Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fd/ec401c-44e4-4fcc-b037-3bc44101ec00/1/ubYQhCPAc1y9PWfDDFmtFKcMhjQ.roa
File:                     ubYQhCPAc1y9PWfDDFmtFKcMhjQ.roa (raw, json)
Hash identifier:          4pYqeQ4V8Sj7VAcygq8v+qY+0dXhWe9XfBkV8soN9nY=
Subject key identifier:   B9:B6:10:84:23:C0:73:5C:BD:3D:67:C3:0C:59:AD:14:A7:0C:86:34
Certificate issuer:       /CN=98fb582c1cd1881f2d46d0a70382cab69225f1a9
Certificate serial:       019426D9211037AAEFFD0ED44414B7614EFE
Authority key identifier: 98:FB:58:2C:1C:D1:88:1F:2D:46:D0:A7:03:82:CA:B6:92:25:F1:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mPtYLBzRiB8tRtCnA4LKtpIl8ak.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fd/ec401c-44e4-4fcc-b037-3bc44101ec00/1/ubYQhCPAc1y9PWfDDFmtFKcMhjQ.roa
Signing time:             Thu 02 Jan 2025 11:49:11 +0000
ROA not before:           Thu 02 Jan 2025 11:49:11 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     14618
IP address blocks:        194.1.158.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fd/ec401c-44e4-4fcc-b037-3bc44101ec00/1/mPtYLBzRiB8tRtCnA4LKtpIl8ak.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fd/ec401c-44e4-4fcc-b037-3bc44101ec00/1/mPtYLBzRiB8tRtCnA4LKtpIl8ak.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/mPtYLBzRiB8tRtCnA4LKtpIl8ak.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:d9:21:10:37:aa:ef:fd:0e:d4:44:14:b7:61:4e:fe
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=98fb582c1cd1881f2d46d0a70382cab69225f1a9
        Validity
            Not Before: Jan  2 11:49:11 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b9b6108423c0735cbd3d67c30c59ad14a70c8634
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:f4:e9:ee:b5:36:03:b6:0e:ac:93:61:1c:5a:
                    5a:ad:0e:dc:f1:51:63:4a:7e:7d:06:13:1e:67:e9:
                    a4:8d:2b:cb:0c:04:48:56:24:2b:c6:53:64:ee:6d:
                    64:bd:0b:57:7c:01:d7:2b:09:e9:19:7b:e0:76:6a:
                    1d:11:6d:6b:71:ce:8f:77:4d:05:e0:9d:c4:4c:a1:
                    20:2a:79:c7:aa:b0:a8:47:70:2c:7a:9b:fe:86:7e:
                    a6:df:6d:ce:e1:04:d8:24:d6:dc:4b:cd:89:05:6f:
                    c8:51:aa:e6:e8:97:91:72:48:20:6e:1c:5f:4d:9e:
                    85:5b:5d:85:b2:8f:94:fd:82:ab:57:6d:08:12:a9:
                    45:4f:d9:99:8a:47:cf:9c:f8:3e:85:8b:37:ff:d4:
                    12:40:8e:ac:bd:8f:82:53:f3:2b:ae:22:18:12:c0:
                    6d:49:75:69:86:18:0b:1a:e0:76:5e:3a:3c:ea:31:
                    c0:73:d9:d5:2c:80:4e:21:db:85:8b:29:5e:d8:1d:
                    4b:4d:a8:e0:b1:d5:22:2b:ca:e3:dd:84:b4:72:87:
                    ee:3d:65:e0:4a:1c:e6:0e:11:3b:7a:9a:0e:46:a7:
                    14:ea:47:7c:1e:65:6a:7c:61:6d:55:a5:f7:7c:7f:
                    e4:84:a4:7f:af:2c:04:a7:b8:a4:55:cc:78:84:a1:
                    ce:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B9:B6:10:84:23:C0:73:5C:BD:3D:67:C3:0C:59:AD:14:A7:0C:86:34
            X509v3 Authority Key Identifier:
                keyid:98:FB:58:2C:1C:D1:88:1F:2D:46:D0:A7:03:82:CA:B6:92:25:F1:A9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mPtYLBzRiB8tRtCnA4LKtpIl8ak.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/ec401c-44e4-4fcc-b037-3bc44101ec00/1/ubYQhCPAc1y9PWfDDFmtFKcMhjQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/ec401c-44e4-4fcc-b037-3bc44101ec00/1/mPtYLBzRiB8tRtCnA4LKtpIl8ak.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.1.158.0/24

    Signature Algorithm: sha256WithRSAEncryption
         61:a9:9f:da:34:84:b5:81:e4:ee:9b:6b:c4:3d:13:e7:f9:26:
         df:27:17:3e:a1:fb:bf:78:36:11:d8:5a:bb:f6:d4:bd:eb:d9:
         bb:77:38:1d:b1:12:a3:5b:1b:06:39:19:b5:70:f5:92:a0:b5:
         bd:e1:9a:77:0c:a9:e8:f9:d1:7f:c0:77:ea:b4:a7:9c:87:e8:
         47:08:7e:9e:4f:27:fb:92:94:16:23:a3:1a:94:53:3a:15:b9:
         9a:18:02:f4:35:e3:bd:e8:10:12:bc:16:d9:fb:03:33:27:eb:
         8e:fb:75:7f:78:fb:f6:ac:ab:b2:d9:53:07:ac:3b:4b:8d:21:
         43:d2:67:de:55:8c:12:ee:95:d4:92:44:f1:17:1f:2a:e8:03:
         17:62:08:30:33:4c:41:7b:99:73:ab:2e:4c:8e:e2:dd:bb:d7:
         4e:db:b0:64:79:7d:f1:b2:fc:eb:35:af:9c:ac:2d:76:d1:63:
         f8:df:94:cd:2d:4b:d0:d7:4c:15:5e:7f:0c:7a:be:e6:73:61:
         59:19:a1:07:34:59:d2:28:17:7c:ae:5d:4b:8e:f5:8d:3a:d7:
         4d:c6:12:0a:81:13:41:c2:5d:4b:b4:0e:bd:d4:11:20:fa:31:
         85:8f:81:7c:de:e5:16:1a:2b:79:7f:e6:ef:15:15:cb:c4:15:
         25:e4:66:59
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQm2SEQN6rv/Q7URBS3YU7+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk4ZmI1ODJjMWNkMTg4MWYyZDQ2ZDBhNzAzODJjYWI2OTIy
NWYxYTkwHhcNMjUwMTAyMTE0OTExWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiOWI2MTA4NDIzYzA3MzVjYmQzZDY3YzMwYzU5YWQxNGE3MGM4NjM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq/Tp7rU2A7YOrJNhHFparQ7c8VFj
Sn59BhMeZ+mkjSvLDARIViQrxlNk7m1kvQtXfAHXKwnpGXvgdmodEW1rcc6Pd00F
4J3ETKEgKnnHqrCoR3Asepv+hn6m323O4QTYJNbcS82JBW/IUarm6JeRckggbhxf
TZ6FW12Fso+U/YKrV20IEqlFT9mZikfPnPg+hYs3/9QSQI6svY+CU/MrriIYEsBt
SXVphhgLGuB2Xjo86jHAc9nVLIBOIduFiyle2B1LTajgsdUiK8rj3YS0cofuPWXg
ShzmDhE7epoORqcU6kd8HmVqfGFtVaX3fH/khKR/rywEp7ikVcx4hKHOmQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLm2EIQjwHNcvT1nwwxZrRSnDIY0MB8GA1UdIwQY
MBaAFJj7WCwc0YgfLUbQpwOCyraSJfGpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbVB0WUxCelJpQjh0UnRDbkE0TEt0cElsOGFrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZC9lYzQwMWMtNDRlNC00ZmNjLWIwMzct
M2JjNDQxMDFlYzAwLzEvdWJZUWhDUEFjMXk5UFdmRERGbXRGS2NNaGpRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZC9lYzQwMWMtNDRlNC00ZmNjLWIwMzctM2JjNDQxMDFlYzAw
LzEvbVB0WUxCelJpQjh0UnRDbkE0TEt0cElsOGFrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwgGeMA0G
CSqGSIb3DQEBCwUAA4IBAQBhqZ/aNIS1geTum2vEPRPn+SbfJxc+ofu/eDYR2Fq7
9tS969m7dzgdsRKjWxsGORm1cPWSoLW94Zp3DKno+dF/wHfqtKech+hHCH6eTyf7
kpQWI6MalFM6FbmaGAL0NeO96BASvBbZ+wMzJ+uO+3V/ePv2rKuy2VMHrDtLjSFD
0mfeVYwS7pXUkkTxFx8q6AMXYggwM0xBe5lzqy5MjuLdu9dO27BkeX3xsvzrNa+c
rC120WP435TNLUvQ10wVXn8Mer7mc2FZGaEHNFnSKBd8rl1LjvWNOtdNxhIKgRNB
wl1LtA691BEg+jGFj4F83uUWGit5f+bvFRXLxBUl5GZZ
-----END CERTIFICATE-----