Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fb/9ede92-a838-40bc-a266-162b02bb15bd/1/cDqRgVZUzcG8C6S6sy9XaY7R8i4.roa
File:                     cDqRgVZUzcG8C6S6sy9XaY7R8i4.roa (raw, json)
Hash identifier:          dXQReZhWlMp7R/f0KCpgMs+DeDxAbD08ZpRugIlwk3I=
Subject key identifier:   70:3A:91:81:56:54:CD:C1:BC:0B:A4:BA:B3:2F:57:69:8E:D1:F2:2E
Certificate issuer:       /CN=501459c027a86e1a55709f860937fe2f81b312f0
Certificate serial:       0194266BBE76B01B57E7A5D316EF5E107227
Authority key identifier: 50:14:59:C0:27:A8:6E:1A:55:70:9F:86:09:37:FE:2F:81:B3:12:F0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/UBRZwCeobhpVcJ-GCTf-L4GzEvA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fb/9ede92-a838-40bc-a266-162b02bb15bd/1/cDqRgVZUzcG8C6S6sy9XaY7R8i4.roa
Signing time:             Thu 02 Jan 2025 09:49:42 +0000
ROA not before:           Thu 02 Jan 2025 09:49:42 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     198949
IP address blocks:        147.233.0.0/17 maxlen: 17
                          147.233.128.0/17 maxlen: 17
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fb/9ede92-a838-40bc-a266-162b02bb15bd/1/UBRZwCeobhpVcJ-GCTf-L4GzEvA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fb/9ede92-a838-40bc-a266-162b02bb15bd/1/UBRZwCeobhpVcJ-GCTf-L4GzEvA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/UBRZwCeobhpVcJ-GCTf-L4GzEvA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 12 Apr 2025 23:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:6b:be:76:b0:1b:57:e7:a5:d3:16:ef:5e:10:72:27
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=501459c027a86e1a55709f860937fe2f81b312f0
        Validity
            Not Before: Jan  2 09:49:42 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=703a91815654cdc1bc0ba4bab32f57698ed1f22e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:b4:21:86:9d:7c:2c:eb:12:22:32:3e:6e:4b:
                    50:23:2a:82:e3:98:24:83:30:e7:3f:2f:0d:5a:60:
                    75:52:60:ea:8f:20:be:e7:a7:2d:5a:86:c2:43:f9:
                    a2:8a:e8:55:00:d9:58:b6:ac:9d:fd:47:bd:4a:86:
                    63:ed:b8:80:f4:ab:54:ac:09:ca:ed:6d:83:94:5c:
                    c3:5c:84:7a:59:6d:c2:e1:39:f0:40:67:9b:1a:18:
                    54:c3:11:3c:90:b7:1a:59:cd:10:bd:a5:d5:2f:48:
                    86:81:1f:9f:5d:aa:ff:57:27:4e:0e:62:43:d6:f2:
                    48:54:81:84:e3:c6:a4:47:5f:14:f4:98:da:40:6a:
                    e7:f4:8a:78:40:76:d6:ca:22:21:25:f2:89:d4:9d:
                    eb:39:17:1d:fe:d5:4a:47:71:1b:60:07:0c:61:56:
                    e9:ca:8b:39:0c:ea:63:1a:d2:26:62:dc:b4:7b:30:
                    81:c7:8f:2c:f4:04:cd:2d:cb:4d:41:22:e7:cb:18:
                    c4:9a:f8:85:c5:f0:1e:8a:8f:4a:c2:46:61:ad:a2:
                    d3:7f:10:f2:f4:7c:30:7d:2c:c6:2e:2d:17:3f:b5:
                    8b:97:7c:ca:01:bc:60:e5:60:2e:36:c2:61:63:0e:
                    55:e9:fe:68:3f:12:9d:6d:e1:3c:ec:0d:b5:27:80:
                    e9:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                70:3A:91:81:56:54:CD:C1:BC:0B:A4:BA:B3:2F:57:69:8E:D1:F2:2E
