Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/a4a87a-4f7d-40bd-b1f5-ff4a99783ab4/1/utLJ7YGi1SD6bf2E3cIfMW0icz0.roa
File:                     utLJ7YGi1SD6bf2E3cIfMW0icz0.roa (raw, json)
Hash identifier:          bwpJCF2pXOs/NsitTdh/ToVpeQtbypYmGT2uF/B4Dn0=
Subject key identifier:   BA:D2:C9:ED:81:A2:D5:20:FA:6D:FD:84:DD:C2:1F:31:6D:22:73:3D
Certificate issuer:       /CN=7ee3208e818dd74c0d6b43d927ea0d1893bed650
Certificate serial:       0194228D862E4B4448BF4F238225F4C3AADD
Authority key identifier: 7E:E3:20:8E:81:8D:D7:4C:0D:6B:43:D9:27:EA:0D:18:93:BE:D6:50
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fuMgjoGN10wNa0PZJ-oNGJO-1lA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/13/a4a87a-4f7d-40bd-b1f5-ff4a99783ab4/1/utLJ7YGi1SD6bf2E3cIfMW0icz0.roa
Signing time:             Wed 01 Jan 2025 15:48:07 +0000
ROA not before:           Wed 01 Jan 2025 15:48:07 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     196906
IP address blocks:        193.105.62.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/13/a4a87a-4f7d-40bd-b1f5-ff4a99783ab4/1/fuMgjoGN10wNa0PZJ-oNGJO-1lA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/13/a4a87a-4f7d-40bd-b1f5-ff4a99783ab4/1/fuMgjoGN10wNa0PZJ-oNGJO-1lA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fuMgjoGN10wNa0PZJ-oNGJO-1lA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 18:00:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:8d:86:2e:4b:44:48:bf:4f:23:82:25:f4:c3:aa:dd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7ee3208e818dd74c0d6b43d927ea0d1893bed650
        Validity
            Not Before: Jan  1 15:48:07 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=bad2c9ed81a2d520fa6dfd84ddc21f316d22733d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:6f:d2:a0:2e:bd:6b:dd:84:62:c9:6d:b7:15:
                    72:7d:fe:9e:05:63:a6:dc:c4:2c:a3:d9:bc:09:9d:
                    9b:bf:48:04:87:89:40:4b:c3:1b:a3:06:70:be:a9:
                    1b:e6:39:3f:a3:72:72:48:0e:09:74:66:95:9d:62:
                    fd:86:7f:74:a3:2f:1b:07:8f:a1:f3:ce:d2:4d:fc:
                    60:78:3c:db:61:a5:35:9c:11:40:98:c1:7e:1e:9c:
                    f1:6c:b3:b1:01:14:92:21:22:36:1a:1c:bf:67:90:
                    ae:35:26:6d:46:09:88:13:69:dc:7c:c1:c5:f1:0d:
                    ff:f0:78:b6:c6:b6:62:6d:02:f4:67:87:b9:90:4c:
                    2a:31:85:b6:06:32:ee:f4:87:1f:f4:86:1b:c7:77:
                    28:41:9c:90:44:7f:c0:fc:9c:d0:14:2e:c0:d3:ce:
                    2f:e8:23:f2:e3:98:74:3c:e7:84:5a:bb:17:93:86:
                    1b:32:49:7b:85:7d:64:0d:1e:c4:dc:64:e4:5b:bb:
                    54:24:8d:60:77:c2:e8:b6:b3:73:7b:0c:42:af:82:
                    90:90:b3:98:7f:70:04:80:54:92:59:c6:32:ef:bd:
                    ce:bd:76:5f:32:04:cd:4f:1a:45:23:44:bc:1d:d3:
                    37:81:93:31:fa:fe:bc:bb:49:7d:c1:f5:84:ca:48:
                    fe:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BA:D2:C9:ED:81:A2:D5:20:FA:6D:FD:84:DD:C2:1F:31:6D:22:73:3D
            X509v3 Authority Key Identifier:
