Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f8/2cc3ce-ec81-45ed-86e6-9ada2378a9a0/1/vXLxmgMvC7DEJcD1j4sd7fYYKao.roa
File:                     vXLxmgMvC7DEJcD1j4sd7fYYKao.roa (raw, json)
Hash identifier:          iJI4ECgDw9YmVWAs4imuXowkCLOYQoqeB/2Y2d8ce+g=
Subject key identifier:   BD:72:F1:9A:03:2F:0B:B0:C4:25:C0:F5:8F:8B:1D:ED:F6:18:29:AA
Certificate issuer:       /CN=d5be07670c2c9a2ae0278131aa29cf3ce7a5aaa3
Certificate serial:       019426D92AA7039BCC7751687B2129BDF90F
Authority key identifier: D5:BE:07:67:0C:2C:9A:2A:E0:27:81:31:AA:29:CF:3C:E7:A5:AA:A3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1b4HZwwsmirgJ4ExqinPPOelqqM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f8/2cc3ce-ec81-45ed-86e6-9ada2378a9a0/1/vXLxmgMvC7DEJcD1j4sd7fYYKao.roa
Signing time:             Thu 02 Jan 2025 11:49:13 +0000
ROA not before:           Thu 02 Jan 2025 11:49:13 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     208344
IP address blocks:        194.110.221.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f8/2cc3ce-ec81-45ed-86e6-9ada2378a9a0/1/1b4HZwwsmirgJ4ExqinPPOelqqM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f8/2cc3ce-ec81-45ed-86e6-9ada2378a9a0/1/1b4HZwwsmirgJ4ExqinPPOelqqM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1b4HZwwsmirgJ4ExqinPPOelqqM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 28 Apr 2025 07:29:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:d9:2a:a7:03:9b:cc:77:51:68:7b:21:29:bd:f9:0f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d5be07670c2c9a2ae0278131aa29cf3ce7a5aaa3
        Validity
            Not Before: Jan  2 11:49:13 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=bd72f19a032f0bb0c425c0f58f8b1dedf61829aa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:55:a4:73:83:25:d0:1b:d1:fb:5d:d5:5a:58:
                    5b:39:dd:4f:70:d6:1a:75:3e:f3:51:ba:5d:6c:4f:
                    53:ae:80:02:22:37:31:a9:ab:95:0a:0e:0e:d2:96:
                    50:86:f1:a4:26:49:19:33:10:11:e1:3c:33:e6:4a:
                    82:64:d3:7b:73:a4:d0:96:96:99:c4:de:61:14:d7:
                    80:68:76:3e:18:98:97:cb:8e:85:87:6d:f5:53:0c:
                    63:44:fb:07:25:63:27:e0:0e:84:20:92:e3:ed:a7:
                    86:15:37:44:8c:37:22:4b:2a:98:0c:06:48:f1:1a:
                    d5:36:5b:ae:22:be:cb:b8:86:90:3b:9e:62:a1:fe:
                    9e:5a:e9:eb:0e:1e:74:77:1f:3a:7c:b6:e1:49:2d:
                    e3:17:12:7a:d3:3b:a6:d7:fa:39:7a:28:21:b7:1b:
                    a0:a5:52:c1:da:43:49:f1:8b:21:8a:57:17:ce:cf:
                    66:19:72:81:77:42:6e:8e:6b:93:50:8e:c1:91:22:
                    c3:39:05:d5:7b:a3:40:02:c1:f5:5c:db:9e:de:05:
                    1b:94:75:2c:8a:16:e7:2c:ba:7d:b3:6f:3b:23:f2:
                    3e:8b:db:90:63:cb:88:9d:bd:3b:06:2a:00:f1:74:
                    8c:b8:28:08:af:f3:b7:eb:99:fa:ec:ff:e9:77:9d:
                    15:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BD:72:F1:9A:03:2F:0B:B0:C4:25:C0:F5:8F:8B:1D:ED:F6:18:29:AA
            X509v3 Authority Key Identifier:
                keyid:D5:BE:07:67:0C:2C:9A:2A:E0:27:81:31:AA:29:CF:3C:E7:A5:AA:A3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1b4HZwwsmirgJ4ExqinPPOelqqM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f8/2cc3ce-ec81-45ed-86e6-9ada2378a9a0/1/vXLxmgMvC7DEJcD1j4sd7fYYKao.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f8/2cc3ce-ec81-45ed-86e6-9ada2378a9a0/1/1b4HZwwsmirgJ4ExqinPPOelqqM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.110.221.0/24

    Signature Algorithm: sha256WithRSAEncryption
         71:c8:11:db:75:84:f1:b2:7c:8a:6e:0b:fe:1d:bd:ba:8f:de:
         be:a0:69:f3:20:8a:7a:6b:94:3a:54:63:62:d3:87:8d:2c:d2:
         e8:ad:b4:3c:06:1f:55:71:b1:74:f3:47:c8:f3:f3:98:dc:17:
         23:aa:83:a9:75:96:be:19:f6:c6:e5:d7:59:5e:d2:5e:db:e3:
         5a:3e:65:9a:52:22:fa:a4:7d:82:32:ed:fa:b0:c2:87:75:62:
         56:8a:5e:d2:5d:82:eb:b0:e5:fb:72:31:e5:75:83:b5:af:92:
         5e:47:4c:2c:cc:11:dd:16:03:79:a1:6e:8d:4a:5b:b6:45:c1:
         1b:19:7c:36:2c:9c:d6:7a:80:82:d2:49:24:2c:74:ce:5c:b1:
         96:fb:ca:d3:df:4f:8a:63:08:81:2f:63:f5:2a:1e:10:25:10:
         8d:ec:d6:ac:68:0e:f2:da:42:0c:3c:e6:13:9a:47:b0:68:25:
         0a:24:6c:62:01:d1:89:bb:dd:87:da:3f:b1:f1:9c:b7:60:7e:
         51:09:25:91:92:90:fd:66:8e:69:87:ff:49:0d:b2:e0:c3:a4:
         a3:7e:61:f9:d2:9f:ea:80:e0:43:c7:fc:e2:21:0c:e8:86:1c:
         ae:a7:15:e3:8f:fa:6e:05:0e:e7:d2:26:ab:9c:10:9d:1a:b0:
         47:c6:c1:61
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQm2SqnA5vMd1FoeyEpvfkPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ1YmUwNzY3MGMyYzlhMmFlMDI3ODEzMWFhMjljZjNjZTdh
NWFhYTMwHhcNMjUwMTAyMTE0OTEzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZDcyZjE5YTAzMmYwYmIwYzQyNWMwZjU4ZjhiMWRlZGY2MTgyOWFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq1Wkc4Ml0BvR+13VWlhbOd1PcNYa
dT7zUbpdbE9TroACIjcxqauVCg4O0pZQhvGkJkkZMxAR4Twz5kqCZNN7c6TQlpaZ
xN5hFNeAaHY+GJiXy46Fh231UwxjRPsHJWMn4A6EIJLj7aeGFTdEjDciSyqYDAZI
8RrVNluuIr7LuIaQO55iof6eWunrDh50dx86fLbhSS3jFxJ60zum1/o5eightxug
pVLB2kNJ8YshilcXzs9mGXKBd0JujmuTUI7BkSLDOQXVe6NAAsH1XNue3gUblHUs
ihbnLLp9s287I/I+i9uQY8uInb07BioA8XSMuCgIr/O365n67P/pd50VVwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFL1y8ZoDLwuwxCXA9Y+LHe32GCmqMB8GA1UdIwQY
MBaAFNW+B2cMLJoq4CeBMaopzzznpaqjMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMWI0SFp3d3NtaXJnSjRFeHFpblBQT2VscXFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mOC8yY2MzY2UtZWM4MS00NWVkLTg2ZTYt
OWFkYTIzNzhhOWEwLzEvdlhMeG1nTXZDN0RFSmNEMWo0c2Q3ZllZS2FvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mOC8yY2MzY2UtZWM4MS00NWVkLTg2ZTYtOWFkYTIzNzhhOWEw
LzEvMWI0SFp3d3NtaXJnSjRFeHFpblBQT2VscXFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwm7dMA0G
CSqGSIb3DQEBCwUAA4IBAQBxyBHbdYTxsnyKbgv+Hb26j96+oGnzIIp6a5Q6VGNi
04eNLNLorbQ8Bh9VcbF080fI8/OY3BcjqoOpdZa+GfbG5ddZXtJe2+NaPmWaUiL6
pH2CMu36sMKHdWJWil7SXYLrsOX7cjHldYO1r5JeR0wszBHdFgN5oW6NSlu2RcEb
GXw2LJzWeoCC0kkkLHTOXLGW+8rT30+KYwiBL2P1Kh4QJRCN7NasaA7y2kIMPOYT
mkewaCUKJGxiAdGJu92H2j+x8Zy3YH5RCSWRkpD9Zo5ph/9JDbLgw6SjfmH50p/q
gOBDx/ziIQzohhyupxXjj/puBQ7n0iarnBCdGrBHxsFh
-----END CERTIFICATE-----