Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fe/05e17f-d31f-431f-a8bc-7e05ab41b6e4/1/CkYxOCFcXglZibNQBz57XM7xS7k.roa
File:                     CkYxOCFcXglZibNQBz57XM7xS7k.roa (raw, json)
Hash identifier:          tPE6/6y5+L8gtSA/0lIV1hRfNlGi7fzBLSET7NYUXhQ=
Subject key identifier:   0A:46:31:38:21:5C:5E:09:59:89:B3:50:07:3E:7B:5C:CE:F1:4B:B9
Certificate issuer:       /CN=fd37cc8f16b3c6cbd3346aa3ed61771f3e83ac97
Certificate serial:       01942747A12B5E8445B0895D7C15870038C0
Authority key identifier: FD:37:CC:8F:16:B3:C6:CB:D3:34:6A:A3:ED:61:77:1F:3E:83:AC:97
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_TfMjxazxsvTNGqj7WF3Hz6DrJc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fe/05e17f-d31f-431f-a8bc-7e05ab41b6e4/1/CkYxOCFcXglZibNQBz57XM7xS7k.roa
Signing time:             Thu 02 Jan 2025 13:49:53 +0000
ROA not before:           Thu 02 Jan 2025 13:49:53 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     203416
IP address blocks:        194.50.250.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fe/05e17f-d31f-431f-a8bc-7e05ab41b6e4/1/_TfMjxazxsvTNGqj7WF3Hz6DrJc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fe/05e17f-d31f-431f-a8bc-7e05ab41b6e4/1/_TfMjxazxsvTNGqj7WF3Hz6DrJc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_TfMjxazxsvTNGqj7WF3Hz6DrJc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 12 Apr 2025 20:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:47:a1:2b:5e:84:45:b0:89:5d:7c:15:87:00:38:c0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fd37cc8f16b3c6cbd3346aa3ed61771f3e83ac97
        Validity
            Not Before: Jan  2 13:49:53 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0a463138215c5e095989b350073e7b5ccef14bb9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:db:e1:48:89:f6:6b:c2:28:d4:e3:09:74:31:c2:
                    9a:b5:55:39:ed:fa:89:86:d5:2c:cd:2e:1a:eb:84:
                    72:dd:9a:cc:3a:48:55:36:11:9a:0a:f5:5d:08:0b:
                    1f:b2:ac:da:e4:bd:fd:a6:d4:f6:68:76:b7:5a:75:
                    ba:ba:94:12:fa:32:a8:52:19:3a:05:ea:fb:c7:d3:
                    35:5b:fa:c5:f0:03:fb:88:0d:88:de:04:1d:29:37:
                    33:e6:7d:62:41:5e:5c:0a:c9:99:29:4d:96:0c:69:
                    f8:35:cc:14:e0:3c:b4:a6:a5:4e:96:45:bb:4f:3e:
                    68:ae:0f:7a:32:c1:b6:96:82:95:9d:c6:45:a0:f6:
                    11:d5:e2:92:18:03:2f:51:9a:f8:8f:96:27:00:38:
                    83:26:6b:5a:79:69:44:bf:6b:e7:31:e9:c0:04:ce:
                    55:35:3c:b1:84:ac:35:db:1a:ba:4b:9c:1a:05:2c:
                    8b:de:21:4c:a2:91:24:bd:da:df:ef:25:c7:c5:22:
                    2c:4d:ea:1c:61:f2:37:3c:a0:f2:f9:db:d6:40:26:
                    28:04:ae:6a:35:69:78:13:3b:16:50:56:b6:4f:05:
                    73:6e:3f:b7:a0:92:08:4b:e3:4d:dd:01:25:2a:87:
                    fd:aa:64:c1:98:00:f0:03:7c:fd:cc:fe:6e:8d:d6:
                    a6:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0A:46:31:38:21:5C:5E:09:59:89:B3:50:07:3E:7B:5C:CE:F1:4B:B9
            X509v3 Authority Key Identifier:
                keyid:FD:37:CC:8F:16:B3:C6:CB:D3:34:6A:A3:ED:61:77:1F:3E:83:AC:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_TfMjxazxsvTNGqj7WF3Hz6DrJc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/05e17f-d31f-431f-a8bc-7e05ab41b6e4/1/CkYxOCFcXglZibNQBz57XM7xS7k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/05e17f-d31f-431f-a8bc-7e05ab41b6e4/1/_TfMjxazxsvTNGqj7WF3Hz6DrJc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.50.250.0/23

    Signature Algorithm: sha256WithRSAEncryption
         3f:b0:87:b4:d5:41:3b:b5:50:35:10:74:ae:11:52:25:6d:5f:
         f7:e4:68:40:ca:09:fe:22:98:6e:f9:38:37:50:9b:6a:b5:2e:
         73:68:77:a3:14:22:32:f7:eb:3c:69:8d:6b:38:7b:94:4d:8a:
         56:ca:ca:32:a6:14:5c:dd:20:2f:36:df:96:a1:a9:e7:8a:9c:
         7a:33:16:8c:94:a3:a2:53:70:df:4a:e3:00:69:db:45:b2:cb:
         79:d7:07:40:50:a3:d9:54:37:c4:92:50:e4:87:1b:8f:57:b2:
         95:b1:8d:f5:f7:ec:f8:66:54:b1:33:f6:1c:d1:ab:8b:09:3e:
         03:b2:5a:bf:9b:f8:17:91:dc:cb:d6:27:64:e2:74:56:51:77:
         85:de:ca:b0:52:ec:1d:04:e9:ca:9e:cf:99:80:59:3a:32:be:
         66:16:6d:f7:0f:86:1b:57:50:f1:e1:c5:fa:85:83:13:02:59:
         2b:74:f4:ac:00:c2:6b:1a:2e:18:46:cb:7b:33:39:75:f2:ed:
         41:6b:a2:a2:cb:6e:45:c5:46:3c:e1:3f:94:59:85:26:28:60:
         60:c8:c3:43:f4:82:07:9d:9b:8b:1f:b8:0d:de:31:0d:fe:86:
         63:0f:4a:9a:5f:c4:ee:7d:46:84:1a:81:bb:ca:ab:56:83:52:
         50:2d:a7:a1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQnR6ErXoRFsIldfBWHADjAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZkMzdjYzhmMTZiM2M2Y2JkMzM0NmFhM2VkNjE3NzFmM2U4
M2FjOTcwHhcNMjUwMTAyMTM0OTUzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYTQ2MzEzODIxNWM1ZTA5NTk4OWIzNTAwNzNlN2I1Y2NlZjE0YmI5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2+FIifZrwijU4wl0McKatVU57fqJ
htUszS4a64Ry3ZrMOkhVNhGaCvVdCAsfsqza5L39ptT2aHa3WnW6upQS+jKoUhk6
Ber7x9M1W/rF8AP7iA2I3gQdKTcz5n1iQV5cCsmZKU2WDGn4NcwU4Dy0pqVOlkW7
Tz5org96MsG2loKVncZFoPYR1eKSGAMvUZr4j5YnADiDJmtaeWlEv2vnMenABM5V
NTyxhKw12xq6S5waBSyL3iFMopEkvdrf7yXHxSIsTeocYfI3PKDy+dvWQCYoBK5q
NWl4EzsWUFa2TwVzbj+3oJIIS+NN3QElKof9qmTBmADwA3z9zP5ujdamvQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFApGMTghXF4JWYmzUAc+e1zO8Uu5MB8GA1UdIwQY
MBaAFP03zI8Ws8bL0zRqo+1hdx8+g6yXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX1RmTWp4YXp4c3ZUTkdxajdXRjNIejZEckpjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZS8wNWUxN2YtZDMxZi00MzFmLWE4YmMt
N2UwNWFiNDFiNmU0LzEvQ2tZeE9DRmNYZ2xaaWJOUUJ6NTdYTTd4UzdrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZS8wNWUxN2YtZDMxZi00MzFmLWE4YmMtN2UwNWFiNDFiNmU0
LzEvX1RmTWp4YXp4c3ZUTkdxajdXRjNIejZEckpjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwjL6MA0G
CSqGSIb3DQEBCwUAA4IBAQA/sIe01UE7tVA1EHSuEVIlbV/35GhAygn+Iphu+Tg3
UJtqtS5zaHejFCIy9+s8aY1rOHuUTYpWysoyphRc3SAvNt+Woannipx6MxaMlKOi
U3DfSuMAadtFsst51wdAUKPZVDfEklDkhxuPV7KVsY319+z4ZlSxM/Yc0auLCT4D
slq/m/gXkdzL1idk4nRWUXeF3sqwUuwdBOnKns+ZgFk6Mr5mFm33D4YbV1Dx4cX6
hYMTAlkrdPSsAMJrGi4YRst7Mzl18u1Ba6Kiy25FxUY84T+UWYUmKGBgyMND9IIH
nZuLH7gN3jEN/oZjD0qaX8TufUaEGoG7yqtWg1JQLaeh
-----END CERTIFICATE-----