Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fd/5786ab-067e-440c-b276-1b06d1c704c1/1/4c68WXa89S9GaEZ3betWtfOynEI.roa
File:                     4c68WXa89S9GaEZ3betWtfOynEI.roa (raw, json)
Hash identifier:          fVAp1PUxEqPq1PXw46ujCE/Pw+4uzGlNeTIsndTtQ4g=
Subject key identifier:   E1:CE:BC:59:76:BC:F5:2F:46:68:46:77:6D:EB:56:B5:F3:B2:9C:42
Certificate issuer:       /CN=d3d56f07be184cba52f6fdc049e8114d2616c32a
Certificate serial:       019423D6E9C333E959BB9E7BF095CA5647A9
Authority key identifier: D3:D5:6F:07:BE:18:4C:BA:52:F6:FD:C0:49:E8:11:4D:26:16:C3:2A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/09VvB74YTLpS9v3ASegRTSYWwyo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fd/5786ab-067e-440c-b276-1b06d1c704c1/1/4c68WXa89S9GaEZ3betWtfOynEI.roa
Signing time:             Wed 01 Jan 2025 21:47:54 +0000
ROA not before:           Wed 01 Jan 2025 21:47:54 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     50247
IP address blocks:        185.129.124.0/23 maxlen: 23
                          185.129.126.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fd/5786ab-067e-440c-b276-1b06d1c704c1/1/09VvB74YTLpS9v3ASegRTSYWwyo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fd/5786ab-067e-440c-b276-1b06d1c704c1/1/09VvB74YTLpS9v3ASegRTSYWwyo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/09VvB74YTLpS9v3ASegRTSYWwyo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:d6:e9:c3:33:e9:59:bb:9e:7b:f0:95:ca:56:47:a9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d3d56f07be184cba52f6fdc049e8114d2616c32a
        Validity
            Not Before: Jan  1 21:47:54 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e1cebc5976bcf52f466846776deb56b5f3b29c42
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e7:bb:10:42:f2:78:e8:1c:2c:8c:6c:64:31:aa:
                    77:35:13:bd:00:2f:b3:65:84:8b:27:15:72:2a:1e:
                    2e:be:0c:22:0a:85:bc:5e:9a:ac:fc:19:f5:af:a6:
                    93:50:fa:4d:6b:15:46:37:5f:e3:9c:d8:1b:c0:6c:
                    fb:e9:2f:5e:48:75:bc:79:7a:4a:e3:3b:e7:a0:95:
                    cb:2a:c5:66:d8:c7:a4:2f:da:03:54:fb:b2:47:29:
                    eb:52:cf:c6:53:06:c1:1b:c7:78:d4:ab:ea:69:21:
                    55:02:98:65:da:35:2a:ba:62:8c:36:c2:f2:b7:ef:
                    dc:bf:e8:78:56:53:53:72:0e:39:c0:e0:fd:22:bf:
                    b6:c6:b4:e2:cc:f7:65:2e:6a:8f:a9:c2:3c:f4:15:
                    d3:45:e2:a0:d8:4f:61:f7:41:eb:43:d5:39:b9:c5:
                    68:62:0c:16:26:cc:e9:64:29:d6:a0:42:12:30:97:
                    ce:28:be:da:a7:33:85:38:51:c8:76:87:08:81:3f:
                    e1:02:cc:ed:41:54:32:0e:04:09:4c:3a:c1:e8:77:
                    f8:f6:15:74:3c:96:91:a3:d6:8a:2f:3f:7c:82:b6:
                    3b:a7:87:13:3b:1b:bb:87:c4:90:9f:ad:04:d6:68:
                    b0:cb:fa:b5:44:ec:c4:4a:fe:c8:77:83:a8:b6:d1:
                    6b:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E1:CE:BC:59:76:BC:F5:2F:46:68:46:77:6D:EB:56:B5:F3:B2:9C:42
            X509v3 Authority Key Identifier:
                keyid:D3:D5:6F:07:BE:18:4C:BA:52:F6:FD:C0:49:E8:11:4D:26:16:C3:2A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/09VvB74YTLpS9v3ASegRTSYWwyo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/5786ab-067e-440c-b276-1b06d1c704c1/1/4c68WXa89S9GaEZ3betWtfOynEI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/5786ab-067e-440c-b276-1b06d1c704c1/1/09VvB74YTLpS9v3ASegRTSYWwyo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.129.124.0/22

    Signature Algorithm: sha256WithRSAEncryption
         8a:2f:34:96:12:9d:5a:8d:d0:a4:ec:49:4f:69:90:82:3b:60:
         c7:e2:33:8f:bb:d5:25:aa:a5:86:d8:8d:06:43:9b:3e:24:52:
         29:cf:f9:9e:c7:00:45:2e:dd:be:a8:e5:92:27:b8:a3:26:a2:
         d0:c7:76:f9:0e:e5:a1:d7:f7:7e:b1:33:bb:9d:4b:5f:31:fc:
         0f:4b:ce:fa:02:aa:5d:dc:61:51:0b:cc:0c:82:89:6a:63:2b:
         7d:df:25:70:34:df:5e:16:ab:fb:dd:69:ad:ab:95:f5:90:7b:
         ea:01:67:1c:20:de:7e:d1:1a:13:d3:40:a9:30:11:d9:ab:50:
         57:e8:5f:9a:62:b2:3c:e3:f9:e8:cd:65:95:b6:d6:5e:d1:7a:
         43:42:c8:e5:ad:80:30:41:34:56:ea:00:a2:a8:e2:0d:0b:9d:
         d1:63:4d:7d:ac:91:3e:fc:00:c4:81:72:67:d3:3a:4a:91:e3:
         f1:a5:bd:fd:d1:94:6b:0a:d6:92:58:65:a4:16:47:97:67:ee:
         1e:6f:8d:7d:b4:5f:44:cf:49:de:6b:b8:20:a6:9b:31:1d:41:
         d6:6f:ca:6a:50:24:fd:49:64:f9:9b:f9:c4:f0:7a:a8:bd:5d:
         2a:fe:09:71:c0:ad:1c:e9:63:d3:94:df:12:b4:2a:61:bd:ae:
         4d:0b:36:dd
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQj1unDM+lZu5578JXKVkepMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQzZDU2ZjA3YmUxODRjYmE1MmY2ZmRjMDQ5ZTgxMTRkMjYx
NmMzMmEwHhcNMjUwMTAxMjE0NzU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMWNlYmM1OTc2YmNmNTJmNDY2ODQ2Nzc2ZGViNTZiNWYzYjI5YzQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA57sQQvJ46BwsjGxkMap3NRO9AC+z
ZYSLJxVyKh4uvgwiCoW8Xpqs/Bn1r6aTUPpNaxVGN1/jnNgbwGz76S9eSHW8eXpK
4zvnoJXLKsVm2MekL9oDVPuyRynrUs/GUwbBG8d41KvqaSFVAphl2jUqumKMNsLy
t+/cv+h4VlNTcg45wOD9Ir+2xrTizPdlLmqPqcI89BXTReKg2E9h90HrQ9U5ucVo
YgwWJszpZCnWoEISMJfOKL7apzOFOFHIdocIgT/hAsztQVQyDgQJTDrB6Hf49hV0
PJaRo9aKLz98grY7p4cTOxu7h8SQn60E1miwy/q1ROzESv7Id4OottFrNQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOHOvFl2vPUvRmhGd23rVrXzspxCMB8GA1UdIwQY
MBaAFNPVbwe+GEy6Uvb9wEnoEU0mFsMqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMDlWdkI3NFlUTHBTOXYzQVNlZ1JUU1lXd3lvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZC81Nzg2YWItMDY3ZS00NDBjLWIyNzYt
MWIwNmQxYzcwNGMxLzEvNGM2OFdYYTg5UzlHYUVaM2JldFd0Zk95bkVJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZC81Nzg2YWItMDY3ZS00NDBjLWIyNzYtMWIwNmQxYzcwNGMx
LzEvMDlWdkI3NFlUTHBTOXYzQVNlZ1JUU1lXd3lvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuYF8MA0G
CSqGSIb3DQEBCwUAA4IBAQCKLzSWEp1ajdCk7ElPaZCCO2DH4jOPu9UlqqWG2I0G
Q5s+JFIpz/mexwBFLt2+qOWSJ7ijJqLQx3b5DuWh1/d+sTO7nUtfMfwPS876Aqpd
3GFRC8wMgolqYyt93yVwNN9eFqv73Wmtq5X1kHvqAWccIN5+0RoT00CpMBHZq1BX
6F+aYrI84/nozWWVttZe0XpDQsjlrYAwQTRW6gCiqOINC53RY019rJE+/ADEgXJn
0zpKkePxpb390ZRrCtaSWGWkFkeXZ+4eb419tF9Ez0nea7ggppsxHUHWb8pqUCT9
SWT5m/nE8HqovV0q/glxwK0c6WPTlN8StCphva5NCzbd
-----END CERTIFICATE-----