Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b6/a13b01-4153-4ea5-bf21-99868c51329a/1/N8yg-rsBIkNZqhIg3aIitQuuaUk.roa
File:                     N8yg-rsBIkNZqhIg3aIitQuuaUk.roa (raw, json)
Hash identifier:          Vq9e+6B3g3tkLctdReugpY+B6dczna3y7yxghSqb1lg=
Subject key identifier:   37:CC:A0:FA:BB:01:22:43:59:AA:12:20:DD:A2:22:B5:0B:AE:69:49
Certificate issuer:       /CN=aedaeea9117a1d5ccc320222955a09faa0798fd9
Certificate serial:       019423D71791AC7244CAC8A93E2DC881BCBF
Authority key identifier: AE:DA:EE:A9:11:7A:1D:5C:CC:32:02:22:95:5A:09:FA:A0:79:8F:D9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/rtruqRF6HVzMMgIilVoJ-qB5j9k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b6/a13b01-4153-4ea5-bf21-99868c51329a/1/N8yg-rsBIkNZqhIg3aIitQuuaUk.roa
Signing time:             Wed 01 Jan 2025 21:48:06 +0000
ROA not before:           Wed 01 Jan 2025 21:48:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     14148
IP address blocks:        31.186.254.0/24 maxlen: 24
                          95.172.90.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b6/a13b01-4153-4ea5-bf21-99868c51329a/1/rtruqRF6HVzMMgIilVoJ-qB5j9k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b6/a13b01-4153-4ea5-bf21-99868c51329a/1/rtruqRF6HVzMMgIilVoJ-qB5j9k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/rtruqRF6HVzMMgIilVoJ-qB5j9k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 01:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:d7:17:91:ac:72:44:ca:c8:a9:3e:2d:c8:81:bc:bf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=aedaeea9117a1d5ccc320222955a09faa0798fd9
        Validity
            Not Before: Jan  1 21:48:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=37cca0fabb01224359aa1220dda222b50bae6949
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:ba:a0:ad:01:93:89:99:83:5e:db:b0:19:fd:
                    50:f3:7e:b9:cb:d0:fa:68:bc:9f:0a:fd:cc:0b:64:
                    f6:2c:9f:ce:96:2e:95:cc:20:5c:7f:88:c0:b0:b9:
                    91:8d:56:5e:98:85:4b:f5:03:2c:24:cf:4e:30:27:
                    0e:28:44:be:7f:40:58:15:4d:9b:15:46:7c:fc:d7:
                    d7:ac:bd:a1:cb:eb:58:bc:74:b6:c7:63:d0:e4:da:
                    ab:2c:c4:f9:87:60:9c:85:02:2f:d5:df:08:54:ad:
                    3a:86:d0:c6:d4:3b:fa:64:49:d6:e9:09:72:29:68:
                    38:32:e8:ab:0c:aa:80:cc:13:25:18:ca:44:07:f3:
                    69:2d:7c:b5:50:f2:94:34:80:40:2b:74:fe:0b:1f:
                    29:44:2a:88:a3:76:2c:a0:92:6f:66:68:30:7c:76:
                    82:ef:4b:bc:1a:0a:55:d1:d9:27:cc:fa:21:6b:22:
                    ee:9e:1f:b2:68:75:a1:3d:80:c1:57:78:ec:fe:81:
                    fa:ca:87:bd:fe:81:ad:f9:0b:71:b8:f7:3c:f0:01:
                    32:a6:ad:9e:65:be:66:c3:ff:38:02:f5:42:f5:d9:
                    79:41:6e:88:37:a4:26:8e:c7:30:bf:e1:47:f3:bd:
                    3c:b9:56:b0:7c:cc:4c:cc:7f:4f:b9:88:7e:2d:b2:
                    ff:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                37:CC:A0:FA:BB:01:22:43:59:AA:12:20:DD:A2:22:B5:0B:AE:69:49
            X509v3 Authority Key Identifier:
