Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/55/57cd72-33e4-42dd-9f22-baf4e0b4a69e/1/1-NiC19PFJdVr-VuE1N7tWrIBE9Q.roa
File:                     1-NiC19PFJdVr-VuE1N7tWrIBE9Q.roa (raw, json)
Hash identifier:          0HAHPWXREzbwDwtij8FRpFriyrnHpfOye4GKnuxuEBo=
Subject key identifier:   F8:D8:82:D7:D3:C5:25:D5:6B:F9:5B:84:D4:DE:ED:5A:B2:01:13:D4
Certificate issuer:       /CN=6f9e9696dccf6c1a432090408514aecdc3f60739
Certificate serial:       019614A8D09F8A7B4C6DB99B58C65CB1C274
Authority key identifier: 6F:9E:96:96:DC:CF:6C:1A:43:20:90:40:85:14:AE:CD:C3:F6:07:39
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/b56WltzPbBpDIJBAhRSuzcP2Bzk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/55/57cd72-33e4-42dd-9f22-baf4e0b4a69e/1/1-NiC19PFJdVr-VuE1N7tWrIBE9Q.roa
Signing time:             Tue 08 Apr 2025 09:08:49 +0000
ROA not before:           Tue 08 Apr 2025 09:08:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     49035
IP address blocks:        194.92.79.0/24 maxlen: 24
                          194.92.88.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/55/57cd72-33e4-42dd-9f22-baf4e0b4a69e/1/b56WltzPbBpDIJBAhRSuzcP2Bzk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/55/57cd72-33e4-42dd-9f22-baf4e0b4a69e/1/b56WltzPbBpDIJBAhRSuzcP2Bzk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/b56WltzPbBpDIJBAhRSuzcP2Bzk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 13 May 2025 20:47:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:14:a8:d0:9f:8a:7b:4c:6d:b9:9b:58:c6:5c:b1:c2:74
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6f9e9696dccf6c1a432090408514aecdc3f60739
        Validity
            Not Before: Apr  8 09:08:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f8d882d7d3c525d56bf95b84d4deed5ab20113d4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:02:24:17:37:12:54:5c:1a:e0:10:61:94:12:
                    6c:db:a3:50:c6:93:d1:d5:16:08:c0:65:0d:97:04:
                    f9:59:66:d2:de:95:1a:83:97:df:12:65:ba:07:20:
                    1a:78:33:4e:1c:d1:64:53:ae:8b:76:98:6a:fe:1a:
                    de:c1:6d:a3:d9:3b:20:4b:3f:53:9d:84:cc:92:18:
                    08:d6:1f:7f:12:14:c0:d4:15:36:de:9a:33:5c:aa:
                    bd:11:63:6e:bf:83:79:a2:bd:c8:30:1a:4a:91:69:
                    fd:3d:22:30:2e:2d:42:e7:e0:fb:12:98:c0:c0:a8:
                    78:61:0a:a1:51:ea:3b:7f:eb:5b:72:32:bf:3b:01:
                    3b:ff:b6:71:04:20:42:0d:3d:09:6a:ee:fa:eb:89:
                    df:31:7f:4a:f9:e2:4c:a0:64:36:d1:02:f5:3b:e4:
                    04:77:58:52:53:da:9d:a1:4c:0d:ef:92:b0:88:0f:
                    24:cf:4c:31:d5:0b:99:7c:6e:b1:1c:4b:c6:b0:f5:
                    48:8a:02:39:a1:0d:54:fd:15:ca:46:2e:15:88:05:
                    b4:c5:b4:17:a2:11:ec:ce:c3:b2:cf:3f:2c:cf:a4:
                    4c:fb:3d:41:71:cc:01:93:07:90:b9:cd:cd:f6:a1:
                    ab:22:9a:e8:bc:be:62:19:c6:48:ee:d9:4a:a1:4b:
                    4e:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F8:D8:82:D7:D3:C5:25:D5:6B:F9:5B:84:D4:DE:ED:5A:B2:01:13:D4
            X509v3 Authority Key Identifier:
                keyid:6F:9E:96:96:DC:CF:6C:1A:43:20:90:40:85:14:AE:CD:C3:F6:07:39

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/b56WltzPbBpDIJBAhRSuzcP2Bzk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/55/57cd72-33e4-42dd-9f22-baf4e0b4a69e/1/1-NiC19PFJdVr-VuE1N7tWrIBE9Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/55/57cd72-33e4-42dd-9f22-baf4e0b4a69e/1/b56WltzPbBpDIJBAhRSuzcP2Bzk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.92.79.0/24
                  194.92.88.0/22

    Signature Algorithm: sha256WithRSAEncryption
         a8:97:c3:22:01:51:c5:74:15:b3:eb:bc:87:fa:d6:73:0e:39:
         db:14:1c:8a:fe:95:14:5a:c3:2c:6c:cc:ac:23:70:91:9d:18:
         e4:67:9f:04:17:e8:10:0f:d3:a8:5a:85:2e:56:f0:45:38:a1:
         71:19:64:65:a1:be:a0:5f:18:ec:f8:7a:1c:a2:1f:20:5b:5d:
         e3:8f:01:0d:4d:4b:52:17:93:19:96:ae:da:f1:5b:f8:5c:a8:
         56:27:26:d6:4e:b5:08:52:68:36:4b:be:95:08:5a:01:85:9f:
         f4:8b:f2:f9:09:4d:5f:40:8a:b6:9f:57:d6:c7:b1:3a:64:c0:
         9c:63:45:0d:f9:9b:12:b9:56:38:19:41:57:a2:ad:a2:19:dd:
         d9:cb:93:e4:04:2f:9c:6c:5d:a1:48:d8:5f:9a:52:8b:5f:9c:
         4f:5c:23:fb:e6:cd:20:6c:8a:4d:14:82:5b:dc:74:78:96:bf:
         36:1b:47:79:22:51:3b:97:d7:ea:f2:64:0e:0d:e6:dd:a7:52:
         59:86:e0:72:c4:84:bd:be:d8:5a:e2:79:7e:b1:28:03:ef:38:
         9f:a4:f3:5d:3b:e9:21:27:52:1d:00:53:43:a8:7a:58:f5:3c:
         90:97:61:39:bd:d3:59:be:74:5d:85:39:d8:03:34:38:b0:bc:
         71:a4:8d:88
-----BEGIN CERTIFICATE-----
MIIFBDCCA+ygAwIBAgISAZYUqNCfintMbbmbWMZcscJ0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZmOWU5Njk2ZGNjZjZjMWE0MzIwOTA0MDg1MTRhZWNkYzNm
NjA3MzkwHhcNMjUwNDA4MDkwODQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmOGQ4ODJkN2QzYzUyNWQ1NmJmOTViODRkNGRlZWQ1YWIyMDExM2Q0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqQIkFzcSVFwa4BBhlBJs26NQxpPR
1RYIwGUNlwT5WWbS3pUag5ffEmW6ByAaeDNOHNFkU66Ldphq/hrewW2j2TsgSz9T
nYTMkhgI1h9/EhTA1BU23pozXKq9EWNuv4N5or3IMBpKkWn9PSIwLi1C5+D7EpjA
wKh4YQqhUeo7f+tbcjK/OwE7/7ZxBCBCDT0Jau7664nfMX9K+eJMoGQ20QL1O+QE
d1hSU9qdoUwN75KwiA8kz0wx1QuZfG6xHEvGsPVIigI5oQ1U/RXKRi4ViAW0xbQX
ohHszsOyzz8sz6RM+z1BccwBkweQuc3N9qGrIprovL5iGcZI7tlKoUtOswIDAQAB
o4ICEDCCAgwwHQYDVR0OBBYEFPjYgtfTxSXVa/lbhNTe7VqyARPUMB8GA1UdIwQY
MBaAFG+elpbcz2waQyCQQIUUrs3D9gc5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYjU2V2x0elBiQnBESUpCQWhSU3V6Y1AyQnprLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81NS81N2NkNzItMzNlNC00MmRkLTlmMjIt
YmFmNGUwYjRhNjllLzEvMS1OaUMxOVBGSmRWci1WdUUxTjd0V3JJQkU5US5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNTUvNTdjZDcyLTMzZTQtNDJkZC05ZjIyLWJhZjRlMGI0YTY5
ZS8xL2I1NldsdHpQYkJwRElKQkFoUlN1emNQMkJ6ay5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAlBggrBgEFBQcBBwEB/wQWMBQwEgQCAAEwDAMEAMJcTwME
AsJcWDANBgkqhkiG9w0BAQsFAAOCAQEAqJfDIgFRxXQVs+u8h/rWcw452xQciv6V
FFrDLGzMrCNwkZ0Y5GefBBfoEA/TqFqFLlbwRTihcRlkZaG+oF8Y7Ph6HKIfIFtd
448BDU1LUheTGZau2vFb+FyoVicm1k61CFJoNku+lQhaAYWf9Ivy+QlNX0CKtp9X
1sexOmTAnGNFDfmbErlWOBlBV6Ktohnd2cuT5AQvnGxdoUjYX5pSi1+cT1wj++bN
IGyKTRSCW9x0eJa/NhtHeSJRO5fX6vJkDg3m3adSWYbgcsSEvb7YWuJ5frEoA+84
n6TzXTvpISdSHQBTQ6h6WPU8kJdhOb3TWb50XYU52AM0OLC8caSNiA==
-----END CERTIFICATE-----