Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fd/48d6aa-afd5-4168-b104-dd3765c2eee4/1/jzVDE20GlCgVCg-KhJB_QzsLMCg.roa
File:                     jzVDE20GlCgVCg-KhJB_QzsLMCg.roa (raw, json)
Hash identifier:          LaydqvlZJmK18FahUwbjtSgT6W86Q5gZmcNPgCbbqe4=
Subject key identifier:   8F:35:43:13:6D:06:94:28:15:0A:0F:8A:84:90:7F:43:3B:0B:30:28
Certificate issuer:       /CN=13cc6309ac30a7fc015c3344cbc80861b4c547cf
Certificate serial:       01942368ED4DB88220A3477B1560068460F7
Authority key identifier: 13:CC:63:09:AC:30:A7:FC:01:5C:33:44:CB:C8:08:61:B4:C5:47:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/E8xjCawwp_wBXDNEy8gIYbTFR88.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fd/48d6aa-afd5-4168-b104-dd3765c2eee4/1/jzVDE20GlCgVCg-KhJB_QzsLMCg.roa
Signing time:             Wed 01 Jan 2025 19:47:46 +0000
ROA not before:           Wed 01 Jan 2025 19:47:46 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     12353
IP address blocks:        194.6.229.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fd/48d6aa-afd5-4168-b104-dd3765c2eee4/1/E8xjCawwp_wBXDNEy8gIYbTFR88.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fd/48d6aa-afd5-4168-b104-dd3765c2eee4/1/E8xjCawwp_wBXDNEy8gIYbTFR88.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/E8xjCawwp_wBXDNEy8gIYbTFR88.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 18 Apr 2025 13:00:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:68:ed:4d:b8:82:20:a3:47:7b:15:60:06:84:60:f7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=13cc6309ac30a7fc015c3344cbc80861b4c547cf
        Validity
            Not Before: Jan  1 19:47:46 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8f3543136d069428150a0f8a84907f433b0b3028
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:d6:22:d4:ba:23:b4:b9:58:6b:e6:ad:67:1d:
                    2c:45:6f:83:ba:74:76:be:82:e2:79:50:b1:c6:49:
                    9a:6a:3f:a0:60:cc:e0:ed:65:cb:42:25:4c:e3:0d:
                    04:fb:91:54:47:cb:73:34:37:1e:c8:7e:b3:61:73:
                    33:8f:dd:f3:2f:18:2c:9f:2e:e9:ec:2e:0b:40:08:
                    7a:94:6b:66:ea:44:7f:c1:ef:9b:25:c7:d4:6d:f6:
                    70:86:fb:80:15:82:d0:e1:1b:0d:cd:c6:a5:7b:20:
                    9b:a8:90:57:77:5c:79:d6:ac:3a:eb:04:04:52:dd:
                    ea:86:41:fd:1f:30:06:b8:40:07:ad:17:32:7f:f2:
                    0f:c6:36:84:5d:93:7b:84:e8:45:42:a7:a2:57:3a:
                    f1:c7:0e:59:b5:5d:2a:6f:ce:4d:3e:7f:6b:a9:42:
                    cd:1e:e3:54:4b:23:9a:cf:ce:69:a4:29:9b:0a:23:
                    6c:9d:b0:fd:7a:f5:bf:10:10:76:fc:34:01:bb:90:
                    d2:f0:90:e3:93:f5:0e:a9:95:9f:50:69:d3:0f:53:
                    45:b8:12:8d:c9:da:de:3c:dd:6d:cd:0b:46:54:7e:
                    8d:c4:c0:33:7f:93:1d:4d:b6:fc:53:d6:1a:1b:7d:
                    35:66:b9:82:68:73:c6:fa:6b:81:bb:0c:0a:63:19:
                    67:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8F:35:43:13:6D:06:94:28:15:0A:0F:8A:84:90:7F:43:3B:0B:30:28
            X509v3 Authority Key Identifier:
                keyid:13:CC:63:09:AC:30:A7:FC:01:5C:33:44:CB:C8:08:61:B4:C5:47:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/E8xjCawwp_wBXDNEy8gIYbTFR88.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/48d6aa-afd5-4168-b104-dd3765c2eee4/1/jzVDE20GlCgVCg-KhJB_QzsLMCg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/48d6aa-afd5-4168-b104-dd3765c2eee4/1/E8xjCawwp_wBXDNEy8gIYbTFR88.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.6.229.0/24

    Signature Algorithm: sha256WithRSAEncryption
         42:e5:92:f2:1a:f6:ea:6c:33:24:62:4e:af:6a:98:37:91:da:
         c8:f9:f4:8e:99:63:41:72:a2:b7:11:fd:06:9c:ec:25:32:da:
         db:82:c7:dc:4e:ee:3c:5f:b0:4c:d3:9f:59:c6:7f:46:02:65:
         04:33:15:f5:5e:f9:4a:22:da:a4:0c:43:19:6f:37:5b:ad:26:
         27:10:3d:d7:f0:dd:ed:f6:dd:f1:d2:dc:46:a6:ed:61:74:fd:
         ba:dc:05:5b:75:8d:da:50:07:3f:e7:b6:00:e8:60:7c:5e:07:
         ea:64:92:2d:78:d0:95:6a:37:9f:ac:d6:96:96:fa:04:19:84:
         a7:be:25:a7:cc:24:7a:7a:d9:8e:2c:21:a5:38:bf:4a:e1:0c:
         ba:b2:ff:d7:e5:8a:db:d7:79:5f:a5:12:49:c2:aa:ff:6d:da:
         eb:47:14:81:fa:5d:df:51:24:eb:7b:10:ed:29:fe:88:0c:3c:
         e3:6d:72:32:e8:54:f9:24:a9:ff:43:40:7d:b3:06:e1:f6:ce:
         72:e1:71:df:8f:3e:1a:8d:8c:66:f2:53:70:be:48:bd:3c:65:
         93:35:49:1a:17:f0:96:52:53:ad:1f:f5:e7:2e:c8:1e:d7:b3:
         a4:6f:33:74:35:81:20:2e:bc:73:94:f4:01:0b:59:99:b8:92:
         6d:47:97:69
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQjaO1NuIIgo0d7FWAGhGD3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEzY2M2MzA5YWMzMGE3ZmMwMTVjMzM0NGNiYzgwODYxYjRj
NTQ3Y2YwHhcNMjUwMTAxMTk0NzQ2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZjM1NDMxMzZkMDY5NDI4MTUwYTBmOGE4NDkwN2Y0MzNiMGIzMDI4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlNYi1LojtLlYa+atZx0sRW+DunR2
voLieVCxxkmaaj+gYMzg7WXLQiVM4w0E+5FUR8tzNDceyH6zYXMzj93zLxgsny7p
7C4LQAh6lGtm6kR/we+bJcfUbfZwhvuAFYLQ4RsNzcaleyCbqJBXd1x51qw66wQE
Ut3qhkH9HzAGuEAHrRcyf/IPxjaEXZN7hOhFQqeiVzrxxw5ZtV0qb85NPn9rqULN
HuNUSyOaz85ppCmbCiNsnbD9evW/EBB2/DQBu5DS8JDjk/UOqZWfUGnTD1NFuBKN
ydrePN1tzQtGVH6NxMAzf5MdTbb8U9YaG301ZrmCaHPG+muBuwwKYxlnjQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFI81QxNtBpQoFQoPioSQf0M7CzAoMB8GA1UdIwQY
MBaAFBPMYwmsMKf8AVwzRMvICGG0xUfPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRTh4akNhd3dwX3dCWERORXk4Z0lZYlRGUjg4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZC80OGQ2YWEtYWZkNS00MTY4LWIxMDQt
ZGQzNzY1YzJlZWU0LzEvanpWREUyMEdsQ2dWQ2ctS2hKQl9RenNMTUNnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZC80OGQ2YWEtYWZkNS00MTY4LWIxMDQtZGQzNzY1YzJlZWU0
LzEvRTh4akNhd3dwX3dCWERORXk4Z0lZYlRGUjg4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwgblMA0G
CSqGSIb3DQEBCwUAA4IBAQBC5ZLyGvbqbDMkYk6vapg3kdrI+fSOmWNBcqK3Ef0G
nOwlMtrbgsfcTu48X7BM059Zxn9GAmUEMxX1XvlKItqkDEMZbzdbrSYnED3X8N3t
9t3x0txGpu1hdP263AVbdY3aUAc/57YA6GB8XgfqZJIteNCVajefrNaWlvoEGYSn
viWnzCR6etmOLCGlOL9K4Qy6sv/X5Yrb13lfpRJJwqr/bdrrRxSB+l3fUSTrexDt
Kf6IDDzjbXIy6FT5JKn/Q0B9swbh9s5y4XHfjz4ajYxm8lNwvki9PGWTNUkaF/CW
UlOtH/XnLsge17OkbzN0NYEgLrxzlPQBC1mZuJJtR5dp
-----END CERTIFICATE-----