Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/09/b78a1c-1300-4ef8-ae96-80736950aa94/1/vOY7PB5NDzFxhVih037o9jJ1bUc.roa
File:                     vOY7PB5NDzFxhVih037o9jJ1bUc.roa (raw, json)
Hash identifier:          8OCsn1+9HWmViC4NQ7DEHa7bN4pK4rZb0B/Nsp5g6gw=
Subject key identifier:   BC:E6:3B:3C:1E:4D:0F:31:71:85:58:A1:D3:7E:E8:F6:32:75:6D:47
Certificate issuer:       /CN=1cdc76327e92f25fc471b345a37d243cc8393500
Certificate serial:       0194266BCE2B7875DF191B870DCC47C53C86
Authority key identifier: 1C:DC:76:32:7E:92:F2:5F:C4:71:B3:45:A3:7D:24:3C:C8:39:35:00
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HNx2Mn6S8l_EcbNFo30kPMg5NQA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/09/b78a1c-1300-4ef8-ae96-80736950aa94/1/vOY7PB5NDzFxhVih037o9jJ1bUc.roa
Signing time:             Thu 02 Jan 2025 09:49:46 +0000
ROA not before:           Thu 02 Jan 2025 09:49:46 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     13039
IP address blocks:        193.102.189.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/09/b78a1c-1300-4ef8-ae96-80736950aa94/1/HNx2Mn6S8l_EcbNFo30kPMg5NQA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/09/b78a1c-1300-4ef8-ae96-80736950aa94/1/HNx2Mn6S8l_EcbNFo30kPMg5NQA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HNx2Mn6S8l_EcbNFo30kPMg5NQA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 18:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:6b:ce:2b:78:75:df:19:1b:87:0d:cc:47:c5:3c:86
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1cdc76327e92f25fc471b345a37d243cc8393500
        Validity
            Not Before: Jan  2 09:49:46 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=bce63b3c1e4d0f31718558a1d37ee8f632756d47
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:f9:95:76:cc:1c:80:5a:cc:2f:79:57:65:c5:
                    92:73:15:cd:02:67:c4:9a:10:93:25:85:84:24:66:
                    6a:b9:ad:db:96:22:3c:08:5e:96:85:8e:34:01:db:
                    c3:44:e4:98:87:d8:b8:d6:57:b0:9f:34:00:8a:44:
                    12:e1:dd:16:45:38:1b:4f:80:32:e6:64:86:f4:a7:
                    16:b5:47:90:7f:2d:79:ee:af:e7:0b:bd:73:92:bb:
                    df:68:1b:9c:ea:c4:fc:bb:87:47:15:d1:8b:6a:1b:
                    19:dd:68:5f:a0:ae:3d:5e:03:53:e3:1c:fd:27:25:
                    e3:f8:3a:b7:a0:4d:08:6c:5a:15:5a:cf:da:60:24:
                    d0:53:ca:c9:eb:0a:43:ed:0c:b3:cd:44:16:70:ba:
                    f8:b2:83:4c:16:8a:1f:01:13:dc:9d:b4:fa:9b:32:
                    a6:5f:de:06:3a:d6:e9:79:fa:95:16:49:0c:f9:71:
                    8a:83:fa:0e:08:f1:0f:ff:04:f5:87:3e:24:2a:86:
                    ff:2c:f1:b8:34:7e:86:af:69:0b:15:fe:7a:88:0e:
                    34:c5:5c:a6:cd:07:e4:b2:09:f5:07:ca:bf:0e:18:
                    f0:19:a0:6d:66:a1:26:82:f9:1c:67:04:e0:eb:b4:
                    83:4d:58:cd:96:41:d3:a6:9c:4d:f6:9c:ee:6c:f8:
                    8d:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BC:E6:3B:3C:1E:4D:0F:31:71:85:58:A1:D3:7E:E8:F6:32:75:6D:47
            X509v3 Authority Key Identifier:
