Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/bn1N-hUjxieTKZRIMgQlhXKScyc.roa
File:                     bn1N-hUjxieTKZRIMgQlhXKScyc.roa (raw, json)
Hash identifier:          78h0deg78fbqF1z0hrDwA4aGWmYyV+7hPOPNMaqLnJQ=
Subject key identifier:   6E:7D:4D:FA:15:23:C6:27:93:29:94:48:32:04:25:85:72:92:73:27
Certificate issuer:       /CN=3183785916cd98d7c770d685145499a8a0a15722
Certificate serial:       01941F8C26E73CC57518FFB1A84C37A2E76D
Authority key identifier: 31:83:78:59:16:CD:98:D7:C7:70:D6:85:14:54:99:A8:A0:A1:57:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MYN4WRbNmNfHcNaFFFSZqKChVyI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/bn1N-hUjxieTKZRIMgQlhXKScyc.roa
Signing time:             Wed 01 Jan 2025 01:47:46 +0000
ROA not before:           Wed 01 Jan 2025 01:47:46 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     47427
IP address blocks:        80.96.224.0/23 maxlen: 23
                          81.180.90.0/23 maxlen: 23
                          193.231.77.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/MYN4WRbNmNfHcNaFFFSZqKChVyI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/MYN4WRbNmNfHcNaFFFSZqKChVyI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MYN4WRbNmNfHcNaFFFSZqKChVyI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 15:01:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:8c:26:e7:3c:c5:75:18:ff:b1:a8:4c:37:a2:e7:6d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3183785916cd98d7c770d685145499a8a0a15722
        Validity
            Not Before: Jan  1 01:47:46 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6e7d4dfa1523c627932994483204258572927327
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ee:a8:81:00:b6:b3:fb:0b:37:b4:4b:f1:d0:d3:
                    fd:12:e2:31:89:f5:9c:d1:4f:6f:b3:d6:af:9c:1d:
                    c1:d2:96:ed:67:64:91:cd:56:b6:25:86:6f:e9:ce:
                    89:e4:21:2f:a7:0d:98:95:cc:18:67:7e:8c:f4:5e:
                    bb:8f:76:09:f4:6f:8d:e4:da:b4:71:ec:38:5e:1a:
                    01:20:0e:d6:3e:5f:0d:57:18:fc:15:87:05:27:ba:
                    22:07:57:c8:64:3e:87:24:9a:68:c3:f5:00:f9:13:
                    e0:17:3a:a1:1f:0d:43:46:00:95:54:be:45:94:89:
                    36:b1:c0:e9:c7:0e:9e:74:b1:60:17:fb:7b:c7:01:
                    f8:bd:40:27:f3:37:34:f8:a4:94:ef:f5:8f:f1:94:
                    32:47:02:6d:b2:99:d0:a6:28:01:b3:0e:ea:bb:4f:
                    c6:a9:6d:23:0f:03:e0:dd:05:7c:e8:28:a7:91:38:
                    76:43:60:33:8d:87:56:c8:6e:c8:56:35:15:d8:eb:
                    7a:3f:4e:2a:be:6c:59:f9:31:40:6a:9e:40:ba:6e:
                    e4:ea:ef:43:37:dd:fe:49:76:78:1c:52:19:4d:7a:
                    bf:de:9b:a3:49:47:a6:3f:6a:ad:9a:7f:42:a6:6a:
                    af:ff:a1:e3:4e:24:6f:25:98:df:7b:ab:fd:27:25:
                    0d:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6E:7D:4D:FA:15:23:C6:27:93:29:94:48:32:04:25:85:72:92:73:27
            X509v3 Authority Key Identifier:
                keyid:31:83:78:59:16:CD:98:D7:C7:70:D6:85:14:54:99:A8:A0:A1:57:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MYN4WRbNmNfHcNaFFFSZqKChVyI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/bn1N-hUjxieTKZRIMgQlhXKScyc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/MYN4WRbNmNfHcNaFFFSZqKChVyI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.96.224.0/23
                  81.180.90.0/23
                  193.231.77.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6e:d8:19:1d:55:3d:32:c4:a7:bf:6a:0b:5e:86:11:4e:72:8a:
         1e:50:fe:d2:4f:4e:5c:a1:fc:ff:46:2c:ff:1b:39:87:d8:7c:
         4b:f8:e9:a2:79:be:23:03:b9:f3:b3:63:7a:4f:a8:23:d1:f7:
         e1:8d:51:69:23:59:65:e9:30:53:96:29:2c:60:c9:de:37:f7:
         58:de:32:36:b2:41:9c:63:f0:1e:17:65:b0:e3:bd:ed:ea:32:
         a6:a8:13:b0:c0:3e:f8:bd:39:fa:0b:d0:39:07:dc:ba:b6:c7:
         07:df:64:62:85:f0:68:a1:c1:93:46:3b:b9:50:9f:84:65:33:
         4c:65:d7:d4:02:2d:ce:1a:6c:cb:e5:27:63:7f:80:32:0c:73:
         db:1c:90:d2:03:ef:3a:b2:7c:8e:a1:1d:18:11:19:2c:c4:94:
         a9:04:46:ed:36:d5:92:9b:8a:6e:f6:57:d6:01:31:9d:7c:8c:
         8f:ba:52:7b:9a:a5:f6:3f:37:5b:88:91:3d:64:f6:89:0b:b2:
         d0:4a:2b:7f:fd:b5:a2:f1:0c:6e:44:47:55:5c:12:3e:2b:9f:
         55:01:fe:93:8c:59:e4:92:b8:56:51:49:5a:4c:8a:07:eb:d9:
         9c:d2:02:fb:6b:15:4a:63:1c:21:14:4c:a8:a5:8c:90:cf:61:
         e2:37:31:9f
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZQfjCbnPMV1GP+xqEw3oudtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMxODM3ODU5MTZjZDk4ZDdjNzcwZDY4NTE0NTQ5OWE4YTBh
MTU3MjIwHhcNMjUwMTAxMDE0NzQ2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZTdkNGRmYTE1MjNjNjI3OTMyOTk0NDgzMjA0MjU4NTcyOTI3MzI3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7qiBALaz+ws3tEvx0NP9EuIxifWc
0U9vs9avnB3B0pbtZ2SRzVa2JYZv6c6J5CEvpw2YlcwYZ36M9F67j3YJ9G+N5Nq0
cew4XhoBIA7WPl8NVxj8FYcFJ7oiB1fIZD6HJJpow/UA+RPgFzqhHw1DRgCVVL5F
lIk2scDpxw6edLFgF/t7xwH4vUAn8zc0+KSU7/WP8ZQyRwJtspnQpigBsw7qu0/G
qW0jDwPg3QV86CinkTh2Q2AzjYdWyG7IVjUV2Ot6P04qvmxZ+TFAap5Aum7k6u9D
N93+SXZ4HFIZTXq/3pujSUemP2qtmn9Cpmqv/6HjTiRvJZjfe6v9JyUN4QIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFG59TfoVI8YnkymUSDIEJYVyknMnMB8GA1UdIwQY
MBaAFDGDeFkWzZjXx3DWhRRUmaigoVciMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTVlONFdSYk5tTmZIY05hRkZGU1pxS0NoVnlJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNS83MTkzZGItN2Y4NS00MmJiLWIwOWEt
ZjUyYzQ3YzIyNWRiLzEvYm4xTi1oVWp4aWVUS1pSSU1nUWxoWEtTY3ljLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNS83MTkzZGItN2Y4NS00MmJiLWIwOWEtZjUyYzQ3YzIyNWRi
LzEvTVlONFdSYk5tTmZIY05hRkZGU1pxS0NoVnlJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQBUGDgAwQB
UbRaAwQAwedNMA0GCSqGSIb3DQEBCwUAA4IBAQBu2BkdVT0yxKe/agtehhFOcooe
UP7ST05cofz/Riz/GzmH2HxL+Omieb4jA7nzs2N6T6gj0ffhjVFpI1ll6TBTliks
YMneN/dY3jI2skGcY/AeF2Ww473t6jKmqBOwwD74vTn6C9A5B9y6tscH32RihfBo
ocGTRju5UJ+EZTNMZdfUAi3OGmzL5Sdjf4AyDHPbHJDSA+86snyOoR0YERksxJSp
BEbtNtWSm4pu9lfWATGdfIyPulJ7mqX2PzdbiJE9ZPaJC7LQSit//bWi8QxuREdV
XBI+K59VAf6TjFnkkrhWUUlaTIoH69mc0gL7axVKYxwhFEyopYyQz2HiNzGf
-----END CERTIFICATE-----