Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/BmPrlcqYb5XUQKmFppotpRjx3A4.roa
File:                     BmPrlcqYb5XUQKmFppotpRjx3A4.roa (raw, json)
Hash identifier:          2QeozFjSFRiiHUcFahonzqhp1O36hvusJGtz8w0+X2U=
Subject key identifier:   06:63:EB:95:CA:98:6F:95:D4:40:A9:85:A6:9A:2D:A5:18:F1:DC:0E
Certificate issuer:       /CN=093353c1fabe896af8b85fe7600e4634968fcc4c
Certificate serial:       019421440B119C5EBCDB2153B1861EEEB74E
Authority key identifier: 09:33:53:C1:FA:BE:89:6A:F8:B8:5F:E7:60:0E:46:34:96:8F:CC:4C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CTNTwfq-iWr4uF_nYA5GNJaPzEw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/BmPrlcqYb5XUQKmFppotpRjx3A4.roa
Signing time:             Wed 01 Jan 2025 09:48:14 +0000
ROA not before:           Wed 01 Jan 2025 09:48:14 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     60081
IP address blocks:        176.100.40.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/CTNTwfq-iWr4uF_nYA5GNJaPzEw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/CTNTwfq-iWr4uF_nYA5GNJaPzEw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CTNTwfq-iWr4uF_nYA5GNJaPzEw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 11 Apr 2025 04:00:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:44:0b:11:9c:5e:bc:db:21:53:b1:86:1e:ee:b7:4e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=093353c1fabe896af8b85fe7600e4634968fcc4c
        Validity
            Not Before: Jan  1 09:48:14 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0663eb95ca986f95d440a985a69a2da518f1dc0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:60:e6:74:61:76:ba:4b:fe:c1:84:54:df:72:
                    1f:7f:45:bc:e1:9c:37:c0:df:d9:61:e3:be:1d:15:
                    1a:78:d8:67:82:9b:e4:3a:bd:48:f0:3d:b5:45:45:
                    18:21:e9:20:17:6b:f5:aa:aa:1f:de:fe:71:74:8e:
                    53:cb:e2:98:6b:8b:75:a9:94:f2:3e:80:d2:cc:3f:
                    49:01:6d:ac:cc:e4:00:35:94:13:45:f0:8f:2b:31:
                    b6:95:74:fd:6c:1e:1d:23:d7:52:a7:99:77:6f:2e:
                    39:47:60:ed:f4:96:c1:2f:43:38:f5:6d:33:e6:2b:
                    dd:5f:6e:63:6a:4e:3b:f0:36:10:99:1b:68:7c:32:
                    ae:12:b0:16:fb:1f:11:ba:0c:50:c5:1e:5a:43:d1:
                    9d:ad:91:ef:15:45:0c:a2:a1:d9:d5:a4:e5:78:44:
                    79:68:77:20:49:80:e8:11:4d:b4:5a:d5:6e:66:7d:
                    32:53:1d:34:94:b4:31:3b:67:ca:8b:02:4d:c5:aa:
                    70:cd:29:e5:b6:93:9e:f7:33:f2:e7:a6:5b:e7:b2:
                    88:99:19:2e:0f:04:a9:b5:07:cf:42:d7:ce:94:d3:
                    ef:02:6d:00:99:a8:14:8e:e3:58:f1:9b:82:3c:1b:
                    1a:ff:d8:29:68:60:1c:1f:c2:86:90:aa:0e:f0:85:
                    29:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                06:63:EB:95:CA:98:6F:95:D4:40:A9:85:A6:9A:2D:A5:18:F1:DC:0E
            X509v3 Authority Key Identifier:
                keyid:09:33:53:C1:FA:BE:89:6A:F8:B8:5F:E7:60:0E:46:34:96:8F:CC:4C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CTNTwfq-iWr4uF_nYA5GNJaPzEw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/BmPrlcqYb5XUQKmFppotpRjx3A4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/CTNTwfq-iWr4uF_nYA5GNJaPzEw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.100.40.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3d:ae:02:53:c6:ae:64:7d:e1:c2:dc:e0:08:1f:89:de:d7:56:
         8d:cc:e5:08:3f:5a:92:50:12:35:14:90:c6:8d:03:30:df:e7:
         f0:c4:74:a0:13:bc:36:b3:a6:66:db:23:cc:4f:c3:8c:a2:04:
         c4:e5:93:85:0f:bc:5b:2e:47:03:59:78:ec:68:2c:14:2f:c2:
         b6:61:d3:48:c0:31:7f:4b:f3:82:9c:a1:ed:1e:52:8d:8c:81:
         9e:4b:4c:f0:1c:0f:2e:97:39:41:cb:bb:27:80:8c:51:ec:aa:
         9f:8c:0d:d8:ab:0e:55:d2:40:1f:81:51:c9:44:25:41:ed:6a:
         8b:2d:66:57:37:b9:85:d6:85:5f:8c:a5:57:b8:50:7d:8d:32:
         6a:8d:ce:72:9f:01:08:44:40:d9:63:00:ea:3e:76:fb:14:81:
         8c:35:7a:05:06:03:4e:8b:b6:8c:3e:b2:ea:51:cd:28:6f:0d:
         05:b4:c7:e1:3c:6f:4d:69:fb:4b:94:be:7d:7b:af:a0:86:ff:
         7d:18:9d:c5:0c:31:80:7e:53:01:95:41:84:27:7f:31:fc:80:
         2d:be:70:5c:fc:70:9d:54:c4:ac:9f:90:35:8f:a6:3f:f1:03:
         65:b1:ff:c4:be:0f:bf:b2:01:9b:da:89:05:7a:57:43:1b:87:
         ea:df:c4:fb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhRAsRnF682yFTsYYe7rdOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA5MzM1M2MxZmFiZTg5NmFmOGI4NWZlNzYwMGU0NjM0OTY4
ZmNjNGMwHhcNMjUwMTAxMDk0ODE0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNjYzZWI5NWNhOTg2Zjk1ZDQ0MGE5ODVhNjlhMmRhNTE4ZjFkYzBlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAomDmdGF2ukv+wYRU33Iff0W84Zw3
wN/ZYeO+HRUaeNhngpvkOr1I8D21RUUYIekgF2v1qqof3v5xdI5Ty+KYa4t1qZTy
PoDSzD9JAW2szOQANZQTRfCPKzG2lXT9bB4dI9dSp5l3by45R2Dt9JbBL0M49W0z
5ivdX25jak478DYQmRtofDKuErAW+x8RugxQxR5aQ9GdrZHvFUUMoqHZ1aTleER5
aHcgSYDoEU20WtVuZn0yUx00lLQxO2fKiwJNxapwzSnltpOe9zPy56Zb57KImRku
DwSptQfPQtfOlNPvAm0AmagUjuNY8ZuCPBsa/9gpaGAcH8KGkKoO8IUpQwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAZj65XKmG+V1ECphaaaLaUY8dwOMB8GA1UdIwQY
MBaAFAkzU8H6volq+Lhf52AORjSWj8xMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ1ROVHdmcS1pV3I0dUZfbllBNUdOSmFQekV3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yi83YjkzMzYtZTlmOC00ZTI3LWFmNGIt
MjM5ZDJmZTM5OGIxLzEvQm1QcmxjcVliNVhVUUttRnBwb3RwUmp4M0E0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yi83YjkzMzYtZTlmOC00ZTI3LWFmNGItMjM5ZDJmZTM5OGIx
LzEvQ1ROVHdmcS1pV3I0dUZfbllBNUdOSmFQekV3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsGQoMA0G
CSqGSIb3DQEBCwUAA4IBAQA9rgJTxq5kfeHC3OAIH4ne11aNzOUIP1qSUBI1FJDG
jQMw3+fwxHSgE7w2s6Zm2yPMT8OMogTE5ZOFD7xbLkcDWXjsaCwUL8K2YdNIwDF/
S/OCnKHtHlKNjIGeS0zwHA8ulzlBy7sngIxR7KqfjA3Yqw5V0kAfgVHJRCVB7WqL
LWZXN7mF1oVfjKVXuFB9jTJqjc5ynwEIREDZYwDqPnb7FIGMNXoFBgNOi7aMPrLq
Uc0obw0FtMfhPG9NaftLlL59e6+ghv99GJ3FDDGAflMBlUGEJ38x/IAtvnBc/HCd
VMSsn5A1j6Y/8QNlsf/Evg+/sgGb2okFeldDG4fq38T7
-----END CERTIFICATE-----