Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/08/37ebe6-8bfe-4c1f-a183-83d648f79746/1/866qtzUw3r2JYGCZI8bcPe03RJE.roa
File:                     866qtzUw3r2JYGCZI8bcPe03RJE.roa (raw, json)
Hash identifier:          3l2oIi8PZ7WzWh0CnE9LWxq+OpYH212Z+BoOJAaryMQ=
Subject key identifier:   F3:AE:AA:B7:35:30:DE:BD:89:60:60:99:23:C6:DC:3D:ED:37:44:91
Certificate issuer:       /CN=568fe35cc962633a2757af10a0e6e8ab6d01f4c9
Certificate serial:       0194244557DD4E9F68E56456549248DFBEFF
Authority key identifier: 56:8F:E3:5C:C9:62:63:3A:27:57:AF:10:A0:E6:E8:AB:6D:01:F4:C9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Vo_jXMliYzonV68QoOboq20B9Mk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/08/37ebe6-8bfe-4c1f-a183-83d648f79746/1/866qtzUw3r2JYGCZI8bcPe03RJE.roa
Signing time:             Wed 01 Jan 2025 23:48:31 +0000
ROA not before:           Wed 01 Jan 2025 23:48:31 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     43417
IP address blocks:        213.194.108.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/08/37ebe6-8bfe-4c1f-a183-83d648f79746/1/Vo_jXMliYzonV68QoOboq20B9Mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/08/37ebe6-8bfe-4c1f-a183-83d648f79746/1/Vo_jXMliYzonV68QoOboq20B9Mk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Vo_jXMliYzonV68QoOboq20B9Mk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 18 Apr 2025 06:00:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:45:57:dd:4e:9f:68:e5:64:56:54:92:48:df:be:ff
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=568fe35cc962633a2757af10a0e6e8ab6d01f4c9
        Validity
            Not Before: Jan  1 23:48:31 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f3aeaab73530debd8960609923c6dc3ded374491
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:73:66:f6:cf:d0:a9:63:8d:90:42:7d:8e:6f:
                    1b:32:9a:a1:82:a0:06:d1:0f:63:7c:ac:cf:a9:13:
                    e6:a7:25:46:57:f3:eb:b5:73:1c:5f:45:08:56:f9:
                    6b:9e:6e:1d:fe:36:7a:19:99:c7:28:ff:5a:21:95:
                    bc:8e:37:9c:48:d8:15:be:9d:bf:8a:c9:25:5d:8d:
                    b8:ce:21:3f:97:7c:72:91:b2:aa:b5:19:b3:fd:13:
                    b9:de:2e:c0:72:71:75:62:33:e3:e3:d1:6f:95:3d:
                    a2:f6:87:e2:66:2f:df:19:72:67:c1:97:e4:02:ee:
                    71:e4:64:d0:6b:8f:7d:97:b1:da:5c:63:11:aa:b8:
                    8f:a7:aa:de:22:b6:43:b0:b3:21:89:b2:7b:88:88:
                    4f:86:25:d3:c5:e5:97:68:a8:0e:ac:e4:25:88:d8:
                    b9:f5:44:72:76:97:ff:dc:95:11:58:48:c8:20:8d:
                    01:94:0d:07:de:0f:18:c3:e6:05:39:61:ab:84:89:
                    fc:73:c4:ed:11:2c:5e:1e:75:17:69:01:c8:2b:c6:
                    cc:d0:9d:e0:5b:d9:e4:eb:7a:2b:99:01:45:8a:e4:
                    4c:18:09:a3:72:c6:64:35:de:36:de:ce:3c:a3:f4:
                    1b:12:59:b1:b4:1e:62:e6:22:26:f4:74:ed:2b:dd:
                    6b:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F3:AE:AA:B7:35:30:DE:BD:89:60:60:99:23:C6:DC:3D:ED:37:44:91
            X509v3 Authority Key Identifier:
