Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/10/e3335f-4114-4482-8e12-4256a46afeec/1/J8TxeAmZBzINa9syBZ1B4yTXcxY.roa
File:                     J8TxeAmZBzINa9syBZ1B4yTXcxY.roa (raw, json)
Hash identifier:          2QfjawOPNl3mivz2h5LwmzlkbdOnVy10wna7TIvLBVY=
Subject key identifier:   27:C4:F1:78:09:99:07:32:0D:6B:DB:32:05:9D:41:E3:24:D7:73:16
Certificate issuer:       /CN=6764b9eeca258ae78c4d51321a8bdfef9a2b6a3c
Certificate serial:       0194244568F5F185919068B88EBEB412FC9C
Authority key identifier: 67:64:B9:EE:CA:25:8A:E7:8C:4D:51:32:1A:8B:DF:EF:9A:2B:6A:3C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Z2S57soliueMTVEyGovf75orajw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/10/e3335f-4114-4482-8e12-4256a46afeec/1/J8TxeAmZBzINa9syBZ1B4yTXcxY.roa
Signing time:             Wed 01 Jan 2025 23:48:36 +0000
ROA not before:           Wed 01 Jan 2025 23:48:36 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     20912
IP address blocks:        193.36.108.0/23 maxlen: 23
                          193.36.108.0/24 maxlen: 24
                          193.36.109.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/10/e3335f-4114-4482-8e12-4256a46afeec/1/Z2S57soliueMTVEyGovf75orajw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/10/e3335f-4114-4482-8e12-4256a46afeec/1/Z2S57soliueMTVEyGovf75orajw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Z2S57soliueMTVEyGovf75orajw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 17 Apr 2025 13:16:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:45:68:f5:f1:85:91:90:68:b8:8e:be:b4:12:fc:9c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6764b9eeca258ae78c4d51321a8bdfef9a2b6a3c
        Validity
            Not Before: Jan  1 23:48:36 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=27c4f178099907320d6bdb32059d41e324d77316
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:e5:b3:3a:03:86:22:1f:cd:bc:44:55:15:f2:
                    55:9d:10:7b:80:09:de:ce:83:13:ed:ca:d5:44:ee:
                    28:8c:e5:30:ec:fb:b2:1c:99:e5:da:30:74:27:74:
                    fb:b6:a0:b3:b5:e8:dd:fb:90:63:19:12:1e:ae:52:
                    ab:51:01:d6:3b:f0:19:94:f2:1c:d9:9e:60:0f:b0:
                    6d:0b:5c:8f:d1:e1:fb:3d:fa:94:8d:db:de:f8:f8:
                    80:8a:f8:0b:c0:66:4d:4a:4f:d3:04:79:fc:16:88:
                    5c:40:af:8f:f3:bf:50:89:4e:e0:66:19:04:e3:b8:
                    f7:30:19:3f:bf:99:cc:92:fb:55:3d:07:73:36:8b:
                    71:6c:b6:45:d9:eb:87:e2:cc:7c:ee:33:08:5d:df:
                    9a:c0:c5:4e:7b:9a:09:04:c2:3f:a9:82:61:8d:d4:
                    a7:7e:43:26:59:4a:56:e2:62:ac:2a:68:c8:0d:e4:
                    0b:60:a1:84:20:c4:d2:b9:73:32:91:fe:df:a0:85:
                    01:34:8e:12:94:14:c8:d3:bc:78:49:04:6e:1c:b5:
                    66:6e:94:d7:68:be:b0:2e:12:54:64:ad:e6:a2:99:
                    00:d5:30:8f:67:51:75:c3:1a:40:1f:dc:b6:95:3c:
                    3f:75:d7:d2:30:eb:b0:66:e1:34:dd:ad:98:63:d8:
                    9e:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                27:C4:F1:78:09:99:07:32:0D:6B:DB:32:05:9D:41:E3:24:D7:73:16
