Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/07/bc5fd7-3e63-4945-afb7-1175e5a07a55/1/13rjk7Vk1R6bM8NZzwpn_wkWd18.roa
File:                     13rjk7Vk1R6bM8NZzwpn_wkWd18.roa (raw, json)
Hash identifier:          eMrnrbTjuA+DpnVyQk46VnyH6+JrKX3BnnGUUHzyW6I=
Subject key identifier:   D7:7A:E3:93:B5:64:D5:1E:9B:33:C3:59:CF:0A:67:FF:09:16:77:5F
Certificate issuer:       /CN=d3f60b176d95fd8d3d0bd65c5d12c83941f7f054
Certificate serial:       01951ACBDCBF2C7E712AA101B5EFCAC564D0
Authority key identifier: D3:F6:0B:17:6D:95:FD:8D:3D:0B:D6:5C:5D:12:C8:39:41:F7:F0:54
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0_YLF22V_Y09C9ZcXRLIOUH38FQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/07/bc5fd7-3e63-4945-afb7-1175e5a07a55/1/13rjk7Vk1R6bM8NZzwpn_wkWd18.roa
Signing time:             Tue 18 Feb 2025 20:42:02 +0000
ROA not before:           Tue 18 Feb 2025 20:42:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     14618
IP address blocks:        194.130.116.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/07/bc5fd7-3e63-4945-afb7-1175e5a07a55/1/0_YLF22V_Y09C9ZcXRLIOUH38FQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/07/bc5fd7-3e63-4945-afb7-1175e5a07a55/1/0_YLF22V_Y09C9ZcXRLIOUH38FQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0_YLF22V_Y09C9ZcXRLIOUH38FQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 19:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:1a:cb:dc:bf:2c:7e:71:2a:a1:01:b5:ef:ca:c5:64:d0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d3f60b176d95fd8d3d0bd65c5d12c83941f7f054
        Validity
            Not Before: Feb 18 20:42:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d77ae393b564d51e9b33c359cf0a67ff0916775f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:b5:1a:cb:d6:e4:b8:46:92:9f:84:b7:4b:82:
                    05:37:81:60:be:cc:57:2b:d7:8f:22:b2:e5:86:0e:
                    51:e6:1d:aa:ca:61:16:c8:46:fe:84:93:7f:79:66:
                    fe:98:11:15:d9:ca:52:fd:33:71:00:01:6e:0f:33:
                    4c:ee:f4:de:e9:66:1c:53:34:04:c9:10:cd:cc:df:
                    96:0e:4f:f0:48:dd:3c:82:c1:e1:1a:0e:4c:68:69:
                    95:a0:89:3f:96:ef:34:7a:92:4f:52:c2:84:a1:d3:
                    ff:e6:e8:cb:37:07:fb:b0:e6:98:9a:a9:11:c3:a8:
                    36:d6:e6:f2:e4:88:bc:f1:7c:04:27:80:0e:1e:41:
                    6d:e7:bd:a3:2f:69:9b:13:e6:78:77:11:22:bb:b1:
                    e5:15:bc:74:b7:81:7a:6b:b3:cc:0e:1a:87:64:7e:
                    7f:6e:e5:f8:ab:fc:01:a2:22:3a:ba:25:06:e8:5f:
                    ce:72:76:f1:49:14:57:cb:75:10:b5:28:0b:df:ef:
                    7f:94:45:23:b4:19:3f:ad:e8:76:35:40:c8:5c:92:
                    25:f7:ff:32:9c:28:7a:cc:da:7e:4e:bc:72:a5:d3:
                    52:bd:b4:f5:78:a4:b6:75:69:4f:85:2e:a9:eb:21:
                    d1:d8:84:d4:a1:0a:7b:fb:88:06:26:84:57:31:3f:
                    74:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D7:7A:E3:93:B5:64:D5:1E:9B:33:C3:59:CF:0A:67:FF:09:16:77:5F
            X509v3 Authority Key Identifier:
                keyid:D3:F6:0B:17:6D:95:FD:8D:3D:0B:D6:5C:5D:12:C8:39:41:F7:F0:54

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0_YLF22V_Y09C9ZcXRLIOUH38FQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/07/bc5fd7-3e63-4945-afb7-1175e5a07a55/1/13rjk7Vk1R6bM8NZzwpn_wkWd18.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/07/bc5fd7-3e63-4945-afb7-1175e5a07a55/1/0_YLF22V_Y09C9ZcXRLIOUH38FQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.130.116.0/23

    Signature Algorithm: sha256WithRSAEncryption
         10:73:83:c3:34:67:8e:ff:da:a4:62:d9:89:4a:59:27:44:c0:
         62:bb:ae:30:6f:0f:2c:ba:0d:ae:36:ae:db:c6:01:b3:e1:03:
         e9:f7:9f:12:bc:32:0a:49:5c:e9:85:6e:3e:17:da:56:46:3b:
         5f:22:ce:57:65:b0:6c:7a:b8:44:01:c2:29:a1:ea:1f:b2:3b:
         c5:fd:a9:a2:7a:23:b5:67:21:de:2e:e5:04:6c:59:87:0a:43:
         5e:01:5b:81:9f:55:88:4a:43:29:70:ca:df:8b:e7:e9:a3:b3:
         a1:1a:d2:cf:59:19:60:14:92:26:36:90:5b:ff:d4:f4:50:79:
         39:20:3d:e2:63:6f:63:2a:80:7e:21:4d:45:7e:7f:2f:84:91:
         c1:f0:af:f8:e9:ae:19:87:15:f2:64:09:50:d1:7e:98:3c:8c:
         4e:f9:9f:d4:bb:f3:2c:39:ac:99:33:88:d5:fc:b7:73:a6:2e:
         e8:5c:68:19:6e:35:cb:07:c7:49:5d:ce:00:88:d4:b8:96:ef:
         08:05:74:bd:ef:ec:67:2a:c0:0b:7c:b0:d3:03:fe:31:35:3d:
         fc:6a:4c:08:c9:61:ca:dc:0b:88:b8:46:9c:ac:43:6e:f4:d0:
         a0:11:4e:a6:0a:7a:df:2a:3a:7d:87:bc:c6:86:0c:64:0e:15:
         3a:bf:03:a8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZUay9y/LH5xKqEBte/KxWTQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQzZjYwYjE3NmQ5NWZkOGQzZDBiZDY1YzVkMTJjODM5NDFm
N2YwNTQwHhcNMjUwMjE4MjA0MjAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNzdhZTM5M2I1NjRkNTFlOWIzM2MzNTljZjBhNjdmZjA5MTY3NzVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnLUay9bkuEaSn4S3S4IFN4FgvsxX
K9ePIrLlhg5R5h2qymEWyEb+hJN/eWb+mBEV2cpS/TNxAAFuDzNM7vTe6WYcUzQE
yRDNzN+WDk/wSN08gsHhGg5MaGmVoIk/lu80epJPUsKEodP/5ujLNwf7sOaYmqkR
w6g21uby5Ii88XwEJ4AOHkFt572jL2mbE+Z4dxEiu7HlFbx0t4F6a7PMDhqHZH5/
buX4q/wBoiI6uiUG6F/OcnbxSRRXy3UQtSgL3+9/lEUjtBk/reh2NUDIXJIl9/8y
nCh6zNp+TrxypdNSvbT1eKS2dWlPhS6p6yHR2ITUoQp7+4gGJoRXMT900QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNd645O1ZNUemzPDWc8KZ/8JFndfMB8GA1UdIwQY
MBaAFNP2Cxdtlf2NPQvWXF0SyDlB9/BUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMF9ZTEYyMlZfWTA5QzlaY1hSTElPVUgzOEZRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNy9iYzVmZDctM2U2My00OTQ1LWFmYjct
MTE3NWU1YTA3YTU1LzEvMTNyams3VmsxUjZiTThOWnp3cG5fd2tXZDE4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNy9iYzVmZDctM2U2My00OTQ1LWFmYjctMTE3NWU1YTA3YTU1
LzEvMF9ZTEYyMlZfWTA5QzlaY1hSTElPVUgzOEZRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwoJ0MA0G
CSqGSIb3DQEBCwUAA4IBAQAQc4PDNGeO/9qkYtmJSlknRMBiu64wbw8sug2uNq7b
xgGz4QPp958SvDIKSVzphW4+F9pWRjtfIs5XZbBserhEAcIpoeofsjvF/amieiO1
ZyHeLuUEbFmHCkNeAVuBn1WISkMpcMrfi+fpo7OhGtLPWRlgFJImNpBb/9T0UHk5
ID3iY29jKoB+IU1Ffn8vhJHB8K/46a4ZhxXyZAlQ0X6YPIxO+Z/Uu/MsOayZM4jV
/Ldzpi7oXGgZbjXLB8dJXc4AiNS4lu8IBXS97+xnKsALfLDTA/4xNT38akwIyWHK
3AuIuEacrENu9NCgEU6mCnrfKjp9h7zGhgxkDhU6vwOo
-----END CERTIFICATE-----