Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/86/345c9b-7b4a-4b21-9b00-4d301684c3bc/1/qo2a4lO3f4INhuJwHg-a_kb1Uw0.roa
File:                     qo2a4lO3f4INhuJwHg-a_kb1Uw0.roa (raw, json)
Hash identifier:          Mq/0MPb+8DLoVQSsA/LmGY9yMeYe1hfS1EX+C5wkfg0=
Subject key identifier:   AA:8D:9A:E2:53:B7:7F:82:0D:86:E2:70:1E:0F:9A:FE:46:F5:53:0D
Certificate issuer:       /CN=a76abda90346d0cad25dca6f7450bccf8d08e771
Certificate serial:       019421B1B5FB31FBBDF0049D9F758BD2575E
Authority key identifier: A7:6A:BD:A9:03:46:D0:CA:D2:5D:CA:6F:74:50:BC:CF:8D:08:E7:71
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/p2q9qQNG0MrSXcpvdFC8z40I53E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/86/345c9b-7b4a-4b21-9b00-4d301684c3bc/1/qo2a4lO3f4INhuJwHg-a_kb1Uw0.roa
Signing time:             Wed 01 Jan 2025 11:48:02 +0000
ROA not before:           Wed 01 Jan 2025 11:48:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     16509
IP address blocks:        193.227.82.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/86/345c9b-7b4a-4b21-9b00-4d301684c3bc/1/p2q9qQNG0MrSXcpvdFC8z40I53E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/86/345c9b-7b4a-4b21-9b00-4d301684c3bc/1/p2q9qQNG0MrSXcpvdFC8z40I53E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/p2q9qQNG0MrSXcpvdFC8z40I53E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:b1:b5:fb:31:fb:bd:f0:04:9d:9f:75:8b:d2:57:5e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a76abda90346d0cad25dca6f7450bccf8d08e771
        Validity
            Not Before: Jan  1 11:48:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=aa8d9ae253b77f820d86e2701e0f9afe46f5530d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:45:70:1d:7c:4f:16:e7:25:16:d8:3a:b7:92:
                    bf:4d:2c:30:f0:80:9f:c0:7c:b8:8c:35:3a:40:e9:
                    35:f8:80:0d:74:f8:4f:09:97:d3:b6:9c:0a:1a:d2:
                    d9:83:76:a8:2b:d3:d8:88:3b:f7:9b:6f:ba:cd:97:
                    ea:15:31:66:00:2b:9c:92:60:22:5f:68:a5:6e:a1:
                    d7:08:3b:2f:6f:b2:0a:e9:c7:31:b9:b9:d7:16:47:
                    b0:7e:74:4e:c0:dd:4f:26:c3:fe:c1:95:50:fd:1b:
                    6a:5e:11:ae:87:1f:82:dc:d2:a2:84:21:96:b0:95:
                    09:08:94:a8:ed:39:d2:f7:76:64:df:b1:dc:09:f0:
                    37:68:d5:ca:92:92:a1:19:14:59:8f:5c:24:bc:dd:
                    34:75:75:af:93:0d:07:70:02:a4:79:da:46:e8:4f:
                    b3:7a:65:92:c5:3a:8b:43:34:7f:ca:88:9c:18:35:
                    be:c4:68:00:28:86:c2:27:ac:af:1a:e2:64:ae:5f:
                    70:58:0e:a4:48:25:d3:42:75:9c:16:15:d5:81:62:
                    fe:f8:d5:22:17:5f:4d:ce:ce:84:13:71:1d:54:32:
                    71:46:ba:15:a8:df:59:56:83:c0:10:69:92:d0:8b:
                    73:70:ba:d1:1a:f0:54:90:6f:4c:ce:63:7a:f8:8c:
                    6e:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AA:8D:9A:E2:53:B7:7F:82:0D:86:E2:70:1E:0F:9A:FE:46:F5:53:0D
            X509v3 Authority Key Identifier:
                keyid:A7:6A:BD:A9:03:46:D0:CA:D2:5D:CA:6F:74:50:BC:CF:8D:08:E7:71