            X509v3 Authority Key Identifier:
                keyid:50:14:59:C0:27:A8:6E:1A:55:70:9F:86:09:37:FE:2F:81:B3:12:F0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UBRZwCeobhpVcJ-GCTf-L4GzEvA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fb/9ede92-a838-40bc-a266-162b02bb15bd/1/cDqRgVZUzcG8C6S6sy9XaY7R8i4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fb/9ede92-a838-40bc-a266-162b02bb15bd/1/UBRZwCeobhpVcJ-GCTf-L4GzEvA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.233.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         5f:7f:a0:16:e2:c4:56:ca:0e:4a:d0:a7:11:bf:d5:0d:2c:12:
         3a:23:0a:86:6d:2a:32:6e:8f:67:41:5c:e7:9c:61:78:a5:fb:
         40:77:e2:8f:f1:a5:0e:12:45:23:9d:3c:fe:0d:96:98:e1:bc:
         77:7a:31:9f:a1:29:d3:49:42:1c:88:f9:e1:fa:d2:52:3b:ee:
         47:7f:e8:e6:a8:8f:b7:3e:00:62:ba:44:15:df:49:e4:f5:27:
         fc:5b:67:f6:52:9c:39:be:a7:46:34:62:1d:c4:ab:cd:ea:ad:
         56:6c:08:93:da:e6:f1:cf:1a:d0:4b:b6:a0:c7:43:cd:e8:7c:
         13:8e:5e:db:b2:6d:f1:81:2d:f0:22:4a:63:d1:15:57:ba:04:
         cc:d7:4a:16:1d:b8:af:c1:ed:f1:c0:41:5c:a5:fb:df:b8:2f:
         b0:94:92:94:9b:a9:08:61:71:c8:f5:2b:fa:cf:6c:c7:aa:09:
         7e:c5:e5:58:db:ac:15:48:c3:9c:f0:37:e3:3b:05:ff:04:53:
         59:0e:ab:ee:53:05:b7:72:48:48:3e:1e:77:cc:d4:bd:ff:ed:
         d7:00:f7:ed:10:78:7c:39:fb:4e:f1:b2:82:ad:06:8d:08:3a:
         7f:47:6f:42:e9:7d:13:c8:cd:a4:dc:88:70:0a:c3:d3:44:a9:
         91:c3:48:df
-----BEGIN CERTIFICATE-----
MIIE/DCCA+SgAwIBAgISAZQma752sBtX56XTFu9eEHInMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUwMTQ1OWMwMjdhODZlMWE1NTcwOWY4NjA5MzdmZTJmODFi
MzEyZjAwHhcNMjUwMTAyMDk0OTQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MDNhOTE4MTU2NTRjZGMxYmMwYmE0YmFiMzJmNTc2OThlZDFmMjJlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA07Qhhp18LOsSIjI+bktQIyqC45gk
gzDnPy8NWmB1UmDqjyC+56ctWobCQ/miiuhVANlYtqyd/Ue9SoZj7biA9KtUrAnK
7W2DlFzDXIR6WW3C4TnwQGebGhhUwxE8kLcaWc0QvaXVL0iGgR+fXar/VydODmJD
1vJIVIGE48akR18U9JjaQGrn9Ip4QHbWyiIhJfKJ1J3rORcd/tVKR3EbYAcMYVbp
yos5DOpjGtImYty0ezCBx48s9ATNLctNQSLnyxjEmviFxfAeio9KwkZhraLTfxDy
9HwwfSzGLi0XP7WLl3zKAbxg5WAuNsJhYw5V6f5oPxKdbeE87A21J4DpowIDAQAB
o4ICCDCCAgQwHQYDVR0OBBYEFHA6kYFWVM3BvAukurMvV2mO0fIuMB8GA1UdIwQY
MBaAFFAUWcAnqG4aVXCfhgk3/i+BsxLwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVUJSWndDZW9iaHBWY0otR0NUZi1MNEd6RXZBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYi85ZWRlOTItYTgzOC00MGJjLWEyNjYt
MTYyYjAyYmIxNWJkLzEvY0RxUmdWWlV6Y0c4QzZTNnN5OVhhWTdSOGk0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYi85ZWRlOTItYTgzOC00MGJjLWEyNjYtMTYyYjAyYmIxNWJk
LzEvVUJSWndDZW9iaHBWY0otR0NUZi1MNEd6RXZBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMAk+kwDQYJ
KoZIhvcNAQELBQADggEBAF9/oBbixFbKDkrQpxG/1Q0sEjojCoZtKjJuj2dBXOec
YXil+0B34o/xpQ4SRSOdPP4NlpjhvHd6MZ+hKdNJQhyI+eH60lI77kd/6Oaoj7c+
AGK6RBXfSeT1J/xbZ/ZSnDm+p0Y0Yh3Eq83qrVZsCJPa5vHPGtBLtqDHQ83ofBOO
XtuybfGBLfAiSmPRFVe6BMzXShYduK/B7fHAQVyl+9+4L7CUkpSbqQhhccj1K/rP
bMeqCX7F5VjbrBVIw5zwN+M7Bf8EU1kOq+5TBbdySEg+HnfM1L3/7dcA9+0QeHw5
+07xsoKtBo0IOn9Hb0LpfRPIzaTciHAKw9NEqZHDSN8=
-----END CERTIFICATE-----