Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/73/f37538-7f9f-4228-a31e-2dab43ac04b3/1/kJep7a3FRkNs3KQgMS6kDueqf3w.roa
File:                     kJep7a3FRkNs3KQgMS6kDueqf3w.roa (raw, json)
Hash identifier:          dBpCegRmmKMPJmbKSXlcIE1LjID2HAF4dE0zWcCDOWk=
Subject key identifier:   90:97:A9:ED:AD:C5:46:43:6C:DC:A4:20:31:2E:A4:0E:E7:AA:7F:7C
Certificate issuer:       /CN=709f8f32082152359cdaf9aabd4a551f4fb40213
Certificate serial:       01942747B79452916556554170E35E4D65B1
Authority key identifier: 70:9F:8F:32:08:21:52:35:9C:DA:F9:AA:BD:4A:55:1F:4F:B4:02:13
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cJ-PMgghUjWc2vmqvUpVH0-0AhM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/73/f37538-7f9f-4228-a31e-2dab43ac04b3/1/kJep7a3FRkNs3KQgMS6kDueqf3w.roa
Signing time:             Thu 02 Jan 2025 13:49:58 +0000
ROA not before:           Thu 02 Jan 2025 13:49:58 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     43815
IP address blocks:        193.30.244.0/24 maxlen: 24
                          2001:678:8b0::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/73/f37538-7f9f-4228-a31e-2dab43ac04b3/1/cJ-PMgghUjWc2vmqvUpVH0-0AhM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/73/f37538-7f9f-4228-a31e-2dab43ac04b3/1/cJ-PMgghUjWc2vmqvUpVH0-0AhM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cJ-PMgghUjWc2vmqvUpVH0-0AhM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 22 Apr 2025 16:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:47:b7:94:52:91:65:56:55:41:70:e3:5e:4d:65:b1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=709f8f32082152359cdaf9aabd4a551f4fb40213
        Validity
            Not Before: Jan  2 13:49:58 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9097a9edadc546436cdca420312ea40ee7aa7f7c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ef:d2:fb:c7:5c:53:29:42:4e:07:2c:1a:49:d8:
                    b5:17:15:3a:d8:4f:04:f9:b3:12:9d:1b:b6:10:7e:
                    bd:de:39:03:e1:f5:1b:cf:fa:3b:64:38:85:9f:2a:
                    bf:72:6f:10:16:ed:22:60:b4:54:96:96:8a:58:89:
                    38:a9:85:39:82:f5:06:a9:ba:31:f2:85:2a:55:02:
                    1e:ff:a4:f9:5e:03:a6:0c:18:92:ff:f9:ff:e9:b5:
                    11:2a:36:88:cc:03:43:b6:47:18:24:89:b0:72:4b:
                    f9:f6:37:4e:41:8b:71:24:3a:ed:35:63:6e:55:dd:
                    8c:9a:6b:b3:e4:e9:8c:22:fa:df:33:90:d9:87:34:
                    fc:b9:c2:d6:10:24:ce:5b:4c:63:ed:3c:ae:f3:18:
                    0d:11:a4:ad:10:31:37:22:ce:0d:ea:8a:31:76:8f:
                    e6:63:a7:7d:a4:aa:e8:4f:41:c9:52:5c:69:cc:75:
                    2a:fb:25:e3:7c:9b:6a:3d:42:23:85:ef:c6:25:db:
                    e3:05:9c:fd:75:28:cd:8b:56:97:4d:77:28:35:aa:
                    4d:25:96:4e:0e:54:bf:25:32:84:a4:f5:36:ec:03:
                    84:5b:42:94:be:a4:2a:02:5b:5f:34:e1:ae:83:36:
                    1e:42:8b:de:3f:85:d1:d7:1e:97:c6:71:fd:b9:fc:
                    71:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                90:97:A9:ED:AD:C5:46:43:6C:DC:A4:20:31:2E:A4:0E:E7:AA:7F:7C
            X509v3 Authority Key Identifier:
