Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fb/fe1b28-1519-4055-b0fb-7497e5a8f11b/1/IfAzv2xamXQmXpt0GBd13kn7nCM.roa
File:                     IfAzv2xamXQmXpt0GBd13kn7nCM.roa (raw, json)
Hash identifier:          jbzJm1UfZ+dpmS3iaSw271pkPBOa1r0axTofijj8Fjs=
Subject key identifier:   21:F0:33:BF:6C:5A:99:74:26:5E:9B:74:18:17:75:DE:49:FB:9C:23
Certificate issuer:       /CN=bbffc9a9832667ac0d6d1e2406550533c3b55618
Certificate serial:       0194228E41D57726FCCE54AF008E2D94FE7D
Authority key identifier: BB:FF:C9:A9:83:26:67:AC:0D:6D:1E:24:06:55:05:33:C3:B5:56:18
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/u__JqYMmZ6wNbR4kBlUFM8O1Vhg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fb/fe1b28-1519-4055-b0fb-7497e5a8f11b/1/IfAzv2xamXQmXpt0GBd13kn7nCM.roa
Signing time:             Wed 01 Jan 2025 15:48:55 +0000
ROA not before:           Wed 01 Jan 2025 15:48:55 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     3320
IP address blocks:        194.115.182.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fb/fe1b28-1519-4055-b0fb-7497e5a8f11b/1/u__JqYMmZ6wNbR4kBlUFM8O1Vhg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fb/fe1b28-1519-4055-b0fb-7497e5a8f11b/1/u__JqYMmZ6wNbR4kBlUFM8O1Vhg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/u__JqYMmZ6wNbR4kBlUFM8O1Vhg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:8e:41:d5:77:26:fc:ce:54:af:00:8e:2d:94:fe:7d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bbffc9a9832667ac0d6d1e2406550533c3b55618
        Validity
            Not Before: Jan  1 15:48:55 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=21f033bf6c5a9974265e9b74181775de49fb9c23
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:da:34:68:05:1b:be:3d:8e:6f:7c:65:3c:82:
                    e4:cc:ea:0e:fa:12:e5:25:24:20:54:d0:25:01:45:
                    2f:c2:37:f6:2e:19:19:6c:7c:2a:08:97:1e:5c:ec:
                    ab:e3:2f:f2:6a:8c:c1:f0:77:9d:29:14:32:7b:09:
                    10:11:99:cd:37:c2:a6:2b:d2:dd:7c:40:6b:95:3d:
                    a7:c3:92:24:c6:fb:e7:8e:fb:56:2e:63:f4:37:86:
                    a3:7d:a5:a9:a8:a0:e7:1b:50:27:21:e4:93:b5:f1:
                    55:0d:23:97:25:03:d9:35:98:47:af:43:42:ce:94:
                    8b:d6:3f:61:1a:ff:cd:eb:27:14:eb:86:99:10:6a:
                    cb:a2:14:db:75:f5:6a:08:d2:99:55:1a:43:7d:5f:
                    ab:ab:a6:af:12:b1:ac:35:2a:c2:63:ca:49:a8:0c:
                    7f:b0:ff:1f:f8:a3:4b:3f:53:57:29:da:73:a7:2a:
                    6d:4c:8d:f1:f3:2e:14:9f:fc:dc:10:0b:cf:7c:9d:
                    f4:86:bf:31:42:78:7e:af:06:9d:b1:c1:f4:5a:74:
                    22:5c:34:54:02:2d:27:5f:d6:52:95:15:83:81:78:
                    53:20:32:56:3d:03:bb:e0:3f:d6:15:ed:b6:66:4d:
                    a1:fb:02:21:83:03:fa:cf:c0:14:3b:9e:93:4c:5f:
                    2a:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                21:F0:33:BF:6C:5A:99:74:26:5E:9B:74:18:17:75:DE:49:FB:9C:23
            X509v3 Authority Key Identifier:
                keyid:BB:FF:C9:A9:83:26:67:AC:0D:6D:1E:24:06:55:05:33:C3:B5:56:18

