Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/aa1019-564f-4c46-a217-fb5949808ddc/1/bePIOwHo2yd_SzOvruKwF9356uc.roa
File:                     bePIOwHo2yd_SzOvruKwF9356uc.roa (raw, json)
Hash identifier:          AE/WNLdQCiM+hKgplC+GUSqytNFuyhj+98knbmTnMvA=
Subject key identifier:   6D:E3:C8:3B:01:E8:DB:27:7F:4B:33:AF:AE:E2:B0:17:DD:F9:EA:E7
Certificate issuer:       /CN=624ad4535ac88dd534199f2a726095af71afe44e
Certificate serial:       0194221FD3286B048679B4D12313B26BBBA0
Authority key identifier: 62:4A:D4:53:5A:C8:8D:D5:34:19:9F:2A:72:60:95:AF:71:AF:E4:4E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YkrUU1rIjdU0GZ8qcmCVr3Gv5E4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/aa1019-564f-4c46-a217-fb5949808ddc/1/bePIOwHo2yd_SzOvruKwF9356uc.roa
Signing time:             Wed 01 Jan 2025 13:48:18 +0000
ROA not before:           Wed 01 Jan 2025 13:48:18 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     8708
IP address blocks:        194.113.80.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/00/aa1019-564f-4c46-a217-fb5949808ddc/1/YkrUU1rIjdU0GZ8qcmCVr3Gv5E4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/00/aa1019-564f-4c46-a217-fb5949808ddc/1/YkrUU1rIjdU0GZ8qcmCVr3Gv5E4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YkrUU1rIjdU0GZ8qcmCVr3Gv5E4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:1f:d3:28:6b:04:86:79:b4:d1:23:13:b2:6b:bb:a0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=624ad4535ac88dd534199f2a726095af71afe44e
        Validity
            Not Before: Jan  1 13:48:18 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6de3c83b01e8db277f4b33afaee2b017ddf9eae7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:4c:a5:da:83:a5:6b:11:15:0b:6f:c4:d4:4b:
                    c6:af:66:cc:86:21:01:03:7e:7c:9a:be:f6:26:09:
                    6e:a0:6c:3b:7f:44:a1:63:e3:3f:56:78:75:8b:4c:
                    ea:ce:b7:f1:1c:f8:86:aa:67:1d:fc:e1:dc:b5:8f:
                    c6:f0:5e:26:8e:91:ae:de:e4:2b:f7:5e:d8:6c:59:
                    54:c8:68:d9:1d:fc:e9:89:09:5c:f2:8c:4d:6f:45:
                    80:af:60:b4:24:83:12:0a:31:41:63:aa:86:ea:08:
                    7e:70:86:4e:9f:a5:e3:cf:1a:eb:bd:e3:38:ac:20:
                    9f:81:29:54:86:96:01:63:ee:b9:03:ec:d0:85:a3:
                    7b:59:26:80:93:df:11:45:4f:e2:48:1c:5a:78:c1:
                    00:92:82:27:e2:b7:04:8e:45:49:a6:11:50:a5:a5:
                    1e:b4:b7:ed:c0:e3:cd:a8:de:0f:da:40:c0:55:f9:
                    b8:56:ad:6b:a5:32:ff:dc:53:23:fa:8a:7f:33:6d:
                    11:23:4a:a4:af:6e:fe:4c:a4:7f:f4:fd:ce:78:1c:
                    76:2b:8a:32:b7:c4:3e:87:cb:75:28:50:0a:00:a4:
                    f5:d8:4f:03:49:dc:40:a6:19:df:9c:8f:51:6d:1f:
                    4b:5a:12:c8:30:9d:e7:db:4d:1e:f3:9a:b0:65:11:
                    54:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6D:E3:C8:3B:01:E8:DB:27:7F:4B:33:AF:AE:E2:B0:17:DD:F9:EA:E7
            X509v3 Authority Key Identifier:
                keyid:62:4A:D4:53:5A:C8:8D:D5:34:19:9F:2A:72:60:95:AF:71:AF:E4:4E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YkrUU1rIjdU0GZ8qcmCVr3Gv5E4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/aa1019-564f-4c46-a217-fb5949808ddc/1/bePIOwHo2yd_SzOvruKwF9356uc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/aa1019-564f-4c46-a217-fb5949808ddc/1/YkrUU1rIjdU0GZ8qcmCVr3Gv5E4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.113.80.0/23

    Signature Algorithm: sha256WithRSAEncryption
         59:4c:85:99:df:4b:58:ea:22:54:4b:1e:93:38:31:05:fb:32:
         73:13:64:08:c1:84:fb:f9:dd:11:0b:50:a5:f1:a3:9a:0c:5e:
         f7:65:4d:91:5e:41:38:e1:3e:db:9c:53:20:c2:44:d5:8f:d6:
         bd:d6:8b:b3:5e:eb:09:91:19:b4:2a:4c:a2:b3:01:1a:e4:68:
         de:ad:9d:5e:79:9b:00:63:a0:f2:e0:99:a4:ae:4b:98:94:ba:
         97:8a:e7:5d:d5:6c:a1:7b:cf:14:40:ff:1a:8d:fb:25:6f:88:
         b0:25:75:91:24:2e:cf:f4:a9:6a:c0:ab:9b:88:bb:1d:a6:82:
         c5:cd:dc:f7:05:76:24:e7:b9:1e:bd:56:3a:31:a0:aa:17:a6:
         b5:d0:95:cb:c9:5c:37:97:14:de:ba:6c:0c:b3:f7:e2:a2:ac:
         6f:97:59:1b:de:67:c8:a4:db:2b:ba:9e:87:29:cc:bb:f0:b6:
         66:d5:de:d5:51:d9:0e:c3:e6:26:c5:fd:d2:1e:61:27:48:de:
         6e:f6:a0:a8:36:a3:83:3d:70:94:ad:3c:c9:4a:fb:45:6a:8a:
         47:46:f2:7c:ee:70:34:18:23:27:b9:48:4e:23:93:bd:3f:20:
         42:dd:6d:7b:cd:e9:c8:b1:c4:58:65:37:1d:64:67:57:6f:d9:
         00:06:5e:ad
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQiH9MoawSGebTRIxOya7ugMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYyNGFkNDUzNWFjODhkZDUzNDE5OWYyYTcyNjA5NWFmNzFh
ZmU0NGUwHhcNMjUwMTAxMTM0ODE4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZGUzYzgzYjAxZThkYjI3N2Y0YjMzYWZhZWUyYjAxN2RkZjllYWU3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxUyl2oOlaxEVC2/E1EvGr2bMhiEB
A358mr72JgluoGw7f0ShY+M/Vnh1i0zqzrfxHPiGqmcd/OHctY/G8F4mjpGu3uQr
917YbFlUyGjZHfzpiQlc8oxNb0WAr2C0JIMSCjFBY6qG6gh+cIZOn6XjzxrrveM4
rCCfgSlUhpYBY+65A+zQhaN7WSaAk98RRU/iSBxaeMEAkoIn4rcEjkVJphFQpaUe
tLftwOPNqN4P2kDAVfm4Vq1rpTL/3FMj+op/M20RI0qkr27+TKR/9P3OeBx2K4oy
t8Q+h8t1KFAKAKT12E8DSdxAphnfnI9RbR9LWhLIMJ3n200e85qwZRFU+QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFG3jyDsB6Nsnf0szr67isBfd+ernMB8GA1UdIwQY
MBaAFGJK1FNayI3VNBmfKnJgla9xr+ROMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWWtyVVUxcklqZFUwR1o4cWNtQ1ZyM0d2NUU0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9hYTEwMTktNTY0Zi00YzQ2LWEyMTct
ZmI1OTQ5ODA4ZGRjLzEvYmVQSU93SG8yeWRfU3pPdnJ1S3dGOTM1NnVjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9hYTEwMTktNTY0Zi00YzQ2LWEyMTctZmI1OTQ5ODA4ZGRj
LzEvWWtyVVUxcklqZFUwR1o4cWNtQ1ZyM0d2NUU0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwnFQMA0G
CSqGSIb3DQEBCwUAA4IBAQBZTIWZ30tY6iJUSx6TODEF+zJzE2QIwYT7+d0RC1Cl
8aOaDF73ZU2RXkE44T7bnFMgwkTVj9a91ouzXusJkRm0KkyiswEa5GjerZ1eeZsA
Y6Dy4JmkrkuYlLqXiudd1Wyhe88UQP8ajfslb4iwJXWRJC7P9KlqwKubiLsdpoLF
zdz3BXYk57kevVY6MaCqF6a10JXLyVw3lxTeumwMs/fioqxvl1kb3mfIpNsrup6H
Kcy78LZm1d7VUdkOw+Ymxf3SHmEnSN5u9qCoNqODPXCUrTzJSvtFaopHRvJ87nA0
GCMnuUhOI5O9PyBC3W17zenIscRYZTcdZGdXb9kABl6t
-----END CERTIFICATE-----