Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/18/ba2362-0cc5-49bd-a522-4f0e8ce11a7d/1/v7T9_oyFYAPN_vUJUuEgZ_WQNJI.roa
File:                     v7T9_oyFYAPN_vUJUuEgZ_WQNJI.roa (raw, json)
Hash identifier:          XchZv6OupInQB4mmV3EszoeFc599qe/XG+jbFEKYskA=
Subject key identifier:   BF:B4:FD:FE:8C:85:60:03:CD:FE:F5:09:52:E1:20:67:F5:90:34:92
Certificate issuer:       /CN=d747017564c711bcbd57680a0dfd00f2a5d099db
Certificate serial:       01942746EC6B394FD02B5945799C2647313E
Authority key identifier: D7:47:01:75:64:C7:11:BC:BD:57:68:0A:0D:FD:00:F2:A5:D0:99:DB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/10cBdWTHEby9V2gKDf0A8qXQmds.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/18/ba2362-0cc5-49bd-a522-4f0e8ce11a7d/1/v7T9_oyFYAPN_vUJUuEgZ_WQNJI.roa
Signing time:             Thu 02 Jan 2025 13:49:06 +0000
ROA not before:           Thu 02 Jan 2025 13:49:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     6659
IP address blocks:        194.64.31.0/24 maxlen: 24
                          195.180.249.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/18/ba2362-0cc5-49bd-a522-4f0e8ce11a7d/1/10cBdWTHEby9V2gKDf0A8qXQmds.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/18/ba2362-0cc5-49bd-a522-4f0e8ce11a7d/1/10cBdWTHEby9V2gKDf0A8qXQmds.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/10cBdWTHEby9V2gKDf0A8qXQmds.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:46:ec:6b:39:4f:d0:2b:59:45:79:9c:26:47:31:3e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d747017564c711bcbd57680a0dfd00f2a5d099db
        Validity
            Not Before: Jan  2 13:49:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=bfb4fdfe8c856003cdfef50952e12067f5903492
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:8e:77:21:0f:e0:4e:31:5f:77:08:3e:75:5e:
                    74:c3:54:d6:1f:1f:70:38:5b:78:b2:42:e9:8e:41:
                    81:0e:f6:1b:b3:21:ed:4b:2c:79:aa:f5:2b:71:32:
                    4e:76:1a:64:02:77:40:e2:19:f0:20:66:12:7b:06:
                    8c:39:11:f7:f9:54:de:e4:8b:d1:97:40:5c:96:4b:
                    2c:ff:d3:35:74:5e:32:d6:c5:b5:32:80:42:5f:aa:
                    07:0a:7c:b5:05:fc:10:eb:59:a5:94:28:e1:ff:cf:
                    62:5b:80:fe:82:98:80:24:7f:1a:aa:8e:c1:e0:33:
                    c7:d5:d9:72:4a:6d:12:5a:f3:9c:41:92:42:2f:8b:
                    2c:49:98:3f:28:c6:7e:b7:03:c8:99:cc:b8:a7:78:
                    6f:16:a6:7f:88:bb:66:bd:ce:80:87:a6:05:5d:54:
                    25:fd:c2:31:ac:c6:6d:b1:3d:41:2d:d9:28:ef:1a:
                    d8:99:90:b9:a2:00:eb:f6:af:45:a6:51:d4:0c:3a:
                    79:ef:cc:7a:40:cf:14:26:57:cf:c5:01:32:b8:b8:
                    94:36:91:ca:b4:8e:14:d2:9b:e4:e9:88:bc:0f:b8:
                    e8:de:d2:1b:05:e5:68:4f:06:6a:7a:ef:f9:8f:cd:
                    e7:0e:c2:15:53:47:bb:75:a2:50:08:55:04:8b:91:
                    95:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BF:B4:FD:FE:8C:85:60:03:CD:FE:F5:09:52:E1:20:67:F5:90:34:92
            X509v3 Authority Key Identifier:
                keyid:D7:47:01:75:64:C7:11:BC:BD:57:68:0A:0D:FD:00:F2:A5:D0:99:DB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/10cBdWTHEby9V2gKDf0A8qXQmds.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/18/ba2362-0cc5-49bd-a522-4f0e8ce11a7d/1/v7T9_oyFYAPN_vUJUuEgZ_WQNJI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/18/ba2362-0cc5-49bd-a522-4f0e8ce11a7d/1/10cBdWTHEby9V2gKDf0A8qXQmds.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.64.31.0/24
                  195.180.249.0/24

    Signature Algorithm: sha256WithRSAEncryption
         70:d0:8b:fe:58:08:57:fd:f2:da:53:62:41:15:dc:bf:65:32:
         59:35:1d:bc:7d:39:6f:a0:5a:87:66:ee:89:0c:1b:58:cf:46:
         52:65:e8:bc:b9:57:89:8a:84:9c:3b:16:5b:79:8e:57:7d:15:
         8f:58:20:6a:a0:49:eb:11:db:5e:4f:89:0d:a4:65:ed:93:a9:
         93:6d:ea:6c:a8:36:e1:1d:b0:c0:5a:22:2c:05:45:17:20:a2:
         ba:76:11:4e:b8:59:25:4b:d0:54:55:48:8d:23:fe:29:18:a0:
         52:62:66:08:70:42:0d:a4:5e:f6:fa:d2:27:ee:38:12:fc:0e:
         10:ed:75:ae:5d:ef:70:9e:28:69:38:5b:38:04:0f:53:16:b7:
         50:00:f4:08:19:43:06:0d:69:20:d0:16:4e:28:5d:97:87:da:
         93:14:05:26:ed:9b:68:9b:46:07:2f:41:b2:20:95:48:c6:c3:
         9e:dc:df:d1:69:f4:f7:85:51:94:d5:57:11:9f:d2:18:cd:69:
         cb:23:ad:a3:71:a3:43:08:bc:07:87:18:fc:2d:a5:1e:2a:b4:
         63:f0:45:26:d2:79:68:04:7b:20:c7:94:16:46:8c:be:e8:a7:
         0a:12:2a:86:e4:f0:d6:52:4e:d6:b6:81:f7:e7:91:e4:44:99:
         80:33:07:99
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQnRuxrOU/QK1lFeZwmRzE+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ3NDcwMTc1NjRjNzExYmNiZDU3NjgwYTBkZmQwMGYyYTVk
MDk5ZGIwHhcNMjUwMTAyMTM0OTA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZmI0ZmRmZThjODU2MDAzY2RmZWY1MDk1MmUxMjA2N2Y1OTAzNDkyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs453IQ/gTjFfdwg+dV50w1TWHx9w
OFt4skLpjkGBDvYbsyHtSyx5qvUrcTJOdhpkAndA4hnwIGYSewaMORH3+VTe5IvR
l0Bclkss/9M1dF4y1sW1MoBCX6oHCny1BfwQ61mllCjh/89iW4D+gpiAJH8aqo7B
4DPH1dlySm0SWvOcQZJCL4ssSZg/KMZ+twPImcy4p3hvFqZ/iLtmvc6Ah6YFXVQl
/cIxrMZtsT1BLdko7xrYmZC5ogDr9q9FplHUDDp578x6QM8UJlfPxQEyuLiUNpHK
tI4U0pvk6Yi8D7jo3tIbBeVoTwZqeu/5j83nDsIVU0e7daJQCFUEi5GV9wIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFL+0/f6MhWADzf71CVLhIGf1kDSSMB8GA1UdIwQY
MBaAFNdHAXVkxxG8vVdoCg39APKl0JnbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMTBjQmRXVEhFYnk5VjJnS0RmMEE4cVhRbWRzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xOC9iYTIzNjItMGNjNS00OWJkLWE1MjIt
NGYwZThjZTExYTdkLzEvdjdUOV9veUZZQVBOX3ZVSlV1RWdaX1dRTkpJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xOC9iYTIzNjItMGNjNS00OWJkLWE1MjItNGYwZThjZTExYTdk
LzEvMTBjQmRXVEhFYnk5VjJnS0RmMEE4cVhRbWRzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAwkAfAwQA
w7T5MA0GCSqGSIb3DQEBCwUAA4IBAQBw0Iv+WAhX/fLaU2JBFdy/ZTJZNR28fTlv
oFqHZu6JDBtYz0ZSZei8uVeJioScOxZbeY5XfRWPWCBqoEnrEdteT4kNpGXtk6mT
bepsqDbhHbDAWiIsBUUXIKK6dhFOuFklS9BUVUiNI/4pGKBSYmYIcEINpF72+tIn
7jgS/A4Q7XWuXe9wnihpOFs4BA9TFrdQAPQIGUMGDWkg0BZOKF2Xh9qTFAUm7Zto
m0YHL0GyIJVIxsOe3N/RafT3hVGU1VcRn9IYzWnLI62jcaNDCLwHhxj8LaUeKrRj
8EUm0nloBHsgx5QWRoy+6KcKEiqG5PDWUk7WtoH355HkRJmAMweZ
-----END CERTIFICATE-----