Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f9/b025bc-bc73-4d3c-a430-00394b610a34/1/loSCgoJ4hKRK0jtudHBRcmTN9d4.roa
File:                     loSCgoJ4hKRK0jtudHBRcmTN9d4.roa (raw, json)
Hash identifier:          URCezxxo5xLAhnqyK4BChNtSek6R2eu9KtpYGfArpvI=
Subject key identifier:   96:84:82:82:82:78:84:A4:4A:D2:3B:6E:74:70:51:72:64:CD:F5:DE
Certificate issuer:       /CN=4940cf778dd9817657cd8d4feedd423d46d1a965
Certificate serial:       01941F8C4B93E1EC78B87A7D8337ABBE8D15
Authority key identifier: 49:40:CF:77:8D:D9:81:76:57:CD:8D:4F:EE:DD:42:3D:46:D1:A9:65
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/SUDPd43ZgXZXzY1P7t1CPUbRqWU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f9/b025bc-bc73-4d3c-a430-00394b610a34/1/loSCgoJ4hKRK0jtudHBRcmTN9d4.roa
Signing time:             Wed 01 Jan 2025 01:47:55 +0000
ROA not before:           Wed 01 Jan 2025 01:47:55 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     50182
IP address blocks:        194.34.98.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f9/b025bc-bc73-4d3c-a430-00394b610a34/1/SUDPd43ZgXZXzY1P7t1CPUbRqWU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f9/b025bc-bc73-4d3c-a430-00394b610a34/1/SUDPd43ZgXZXzY1P7t1CPUbRqWU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/SUDPd43ZgXZXzY1P7t1CPUbRqWU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:8c:4b:93:e1:ec:78:b8:7a:7d:83:37:ab:be:8d:15
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4940cf778dd9817657cd8d4feedd423d46d1a965
        Validity
            Not Before: Jan  1 01:47:55 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=96848282827884a44ad23b6e7470517264cdf5de
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:ac:66:0a:6b:d7:ec:a3:53:3f:74:5c:28:ee:
                    3e:00:a4:5d:44:a1:d0:da:8f:d3:62:45:21:5d:d5:
                    54:ef:84:4b:19:09:ae:4f:ed:ae:6e:8f:eb:bb:e0:
                    82:de:8f:37:cc:1b:e1:4c:de:2e:6e:fb:53:ad:0c:
                    2c:94:f4:6b:73:2b:8e:05:b8:9c:14:83:3a:29:06:
                    ec:18:e1:5b:8c:6c:fc:b7:67:5d:e0:b9:26:b7:e7:
                    03:f7:91:d0:59:f5:42:8e:72:06:48:a1:20:59:fd:
                    6f:cc:24:d4:aa:d4:cb:9f:6e:0c:b0:b8:35:4f:20:
                    cd:12:99:5f:e5:22:3e:66:d9:b2:06:70:20:cb:52:
                    80:bd:df:b7:0e:e7:99:b5:c2:b3:c1:40:f4:5f:fd:
                    72:80:48:cc:dd:10:93:1a:84:1b:1a:37:c3:72:cd:
                    d4:62:62:ca:51:16:66:83:9a:f5:25:d4:d3:f3:2f:
                    3b:17:c8:82:9a:db:88:78:f4:4a:69:39:92:ab:66:
                    eb:f8:6b:3f:14:47:33:e1:00:b7:69:79:da:9e:38:
                    18:11:22:53:4a:63:67:8c:cf:f0:ae:25:dd:ab:e8:
                    69:fb:8d:e9:e5:5e:9b:72:92:7a:fe:d6:26:97:37:
                    1d:12:07:7d:59:a9:4d:af:04:95:78:9d:db:1a:d9:
                    83:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                96:84:82:82:82:78:84:A4:4A:D2:3B:6E:74:70:51:72:64:CD:F5:DE
            X509v3 Authority Key Identifier:
                keyid:49:40:CF:77:8D:D9:81:76:57:CD:8D:4F:EE:DD:42:3D:46:D1:A9:65

