Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/pCndi1ZXV1mC4ZG8G28b0EXavY4.roa
File:                     pCndi1ZXV1mC4ZG8G28b0EXavY4.roa (raw, json)
Hash identifier:          QIh9bllo3i2ecy+DeV6KBQsP3Ac4e7xnH/vJAvg06/0=
Subject key identifier:   A4:29:DD:8B:56:57:57:59:82:E1:91:BC:1B:6F:1B:D0:45:DA:BD:8E
Certificate issuer:       /CN=7508475ff0d8ec960336016e0e04221a98e5ecf2
Certificate serial:       019427B56824C94EDB08BCB3718C7A60B9CC
Authority key identifier: 75:08:47:5F:F0:D8:EC:96:03:36:01:6E:0E:04:22:1A:98:E5:EC:F2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dQhHX_DY7JYDNgFuDgQiGpjl7PI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/pCndi1ZXV1mC4ZG8G28b0EXavY4.roa
Signing time:             Thu 02 Jan 2025 15:49:47 +0000
ROA not before:           Thu 02 Jan 2025 15:49:47 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     64493
IP address blocks:        195.128.133.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/dQhHX_DY7JYDNgFuDgQiGpjl7PI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/dQhHX_DY7JYDNgFuDgQiGpjl7PI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dQhHX_DY7JYDNgFuDgQiGpjl7PI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 13:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:b5:68:24:c9:4e:db:08:bc:b3:71:8c:7a:60:b9:cc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7508475ff0d8ec960336016e0e04221a98e5ecf2
        Validity
            Not Before: Jan  2 15:49:47 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a429dd8b5657575982e191bc1b6f1bd045dabd8e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:bb:e2:bd:e9:56:35:4a:2c:a2:fb:52:83:c5:
                    56:0c:ec:ff:21:05:b2:0e:0a:7a:e7:5b:05:0f:1f:
                    cb:0a:ee:d9:d0:b4:7c:60:a2:78:4e:38:19:bc:1d:
                    fa:d8:12:37:eb:21:ab:05:7a:15:b2:c5:64:ff:6b:
                    3f:59:bc:ab:ab:9c:4c:80:41:34:2f:a9:d2:23:62:
                    b5:11:39:f7:6c:14:47:87:e2:8f:76:8b:75:ab:8a:
                    33:5e:21:89:f3:0d:34:ee:94:e1:2b:19:5e:f2:e1:
                    10:f1:8e:0b:87:31:6a:30:b6:20:b6:dc:ac:03:ff:
                    cd:1d:a6:f2:0a:b0:ba:c2:34:39:a8:57:8e:44:34:
                    78:f3:44:f1:b1:8b:8a:d0:89:da:45:0c:f6:85:b4:
                    8f:24:61:b8:8c:f7:68:92:8b:c5:ff:f7:09:6a:74:
                    bf:9a:83:4b:e0:a8:2a:7e:d7:34:d5:0b:c1:02:b2:
                    bb:2b:62:c6:f3:e4:98:6f:9e:83:ab:a1:1c:ae:c9:
                    dd:39:13:4d:42:b0:99:aa:4b:8c:ff:1c:94:44:a5:
                    31:a2:ab:64:e0:37:e3:32:0a:6a:cb:dc:bd:da:80:
                    e9:b6:27:fb:6e:5c:ce:8b:ad:5e:66:cd:46:64:62:
                    8d:f2:ed:ba:54:c1:ba:bd:50:87:e2:ec:03:3c:7c:
                    36:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A4:29:DD:8B:56:57:57:59:82:E1:91:BC:1B:6F:1B:D0:45:DA:BD:8E
            X509v3 Authority Key Identifier:
                keyid:75:08:47:5F:F0:D8:EC:96:03:36:01:6E:0E:04:22:1A:98:E5:EC:F2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dQhHX_DY7JYDNgFuDgQiGpjl7PI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/pCndi1ZXV1mC4ZG8G28b0EXavY4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/dQhHX_DY7JYDNgFuDgQiGpjl7PI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.128.133.0/24

    Signature Algorithm: sha256WithRSAEncryption
         d7:20:bf:7d:84:b1:42:70:37:4f:a0:7b:bf:51:2a:a4:50:fe:
         1e:52:0c:f8:42:e9:22:54:d6:ae:36:c3:12:4c:78:9b:ee:b3:
         5e:49:c3:ab:c0:e8:87:d1:18:d4:a1:1a:34:ea:68:4e:5d:2b:
         00:03:47:32:6a:0d:9f:b0:e0:a5:37:d9:68:c0:fe:07:f5:f7:
         1f:b5:4b:41:a6:72:ca:e7:92:08:d3:ca:51:49:c3:b2:dd:6a:
         53:f3:47:58:bf:78:37:a3:97:1d:1a:c9:9d:51:38:37:30:a0:
         d5:53:ff:fe:3c:b9:ae:a5:8b:08:5e:e1:79:a4:17:aa:c9:2f:
         25:b7:6d:7b:52:22:a1:78:56:a7:c5:43:55:63:27:c5:51:fa:
         ec:52:33:61:38:99:f4:21:43:f0:17:05:37:cf:a3:97:f8:cd:
         d4:6a:c1:43:4b:d2:c8:48:62:67:c9:48:4a:df:90:58:3a:e6:
         29:38:1a:cd:68:dc:de:f2:c0:34:19:e3:76:c0:7d:41:b6:75:
         51:98:b1:47:2f:9b:48:f4:1f:87:76:51:59:60:94:c1:83:e3:
         5f:b8:e9:41:66:b5:9b:26:f5:b8:a3:b8:8c:99:1a:6a:15:fc:
         1d:d4:f4:0b:e7:f6:58:3c:24:b8:f2:93:9a:82:44:64:d4:04:
         0b:5f:8e:a9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQntWgkyU7bCLyzcYx6YLnMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc1MDg0NzVmZjBkOGVjOTYwMzM2MDE2ZTBlMDQyMjFhOThl
NWVjZjIwHhcNMjUwMTAyMTU0OTQ3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNDI5ZGQ4YjU2NTc1NzU5ODJlMTkxYmMxYjZmMWJkMDQ1ZGFiZDhlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyrvivelWNUosovtSg8VWDOz/IQWy
Dgp651sFDx/LCu7Z0LR8YKJ4TjgZvB362BI36yGrBXoVssVk/2s/Wbyrq5xMgEE0
L6nSI2K1ETn3bBRHh+KPdot1q4ozXiGJ8w007pThKxle8uEQ8Y4LhzFqMLYgttys
A//NHabyCrC6wjQ5qFeORDR480TxsYuK0InaRQz2hbSPJGG4jPdokovF//cJanS/
moNL4Kgqftc01QvBArK7K2LG8+SYb56Dq6EcrsndORNNQrCZqkuM/xyURKUxoqtk
4DfjMgpqy9y92oDptif7blzOi61eZs1GZGKN8u26VMG6vVCH4uwDPHw2DQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKQp3YtWV1dZguGRvBtvG9BF2r2OMB8GA1UdIwQY
MBaAFHUIR1/w2OyWAzYBbg4EIhqY5ezyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZFFoSFhfRFk3SllETmdGdURnUWlHcGpsN1BJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZS8xZmE2YTMtOGRjNS00YzM1LWE0OWIt
MTcxYzM2N2JlNzgyLzEvcENuZGkxWlhWMW1DNFpHOEcyOGIwRVhhdlk0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZS8xZmE2YTMtOGRjNS00YzM1LWE0OWItMTcxYzM2N2JlNzgy
LzEvZFFoSFhfRFk3SllETmdGdURnUWlHcGpsN1BJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw4CFMA0G
CSqGSIb3DQEBCwUAA4IBAQDXIL99hLFCcDdPoHu/USqkUP4eUgz4QukiVNauNsMS
THib7rNeScOrwOiH0RjUoRo06mhOXSsAA0cyag2fsOClN9lowP4H9fcftUtBpnLK
55II08pRScOy3WpT80dYv3g3o5cdGsmdUTg3MKDVU//+PLmupYsIXuF5pBeqyS8l
t217UiKheFanxUNVYyfFUfrsUjNhOJn0IUPwFwU3z6OX+M3UasFDS9LISGJnyUhK
35BYOuYpOBrNaNze8sA0GeN2wH1BtnVRmLFHL5tI9B+HdlFZYJTBg+NfuOlBZrWb
JvW4o7iMmRpqFfwd1PQL5/ZYPCS48pOagkRk1AQLX46p
-----END CERTIFICATE-----