                keyid:70:9F:8F:32:08:21:52:35:9C:DA:F9:AA:BD:4A:55:1F:4F:B4:02:13

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cJ-PMgghUjWc2vmqvUpVH0-0AhM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/73/f37538-7f9f-4228-a31e-2dab43ac04b3/1/kJep7a3FRkNs3KQgMS6kDueqf3w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/73/f37538-7f9f-4228-a31e-2dab43ac04b3/1/cJ-PMgghUjWc2vmqvUpVH0-0AhM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.30.244.0/24
                IPv6:
                  2001:678:8b0::/48

    Signature Algorithm: sha256WithRSAEncryption
         91:25:bb:11:4e:5b:f3:c2:87:54:86:0c:66:7e:b2:c0:05:01:
         31:4a:8a:b8:d9:22:51:d1:bc:dd:97:f8:d6:f6:ac:56:48:ec:
         18:71:7f:c1:52:1e:a9:96:b2:6b:50:e0:a0:d4:14:8f:70:95:
         70:d4:cb:c7:84:53:19:16:07:f1:41:f3:a6:50:6c:a0:c4:83:
         b3:5b:e5:a3:c1:3e:6c:50:0a:a5:4d:61:02:24:17:39:56:fe:
         cd:ea:61:18:ba:6b:f8:3b:df:23:b6:93:0e:65:88:31:dd:b0:
         90:4f:68:23:02:cf:3e:e2:53:95:37:02:29:51:5c:c0:89:c3:
         57:e3:43:4d:c2:98:41:40:cb:dc:01:ea:2c:16:7d:09:03:bb:
         82:3b:2c:e0:94:c2:b1:e0:5b:51:07:db:56:49:70:43:18:ed:
         bc:02:c4:b0:91:5d:f1:61:e0:d1:d0:7a:31:2a:ad:8b:a8:8a:
         8f:d6:31:f6:83:44:26:8b:02:56:5c:3c:fe:4b:0e:96:67:3c:
         b8:a0:db:7c:97:2b:73:b4:d1:72:27:2d:35:27:ed:f7:f7:32:
         cd:79:3e:b3:7d:ea:5c:26:15:05:f6:fa:5d:10:be:14:86:72:
         d6:04:56:61:14:8a:a7:09:31:15:84:02:c1:e3:f9:6d:c9:6e:
         27:62:94:e9
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZQnR7eUUpFlVlVBcONeTWWxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcwOWY4ZjMyMDgyMTUyMzU5Y2RhZjlhYWJkNGE1NTFmNGZi
NDAyMTMwHhcNMjUwMTAyMTM0OTU4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MDk3YTllZGFkYzU0NjQzNmNkY2E0MjAzMTJlYTQwZWU3YWE3ZjdjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA79L7x1xTKUJOBywaSdi1FxU62E8E
+bMSnRu2EH693jkD4fUbz/o7ZDiFnyq/cm8QFu0iYLRUlpaKWIk4qYU5gvUGqbox
8oUqVQIe/6T5XgOmDBiS//n/6bURKjaIzANDtkcYJImwckv59jdOQYtxJDrtNWNu
Vd2Mmmuz5OmMIvrfM5DZhzT8ucLWECTOW0xj7Tyu8xgNEaStEDE3Is4N6ooxdo/m
Y6d9pKroT0HJUlxpzHUq+yXjfJtqPUIjhe/GJdvjBZz9dSjNi1aXTXcoNapNJZZO
DlS/JTKEpPU27AOEW0KUvqQqAltfNOGugzYeQoveP4XR1x6XxnH9ufxxXwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFJCXqe2txUZDbNykIDEupA7nqn98MB8GA1UdIwQY
MBaAFHCfjzIIIVI1nNr5qr1KVR9PtAITMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY0otUE1nZ2hValdjMnZtcXZVcFZIMC0wQWhNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83My9mMzc1MzgtN2Y5Zi00MjI4LWEzMWUt
MmRhYjQzYWMwNGIzLzEva0plcDdhM0ZSa05zM0tRZ01TNmtEdWVxZjN3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83My9mMzc1MzgtN2Y5Zi00MjI4LWEzMWUtMmRhYjQzYWMwNGIz
LzEvY0otUE1nZ2hValdjMnZtcXZVcFZIMC0wQWhNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAwR70MA8E
AgACMAkDBwAgAQZ4CLAwDQYJKoZIhvcNAQELBQADggEBAJEluxFOW/PCh1SGDGZ+
ssAFATFKirjZIlHRvN2X+Nb2rFZI7Bhxf8FSHqmWsmtQ4KDUFI9wlXDUy8eEUxkW
B/FB86ZQbKDEg7Nb5aPBPmxQCqVNYQIkFzlW/s3qYRi6a/g73yO2kw5liDHdsJBP
aCMCzz7iU5U3AilRXMCJw1fjQ03CmEFAy9wB6iwWfQkDu4I7LOCUwrHgW1EH21ZJ
cEMY7bwCxLCRXfFh4NHQejEqrYuoio/WMfaDRCaLAlZcPP5LDpZnPLig23yXK3O0
0XInLTUn7ff3Ms15PrN96lwmFQX2+l0QvhSGctYEVmEUiqcJMRWEAsHj+W3Jbidi
lOk=
-----END CERTIFICATE-----