Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/v1Avs3bZ72wiE0w-JgC0MC1XRgs.roa
File:                     v1Avs3bZ72wiE0w-JgC0MC1XRgs.roa (raw, json)
Hash identifier:          f8gR7G0zgWVqs8OTR9PxkxY+HMXmXDe+wer7/PaIVkw=
Subject key identifier:   BF:50:2F:B3:76:D9:EF:6C:22:13:4C:3E:26:00:B4:30:2D:57:46:0B
Certificate issuer:       /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial:       01942825018CF2B70D593878D0BCC0D2629A
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/v1Avs3bZ72wiE0w-JgC0MC1XRgs.roa
Signing time:             Thu 02 Jan 2025 17:51:41 +0000
ROA not before:           Thu 02 Jan 2025 17:51:41 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     206092
IP address blocks:        192.124.177.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 13:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:28:25:01:8c:f2:b7:0d:59:38:78:d0:bc:c0:d2:62:9a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
        Validity
            Not Before: Jan  2 17:51:41 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=bf502fb376d9ef6c22134c3e2600b4302d57460b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:02:c0:8b:3c:07:d9:3b:eb:21:d1:8a:29:6c:
                    b9:79:dd:5f:68:8b:a2:6b:2e:f7:50:10:09:7b:8c:
                    41:0b:2e:6a:1c:73:0a:77:49:38:c3:27:2d:80:77:
                    31:75:8f:42:31:59:1e:f3:7a:d5:3e:93:9b:8e:a2:
                    ab:e0:0a:85:77:87:66:82:a2:41:5b:0c:ba:cc:77:
                    6f:5d:ac:eb:9a:11:33:7c:c4:65:84:27:84:c4:64:
                    cf:f2:d0:7f:60:27:f7:21:e0:7f:04:ea:8c:6a:64:
                    3e:18:4c:f2:8f:1c:13:4a:a2:86:95:d3:79:ea:f1:
                    ca:e1:1e:32:6a:19:4b:ec:da:7b:77:a7:c3:35:e0:
                    41:37:5b:d8:5a:d9:82:59:1d:65:91:1b:9c:55:d0:
                    94:8d:ca:9c:9f:97:74:15:83:e1:8b:cb:a7:fa:c8:
                    81:99:cd:58:a1:f5:67:fe:46:37:66:8b:df:6f:27:
                    91:82:2b:a9:27:c4:a3:e4:83:08:37:a0:a2:53:4b:
                    05:7a:de:e9:55:db:86:a2:92:66:5f:25:a7:6a:46:
                    5b:3a:80:33:c4:14:40:12:ee:aa:82:77:30:65:aa:
                    64:9a:31:83:e3:72:e9:2e:1a:3d:27:8a:c5:21:37:
                    b2:ac:36:03:7d:9a:ab:6d:30:b1:07:09:b3:d4:7e:
                    47:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BF:50:2F:B3:76:D9:EF:6C:22:13:4C:3E:26:00:B4:30:2D:57:46:0B
            X509v3 Authority Key Identifier:
                keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/v1Avs3bZ72wiE0w-JgC0MC1XRgs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.124.177.0/24

    Signature Algorithm: sha256WithRSAEncryption
         63:74:cf:5a:c1:bf:b9:8a:f8:d1:a3:2c:43:37:f1:90:65:1f:
         87:28:93:b7:54:11:22:89:7d:ad:83:f2:a3:69:21:c4:b9:22:
         aa:3f:1c:ab:42:f4:8b:25:4d:84:8c:f9:fe:19:ac:7b:08:11:
         36:ef:61:d1:ab:7a:b9:d0:15:3b:1e:0f:70:75:36:2d:d7:d7:
         f0:84:0b:ea:35:d9:8f:f5:2c:d3:98:37:27:ad:63:b5:dc:35:
         63:20:aa:7d:bf:3e:8e:d2:47:cc:f5:45:24:12:f8:8b:32:95:
         01:50:1b:68:a5:53:d9:f7:77:30:14:a4:61:56:eb:d0:58:95:
         6e:fd:3e:46:ab:79:23:2d:37:68:e3:ef:92:75:38:76:26:d6:
         07:21:ea:55:12:3b:6c:d7:39:d6:12:b9:05:2f:c4:47:fc:8f:
         90:f4:87:4f:f9:70:08:0a:4e:07:b4:6c:4c:c7:25:20:a6:01:
         51:90:26:e2:81:5b:b5:54:d3:b0:cd:45:c4:11:fe:1d:71:98:
         5d:da:68:6e:da:c9:0a:dd:95:69:cd:e2:6a:bd:c3:01:83:1e:
         8f:43:1a:95:07:6a:f6:68:ba:5d:a8:46:17:f0:d1:22:58:81:
         97:e4:4e:bc:f6:b3:6d:3b:58:5e:0e:d1:dc:d9:24:31:ed:c0:
         e0:f6:75:53
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQoJQGM8rcNWTh40LzA0mKaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjUwMTAyMTc1MTQxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZjUwMmZiMzc2ZDllZjZjMjIxMzRjM2UyNjAwYjQzMDJkNTc0NjBiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApALAizwH2TvrIdGKKWy5ed1faIui
ay73UBAJe4xBCy5qHHMKd0k4wyctgHcxdY9CMVke83rVPpObjqKr4AqFd4dmgqJB
Wwy6zHdvXazrmhEzfMRlhCeExGTP8tB/YCf3IeB/BOqMamQ+GEzyjxwTSqKGldN5
6vHK4R4yahlL7Np7d6fDNeBBN1vYWtmCWR1lkRucVdCUjcqcn5d0FYPhi8un+siB
mc1YofVn/kY3ZovfbyeRgiupJ8Sj5IMIN6CiU0sFet7pVduGopJmXyWnakZbOoAz
xBRAEu6qgncwZapkmjGD43LpLho9J4rFITeyrDYDfZqrbTCxBwmz1H5HDwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFL9QL7N22e9sIhNMPiYAtDAtV0YLMB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvdjFBdnMzYlo3MndpRTB3LUpnQzBNQzFYUmdzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwHyxMA0G
CSqGSIb3DQEBCwUAA4IBAQBjdM9awb+5ivjRoyxDN/GQZR+HKJO3VBEiiX2tg/Kj
aSHEuSKqPxyrQvSLJU2EjPn+Gax7CBE272HRq3q50BU7Hg9wdTYt19fwhAvqNdmP
9SzTmDcnrWO13DVjIKp9vz6O0kfM9UUkEviLMpUBUBtopVPZ93cwFKRhVuvQWJVu
/T5Gq3kjLTdo4++SdTh2JtYHIepVEjts1znWErkFL8RH/I+Q9IdP+XAICk4HtGxM
xyUgpgFRkCbigVu1VNOwzUXEEf4dcZhd2mhu2skK3ZVpzeJqvcMBgx6PQxqVB2r2
aLpdqEYX8NEiWIGX5E689rNtO1heDtHc2SQx7cDg9nVT
-----END CERTIFICATE-----