Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0f/ade856-8960-4a29-8956-9fe7d928d9be/1/v48Lr2EX71CfbBZZKT-B2CDMZWI.roa
File:                     v48Lr2EX71CfbBZZKT-B2CDMZWI.roa (raw, json)
Hash identifier:          FbcS7Loz8XtWLz+emLVfELqvfvzTkNt/9jQwmw4FZhU=
Subject key identifier:   BF:8F:0B:AF:61:17:EF:50:9F:6C:16:59:29:3F:81:D8:20:CC:65:62
Certificate issuer:       /CN=68bd10f1b14bbb2767ffdcaec4b4172880ba461a
Certificate serial:       01942521B172908F1B011A5EEB4AD1174D4E
Authority key identifier: 68:BD:10:F1:B1:4B:BB:27:67:FF:DC:AE:C4:B4:17:28:80:BA:46:1A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/aL0Q8bFLuydn_9yuxLQXKIC6Rho.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0f/ade856-8960-4a29-8956-9fe7d928d9be/1/v48Lr2EX71CfbBZZKT-B2CDMZWI.roa
Signing time:             Thu 02 Jan 2025 03:49:12 +0000
ROA not before:           Thu 02 Jan 2025 03:49:12 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     7018
IP address blocks:        193.107.40.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0f/ade856-8960-4a29-8956-9fe7d928d9be/1/aL0Q8bFLuydn_9yuxLQXKIC6Rho.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0f/ade856-8960-4a29-8956-9fe7d928d9be/1/aL0Q8bFLuydn_9yuxLQXKIC6Rho.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/aL0Q8bFLuydn_9yuxLQXKIC6Rho.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 10 Apr 2025 23:00:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:21:b1:72:90:8f:1b:01:1a:5e:eb:4a:d1:17:4d:4e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=68bd10f1b14bbb2767ffdcaec4b4172880ba461a
        Validity
            Not Before: Jan  2 03:49:12 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=bf8f0baf6117ef509f6c1659293f81d820cc6562
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:c6:93:02:a2:63:74:0d:f6:e6:ca:a3:08:74:
                    fe:63:e3:eb:4a:d2:e2:80:59:54:89:23:6a:a3:ea:
                    5f:96:28:40:70:85:99:20:3a:58:8d:79:04:e0:8e:
                    05:a3:e8:25:d7:3c:22:1d:cd:b7:30:1e:d6:a6:c1:
                    a9:ef:51:2f:0f:82:a1:73:78:31:3f:d5:15:83:de:
                    03:5f:50:30:bd:8e:39:ac:a6:7d:5b:2f:4b:b1:a9:
                    66:26:23:72:42:93:62:03:d2:a5:88:c3:2a:8c:76:
                    e2:e0:d9:33:23:8e:60:3f:3a:b6:4e:b1:9b:43:52:
                    f8:92:5b:74:e3:de:77:e3:b6:bc:9a:72:ec:bd:14:
                    9b:13:24:87:ae:2b:a5:8a:5a:ce:54:c6:e8:8a:35:
                    f1:c6:fc:49:70:db:90:84:6c:98:ee:cd:e8:97:e3:
                    f6:7d:36:eb:ed:a4:a6:cf:dd:ad:ab:71:b8:78:f2:
                    b4:8c:1d:4e:31:bb:c6:30:9f:36:fd:22:29:f8:00:
                    19:23:cd:d6:b4:24:06:9b:7b:0b:a1:c0:d4:84:b4:
                    cd:1d:4f:5f:a3:d5:f9:20:7a:a1:4a:32:ca:69:e6:
                    2c:38:0e:44:4b:8c:eb:34:30:c3:cd:18:a3:b2:56:
                    72:46:86:ef:d4:96:e0:ba:cf:4e:18:7e:5a:e3:1d:
                    f5:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BF:8F:0B:AF:61:17:EF:50:9F:6C:16:59:29:3F:81:D8:20:CC:65:62
            X509v3 Authority Key Identifier:
                keyid:68:BD:10:F1:B1:4B:BB:27:67:FF:DC:AE:C4:B4:17:28:80:BA:46:1A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/aL0Q8bFLuydn_9yuxLQXKIC6Rho.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0f/ade856-8960-4a29-8956-9fe7d928d9be/1/v48Lr2EX71CfbBZZKT-B2CDMZWI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0f/ade856-8960-4a29-8956-9fe7d928d9be/1/aL0Q8bFLuydn_9yuxLQXKIC6Rho.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.107.40.0/22

    Signature Algorithm: sha256WithRSAEncryption
         73:8a:c1:32:30:59:e4:c4:7d:b5:0f:52:6e:4b:44:38:62:c4:
         25:82:7a:8d:46:e7:f7:82:0b:5a:f5:e9:ac:c7:e0:54:34:a9:
         2b:e7:39:83:f3:08:1d:ee:cc:d3:99:3f:ef:66:2d:b0:3f:f8:
         56:35:b9:b3:2d:2d:02:15:67:78:27:19:1c:60:45:80:5a:0d:
         5b:cc:76:e6:16:1e:d8:0d:81:ca:fc:81:ae:9d:c2:34:10:1a:
         40:81:d0:7d:79:33:f8:08:b9:df:9b:c1:ac:18:b6:ae:1e:bf:
         37:6a:bd:34:fd:af:b6:f1:60:0f:9e:40:57:34:d3:5e:f1:1e:
         dd:34:f4:de:e9:88:9e:17:c7:2e:74:37:c5:5b:53:dc:57:c8:
         b1:c9:83:4a:73:1e:51:36:47:f7:24:8b:7e:39:ad:74:a0:48:
         8f:95:22:23:8d:e5:1f:1f:ab:fc:9f:b4:60:3b:27:e8:a4:4d:
         aa:14:2b:e0:a1:e3:41:6b:44:b3:e9:20:a6:5b:05:e5:24:93:
         bd:69:2e:56:ad:f2:28:3b:02:93:34:fd:3e:f0:e8:ff:6a:66:
         8a:68:65:80:d9:03:69:ee:e6:99:5a:88:c7:23:bf:62:fa:ed:
         92:f3:04:56:94:04:c0:a7:2a:8e:58:b9:94:e8:74:56:83:f0:
         85:ce:af:c6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQlIbFykI8bARpe60rRF01OMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY4YmQxMGYxYjE0YmJiMjc2N2ZmZGNhZWM0YjQxNzI4ODBi
YTQ2MWEwHhcNMjUwMTAyMDM0OTEyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZjhmMGJhZjYxMTdlZjUwOWY2YzE2NTkyOTNmODFkODIwY2M2NTYyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzcaTAqJjdA325sqjCHT+Y+PrStLi
gFlUiSNqo+pflihAcIWZIDpYjXkE4I4Fo+gl1zwiHc23MB7WpsGp71EvD4Khc3gx
P9UVg94DX1AwvY45rKZ9Wy9LsalmJiNyQpNiA9KliMMqjHbi4NkzI45gPzq2TrGb
Q1L4klt0495347a8mnLsvRSbEySHriulilrOVMboijXxxvxJcNuQhGyY7s3ol+P2
fTbr7aSmz92tq3G4ePK0jB1OMbvGMJ82/SIp+AAZI83WtCQGm3sLocDUhLTNHU9f
o9X5IHqhSjLKaeYsOA5ES4zrNDDDzRijslZyRobv1Jbgus9OGH5a4x31JQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFL+PC69hF+9Qn2wWWSk/gdggzGViMB8GA1UdIwQY
MBaAFGi9EPGxS7snZ//crsS0FyiAukYaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYUwwUThiRkx1eWRuXzl5dXhMUVhLSUM2UmhvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZi9hZGU4NTYtODk2MC00YTI5LTg5NTYt
OWZlN2Q5MjhkOWJlLzEvdjQ4THIyRVg3MUNmYkJaWktULUIyQ0RNWldJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZi9hZGU4NTYtODk2MC00YTI5LTg5NTYtOWZlN2Q5MjhkOWJl
LzEvYUwwUThiRkx1eWRuXzl5dXhMUVhLSUM2UmhvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCwWsoMA0G
CSqGSIb3DQEBCwUAA4IBAQBzisEyMFnkxH21D1JuS0Q4YsQlgnqNRuf3ggta9ems
x+BUNKkr5zmD8wgd7szTmT/vZi2wP/hWNbmzLS0CFWd4JxkcYEWAWg1bzHbmFh7Y
DYHK/IGuncI0EBpAgdB9eTP4CLnfm8GsGLauHr83ar00/a+28WAPnkBXNNNe8R7d
NPTe6YieF8cudDfFW1PcV8ixyYNKcx5RNkf3JIt+Oa10oEiPlSIjjeUfH6v8n7Rg
OyfopE2qFCvgoeNBa0Sz6SCmWwXlJJO9aS5WrfIoOwKTNP0+8Oj/amaKaGWA2QNp
7uaZWojHI79i+u2S8wRWlATApyqOWLmU6HRWg/CFzq/G
-----END CERTIFICATE-----