Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/27/3e069a-3421-40ab-9e0c-45cc2dd6e491/1/boDA4PQiCnDxp3aC4mFfCKLLJrE.roa
File:                     boDA4PQiCnDxp3aC4mFfCKLLJrE.roa (raw, json)
Hash identifier:          qzJMKZb9GADDw4cKKxLUhJ/VrvT205N7vn0KRws/PGE=
Subject key identifier:   6E:80:C0:E0:F4:22:0A:70:F1:A7:76:82:E2:61:5F:08:A2:CB:26:B1
Certificate issuer:       /CN=9fbddc6313efc4b672a7e2b32ae3c4484fe5f630
Certificate serial:       01942143B7452CBE51D9D6C23D63882A8B69
Authority key identifier: 9F:BD:DC:63:13:EF:C4:B6:72:A7:E2:B3:2A:E3:C4:48:4F:E5:F6:30
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/n73cYxPvxLZyp-KzKuPESE_l9jA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/27/3e069a-3421-40ab-9e0c-45cc2dd6e491/1/boDA4PQiCnDxp3aC4mFfCKLLJrE.roa
Signing time:             Wed 01 Jan 2025 09:47:53 +0000
ROA not before:           Wed 01 Jan 2025 09:47:53 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     48748
IP address blocks:        195.88.26.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/27/3e069a-3421-40ab-9e0c-45cc2dd6e491/1/n73cYxPvxLZyp-KzKuPESE_l9jA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/27/3e069a-3421-40ab-9e0c-45cc2dd6e491/1/n73cYxPvxLZyp-KzKuPESE_l9jA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/n73cYxPvxLZyp-KzKuPESE_l9jA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 17 Apr 2025 18:00:47 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:43:b7:45:2c:be:51:d9:d6:c2:3d:63:88:2a:8b:69
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9fbddc6313efc4b672a7e2b32ae3c4484fe5f630
        Validity
            Not Before: Jan  1 09:47:53 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6e80c0e0f4220a70f1a77682e2615f08a2cb26b1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:00:f7:07:74:c1:e5:57:63:c9:fb:c5:0b:2a:
                    7b:2d:3b:05:16:ac:0b:83:b6:d4:10:60:94:5e:5c:
                    36:04:f5:28:03:e1:40:29:c8:1b:88:41:51:01:ee:
                    b1:86:fd:94:ad:be:91:0c:6f:04:e5:be:4a:36:91:
                    40:f6:30:8c:e5:86:08:12:58:d6:e2:76:46:0b:4c:
                    52:2e:27:20:b8:e4:66:da:9f:ca:ca:4a:43:e8:00:
                    e9:05:67:61:48:7f:c7:97:41:38:c2:4c:20:b1:f5:
                    8a:25:24:c0:d3:62:e5:af:9a:60:30:d1:51:98:8c:
                    36:d5:fc:93:cd:bb:91:7f:70:e4:7b:c1:f5:7c:0b:
                    0c:05:68:59:67:85:bb:47:32:de:3f:ad:ec:42:31:
                    dd:50:f2:9d:28:29:35:2c:5f:ed:80:6b:92:61:74:
                    5b:95:49:ab:27:3f:de:d4:4c:54:42:dd:9f:ae:77:
                    a0:f8:81:1d:1a:e2:6e:89:b9:a9:75:53:9a:fb:69:
                    9f:45:0e:65:22:21:31:c2:03:4c:59:5a:f1:90:cb:
                    39:cc:3e:22:36:3c:74:97:34:0c:e0:b5:48:19:d6:
                    af:fd:0c:3a:88:e3:3c:01:2c:a0:31:54:00:00:53:
                    66:c0:98:7b:be:50:a1:7d:4c:21:19:e2:cc:71:28:
                    22:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6E:80:C0:E0:F4:22:0A:70:F1:A7:76:82:E2:61:5F:08:A2:CB:26:B1
            X509v3 Authority Key Identifier:
                keyid:9F:BD:DC:63:13:EF:C4:B6:72:A7:E2:B3:2A:E3:C4:48:4F:E5:F6:30

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/n73cYxPvxLZyp-KzKuPESE_l9jA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/27/3e069a-3421-40ab-9e0c-45cc2dd6e491/1/boDA4PQiCnDxp3aC4mFfCKLLJrE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/27/3e069a-3421-40ab-9e0c-45cc2dd6e491/1/n73cYxPvxLZyp-KzKuPESE_l9jA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.88.26.0/23

    Signature Algorithm: sha256WithRSAEncryption
         8e:9a:e9:07:3f:c8:87:dd:b4:1a:02:46:d9:73:9a:d2:5a:db:
         a0:a6:69:22:e8:d0:0c:3e:45:69:b7:83:76:c0:33:56:c1:8c:
         17:16:cc:8e:df:a7:49:95:bc:f3:93:f1:1a:4e:b0:69:49:3d:
         62:63:4b:90:b2:f6:5d:b8:d6:20:45:3c:8b:a0:5b:76:52:e4:
         01:80:bd:40:fd:6d:49:be:c9:34:e4:27:b2:4b:cb:19:b3:53:
         f7:82:70:88:c1:41:17:68:10:07:33:1e:3b:ce:49:31:ab:4a:
         de:8c:7f:f3:d2:5f:92:e5:01:7c:e8:fa:d7:f0:c1:ed:e5:56:
         e0:00:8d:04:63:0b:8a:d0:5c:d8:77:0e:28:34:23:10:ae:86:
         02:f6:b5:e9:e8:1a:82:d1:05:9f:31:5c:33:3c:09:38:ae:5e:
         76:cb:8a:fa:5d:f7:38:0b:07:45:28:04:80:cb:d3:ae:81:a1:
         14:c1:47:99:b9:68:69:54:31:a7:9e:2a:6a:d7:fb:88:04:92:
         94:b4:cf:6e:33:39:8c:25:1b:48:d6:e9:ab:61:eb:00:6c:12:
         67:ac:a8:e0:d8:9a:de:86:09:96:6c:b7:05:91:ba:5f:e5:6b:
         5c:21:d4:4f:ef:2f:58:76:31:fc:c3:89:cf:86:d2:12:4a:d7:
         b6:29:37:08
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhQ7dFLL5R2dbCPWOIKotpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlmYmRkYzYzMTNlZmM0YjY3MmE3ZTJiMzJhZTNjNDQ4NGZl
NWY2MzAwHhcNMjUwMTAxMDk0NzUzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZTgwYzBlMGY0MjIwYTcwZjFhNzc2ODJlMjYxNWYwOGEyY2IyNmIxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAngD3B3TB5VdjyfvFCyp7LTsFFqwL
g7bUEGCUXlw2BPUoA+FAKcgbiEFRAe6xhv2Urb6RDG8E5b5KNpFA9jCM5YYIEljW
4nZGC0xSLicguORm2p/KykpD6ADpBWdhSH/Hl0E4wkwgsfWKJSTA02Llr5pgMNFR
mIw21fyTzbuRf3Dke8H1fAsMBWhZZ4W7RzLeP63sQjHdUPKdKCk1LF/tgGuSYXRb
lUmrJz/e1ExUQt2frneg+IEdGuJuibmpdVOa+2mfRQ5lIiExwgNMWVrxkMs5zD4i
Njx0lzQM4LVIGdav/Qw6iOM8ASygMVQAAFNmwJh7vlChfUwhGeLMcSgiFwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFG6AwOD0Igpw8ad2guJhXwiiyyaxMB8GA1UdIwQY
MBaAFJ+93GMT78S2cqfisyrjxEhP5fYwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbjczY1l4UHZ4TFp5cC1Lekt1UEVTRV9sOWpBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNy8zZTA2OWEtMzQyMS00MGFiLTllMGMt
NDVjYzJkZDZlNDkxLzEvYm9EQTRQUWlDbkR4cDNhQzRtRmZDS0xMSnJFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNy8zZTA2OWEtMzQyMS00MGFiLTllMGMtNDVjYzJkZDZlNDkx
LzEvbjczY1l4UHZ4TFp5cC1Lekt1UEVTRV9sOWpBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBw1gaMA0G
CSqGSIb3DQEBCwUAA4IBAQCOmukHP8iH3bQaAkbZc5rSWtugpmki6NAMPkVpt4N2
wDNWwYwXFsyO36dJlbzzk/EaTrBpST1iY0uQsvZduNYgRTyLoFt2UuQBgL1A/W1J
vsk05CeyS8sZs1P3gnCIwUEXaBAHMx47zkkxq0rejH/z0l+S5QF86PrX8MHt5Vbg
AI0EYwuK0FzYdw4oNCMQroYC9rXp6BqC0QWfMVwzPAk4rl52y4r6Xfc4CwdFKASA
y9OugaEUwUeZuWhpVDGnnipq1/uIBJKUtM9uMzmMJRtI1umrYesAbBJnrKjg2Jre
hgmWbLcFkbpf5WtcIdRP7y9YdjH8w4nPhtISSte2KTcI
-----END CERTIFICATE-----