Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0b/dae8b0-97d0-48d4-9b26-0137b1f75d02/1/_bqODjPn-Rd4cBmxTx3qtm9oavg.roa
File:                     _bqODjPn-Rd4cBmxTx3qtm9oavg.roa (raw, json)
Hash identifier:          y2y1qSWU+HMBsyjHGzEQQZsskHsqz5iR/DyAxLMfaoM=
Subject key identifier:   FD:BA:8E:0E:33:E7:F9:17:78:70:19:B1:4F:1D:EA:B6:6F:68:6A:F8
Certificate issuer:       /CN=248f5e26f1c08f4486c9911c8b609eae8b6cb74d
Certificate serial:       01942369ABF1CDF434950BCC6F2F9A790CE9
Authority key identifier: 24:8F:5E:26:F1:C0:8F:44:86:C9:91:1C:8B:60:9E:AE:8B:6C:B7:4D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JI9eJvHAj0SGyZEci2Cerotst00.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0b/dae8b0-97d0-48d4-9b26-0137b1f75d02/1/_bqODjPn-Rd4cBmxTx3qtm9oavg.roa
Signing time:             Wed 01 Jan 2025 19:48:35 +0000
ROA not before:           Wed 01 Jan 2025 19:48:35 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     15985
IP address blocks:        193.188.193.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0b/dae8b0-97d0-48d4-9b26-0137b1f75d02/1/JI9eJvHAj0SGyZEci2Cerotst00.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0b/dae8b0-97d0-48d4-9b26-0137b1f75d02/1/JI9eJvHAj0SGyZEci2Cerotst00.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JI9eJvHAj0SGyZEci2Cerotst00.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 20 Apr 2025 07:26:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:69:ab:f1:cd:f4:34:95:0b:cc:6f:2f:9a:79:0c:e9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=248f5e26f1c08f4486c9911c8b609eae8b6cb74d
        Validity
            Not Before: Jan  1 19:48:35 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=fdba8e0e33e7f917787019b14f1deab66f686af8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:2e:59:cd:4e:4e:8a:a9:cb:e4:74:4e:f3:4b:
                    c9:7b:08:a0:bf:52:83:92:b5:4b:51:88:d6:cc:ed:
                    c3:26:c9:22:b2:35:b9:f7:a5:b5:56:e8:bf:5b:4a:
                    b3:2d:fd:ed:de:5b:f4:09:11:4b:e4:1b:df:95:ec:
                    86:b8:94:f0:8a:ea:4a:94:66:bb:fb:d1:4e:d9:4a:
                    65:a8:40:2c:a6:e7:df:35:e2:0b:49:54:28:c3:a5:
                    d1:03:36:6e:f2:af:02:f4:53:e8:ce:83:6d:b9:fc:
                    55:f1:14:c1:ad:50:c5:64:f8:02:45:35:7a:84:0a:
                    fe:f0:43:47:f3:48:a7:8a:bf:ad:63:d1:79:3f:c2:
                    99:12:24:a4:8b:89:b9:da:a4:9d:06:22:40:04:02:
                    c8:31:d6:08:68:a2:45:31:9a:ed:33:69:6d:37:d1:
                    53:e8:85:c1:53:1f:c0:db:44:13:27:b8:bb:9f:7e:
                    bf:b1:f6:cf:05:ae:05:98:83:ee:7e:b2:c6:62:59:
                    77:7a:ee:96:61:46:22:88:0e:a1:71:20:e7:79:5a:
                    54:ad:c0:44:8c:6d:34:4d:8b:94:f1:69:bb:d5:48:
                    7e:cd:ad:be:e2:ec:39:5a:e2:8b:99:aa:fe:89:c3:
                    44:6a:16:53:80:f9:96:ee:1c:1c:14:18:bf:af:29:
                    1f:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FD:BA:8E:0E:33:E7:F9:17:78:70:19:B1:4F:1D:EA:B6:6F:68:6A:F8
            X509v3 Authority Key Identifier:
                keyid:24:8F:5E:26:F1:C0:8F:44:86:C9:91:1C:8B:60:9E:AE:8B:6C:B7:4D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JI9eJvHAj0SGyZEci2Cerotst00.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0b/dae8b0-97d0-48d4-9b26-0137b1f75d02/1/_bqODjPn-Rd4cBmxTx3qtm9oavg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0b/dae8b0-97d0-48d4-9b26-0137b1f75d02/1/JI9eJvHAj0SGyZEci2Cerotst00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.188.193.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1e:d6:b6:74:34:b6:f9:2b:1f:a0:fd:a5:b9:83:d4:2c:9b:38:
         9b:4c:9c:14:0b:0c:f4:d6:37:f5:08:50:82:68:3d:36:77:03:
         3d:25:96:b7:12:bd:7d:f1:ac:32:29:c7:94:1d:37:9d:14:75:
         a5:9d:09:0d:33:78:05:8b:27:3e:86:2d:14:41:d1:ee:dc:6e:
         55:a9:a8:11:95:a4:35:67:e6:e7:14:19:dd:a7:02:ec:ce:ba:
         bf:15:11:f9:ea:8d:b9:e7:91:17:1e:94:3c:f8:b3:35:98:76:
         09:48:a1:ae:63:e2:c0:87:4d:57:3e:45:d6:aa:00:9f:97:a7:
         96:f7:57:2e:11:95:13:2b:79:7d:5f:bc:7a:c2:f2:5d:07:1a:
         e0:d4:70:de:33:81:66:4c:19:c6:b3:ca:de:da:d6:09:ed:98:
         c7:fc:33:d8:fc:94:38:19:97:ed:02:3b:fa:d9:d5:34:74:b1:
         80:18:3c:c0:fa:06:4c:de:0f:b5:e2:51:88:b2:2d:1f:ba:d5:
         f5:69:ae:82:ee:2a:30:2e:bd:cb:7f:ed:5b:fa:84:7c:6c:d5:
         50:28:69:97:5f:95:ca:a9:4c:80:cb:b9:d8:c5:7f:b6:02:69:
         0a:48:ba:02:c2:a1:2d:8e:75:97:26:18:5f:86:9a:9d:6e:d2:
         62:ac:2c:61
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQjaavxzfQ0lQvMby+aeQzpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI0OGY1ZTI2ZjFjMDhmNDQ4NmM5OTExYzhiNjA5ZWFlOGI2
Y2I3NGQwHhcNMjUwMTAxMTk0ODM1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZGJhOGUwZTMzZTdmOTE3Nzg3MDE5YjE0ZjFkZWFiNjZmNjg2YWY4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAry5ZzU5OiqnL5HRO80vJewigv1KD
krVLUYjWzO3DJskisjW596W1Vui/W0qzLf3t3lv0CRFL5BvfleyGuJTwiupKlGa7
+9FO2UplqEAspuffNeILSVQow6XRAzZu8q8C9FPozoNtufxV8RTBrVDFZPgCRTV6
hAr+8ENH80inir+tY9F5P8KZEiSki4m52qSdBiJABALIMdYIaKJFMZrtM2ltN9FT
6IXBUx/A20QTJ7i7n36/sfbPBa4FmIPufrLGYll3eu6WYUYiiA6hcSDneVpUrcBE
jG00TYuU8Wm71Uh+za2+4uw5WuKLmar+icNEahZTgPmW7hwcFBi/rykf+QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFP26jg4z5/kXeHAZsU8d6rZvaGr4MB8GA1UdIwQY
MBaAFCSPXibxwI9EhsmRHItgnq6LbLdNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSkk5ZUp2SEFqMFNHeVpFY2kyQ2Vyb3RzdDAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYi9kYWU4YjAtOTdkMC00OGQ0LTliMjYt
MDEzN2IxZjc1ZDAyLzEvX2JxT0RqUG4tUmQ0Y0JteFR4M3F0bTlvYXZnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYi9kYWU4YjAtOTdkMC00OGQ0LTliMjYtMDEzN2IxZjc1ZDAy
LzEvSkk5ZUp2SEFqMFNHeVpFY2kyQ2Vyb3RzdDAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwbzBMA0G
CSqGSIb3DQEBCwUAA4IBAQAe1rZ0NLb5Kx+g/aW5g9QsmzibTJwUCwz01jf1CFCC
aD02dwM9JZa3Er198awyKceUHTedFHWlnQkNM3gFiyc+hi0UQdHu3G5VqagRlaQ1
Z+bnFBndpwLszrq/FRH56o2555EXHpQ8+LM1mHYJSKGuY+LAh01XPkXWqgCfl6eW
91cuEZUTK3l9X7x6wvJdBxrg1HDeM4FmTBnGs8re2tYJ7ZjH/DPY/JQ4GZftAjv6
2dU0dLGAGDzA+gZM3g+14lGIsi0futX1aa6C7iowLr3Lf+1b+oR8bNVQKGmXX5XK
qUyAy7nYxX+2AmkKSLoCwqEtjnWXJhhfhpqdbtJirCxh
-----END CERTIFICATE-----