                keyid:1C:DC:76:32:7E:92:F2:5F:C4:71:B3:45:A3:7D:24:3C:C8:39:35:00

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HNx2Mn6S8l_EcbNFo30kPMg5NQA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/09/b78a1c-1300-4ef8-ae96-80736950aa94/1/vOY7PB5NDzFxhVih037o9jJ1bUc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/09/b78a1c-1300-4ef8-ae96-80736950aa94/1/HNx2Mn6S8l_EcbNFo30kPMg5NQA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.102.189.0/24

    Signature Algorithm: sha256WithRSAEncryption
         03:76:0e:5c:db:06:aa:be:1f:6d:3f:63:03:d9:87:11:59:01:
         6a:02:71:02:a8:99:a7:e8:da:36:cc:ed:00:f2:f5:d4:c6:ca:
         3c:da:a1:20:36:ad:92:1e:81:a1:72:31:e4:ec:8a:35:9f:d9:
         94:4e:ad:2a:2d:58:aa:e8:47:31:3c:28:19:c7:1f:ea:75:2a:
         a2:24:fb:56:11:db:8e:78:fb:7b:74:7e:a7:01:0e:25:ba:8f:
         c4:94:d5:8d:35:c4:b9:b7:c0:c2:72:be:f4:4a:39:7b:40:60:
         44:8d:e4:b1:66:e3:8b:f0:e0:e4:06:f7:b0:96:d5:3c:5a:93:
         9a:bf:ae:0d:87:9d:63:4c:f1:c7:46:53:f8:83:22:46:6f:90:
         23:50:51:ab:ab:4a:c9:1c:91:2a:1a:8f:72:97:07:55:e8:c8:
         a1:3c:4e:44:47:71:e3:9f:bd:d7:f6:16:49:50:80:29:70:70:
         4f:0a:06:e1:f9:8f:e0:ed:08:38:15:45:ef:49:8e:c2:9b:4c:
         90:19:97:68:32:6a:6f:19:ad:b7:be:02:5c:56:dd:95:1a:24:
         75:95:fc:1e:72:9e:95:bc:c4:49:80:5d:a6:fc:60:ad:b1:e7:
         b7:1d:dd:21:d4:72:b6:3c:fe:23:f1:e6:39:ca:01:87:1f:1f:
         43:1d:46:53
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQma84reHXfGRuHDcxHxTyGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjZGM3NjMyN2U5MmYyNWZjNDcxYjM0NWEzN2QyNDNjYzgz
OTM1MDAwHhcNMjUwMTAyMDk0OTQ2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiY2U2M2IzYzFlNGQwZjMxNzE4NTU4YTFkMzdlZThmNjMyNzU2ZDQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs/mVdswcgFrML3lXZcWScxXNAmfE
mhCTJYWEJGZqua3bliI8CF6WhY40AdvDROSYh9i41lewnzQAikQS4d0WRTgbT4Ay
5mSG9KcWtUeQfy157q/nC71zkrvfaBuc6sT8u4dHFdGLahsZ3WhfoK49XgNT4xz9
JyXj+Dq3oE0IbFoVWs/aYCTQU8rJ6wpD7QyzzUQWcLr4soNMFoofARPcnbT6mzKm
X94GOtbpefqVFkkM+XGKg/oOCPEP/wT1hz4kKob/LPG4NH6Gr2kLFf56iA40xVym
zQfksgn1B8q/DhjwGaBtZqEmgvkcZwTg67SDTVjNlkHTppxN9pzubPiNOQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLzmOzweTQ8xcYVYodN+6PYydW1HMB8GA1UdIwQY
MBaAFBzcdjJ+kvJfxHGzRaN9JDzIOTUAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSE54Mk1uNlM4bF9FY2JORm8zMGtQTWc1TlFBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOS9iNzhhMWMtMTMwMC00ZWY4LWFlOTYt
ODA3MzY5NTBhYTk0LzEvdk9ZN1BCNU5EekZ4aFZpaDAzN285akoxYlVjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOS9iNzhhMWMtMTMwMC00ZWY4LWFlOTYtODA3MzY5NTBhYTk0
LzEvSE54Mk1uNlM4bF9FY2JORm8zMGtQTWc1TlFBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwWa9MA0G
CSqGSIb3DQEBCwUAA4IBAQADdg5c2waqvh9tP2MD2YcRWQFqAnECqJmn6No2zO0A
8vXUxso82qEgNq2SHoGhcjHk7Io1n9mUTq0qLViq6EcxPCgZxx/qdSqiJPtWEduO
ePt7dH6nAQ4luo/ElNWNNcS5t8DCcr70Sjl7QGBEjeSxZuOL8ODkBvewltU8WpOa
v64Nh51jTPHHRlP4gyJGb5AjUFGrq0rJHJEqGo9ylwdV6MihPE5ER3Hjn73X9hZJ
UIApcHBPCgbh+Y/g7Qg4FUXvSY7Cm0yQGZdoMmpvGa23vgJcVt2VGiR1lfwecp6V
vMRJgF2m/GCtsee3Hd0h1HK2PP4j8eY5ygGHHx9DHUZT
-----END CERTIFICATE-----