                keyid:7E:E3:20:8E:81:8D:D7:4C:0D:6B:43:D9:27:EA:0D:18:93:BE:D6:50

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fuMgjoGN10wNa0PZJ-oNGJO-1lA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/a4a87a-4f7d-40bd-b1f5-ff4a99783ab4/1/utLJ7YGi1SD6bf2E3cIfMW0icz0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/13/a4a87a-4f7d-40bd-b1f5-ff4a99783ab4/1/fuMgjoGN10wNa0PZJ-oNGJO-1lA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.105.62.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ab:fb:3a:8a:49:af:5a:41:5b:07:7e:b9:c2:b0:99:7f:af:9d:
         e2:fd:c2:e3:41:5d:01:29:c5:db:9f:d5:3f:dd:bb:c3:e6:d8:
         04:d6:3e:3b:b8:74:d5:6b:4d:c9:fc:7b:ce:af:fc:a5:e5:cf:
         e7:f1:3c:67:0e:04:37:c2:f7:ec:7e:9d:27:d6:b9:59:d8:94:
         e1:3a:11:42:af:e5:24:73:69:dc:4b:2d:08:d2:df:26:6e:e6:
         57:41:68:7c:fe:3a:7a:d7:65:bc:19:0b:4f:8d:87:e1:f1:04:
         75:9e:6c:32:3f:ed:52:37:ab:da:d3:4e:9d:2e:a9:76:8b:85:
         42:b4:73:aa:45:fc:a7:21:b7:2b:25:6f:93:c6:d7:d8:b6:32:
         49:4a:bf:93:b6:26:4e:4f:7a:17:bf:d8:f6:d6:8c:3e:ff:2c:
         51:72:6f:be:e3:e0:e9:87:ce:32:fd:da:64:09:da:72:ec:f5:
         22:5d:96:14:bf:f1:39:89:bb:42:02:be:14:ca:90:b6:13:84:
         31:dd:0d:f3:ee:94:08:13:a4:9e:e7:bc:b2:66:7c:76:33:2c:
         d9:d3:58:8c:dd:21:72:b5:b5:f2:2f:07:b0:0d:5c:ed:5a:aa:
         b0:1a:3c:6e:a2:f3:ad:16:73:9e:c9:b3:49:c1:3b:aa:92:2c:
         5f:81:6f:aa
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQijYYuS0RIv08jgiX0w6rdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdlZTMyMDhlODE4ZGQ3NGMwZDZiNDNkOTI3ZWEwZDE4OTNi
ZWQ2NTAwHhcNMjUwMTAxMTU0ODA3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYWQyYzllZDgxYTJkNTIwZmE2ZGZkODRkZGMyMWYzMTZkMjI3MzNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgm/SoC69a92EYslttxVyff6eBWOm
3MQso9m8CZ2bv0gEh4lAS8MbowZwvqkb5jk/o3JySA4JdGaVnWL9hn90oy8bB4+h
887STfxgeDzbYaU1nBFAmMF+HpzxbLOxARSSISI2Ghy/Z5CuNSZtRgmIE2ncfMHF
8Q3/8Hi2xrZibQL0Z4e5kEwqMYW2BjLu9Icf9IYbx3coQZyQRH/A/JzQFC7A084v
6CPy45h0POeEWrsXk4YbMkl7hX1kDR7E3GTkW7tUJI1gd8LotrNzewxCr4KQkLOY
f3AEgFSSWcYy773OvXZfMgTNTxpFI0S8HdM3gZMx+v68u0l9wfWEykj+EwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLrSye2BotUg+m39hN3CHzFtInM9MB8GA1UdIwQY
MBaAFH7jII6BjddMDWtD2SfqDRiTvtZQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZnVNZ2pvR04xMHdOYTBQWkotb05HSk8tMWxBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy9hNGE4N2EtNGY3ZC00MGJkLWIxZjUt
ZmY0YTk5NzgzYWI0LzEvdXRMSjdZR2kxU0Q2YmYyRTNjSWZNVzBpY3owLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMy9hNGE4N2EtNGY3ZC00MGJkLWIxZjUtZmY0YTk5NzgzYWI0
LzEvZnVNZ2pvR04xMHdOYTBQWkotb05HSk8tMWxBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwWk+MA0G
CSqGSIb3DQEBCwUAA4IBAQCr+zqKSa9aQVsHfrnCsJl/r53i/cLjQV0BKcXbn9U/
3bvD5tgE1j47uHTVa03J/HvOr/yl5c/n8TxnDgQ3wvfsfp0n1rlZ2JThOhFCr+Uk
c2ncSy0I0t8mbuZXQWh8/jp612W8GQtPjYfh8QR1nmwyP+1SN6va006dLql2i4VC
tHOqRfynIbcrJW+TxtfYtjJJSr+TtiZOT3oXv9j21ow+/yxRcm++4+Dph84y/dpk
Cdpy7PUiXZYUv/E5ibtCAr4UypC2E4Qx3Q3z7pQIE6Se57yyZnx2MyzZ01iM3SFy
tbXyLwewDVztWqqwGjxuovOtFnOeybNJwTuqkixfgW+q
-----END CERTIFICATE-----