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/u__JqYMmZ6wNbR4kBlUFM8O1Vhg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fb/fe1b28-1519-4055-b0fb-7497e5a8f11b/1/IfAzv2xamXQmXpt0GBd13kn7nCM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fb/fe1b28-1519-4055-b0fb-7497e5a8f11b/1/u__JqYMmZ6wNbR4kBlUFM8O1Vhg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.115.182.0/23

    Signature Algorithm: sha256WithRSAEncryption
         69:d7:3b:ae:ee:9c:99:64:3a:86:6a:35:cf:d3:2c:60:c0:6b:
         16:95:4b:7a:cb:1a:4d:bb:af:4d:10:a9:61:49:1c:a8:0b:b9:
         a4:0f:0f:f9:25:68:81:90:fc:f0:65:57:97:d1:ae:ad:d6:56:
         1c:2e:73:92:61:81:fb:03:69:a6:08:de:2a:04:6d:82:ba:ed:
         d7:89:f7:0c:c9:36:55:41:07:18:db:b9:5f:aa:5d:e3:9a:13:
         2b:9c:74:0b:3b:8d:30:00:df:09:49:5f:c6:f5:81:73:b2:f3:
         eb:74:e1:3b:35:f0:98:db:4d:0b:99:54:5b:16:3e:b4:3e:c4:
         72:2c:bf:01:d5:75:ba:1a:75:1f:90:b9:b2:1d:11:07:76:0a:
         9c:d1:07:48:65:3e:46:24:49:6a:e0:2e:c4:f2:c6:f1:f7:92:
         85:a8:60:3e:97:fb:24:fc:54:ef:46:2f:58:f0:ae:6e:f2:70:
         24:ef:7b:f7:5e:8b:e4:5a:bd:51:fb:b9:c1:7f:88:14:50:e7:
         e4:5f:70:7b:a9:c3:61:dc:ce:9a:d9:39:1f:c5:71:18:12:5d:
         e3:08:be:69:ff:8b:0b:33:01:98:68:e5:db:95:bc:85:dc:41:
         d0:4d:67:b1:ab:3a:97:aa:7a:c0:9c:c4:3a:b5:64:e5:f6:11:
         62:ca:35:02
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQijkHVdyb8zlSvAI4tlP59MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJiZmZjOWE5ODMyNjY3YWMwZDZkMWUyNDA2NTUwNTMzYzNi
NTU2MTgwHhcNMjUwMTAxMTU0ODU1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMWYwMzNiZjZjNWE5OTc0MjY1ZTliNzQxODE3NzVkZTQ5ZmI5YzIzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArdo0aAUbvj2Ob3xlPILkzOoO+hLl
JSQgVNAlAUUvwjf2LhkZbHwqCJceXOyr4y/yaozB8HedKRQyewkQEZnNN8KmK9Ld
fEBrlT2nw5IkxvvnjvtWLmP0N4ajfaWpqKDnG1AnIeSTtfFVDSOXJQPZNZhHr0NC
zpSL1j9hGv/N6ycU64aZEGrLohTbdfVqCNKZVRpDfV+rq6avErGsNSrCY8pJqAx/
sP8f+KNLP1NXKdpzpyptTI3x8y4Un/zcEAvPfJ30hr8xQnh+rwadscH0WnQiXDRU
Ai0nX9ZSlRWDgXhTIDJWPQO74D/WFe22Zk2h+wIhgwP6z8AUO56TTF8qFQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCHwM79sWpl0Jl6bdBgXdd5J+5wjMB8GA1UdIwQY
MBaAFLv/yamDJmesDW0eJAZVBTPDtVYYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdV9fSnFZTW1aNndOYlI0a0JsVUZNOE8xVmhnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYi9mZTFiMjgtMTUxOS00MDU1LWIwZmIt
NzQ5N2U1YThmMTFiLzEvSWZBenYyeGFtWFFtWHB0MEdCZDEza243bkNNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYi9mZTFiMjgtMTUxOS00MDU1LWIwZmItNzQ5N2U1YThmMTFi
LzEvdV9fSnFZTW1aNndOYlI0a0JsVUZNOE8xVmhnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwnO2MA0G
CSqGSIb3DQEBCwUAA4IBAQBp1zuu7pyZZDqGajXP0yxgwGsWlUt6yxpNu69NEKlh
SRyoC7mkDw/5JWiBkPzwZVeX0a6t1lYcLnOSYYH7A2mmCN4qBG2Cuu3XifcMyTZV
QQcY27lfql3jmhMrnHQLO40wAN8JSV/G9YFzsvPrdOE7NfCY200LmVRbFj60PsRy
LL8B1XW6GnUfkLmyHREHdgqc0QdIZT5GJElq4C7E8sbx95KFqGA+l/sk/FTvRi9Y
8K5u8nAk73v3XovkWr1R+7nBf4gUUOfkX3B7qcNh3M6a2TkfxXEYEl3jCL5p/4sL
MwGYaOXblbyF3EHQTWexqzqXqnrAnMQ6tWTl9hFiyjUC
-----END CERTIFICATE-----