Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/20/0edc0b-7ebb-470a-b056-3de44fc8b3b5/1/U_3B74ujhAJrCWsRNX6BqqwgnVw.roa
File:                     U_3B74ujhAJrCWsRNX6BqqwgnVw.roa (raw, json)
Hash identifier:          t7MohkwWoi0EopfC0Tnorl6v62Y4aRFAg2yz8Q6y9x8=
Subject key identifier:   53:FD:C1:EF:8B:A3:84:02:6B:09:6B:11:35:7E:81:AA:AC:20:9D:5C
Certificate issuer:       /CN=6ca944eaa9c7f6d457406f142c6e28cf5acc6ac8
Certificate serial:       019423D6F67759015CE2D55155BCB0B03F59
Authority key identifier: 6C:A9:44:EA:A9:C7:F6:D4:57:40:6F:14:2C:6E:28:CF:5A:CC:6A:C8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bKlE6qnH9tRXQG8ULG4oz1rMasg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/20/0edc0b-7ebb-470a-b056-3de44fc8b3b5/1/U_3B74ujhAJrCWsRNX6BqqwgnVw.roa
Signing time:             Wed 01 Jan 2025 21:47:57 +0000
ROA not before:           Wed 01 Jan 2025 21:47:57 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     60781
IP address blocks:        193.9.249.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/20/0edc0b-7ebb-470a-b056-3de44fc8b3b5/1/bKlE6qnH9tRXQG8ULG4oz1rMasg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/20/0edc0b-7ebb-470a-b056-3de44fc8b3b5/1/bKlE6qnH9tRXQG8ULG4oz1rMasg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bKlE6qnH9tRXQG8ULG4oz1rMasg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 10:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:d6:f6:77:59:01:5c:e2:d5:51:55:bc:b0:b0:3f:59
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ca944eaa9c7f6d457406f142c6e28cf5acc6ac8
        Validity
            Not Before: Jan  1 21:47:57 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=53fdc1ef8ba384026b096b11357e81aaac209d5c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:df:79:73:b9:c2:81:1c:2a:c8:8b:5d:36:df:
                    28:8d:e1:63:59:6c:54:27:32:01:be:dc:8b:bf:8c:
                    46:f7:ed:ab:8e:9c:7f:c3:cb:cb:32:88:6d:31:c0:
                    a7:d8:40:69:96:1a:1f:61:16:a5:c3:56:ff:88:c5:
                    ae:0a:4c:65:e1:b1:61:5e:d9:e4:9f:0a:0a:d5:4e:
                    75:9c:7c:40:bb:ce:d4:d4:b2:54:56:c4:b4:31:f1:
                    d3:25:a6:c3:4b:4d:07:d9:55:b9:9c:f2:54:8c:be:
                    58:d1:ea:97:ce:c6:0e:b0:53:6a:b3:3e:37:76:1d:
                    61:37:5c:7f:c9:f7:e2:2f:83:44:77:23:fe:e6:71:
                    a0:15:d7:22:da:b0:4f:64:39:c3:94:9f:d0:09:75:
                    fe:eb:53:ea:5f:c3:49:f2:ba:a7:b5:ea:6b:57:8d:
                    fc:65:5e:02:3d:ee:d3:fd:36:1b:94:f2:39:d2:55:
                    ce:32:bf:c1:39:d3:d0:3f:a1:4d:7d:63:ff:86:8c:
                    ad:81:2a:fa:ba:d7:5d:0b:80:80:6e:ad:8d:45:e1:
                    89:45:7e:d1:9b:6f:4a:27:7b:95:eb:95:c2:7e:a8:
                    bc:e0:3c:ad:72:64:66:11:48:87:28:a4:53:c4:c7:
                    e2:96:72:c0:3e:91:3f:75:3c:8e:2b:da:2d:2e:08:
                    02:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                53:FD:C1:EF:8B:A3:84:02:6B:09:6B:11:35:7E:81:AA:AC:20:9D:5C
            X509v3 Authority Key Identifier:
                keyid:6C:A9:44:EA:A9:C7:F6:D4:57:40:6F:14:2C:6E:28:CF:5A:CC:6A:C8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bKlE6qnH9tRXQG8ULG4oz1rMasg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/20/0edc0b-7ebb-470a-b056-3de44fc8b3b5/1/U_3B74ujhAJrCWsRNX6BqqwgnVw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/20/0edc0b-7ebb-470a-b056-3de44fc8b3b5/1/bKlE6qnH9tRXQG8ULG4oz1rMasg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.9.249.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7b:77:3c:a9:30:1c:96:5c:fd:d9:95:6e:e2:e4:4b:d7:46:36:
         19:8d:b3:81:9a:84:ea:b1:8f:17:0a:ca:80:79:45:9a:e9:6b:
         57:e1:4a:a6:e0:5c:7b:69:0d:e2:f7:52:e7:ad:86:84:2b:80:
         da:88:fd:d6:02:85:fe:c4:3e:c4:fb:48:a2:ac:0c:3c:f5:76:
         e0:17:4f:ae:3b:74:ad:a0:88:1b:f1:b8:2a:c9:59:d7:27:4b:
         31:31:55:38:81:11:b5:9d:cb:48:12:26:15:de:39:bd:1a:63:
         9b:c8:70:d3:ed:79:c9:93:ff:1e:80:7c:38:d4:86:dc:46:cf:
         28:94:50:8b:fe:38:1b:d6:ce:d2:d2:37:b9:fd:30:26:e2:b8:
         02:9e:5c:a7:f8:fc:19:7d:e4:4f:01:fd:03:eb:06:55:d9:1e:
         89:d7:82:48:7b:99:77:a5:e6:66:59:a9:60:2c:89:de:d7:ba:
         0f:26:84:c7:5d:cb:e5:25:08:60:96:0c:a5:74:c5:cb:bc:51:
         50:39:58:44:ef:81:6d:6e:a2:08:3c:f0:2c:e6:98:be:22:b4:
         05:44:35:cc:a4:8d:00:7c:39:52:4d:95:39:9c:ff:b7:7e:44:
         4e:f1:a7:22:38:00:db:02:1d:da:e5:05:35:7c:79:68:a8:9b:
         67:83:b0:98
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQj1vZ3WQFc4tVRVbywsD9ZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZjYTk0NGVhYTljN2Y2ZDQ1NzQwNmYxNDJjNmUyOGNmNWFj
YzZhYzgwHhcNMjUwMTAxMjE0NzU3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1M2ZkYzFlZjhiYTM4NDAyNmIwOTZiMTEzNTdlODFhYWFjMjA5ZDVjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzt95c7nCgRwqyItdNt8ojeFjWWxU
JzIBvtyLv4xG9+2rjpx/w8vLMohtMcCn2EBplhofYRalw1b/iMWuCkxl4bFhXtnk
nwoK1U51nHxAu87U1LJUVsS0MfHTJabDS00H2VW5nPJUjL5Y0eqXzsYOsFNqsz43
dh1hN1x/yffiL4NEdyP+5nGgFdci2rBPZDnDlJ/QCXX+61PqX8NJ8rqnteprV438
ZV4CPe7T/TYblPI50lXOMr/BOdPQP6FNfWP/hoytgSr6utddC4CAbq2NReGJRX7R
m29KJ3uV65XCfqi84DytcmRmEUiHKKRTxMfilnLAPpE/dTyOK9otLggC7wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFP9we+Lo4QCawlrETV+gaqsIJ1cMB8GA1UdIwQY
MBaAFGypROqpx/bUV0BvFCxuKM9azGrIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYktsRTZxbkg5dFJYUUc4VUxHNG96MXJNYXNnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMC8wZWRjMGItN2ViYi00NzBhLWIwNTYt
M2RlNDRmYzhiM2I1LzEvVV8zQjc0dWpoQUpyQ1dzUk5YNkJxcXdnblZ3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMC8wZWRjMGItN2ViYi00NzBhLWIwNTYtM2RlNDRmYzhiM2I1
LzEvYktsRTZxbkg5dFJYUUc4VUxHNG96MXJNYXNnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwQn5MA0G
CSqGSIb3DQEBCwUAA4IBAQB7dzypMByWXP3ZlW7i5EvXRjYZjbOBmoTqsY8XCsqA
eUWa6WtX4Uqm4Fx7aQ3i91LnrYaEK4DaiP3WAoX+xD7E+0iirAw89XbgF0+uO3St
oIgb8bgqyVnXJ0sxMVU4gRG1nctIEiYV3jm9GmObyHDT7XnJk/8egHw41IbcRs8o
lFCL/jgb1s7S0je5/TAm4rgCnlyn+PwZfeRPAf0D6wZV2R6J14JIe5l3peZmWalg
LIne17oPJoTHXcvlJQhglgyldMXLvFFQOVhE74FtbqIIPPAs5pi+IrQFRDXMpI0A
fDlSTZU5nP+3fkRO8aciOADbAh3a5QU1fHloqJtng7CY
-----END CERTIFICATE-----