            X509v3 Authority Key Identifier:
                keyid:67:64:B9:EE:CA:25:8A:E7:8C:4D:51:32:1A:8B:DF:EF:9A:2B:6A:3C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Z2S57soliueMTVEyGovf75orajw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/e3335f-4114-4482-8e12-4256a46afeec/1/J8TxeAmZBzINa9syBZ1B4yTXcxY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/10/e3335f-4114-4482-8e12-4256a46afeec/1/Z2S57soliueMTVEyGovf75orajw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.36.108.0/23

    Signature Algorithm: sha256WithRSAEncryption
         21:1b:c2:62:86:47:5d:d9:87:96:5e:0e:94:71:b5:bf:8b:ce:
         d4:8c:e2:a5:d6:81:08:a6:8b:1a:10:bc:60:99:8e:78:b5:fd:
         09:ae:5e:f7:f1:97:15:78:99:9c:79:11:28:24:a8:d2:d9:ce:
         f0:9e:e6:5b:e0:3c:02:1a:c6:46:54:f3:84:49:0f:d5:43:33:
         49:4d:34:ce:5f:28:dc:f1:b5:a3:8d:b8:7d:e0:d2:88:e1:ed:
         8b:92:de:80:ac:bb:56:8f:6e:4a:a6:f6:18:f6:95:b3:e8:fd:
         17:ce:c9:31:1c:56:71:cc:0a:86:d3:2f:44:48:c3:6a:a9:4c:
         bc:da:59:67:13:da:36:3f:67:1e:08:14:a7:be:aa:b9:61:ca:
         aa:28:d6:79:87:9b:e1:11:cf:04:85:a8:78:1c:f2:30:2d:e9:
         bb:e7:b6:c5:35:4d:05:d9:32:59:06:e0:3e:c0:e6:6e:d4:96:
         fa:12:52:fd:ba:83:8b:d9:6b:9a:03:43:eb:95:b5:51:1e:d4:
         bb:e5:f3:44:1a:d8:7f:4f:92:12:fa:39:34:28:f0:3c:af:16:
         2f:7b:3d:1f:ee:22:1e:43:43:aa:23:ee:ff:0e:82:d6:74:f7:
         62:3b:70:e7:6a:ec:5a:16:4d:6a:62:21:ac:44:6c:f9:0b:a1:
         26:54:38:3b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQkRWj18YWRkGi4jr60EvycMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY3NjRiOWVlY2EyNThhZTc4YzRkNTEzMjFhOGJkZmVmOWEy
YjZhM2MwHhcNMjUwMTAxMjM0ODM2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyN2M0ZjE3ODA5OTkwNzMyMGQ2YmRiMzIwNTlkNDFlMzI0ZDc3MzE2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3OWzOgOGIh/NvERVFfJVnRB7gAne
zoMT7crVRO4ojOUw7PuyHJnl2jB0J3T7tqCztejd+5BjGRIerlKrUQHWO/AZlPIc
2Z5gD7BtC1yP0eH7PfqUjdve+PiAivgLwGZNSk/TBHn8FohcQK+P879QiU7gZhkE
47j3MBk/v5nMkvtVPQdzNotxbLZF2euH4sx87jMIXd+awMVOe5oJBMI/qYJhjdSn
fkMmWUpW4mKsKmjIDeQLYKGEIMTSuXMykf7foIUBNI4SlBTI07x4SQRuHLVmbpTX
aL6wLhJUZK3mopkA1TCPZ1F1wxpAH9y2lTw/ddfSMOuwZuE03a2YY9ienQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCfE8XgJmQcyDWvbMgWdQeMk13MWMB8GA1UdIwQY
MBaAFGdkue7KJYrnjE1RMhqL3++aK2o8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWjJTNTdzb2xpdWVNVFZFeUdvdmY3NW9yYWp3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMC9lMzMzNWYtNDExNC00NDgyLThlMTIt
NDI1NmE0NmFmZWVjLzEvSjhUeGVBbVpCeklOYTlzeUJaMUI0eVRYY3hZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMC9lMzMzNWYtNDExNC00NDgyLThlMTItNDI1NmE0NmFmZWVj
LzEvWjJTNTdzb2xpdWVNVFZFeUdvdmY3NW9yYWp3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwSRsMA0G
CSqGSIb3DQEBCwUAA4IBAQAhG8Jihkdd2YeWXg6UcbW/i87UjOKl1oEIposaELxg
mY54tf0Jrl738ZcVeJmceREoJKjS2c7wnuZb4DwCGsZGVPOESQ/VQzNJTTTOXyjc
8bWjjbh94NKI4e2Lkt6ArLtWj25KpvYY9pWz6P0XzskxHFZxzAqG0y9ESMNqqUy8
2llnE9o2P2ceCBSnvqq5YcqqKNZ5h5vhEc8Ehah4HPIwLem757bFNU0F2TJZBuA+
wOZu1Jb6ElL9uoOL2WuaA0PrlbVRHtS75fNEGth/T5IS+jk0KPA8rxYvez0f7iIe
Q0OqI+7/DoLWdPdiO3DnauxaFk1qYiGsRGz5C6EmVDg7
-----END CERTIFICATE-----