Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/16/a27b39-8011-4142-86c2-cf83d6e40558/1/dRiT-c0xAt2kngbyOhm_uFIV1zw.roa
File:                     dRiT-c0xAt2kngbyOhm_uFIV1zw.roa (raw, json)
Hash identifier:          Wglqc09L4EahGS8AZXe98XrHNBuQBQLDeHD0KWaBnTQ=
Subject key identifier:   75:18:93:F9:CD:31:02:DD:A4:9E:06:F2:3A:19:BF:B8:52:15:D7:3C
Certificate issuer:       /CN=bda96d02a822f46253c2aee680441d5ac27c3df5
Certificate serial:       0194221FDAB76D5DC47399587B5B02255859
Authority key identifier: BD:A9:6D:02:A8:22:F4:62:53:C2:AE:E6:80:44:1D:5A:C2:7C:3D:F5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/valtAqgi9GJTwq7mgEQdWsJ8PfU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/16/a27b39-8011-4142-86c2-cf83d6e40558/1/dRiT-c0xAt2kngbyOhm_uFIV1zw.roa
Signing time:             Wed 01 Jan 2025 13:48:20 +0000
ROA not before:           Wed 01 Jan 2025 13:48:20 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     59676
IP address blocks:        31.13.6.0/24 maxlen: 24
                          193.105.150.0/24 maxlen: 24
                          2a00:10e8:2::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/16/a27b39-8011-4142-86c2-cf83d6e40558/1/valtAqgi9GJTwq7mgEQdWsJ8PfU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/16/a27b39-8011-4142-86c2-cf83d6e40558/1/valtAqgi9GJTwq7mgEQdWsJ8PfU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/valtAqgi9GJTwq7mgEQdWsJ8PfU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 01:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:1f:da:b7:6d:5d:c4:73:99:58:7b:5b:02:25:58:59
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bda96d02a822f46253c2aee680441d5ac27c3df5
        Validity
            Not Before: Jan  1 13:48:20 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=751893f9cd3102dda49e06f23a19bfb85215d73c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:0a:ef:10:f7:bf:3c:51:7f:0d:19:f8:60:87:
                    58:5e:19:6d:b8:58:96:19:42:77:9b:37:49:3b:f0:
                    88:9d:45:a5:11:88:3d:95:36:2e:be:b6:5a:2b:15:
                    44:30:b6:93:e3:59:6f:54:df:5c:e9:e2:4c:ef:18:
                    7a:f5:79:18:31:34:17:21:6e:bc:0c:92:19:e9:2c:
                    3b:06:4f:2c:ce:30:73:0a:90:5b:ba:d3:f3:fa:49:
                    0d:71:e8:65:2d:78:4e:22:fc:02:68:b2:d6:b9:75:
                    1e:46:08:bc:36:0e:d4:40:99:8e:3c:23:49:0b:63:
                    b6:46:0b:70:71:fd:69:27:5e:9d:ec:22:80:46:2e:
                    24:05:0b:83:33:96:84:50:3d:e8:f9:d1:f6:41:7f:
                    b8:32:75:cf:d7:82:59:8b:3f:3b:a7:01:8f:32:84:
                    32:a7:4f:e6:ba:b2:df:33:ce:82:bd:65:47:40:35:
                    b1:44:2c:42:86:79:ac:ea:ae:ac:1d:4d:9b:56:74:
                    cc:74:69:c2:45:3c:4e:9a:76:76:cd:cd:b9:d0:a4:
                    56:cc:b7:ab:3c:9f:14:1b:84:49:ca:55:5d:67:58:
                    21:e5:a3:00:1a:69:ad:8b:bc:3d:5d:06:f2:14:0b:
                    5e:26:97:c5:f1:d5:93:4a:bb:65:e7:b3:3a:99:df:
                    9c:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                75:18:93:F9:CD:31:02:DD:A4:9E:06:F2:3A:19:BF:B8:52:15:D7:3C
            X509v3 Authority Key Identifier:
                keyid:BD:A9:6D:02:A8:22:F4:62:53:C2:AE:E6:80:44:1D:5A:C2:7C:3D:F5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/valtAqgi9GJTwq7mgEQdWsJ8PfU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/a27b39-8011-4142-86c2-cf83d6e40558/1/dRiT-c0xAt2kngbyOhm_uFIV1zw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/16/a27b39-8011-4142-86c2-cf83d6e40558/1/valtAqgi9GJTwq7mgEQdWsJ8PfU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.13.6.0/24
                  193.105.150.0/24
                IPv6:
                  2a00:10e8:2::/48

    Signature Algorithm: sha256WithRSAEncryption
         6c:08:8b:b7:f2:dd:7b:c7:04:c8:a5:a1:6a:82:c6:ae:9d:12:
         6d:8d:95:c6:bb:44:92:25:4e:79:b4:99:40:ec:85:71:28:4d:
         b9:01:e4:af:f7:2f:2b:b5:eb:3a:98:f6:6f:3a:8f:2f:78:f0:
         e2:3f:6b:64:d5:82:92:17:af:79:7b:bf:6b:2d:1f:33:98:75:
         87:80:17:22:57:08:eb:a4:d8:19:68:68:42:4b:73:c7:40:15:
         51:f8:7d:03:4b:b1:b6:ba:c1:7f:ab:f9:7d:b8:ab:9d:f2:10:
         45:4d:0e:c1:38:d9:ae:54:a8:36:81:d8:b0:8e:57:d0:bc:ce:
         0f:fd:c9:ec:5c:d7:c9:66:6a:23:69:a5:5a:02:fc:0d:58:4a:
         6a:c3:59:23:9c:b4:af:68:14:13:c2:de:ca:79:9f:2a:b9:df:
         56:f6:cf:e6:45:71:e4:cf:69:04:3e:73:cf:3a:98:b9:c7:27:
         e6:82:97:00:b6:3f:38:78:50:ab:c1:9d:bc:ee:38:1b:47:ef:
         04:1d:2b:77:47:d6:d9:42:dd:21:6e:a2:d7:48:30:aa:f6:f1:
         0a:24:d7:53:70:97:60:9f:02:fe:63:3d:c2:53:29:8c:13:70:
         c8:be:e5:57:fd:61:3e:e5:97:4d:c1:c0:f3:f5:aa:00:e2:df:
         1c:84:05:70
-----BEGIN CERTIFICATE-----
MIIFFDCCA/ygAwIBAgISAZQiH9q3bV3Ec5lYe1sCJVhZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJkYTk2ZDAyYTgyMmY0NjI1M2MyYWVlNjgwNDQxZDVhYzI3
YzNkZjUwHhcNMjUwMTAxMTM0ODIwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NTE4OTNmOWNkMzEwMmRkYTQ5ZTA2ZjIzYTE5YmZiODUyMTVkNzNjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAugrvEPe/PFF/DRn4YIdYXhltuFiW
GUJ3mzdJO/CInUWlEYg9lTYuvrZaKxVEMLaT41lvVN9c6eJM7xh69XkYMTQXIW68
DJIZ6Sw7Bk8szjBzCpBbutPz+kkNcehlLXhOIvwCaLLWuXUeRgi8Ng7UQJmOPCNJ
C2O2Rgtwcf1pJ16d7CKARi4kBQuDM5aEUD3o+dH2QX+4MnXP14JZiz87pwGPMoQy
p0/murLfM86CvWVHQDWxRCxChnms6q6sHU2bVnTMdGnCRTxOmnZ2zc250KRWzLer
PJ8UG4RJylVdZ1gh5aMAGmmti7w9XQbyFAteJpfF8dWTSrtl57M6md+cDwIDAQAB
o4ICIDCCAhwwHQYDVR0OBBYEFHUYk/nNMQLdpJ4G8joZv7hSFdc8MB8GA1UdIwQY
MBaAFL2pbQKoIvRiU8Ku5oBEHVrCfD31MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdmFsdEFxZ2k5R0pUd3E3bWdFUWRXc0o4UGZVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNi9hMjdiMzktODAxMS00MTQyLTg2YzIt
Y2Y4M2Q2ZTQwNTU4LzEvZFJpVC1jMHhBdDJrbmdieU9obV91RklWMXp3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNi9hMjdiMzktODAxMS00MTQyLTg2YzItY2Y4M2Q2ZTQwNTU4
LzEvdmFsdEFxZ2k5R0pUd3E3bWdFUWRXc0o4UGZVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDYGCCsGAQUFBwEHAQH/BCcwJTASBAIAATAMAwQAHw0GAwQA
wWmWMA8EAgACMAkDBwAqABDoAAIwDQYJKoZIhvcNAQELBQADggEBAGwIi7fy3XvH
BMiloWqCxq6dEm2Nlca7RJIlTnm0mUDshXEoTbkB5K/3Lyu16zqY9m86jy948OI/
a2TVgpIXr3l7v2stHzOYdYeAFyJXCOuk2BloaEJLc8dAFVH4fQNLsba6wX+r+X24
q53yEEVNDsE42a5UqDaB2LCOV9C8zg/9yexc18lmaiNppVoC/A1YSmrDWSOctK9o
FBPC3sp5nyq531b2z+ZFceTPaQQ+c886mLnHJ+aClwC2Pzh4UKvBnbzuOBtH7wQd
K3dH1tlC3SFuotdIMKr28Qok11Nwl2CfAv5jPcJTKYwTcMi+5Vf9YT7ll03BwPP1
qgDi3xyEBXA=
-----END CERTIFICATE-----