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SUDPd43ZgXZXzY1P7t1CPUbRqWU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f9/b025bc-bc73-4d3c-a430-00394b610a34/1/loSCgoJ4hKRK0jtudHBRcmTN9d4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f9/b025bc-bc73-4d3c-a430-00394b610a34/1/SUDPd43ZgXZXzY1P7t1CPUbRqWU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.34.98.0/23

    Signature Algorithm: sha256WithRSAEncryption
         0a:bb:a2:2c:b5:53:2d:cd:2e:f0:a8:de:73:5d:c6:c6:7f:03:
         66:62:22:96:df:d1:ed:79:61:96:2b:ea:38:71:c9:3f:14:d5:
         3a:6b:4f:e4:56:8c:0b:ca:e4:a7:f8:0d:8c:d8:d8:4e:16:23:
         d2:0b:38:4d:d2:a0:1b:b8:b9:bd:79:9b:5c:4e:d6:a7:53:4c:
         96:84:b8:ac:d7:41:7f:d3:ef:30:c6:e0:4f:2a:e3:b3:d2:12:
         89:c5:3e:d7:4c:5d:4e:ef:10:fb:d1:7c:90:13:66:e4:e2:c8:
         63:b6:0b:23:b7:94:9a:a4:58:23:ae:62:a5:05:cc:79:46:ac:
         5d:bc:9f:65:16:4c:d2:b0:87:83:0d:d8:b0:b9:fa:af:b7:7c:
         1c:73:11:bf:1d:d0:6f:f8:d0:ea:62:72:8d:9d:81:7b:b4:16:
         b6:6d:bb:7b:1e:56:e5:3d:c4:73:e7:d1:d5:44:70:de:f9:f1:
         f4:b7:41:3a:2f:77:ee:f9:63:6e:c6:5b:a9:45:ed:19:fa:b9:
         2e:a3:3b:70:21:df:00:c0:2c:d8:28:38:58:bb:ec:1b:80:78:
         1f:f2:b8:20:e5:3d:3a:2d:fc:02:75:3b:1e:e4:35:a0:5e:c3:
         15:af:a3:86:97:11:7b:05:a1:0b:ff:a3:48:2a:66:64:4c:25:
         e7:54:54:31
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQfjEuT4ex4uHp9gzervo0VMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ5NDBjZjc3OGRkOTgxNzY1N2NkOGQ0ZmVlZGQ0MjNkNDZk
MWE5NjUwHhcNMjUwMTAxMDE0NzU1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5Njg0ODI4MjgyNzg4NGE0NGFkMjNiNmU3NDcwNTE3MjY0Y2RmNWRlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwKxmCmvX7KNTP3RcKO4+AKRdRKHQ
2o/TYkUhXdVU74RLGQmuT+2ubo/ru+CC3o83zBvhTN4ubvtTrQwslPRrcyuOBbic
FIM6KQbsGOFbjGz8t2dd4Lkmt+cD95HQWfVCjnIGSKEgWf1vzCTUqtTLn24MsLg1
TyDNEplf5SI+ZtmyBnAgy1KAvd+3DueZtcKzwUD0X/1ygEjM3RCTGoQbGjfDcs3U
YmLKURZmg5r1JdTT8y87F8iCmtuIePRKaTmSq2br+Gs/FEcz4QC3aXnanjgYESJT
SmNnjM/wriXdq+hp+43p5V6bcpJ6/tYmlzcdEgd9WalNrwSVeJ3bGtmDowIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJaEgoKCeISkStI7bnRwUXJkzfXeMB8GA1UdIwQY
MBaAFElAz3eN2YF2V82NT+7dQj1G0allMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU1VEUGQ0M1pnWFpYelkxUDd0MUNQVWJScVdVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mOS9iMDI1YmMtYmM3My00ZDNjLWE0MzAt
MDAzOTRiNjEwYTM0LzEvbG9TQ2dvSjRoS1JLMGp0dWRIQlJjbVROOWQ0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mOS9iMDI1YmMtYmM3My00ZDNjLWE0MzAtMDAzOTRiNjEwYTM0
LzEvU1VEUGQ0M1pnWFpYelkxUDd0MUNQVWJScVdVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwiJiMA0G
CSqGSIb3DQEBCwUAA4IBAQAKu6IstVMtzS7wqN5zXcbGfwNmYiKW39HteWGWK+o4
cck/FNU6a0/kVowLyuSn+A2M2NhOFiPSCzhN0qAbuLm9eZtcTtanU0yWhLis10F/
0+8wxuBPKuOz0hKJxT7XTF1O7xD70XyQE2bk4shjtgsjt5SapFgjrmKlBcx5Rqxd
vJ9lFkzSsIeDDdiwufqvt3wccxG/HdBv+NDqYnKNnYF7tBa2bbt7HlblPcRz59HV
RHDe+fH0t0E6L3fu+WNuxlupRe0Z+rkuoztwId8AwCzYKDhYu+wbgHgf8rgg5T06
LfwCdTse5DWgXsMVr6OGlxF7BaEL/6NIKmZkTCXnVFQx
-----END CERTIFICATE-----