVHKwN7cA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 23 Apr 2025 04:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:68:1d:73:b8:14:26:b7:00:b1:16:b2:2a:dd:34:86
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=66626623084e6cf116674a3fd0a9951cac0dedc0
        Validity
            Not Before: Jan  1 05:48:01 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0af90999ed4b511e98ca5ade9a1e93d003729422
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:6f:9e:42:dd:a8:9f:a8:98:5d:95:e1:93:c5:
                    0e:5f:f6:92:d1:c9:1a:16:be:f2:1d:88:61:f4:c0:
                    da:4c:26:e4:db:79:7c:3d:08:1f:69:f9:84:72:76:
                    07:5f:2e:57:2e:89:86:c6:f4:71:9b:aa:78:14:b2:
                    38:e8:14:ef:56:20:ee:a8:87:ec:c4:3b:39:d5:1b:
                    8e:88:42:8c:dd:b0:d0:cc:82:4a:3a:c7:e7:1d:8b:
                    08:73:68:54:c2:c1:94:ee:73:84:2f:c3:82:c6:23:
                    0b:3b:4d:74:f3:54:3e:48:14:ae:e3:09:99:28:f2:
                    25:5b:1f:7c:02:07:c0:26:35:ac:c0:27:59:f2:c6:
                    cb:a2:01:87:86:65:72:ac:82:bf:e2:35:e4:d8:b8:
                    77:f8:ef:d1:92:bd:b5:37:05:2d:66:ca:de:73:e0:
                    66:b1:9f:1a:47:a3:d4:a1:42:4f:b4:f7:0b:42:9c:
                    6f:cf:25:1c:0d:fb:b3:e7:ce:d0:9e:27:7b:a5:1c:
                    0c:d6:29:99:bb:ec:c9:42:7d:bb:65:5b:78:78:79:
                    ab:fb:4a:96:3f:1f:2d:22:ed:52:13:88:e0:aa:19:
                    a9:64:39:7c:8e:0b:d3:66:78:79:e4:9e:27:90:98:
                    f1:89:d3:e9:a5:93:df:a3:ef:36:6d:b0:bd:7c:6e:
                    20:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0A:F9:09:99:ED:4B:51:1E:98:CA:5A:DE:9A:1E:93:D0:03:72:94:22
            X509v3 Authority Key Identifier:
                keyid:66:62:66:23:08:4E:6C:F1:16:67:4A:3F:D0:A9:95:1C:AC:0D:ED:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZmJmIwhObPEWZ0o_0KmVHKwN7cA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f7/763921-3cd7-466b-864b-188c4a78cd62/1/CvkJme1LUR6Yylremh6T0ANylCI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f7/763921-3cd7-466b-864b-188c4a78cd62/1/ZmJmIwhObPEWZ0o_0KmVHKwN7cA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.147.254.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1b:00:d7:e6:98:00:cd:4b:57:74:f4:fa:25:36:97:5c:e1:94:
         84:10:a9:55:19:df:3b:38:0b:0b:84:f1:92:c4:d2:b4:85:03:
         4e:e9:3b:80:d9:f8:5c:d4:5a:2e:f1:4f:24:8a:9d:f8:46:76:
         ed:06:25:2b:df:82:e3:17:97:12:5d:ff:14:92:ac:2d:a6:1e:
         b1:4c:f4:10:0a:e1:92:53:a4:bf:d9:8d:22:f2:51:f3:ea:f1:
         67:cb:ab:e8:82:8a:78:54:88:7d:06:73:03:6e:c8:ef:13:e9:
         7a:45:c7:e1:65:6b:1a:d3:a1:40:66:1a:98:67:10:c8:81:3d:
         0b:15:f7:35:2b:23:5b:16:36:67:bf:05:8d:4c:b4:71:72:65:
         3a:aa:d6:44:7e:4b:45:c6:c8:d6:86:29:d0:3d:3d:86:ed:ae:
         91:c6:12:36:5b:0c:9a:87:d5:8c:3c:9d:23:91:6a:7e:ce:53:
         c9:fd:49:43:57:41:2a:2c:b1:f9:42:ed:76:eb:1b:b3:04:24:
         bf:cb:b7:72:f3:56:4b:47:08:32:32:a0:2d:98:62:45:d1:db:
         8f:49:10:b7:35:2c:46:09:c0:d1:90:04:9f:48:5f:56:1f:53:
         fb:6c:4f:d4:2d:9a:50:2d:77:7d:bc:57:d5:98:11:2c:7f:f4:
         be:ae:5e:6f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQgaB1zuBQmtwCxFrIq3TSGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY2NjI2NjIzMDg0ZTZjZjExNjY3NGEzZmQwYTk5NTFjYWMw
ZGVkYzAwHhcNMjUwMTAxMDU0ODAxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYWY5MDk5OWVkNGI1MTFlOThjYTVhZGU5YTFlOTNkMDAzNzI5NDIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvm+eQt2on6iYXZXhk8UOX/aS0cka
Fr7yHYhh9MDaTCbk23l8PQgfafmEcnYHXy5XLomGxvRxm6p4FLI46BTvViDuqIfs
xDs51RuOiEKM3bDQzIJKOsfnHYsIc2hUwsGU7nOEL8OCxiMLO01081Q+SBSu4wmZ
KPIlWx98AgfAJjWswCdZ8sbLogGHhmVyrIK/4jXk2Lh3+O/Rkr21NwUtZsrec+Bm
sZ8aR6PUoUJPtPcLQpxvzyUcDfuz587Qnid7pRwM1imZu+zJQn27ZVt4eHmr+0qW
Px8tIu1SE4jgqhmpZDl8jgvTZnh55J4nkJjxidPppZPfo+82bbC9fG4gdwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAr5CZntS1EemMpa3poek9ADcpQiMB8GA1UdIwQY
MBaAFGZiZiMITmzxFmdKP9CplRysDe3AMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWm1KbUl3aE9iUEVXWjBvXzBLbVZIS3dON2NBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNy83NjM5MjEtM2NkNy00NjZiLTg2NGIt
MTg4YzRhNzhjZDYyLzEvQ3ZrSm1lMUxVUjZZeWxyZW1oNlQwQU55bENJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNy83NjM5MjEtM2NkNy00NjZiLTg2NGItMTg4YzRhNzhjZDYy
LzEvWm1KbUl3aE9iUEVXWjBvXzBLbVZIS3dON2NBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwpP+MA0G
CSqGSIb3DQEBCwUAA4IBAQAbANfmmADNS1d09PolNpdc4ZSEEKlVGd87OAsLhPGS
xNK0hQNO6TuA2fhc1Fou8U8kip34RnbtBiUr34LjF5cSXf8Ukqwtph6xTPQQCuGS
U6S/2Y0i8lHz6vFny6vogop4VIh9BnMDbsjvE+l6RcfhZWsa06FAZhqYZxDIgT0L
Ffc1KyNbFjZnvwWNTLRxcmU6qtZEfktFxsjWhinQPT2G7a6RxhI2Wwyah9WMPJ0j
kWp+zlPJ/UlDV0EqLLH5Qu126xuzBCS/y7dy81ZLRwgyMqAtmGJF0duPSRC3NSxG
CcDRkASfSF9WH1P7bE/ULZpQLXd9vFfVmBEsf/S+rl5v
-----END CERTIFICATE-----