Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/45/c14a62-aa6a-486d-b9e6-bc004649ee99/1/v7faT88h9FQXwmd6ooV79XLEuDc.roa
File:                     v7faT88h9FQXwmd6ooV79XLEuDc.roa (raw, json)
Hash identifier:          CNgJmJnrj1ZC4LjfHCAq1xid9gV3zArUgelpQMRzNq4=
Subject key identifier:   BF:B7:DA:4F:CF:21:F4:54:17:C2:67:7A:A2:85:7B:F5:72:C4:B8:37
Certificate issuer:       /CN=b96e8b6d73f2f38548996f66621330a8d7108529
Certificate serial:       0194CD8B9CB68780E8D0BAFF7C9918827A3F
Authority key identifier: B9:6E:8B:6D:73:F2:F3:85:48:99:6F:66:62:13:30:A8:D7:10:85:29
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uW6LbXPy84VImW9mYhMwqNcQhSk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/45/c14a62-aa6a-486d-b9e6-bc004649ee99/1/v7faT88h9FQXwmd6ooV79XLEuDc.roa
Signing time:             Mon 03 Feb 2025 20:41:06 +0000
ROA not before:           Mon 03 Feb 2025 20:41:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213672
IP address blocks:        194.164.118.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/45/c14a62-aa6a-486d-b9e6-bc004649ee99/1/uW6LbXPy84VImW9mYhMwqNcQhSk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/45/c14a62-aa6a-486d-b9e6-bc004649ee99/1/uW6LbXPy84VImW9mYhMwqNcQhSk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/uW6LbXPy84VImW9mYhMwqNcQhSk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 09 May 2025 05:00:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:cd:8b:9c:b6:87:80:e8:d0:ba:ff:7c:99:18:82:7a:3f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b96e8b6d73f2f38548996f66621330a8d7108529
        Validity
            Not Before: Feb  3 20:41:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=bfb7da4fcf21f45417c2677aa2857bf572c4b837
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:8d:2b:34:6e:5f:f8:83:68:74:7b:55:70:9d:
                    df:d7:e4:a0:0a:84:fc:9e:5e:4c:aa:7d:2b:e7:34:
                    6e:7a:ef:f1:c6:40:56:31:48:de:7f:8e:b4:ef:3a:
                    73:aa:87:85:b1:23:c2:b4:8f:8b:ff:30:39:86:83:
                    db:85:b4:bf:af:46:43:a9:e2:d2:33:5c:ef:33:ce:
                    87:f3:85:08:5e:29:b9:6a:9c:2d:1a:bd:02:a8:f6:
                    40:9c:51:c7:44:ef:de:3c:c2:ea:41:0b:8b:26:1a:
                    91:59:ae:14:cc:09:31:b2:c9:44:d5:0e:fb:fd:89:
                    1d:58:3b:72:63:44:1f:ca:6c:8d:00:a7:3b:bb:d2:
                    34:2b:e2:7f:60:87:49:94:9a:cd:1b:65:5a:99:96:
                    90:51:8e:5c:d3:99:31:67:b0:4a:f3:a8:59:65:77:
                    de:96:d7:0e:18:89:f2:69:84:96:25:81:f0:d5:c8:
                    85:1e:18:e3:ac:0d:85:f4:95:eb:6d:c1:ba:a4:51:
                    30:72:b6:cb:b9:b5:2c:a2:45:e0:72:3e:85:84:2a:
                    83:a7:ff:43:c5:7c:03:3f:bc:1c:a0:36:fb:e7:54:
                    f0:1f:74:c0:af:24:9e:1c:ca:21:61:5c:7c:86:6f:
                    04:da:22:be:2f:41:ff:49:f5:ec:63:81:d1:62:50:
                    bb:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BF:B7:DA:4F:CF:21:F4:54:17:C2:67:7A:A2:85:7B:F5:72:C4:B8:37
            X509v3 Authority Key Identifier:
                keyid:B9:6E:8B:6D:73:F2:F3:85:48:99:6F:66:62:13:30:A8:D7:10:85:29

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uW6LbXPy84VImW9mYhMwqNcQhSk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/45/c14a62-aa6a-486d-b9e6-bc004649ee99/1/v7faT88h9FQXwmd6ooV79XLEuDc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/45/c14a62-aa6a-486d-b9e6-bc004649ee99/1/uW6LbXPy84VImW9mYhMwqNcQhSk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.164.118.0/23

    Signature Algorithm: sha256WithRSAEncryption
         a4:7e:c6:f2:54:66:6a:0f:2b:8e:62:34:aa:37:ac:57:df:7a:
         d4:e6:ed:d4:46:b7:82:38:63:6a:a1:6c:f5:f1:5a:29:ec:4d:
         4f:09:b7:20:84:22:43:46:9f:4c:bf:4d:8c:22:16:5c:1c:a7:
         1f:15:70:31:4b:a0:7f:c7:0c:c6:9d:62:a9:4f:68:24:fe:96:
         b8:08:3e:86:fb:b2:3d:5c:03:2c:f6:2b:29:6f:c2:bc:bb:50:
         3a:36:3a:3a:fb:4e:80:fa:77:bc:b1:72:81:3c:9b:24:78:17:
         7d:b7:fe:f4:fb:a3:3c:7b:00:08:df:4f:e0:7a:b7:c2:3a:df:
         2d:00:83:1c:80:44:45:bb:aa:42:05:87:0a:73:f2:f7:2c:7a:
         09:59:d9:bb:a3:45:c7:7c:bd:2b:9a:d2:35:20:e4:cf:8f:30:
         77:65:3a:5e:b7:49:ff:97:fa:a9:c2:67:5f:c3:fd:85:3e:de:
         59:17:9d:74:3b:e3:c2:de:d9:a0:db:44:73:aa:37:67:46:fb:
         d7:eb:b2:6c:51:fb:f8:40:58:b7:57:f5:9d:ff:01:ab:6b:93:
         c4:f2:0c:d4:da:0e:23:80:0d:20:ae:4c:a7:98:1b:65:83:03:
         bd:8b:ae:b8:0a:c4:75:f8:53:c8:ea:fc:b2:d5:7b:89:a2:76:
         19:53:09:eb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZTNi5y2h4Do0Lr/fJkYgno/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI5NmU4YjZkNzNmMmYzODU0ODk5NmY2NjYyMTMzMGE4ZDcx
MDg1MjkwHhcNMjUwMjAzMjA0MTA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZmI3ZGE0ZmNmMjFmNDU0MTdjMjY3N2FhMjg1N2JmNTcyYzRiODM3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtY0rNG5f+INodHtVcJ3f1+SgCoT8
nl5Mqn0r5zRueu/xxkBWMUjef4607zpzqoeFsSPCtI+L/zA5hoPbhbS/r0ZDqeLS
M1zvM86H84UIXim5apwtGr0CqPZAnFHHRO/ePMLqQQuLJhqRWa4UzAkxsslE1Q77
/YkdWDtyY0QfymyNAKc7u9I0K+J/YIdJlJrNG2VamZaQUY5c05kxZ7BK86hZZXfe
ltcOGInyaYSWJYHw1ciFHhjjrA2F9JXrbcG6pFEwcrbLubUsokXgcj6FhCqDp/9D
xXwDP7wcoDb751TwH3TArySeHMohYVx8hm8E2iK+L0H/SfXsY4HRYlC7DQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFL+32k/PIfRUF8JneqKFe/VyxLg3MB8GA1UdIwQY
MBaAFLlui21z8vOFSJlvZmITMKjXEIUpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdVc2TGJYUHk4NFZJbVc5bVloTXdxTmNRaFNrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80NS9jMTRhNjItYWE2YS00ODZkLWI5ZTYt
YmMwMDQ2NDllZTk5LzEvdjdmYVQ4OGg5RlFYd21kNm9vVjc5WExFdURjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80NS9jMTRhNjItYWE2YS00ODZkLWI5ZTYtYmMwMDQ2NDllZTk5
LzEvdVc2TGJYUHk4NFZJbVc5bVloTXdxTmNRaFNrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwqR2MA0G
CSqGSIb3DQEBCwUAA4IBAQCkfsbyVGZqDyuOYjSqN6xX33rU5u3URreCOGNqoWz1
8Vop7E1PCbcghCJDRp9Mv02MIhZcHKcfFXAxS6B/xwzGnWKpT2gk/pa4CD6G+7I9
XAMs9ispb8K8u1A6Njo6+06A+ne8sXKBPJskeBd9t/70+6M8ewAI30/gerfCOt8t
AIMcgERFu6pCBYcKc/L3LHoJWdm7o0XHfL0rmtI1IOTPjzB3ZTpet0n/l/qpwmdf
w/2FPt5ZF510O+PC3tmg20RzqjdnRvvX67JsUfv4QFi3V/Wd/wGra5PE8gzU2g4j
gA0grkynmBtlgwO9i664CsR1+FPI6vyy1XuJonYZUwnr
-----END CERTIFICATE-----