                keyid:AE:DA:EE:A9:11:7A:1D:5C:CC:32:02:22:95:5A:09:FA:A0:79:8F:D9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rtruqRF6HVzMMgIilVoJ-qB5j9k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b6/a13b01-4153-4ea5-bf21-99868c51329a/1/N8yg-rsBIkNZqhIg3aIitQuuaUk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b6/a13b01-4153-4ea5-bf21-99868c51329a/1/rtruqRF6HVzMMgIilVoJ-qB5j9k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.186.254.0/24
                  95.172.90.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1a:06:8a:63:74:56:da:ee:dd:dc:fe:cb:03:9e:d4:38:0e:12:
         d5:38:49:a7:b0:b7:a4:f0:02:97:a1:da:63:0d:fa:3c:b0:dd:
         f4:18:47:02:34:0f:1e:ce:ff:aa:48:76:35:ab:f7:30:bd:c0:
         98:7c:98:a9:f7:58:f0:46:0e:65:55:e1:94:7e:05:37:1b:16:
         6b:cd:e8:f2:42:1f:9f:26:05:8a:3c:77:41:94:a4:32:3a:7e:
         aa:dd:e0:3f:ac:79:f6:2b:1b:11:09:84:f4:08:78:9e:29:c0:
         5c:8a:be:23:ce:cb:e2:b9:9d:d9:24:7f:a8:11:26:44:e7:d7:
         30:08:62:a2:57:1a:d1:6f:7b:fb:b4:c0:5c:d6:00:9d:a5:17:
         28:ac:a7:e7:13:c0:97:c0:39:21:c5:50:e4:65:1c:3a:af:dd:
         e1:ae:07:ff:6e:fb:e1:e7:b3:a0:00:c8:82:1e:a8:3e:ee:cd:
         34:24:35:fe:73:8f:d4:e8:9b:60:12:18:20:ec:ca:b2:63:a7:
         18:14:f7:ba:10:48:db:ea:e3:41:70:53:ac:f0:c8:17:e6:4c:
         f2:2f:28:53:e7:d5:04:6f:8d:61:d4:c8:b2:53:5c:cc:6f:50:
         1e:95:6e:9f:cf:b3:b6:a8:c5:f5:a3:8a:5c:42:12:c6:75:1a:
         82:ef:f8:b8
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQj1xeRrHJEysipPi3Igby/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFlZGFlZWE5MTE3YTFkNWNjYzMyMDIyMjk1NWEwOWZhYTA3
OThmZDkwHhcNMjUwMTAxMjE0ODA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzN2NjYTBmYWJiMDEyMjQzNTlhYTEyMjBkZGEyMjJiNTBiYWU2OTQ5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqbqgrQGTiZmDXtuwGf1Q8365y9D6
aLyfCv3MC2T2LJ/Oli6VzCBcf4jAsLmRjVZemIVL9QMsJM9OMCcOKES+f0BYFU2b
FUZ8/NfXrL2hy+tYvHS2x2PQ5NqrLMT5h2CchQIv1d8IVK06htDG1Dv6ZEnW6Qly
KWg4MuirDKqAzBMlGMpEB/NpLXy1UPKUNIBAK3T+Cx8pRCqIo3YsoJJvZmgwfHaC
70u8GgpV0dknzPohayLunh+yaHWhPYDBV3js/oH6yoe9/oGt+QtxuPc88AEypq2e
Zb5mw/84AvVC9dl5QW6IN6Qmjscwv+FH8708uVawfMxMzH9PuYh+LbL/uQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFDfMoPq7ASJDWaoSIN2iIrULrmlJMB8GA1UdIwQY
MBaAFK7a7qkReh1czDICIpVaCfqgeY/ZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcnRydXFSRjZIVnpNTWdJaWxWb0otcUI1ajlrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNi9hMTNiMDEtNDE1My00ZWE1LWJmMjEt
OTk4NjhjNTEzMjlhLzEvTjh5Zy1yc0JJa05acWhJZzNhSWl0UXV1YVVrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNi9hMTNiMDEtNDE1My00ZWE1LWJmMjEtOTk4NjhjNTEzMjlh
LzEvcnRydXFSRjZIVnpNTWdJaWxWb0otcUI1ajlrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAH7r+AwQA
X6xaMA0GCSqGSIb3DQEBCwUAA4IBAQAaBopjdFba7t3c/ssDntQ4DhLVOEmnsLek
8AKXodpjDfo8sN30GEcCNA8ezv+qSHY1q/cwvcCYfJip91jwRg5lVeGUfgU3GxZr
zejyQh+fJgWKPHdBlKQyOn6q3eA/rHn2KxsRCYT0CHieKcBcir4jzsviuZ3ZJH+o
ESZE59cwCGKiVxrRb3v7tMBc1gCdpRcorKfnE8CXwDkhxVDkZRw6r93hrgf/bvvh
57OgAMiCHqg+7s00JDX+c4/U6JtgEhgg7MqyY6cYFPe6EEjb6uNBcFOs8MgX5kzy
LyhT59UEb41h1MiyU1zMb1AelW6fz7O2qMX1o4pcQhLGdRqC7/i4
-----END CERTIFICATE-----