                keyid:56:8F:E3:5C:C9:62:63:3A:27:57:AF:10:A0:E6:E8:AB:6D:01:F4:C9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Vo_jXMliYzonV68QoOboq20B9Mk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/08/37ebe6-8bfe-4c1f-a183-83d648f79746/1/866qtzUw3r2JYGCZI8bcPe03RJE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/08/37ebe6-8bfe-4c1f-a183-83d648f79746/1/Vo_jXMliYzonV68QoOboq20B9Mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.194.108.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7b:0b:44:ac:96:e8:ef:69:f9:39:0f:b0:f8:14:41:bf:40:14:
         1c:9c:c7:32:da:07:5b:a7:e2:43:79:13:fc:a2:07:37:a5:e1:
         e7:89:67:f2:d1:58:28:d7:65:71:32:9f:4f:3a:c9:84:2c:72:
         38:9c:6c:52:81:c7:14:fe:f2:50:cf:5c:65:49:b6:fc:e2:b1:
         71:f6:e8:2d:9a:8a:44:ee:a7:02:03:0d:76:b0:51:09:99:40:
         f0:fc:f2:65:66:56:b8:b7:2d:8e:ef:5a:e2:12:0d:0b:36:96:
         5c:93:f2:c4:d1:55:4f:e4:5c:76:6a:90:1c:8e:83:30:ac:f4:
         69:4b:94:46:d8:51:9d:89:3a:8f:d1:b0:ee:12:aa:22:b7:fb:
         20:a4:08:00:75:e9:19:28:78:0b:33:ed:b4:4c:d9:65:b1:86:
         00:80:54:3d:22:85:57:45:5e:01:a9:28:05:bd:23:d8:48:dc:
         6b:8d:64:e8:40:34:30:64:6a:ce:96:5f:8b:9f:01:52:4f:b4:
         0e:f2:69:bd:29:23:e6:c8:60:95:17:ea:61:d1:d8:3d:83:44:
         b8:45:19:a6:f0:a8:c1:54:70:77:c3:27:7f:37:b0:db:8b:5d:
         b5:2a:1e:c0:3a:b2:6e:c2:22:80:38:22:4f:2b:34:b7:d6:d0:
         7c:7c:09:2a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQkRVfdTp9o5WRWVJJI377/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU2OGZlMzVjYzk2MjYzM2EyNzU3YWYxMGEwZTZlOGFiNmQw
MWY0YzkwHhcNMjUwMTAxMjM0ODMxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmM2FlYWFiNzM1MzBkZWJkODk2MDYwOTkyM2M2ZGMzZGVkMzc0NDkxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm3Nm9s/QqWONkEJ9jm8bMpqhgqAG
0Q9jfKzPqRPmpyVGV/PrtXMcX0UIVvlrnm4d/jZ6GZnHKP9aIZW8jjecSNgVvp2/
isklXY24ziE/l3xykbKqtRmz/RO53i7AcnF1YjPj49FvlT2i9ofiZi/fGXJnwZfk
Au5x5GTQa499l7HaXGMRqriPp6reIrZDsLMhibJ7iIhPhiXTxeWXaKgOrOQliNi5
9URydpf/3JURWEjIII0BlA0H3g8Yw+YFOWGrhIn8c8TtESxeHnUXaQHIK8bM0J3g
W9nk63ormQFFiuRMGAmjcsZkNd423s48o/QbElmxtB5i5iIm9HTtK91rtwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPOuqrc1MN69iWBgmSPG3D3tN0SRMB8GA1UdIwQY
MBaAFFaP41zJYmM6J1evEKDm6KttAfTJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVm9falhNbGlZem9uVjY4UW9PYm9xMjBCOU1rLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOC8zN2ViZTYtOGJmZS00YzFmLWExODMt
ODNkNjQ4Zjc5NzQ2LzEvODY2cXR6VXczcjJKWUdDWkk4YmNQZTAzUkpFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOC8zN2ViZTYtOGJmZS00YzFmLWExODMtODNkNjQ4Zjc5NzQ2
LzEvVm9falhNbGlZem9uVjY4UW9PYm9xMjBCOU1rLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1cJsMA0G
CSqGSIb3DQEBCwUAA4IBAQB7C0Sslujvafk5D7D4FEG/QBQcnMcy2gdbp+JDeRP8
ogc3peHniWfy0Vgo12VxMp9POsmELHI4nGxSgccU/vJQz1xlSbb84rFx9ugtmopE
7qcCAw12sFEJmUDw/PJlZla4ty2O71riEg0LNpZck/LE0VVP5Fx2apAcjoMwrPRp
S5RG2FGdiTqP0bDuEqoit/sgpAgAdekZKHgLM+20TNllsYYAgFQ9IoVXRV4BqSgF
vSPYSNxrjWToQDQwZGrOll+LnwFST7QO8mm9KSPmyGCVF+ph0dg9g0S4RRmm8KjB
VHB3wyd/N7Dbi121Kh7AOrJuwiKAOCJPKzS31tB8fAkq
-----END CERTIFICATE-----