Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ff/759327-cc9f-4d6d-ac79-9cb8d023cc0b/1/cL-keBkm4oIskLWJO5aafKhJ0jo.roa
File:                     cL-keBkm4oIskLWJO5aafKhJ0jo.roa (raw, json)
Hash identifier:          s9gkn4aSVId/ngfYN3hJphayygttMpgwEt/RQqhzDWs=
Subject key identifier:   70:BF:A4:78:19:26:E2:82:2C:90:B5:89:3B:96:9A:7C:A8:49:D2:3A
Certificate issuer:       /CN=934e7d515dde9a03c2dc87389a2fca4e7d58c4ec
Certificate serial:       0194228DE4EB91CF00B48B037F088B0262D3
Authority key identifier: 93:4E:7D:51:5D:DE:9A:03:C2:DC:87:38:9A:2F:CA:4E:7D:58:C4:EC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/k059UV3emgPC3Ic4mi_KTn1YxOw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ff/759327-cc9f-4d6d-ac79-9cb8d023cc0b/1/cL-keBkm4oIskLWJO5aafKhJ0jo.roa
Signing time:             Wed 01 Jan 2025 15:48:31 +0000
ROA not before:           Wed 01 Jan 2025 15:48:31 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     202443
IP address blocks:        194.34.168.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ff/759327-cc9f-4d6d-ac79-9cb8d023cc0b/1/k059UV3emgPC3Ic4mi_KTn1YxOw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ff/759327-cc9f-4d6d-ac79-9cb8d023cc0b/1/k059UV3emgPC3Ic4mi_KTn1YxOw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/k059UV3emgPC3Ic4mi_KTn1YxOw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 18:00:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:8d:e4:eb:91:cf:00:b4:8b:03:7f:08:8b:02:62:d3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=934e7d515dde9a03c2dc87389a2fca4e7d58c4ec
        Validity
            Not Before: Jan  1 15:48:31 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=70bfa4781926e2822c90b5893b969a7ca849d23a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:70:76:e9:2e:44:1c:a5:8c:ea:3c:bd:ff:b5:
                    9e:2b:f2:69:a7:37:e3:6c:11:ba:c5:df:9b:02:4f:
                    33:04:f9:03:40:f0:31:b2:6d:5d:c6:83:a8:65:83:
                    33:3d:60:43:88:57:a0:27:e0:c7:4c:3f:98:84:38:
                    69:8e:ca:95:be:27:9d:99:93:6b:1a:b7:68:2b:5f:
                    80:0a:21:86:36:90:13:e9:30:5e:f1:9e:00:76:70:
                    43:f2:c7:22:3e:c4:8a:9a:c2:9d:e1:d2:96:25:7e:
                    f9:17:d3:6b:73:33:9d:71:1e:cb:c3:0b:f3:85:a0:
                    81:0d:ce:8e:8a:c0:7f:f6:69:8c:17:cf:2f:8a:2a:
                    52:58:98:ad:f7:2a:af:36:3c:07:7b:8d:e2:67:40:
                    66:29:b8:64:4a:af:f5:1e:bb:87:66:bd:6d:13:c4:
                    c6:47:12:24:22:6e:5a:9c:fb:e3:11:83:89:9f:ca:
                    13:d7:b4:98:a5:c9:7b:80:49:71:b6:40:58:d6:a1:
                    c4:17:0a:75:16:bd:3a:02:6e:c9:aa:94:16:8d:aa:
                    93:ef:5b:68:89:1b:8c:45:cd:03:e1:6f:7e:6a:c3:
                    84:55:94:60:e0:93:35:91:bc:44:c5:51:0f:98:e7:
                    86:c3:a2:16:3b:f2:c6:35:4b:fc:6c:53:b9:44:d7:
                    3e:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                70:BF:A4:78:19:26:E2:82:2C:90:B5:89:3B:96:9A:7C:A8:49:D2:3A
            X509v3 Authority Key Identifier:
                keyid:93:4E:7D:51:5D:DE:9A:03:C2:DC:87:38:9A:2F:CA:4E:7D:58:C4:EC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/k059UV3emgPC3Ic4mi_KTn1YxOw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/759327-cc9f-4d6d-ac79-9cb8d023cc0b/1/cL-keBkm4oIskLWJO5aafKhJ0jo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/759327-cc9f-4d6d-ac79-9cb8d023cc0b/1/k059UV3emgPC3Ic4mi_KTn1YxOw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.34.168.0/24

    Signature Algorithm: sha256WithRSAEncryption
         66:dd:46:76:de:58:7d:07:f9:ee:59:38:02:1c:65:93:98:e7:
         2f:4b:a5:79:d7:fc:a8:f5:dc:ac:8e:38:9b:25:6e:a9:c8:42:
         66:b5:2d:50:c7:de:09:f2:bb:77:70:c9:b4:db:e1:e1:4a:dd:
         cf:36:69:33:83:69:f8:e9:32:45:ed:28:99:e9:01:34:e9:a8:
         6d:a7:94:1c:9c:5e:65:f3:bb:de:12:b6:bc:04:d4:88:c8:e2:
         ba:41:04:f8:b1:b3:3a:52:58:cb:b6:b1:68:38:47:3c:2e:8e:
         60:de:d3:65:ff:ff:83:93:cc:de:3e:2f:45:27:79:a7:ec:be:
         af:97:90:c1:bb:d6:18:77:95:c6:38:64:cc:6e:00:a7:0d:03:
         d1:7a:d2:35:52:b5:21:17:14:97:4c:90:db:34:6c:ee:d9:21:
         02:b8:98:6a:99:8e:17:14:74:ff:42:a0:c1:82:3b:e1:4b:f5:
         db:61:00:ed:a2:b2:7f:7a:6a:45:4e:53:9b:41:95:d9:39:91:
         9a:66:be:83:09:db:91:70:09:15:ba:06:75:41:1f:74:04:da:
         6c:de:82:d1:7c:63:dc:bc:f3:9c:9a:a4:33:75:57:b1:34:31:
         07:05:7e:56:63:43:65:f9:3e:21:fb:8c:41:1d:21:9a:4c:0f:
         f5:83:73:c8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQijeTrkc8AtIsDfwiLAmLTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkzNGU3ZDUxNWRkZTlhMDNjMmRjODczODlhMmZjYTRlN2Q1
OGM0ZWMwHhcNMjUwMTAxMTU0ODMxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MGJmYTQ3ODE5MjZlMjgyMmM5MGI1ODkzYjk2OWE3Y2E4NDlkMjNhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArHB26S5EHKWM6jy9/7WeK/Jppzfj
bBG6xd+bAk8zBPkDQPAxsm1dxoOoZYMzPWBDiFegJ+DHTD+YhDhpjsqVviedmZNr
GrdoK1+ACiGGNpAT6TBe8Z4AdnBD8sciPsSKmsKd4dKWJX75F9NrczOdcR7Lwwvz
haCBDc6OisB/9mmMF88viipSWJit9yqvNjwHe43iZ0BmKbhkSq/1HruHZr1tE8TG
RxIkIm5anPvjEYOJn8oT17SYpcl7gElxtkBY1qHEFwp1Fr06Am7JqpQWjaqT71to
iRuMRc0D4W9+asOEVZRg4JM1kbxExVEPmOeGw6IWO/LGNUv8bFO5RNc+IwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHC/pHgZJuKCLJC1iTuWmnyoSdI6MB8GA1UdIwQY
MBaAFJNOfVFd3poDwtyHOJovyk59WMTsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvazA1OVVWM2VtZ1BDM0ljNG1pX0tUbjFZeE93LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZi83NTkzMjctY2M5Zi00ZDZkLWFjNzkt
OWNiOGQwMjNjYzBiLzEvY0wta2VCa200b0lza0xXSk81YWFmS2hKMGpvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZi83NTkzMjctY2M5Zi00ZDZkLWFjNzktOWNiOGQwMjNjYzBi
LzEvazA1OVVWM2VtZ1BDM0ljNG1pX0tUbjFZeE93LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwiKoMA0G
CSqGSIb3DQEBCwUAA4IBAQBm3UZ23lh9B/nuWTgCHGWTmOcvS6V51/yo9dysjjib
JW6pyEJmtS1Qx94J8rt3cMm02+HhSt3PNmkzg2n46TJF7SiZ6QE06ahtp5QcnF5l
87veEra8BNSIyOK6QQT4sbM6UljLtrFoOEc8Lo5g3tNl//+Dk8zePi9FJ3mn7L6v
l5DBu9YYd5XGOGTMbgCnDQPRetI1UrUhFxSXTJDbNGzu2SECuJhqmY4XFHT/QqDB
gjvhS/XbYQDtorJ/empFTlObQZXZOZGaZr6DCduRcAkVugZ1QR90BNps3oLRfGPc
vPOcmqQzdVexNDEHBX5WY0Nl+T4h+4xBHSGaTA/1g3PI
-----END CERTIFICATE-----