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/p2q9qQNG0MrSXcpvdFC8z40I53E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/86/345c9b-7b4a-4b21-9b00-4d301684c3bc/1/qo2a4lO3f4INhuJwHg-a_kb1Uw0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/86/345c9b-7b4a-4b21-9b00-4d301684c3bc/1/p2q9qQNG0MrSXcpvdFC8z40I53E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.227.82.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6e:90:51:8e:0f:ef:5d:e3:42:28:31:14:39:ed:dc:01:2d:60:
         de:74:5b:ba:1e:09:0e:f3:a0:8b:49:54:fb:a2:cb:44:9e:6d:
         dc:5e:9b:0a:02:11:7d:73:8b:c6:fb:78:72:34:cf:2b:8d:2e:
         dd:07:11:88:57:bc:4c:14:5b:42:99:e4:c2:81:e4:22:63:b0:
         b0:34:22:2c:08:cd:f3:1c:91:93:82:5d:55:de:5f:79:5f:ac:
         bd:0a:e3:77:d6:f6:71:2d:1a:07:a5:83:80:d8:2a:2b:c2:ea:
         47:ba:07:50:dc:b7:fc:2c:c1:b1:c6:e7:17:68:30:27:eb:2a:
         03:1e:dd:04:f1:f2:ab:3f:2e:26:eb:03:d0:08:af:9f:ba:87:
         35:3b:e4:35:96:22:b6:8a:c2:0b:6b:e0:64:6e:67:c3:04:2c:
         c4:0e:0b:38:2c:c1:62:23:e9:1f:cc:c4:b0:01:8c:d9:be:f5:
         f5:22:d3:eb:0a:d2:ff:68:77:6a:de:8c:7e:d3:53:c1:86:cc:
         bc:f9:43:90:f9:91:8d:93:bd:1e:81:fb:f7:12:4c:2f:a4:90:
         ea:c2:72:85:31:e9:1e:44:4d:ec:b7:7a:ec:d6:e5:29:63:af:
         c8:ba:56:be:7b:cc:55:6d:ab:82:df:63:dd:3e:dd:cd:38:81:
         3e:95:48:20
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhsbX7Mfu98ASdn3WL0ldeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE3NmFiZGE5MDM0NmQwY2FkMjVkY2E2Zjc0NTBiY2NmOGQw
OGU3NzEwHhcNMjUwMTAxMTE0ODAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYThkOWFlMjUzYjc3ZjgyMGQ4NmUyNzAxZTBmOWFmZTQ2ZjU1MzBkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp0VwHXxPFuclFtg6t5K/TSww8ICf
wHy4jDU6QOk1+IANdPhPCZfTtpwKGtLZg3aoK9PYiDv3m2+6zZfqFTFmACuckmAi
X2ilbqHXCDsvb7IK6ccxubnXFkewfnROwN1PJsP+wZVQ/RtqXhGuhx+C3NKihCGW
sJUJCJSo7TnS93Zk37HcCfA3aNXKkpKhGRRZj1wkvN00dXWvkw0HcAKkedpG6E+z
emWSxTqLQzR/yoicGDW+xGgAKIbCJ6yvGuJkrl9wWA6kSCXTQnWcFhXVgWL++NUi
F19Nzs6EE3EdVDJxRroVqN9ZVoPAEGmS0ItzcLrRGvBUkG9MzmN6+Ixu4wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKqNmuJTt3+CDYbicB4Pmv5G9VMNMB8GA1UdIwQY
MBaAFKdqvakDRtDK0l3Kb3RQvM+NCOdxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcDJxOXFRTkcwTXJTWGNwdmRGQzh6NDBJNTNFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ni8zNDVjOWItN2I0YS00YjIxLTliMDAt
NGQzMDE2ODRjM2JjLzEvcW8yYTRsTzNmNElOaHVKd0hnLWFfa2IxVXcwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ni8zNDVjOWItN2I0YS00YjIxLTliMDAtNGQzMDE2ODRjM2Jj
LzEvcDJxOXFRTkcwTXJTWGNwdmRGQzh6NDBJNTNFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAweNSMA0G
CSqGSIb3DQEBCwUAA4IBAQBukFGOD+9d40IoMRQ57dwBLWDedFu6HgkO86CLSVT7
ostEnm3cXpsKAhF9c4vG+3hyNM8rjS7dBxGIV7xMFFtCmeTCgeQiY7CwNCIsCM3z
HJGTgl1V3l95X6y9CuN31vZxLRoHpYOA2CorwupHugdQ3Lf8LMGxxucXaDAn6yoD
Ht0E8fKrPy4m6wPQCK+fuoc1O+Q1liK2isILa+BkbmfDBCzEDgs4LMFiI+kfzMSw
AYzZvvX1ItPrCtL/aHdq3ox+01PBhsy8+UOQ+ZGNk70egfv3EkwvpJDqwnKFMeke
RE3st3rs1uUpY6/Iula+e8xVbauC32PdPt3NOIE+lUgg
-----END CERTIFICATE-----