Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/27/f2c5e8-8d37-4838-a33b-ecc49bdc2ad8/1/1-tVuMhvJHoeYNSWvwIs4Uj-ZhRk.roa
File:                     1-tVuMhvJHoeYNSWvwIs4Uj-ZhRk.roa (raw, json)
Hash identifier:          ZcAfnmmPqdN3AkoVqXCV/iL8CT5WscJ/XlK/uMPt5lg=
Subject key identifier:   FA:D5:6E:32:1B:C9:1E:87:98:35:25:AF:C0:8B:38:52:3F:99:85:19
Certificate issuer:       /CN=bfb097a36c2325d1031ff4091ba00a86459d4288
Certificate serial:       01942444F5C291D2FE13E64B67BE0D0024A6
Authority key identifier: BF:B0:97:A3:6C:23:25:D1:03:1F:F4:09:1B:A0:0A:86:45:9D:42:88
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/v7CXo2wjJdEDH_QJG6AKhkWdQog.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/27/f2c5e8-8d37-4838-a33b-ecc49bdc2ad8/1/1-tVuMhvJHoeYNSWvwIs4Uj-ZhRk.roa
Signing time:             Wed 01 Jan 2025 23:48:06 +0000
ROA not before:           Wed 01 Jan 2025 23:48:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     203331
IP address blocks:        82.144.186.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/27/f2c5e8-8d37-4838-a33b-ecc49bdc2ad8/1/v7CXo2wjJdEDH_QJG6AKhkWdQog.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/27/f2c5e8-8d37-4838-a33b-ecc49bdc2ad8/1/v7CXo2wjJdEDH_QJG6AKhkWdQog.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/v7CXo2wjJdEDH_QJG6AKhkWdQog.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 17 Apr 2025 22:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:44:f5:c2:91:d2:fe:13:e6:4b:67:be:0d:00:24:a6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bfb097a36c2325d1031ff4091ba00a86459d4288
        Validity
            Not Before: Jan  1 23:48:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=fad56e321bc91e87983525afc08b38523f998519
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:34:69:ec:fc:9b:d5:ea:ab:e2:f7:9a:d1:34:
                    76:79:85:83:a8:dc:1a:20:61:c3:c6:08:81:ca:c9:
                    58:dc:2c:7b:b9:ab:81:23:16:34:bd:87:ef:4f:6a:
                    6f:b2:db:c1:26:ca:bb:89:9f:5e:2e:bf:e6:4e:75:
                    1e:a4:45:d9:da:f0:3d:e1:38:20:38:43:8f:66:69:
                    0f:f8:be:17:3a:03:43:b6:ea:be:5d:69:4c:d8:13:
                    30:4d:ff:43:80:8b:df:fd:3e:32:81:a4:6e:dc:31:
                    cb:b3:7a:96:2b:89:dc:f1:9d:30:5f:b3:3a:1f:6d:
                    26:b4:9f:2f:c7:a8:aa:0a:29:56:4b:f5:28:6c:cc:
                    cb:a6:25:0d:9a:94:14:b9:c1:a4:66:66:7e:b9:0a:
                    66:42:45:62:18:63:dd:98:e3:1e:0f:06:e0:21:1a:
                    8d:1c:28:c1:f8:f7:76:b3:70:77:61:c5:95:21:7d:
                    2a:eb:b4:ec:cb:ff:11:e5:a8:f8:cb:cc:3e:55:fa:
                    88:ee:4f:52:8e:16:35:01:ee:ec:24:55:50:80:9a:
                    81:b0:da:f1:bb:5a:11:44:8e:2d:78:f9:7d:28:72:
                    cb:bd:66:d8:bd:82:a3:61:d4:ee:21:04:de:b3:dc:
                    d6:74:12:81:09:72:bb:e0:09:21:c7:da:34:55:36:
                    45:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FA:D5:6E:32:1B:C9:1E:87:98:35:25:AF:C0:8B:38:52:3F:99:85:19
            X509v3 Authority Key Identifier:
                keyid:BF:B0:97:A3:6C:23:25:D1:03:1F:F4:09:1B:A0:0A:86:45:9D:42:88

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/v7CXo2wjJdEDH_QJG6AKhkWdQog.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/27/f2c5e8-8d37-4838-a33b-ecc49bdc2ad8/1/1-tVuMhvJHoeYNSWvwIs4Uj-ZhRk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/27/f2c5e8-8d37-4838-a33b-ecc49bdc2ad8/1/v7CXo2wjJdEDH_QJG6AKhkWdQog.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.144.186.0/24

    Signature Algorithm: sha256WithRSAEncryption
         29:bb:a7:91:4d:e1:7c:97:e1:f8:97:a5:3b:c7:73:10:51:9b:
         dc:14:c3:e8:44:98:a1:6a:16:3d:21:3e:5b:6f:af:6d:af:81:
         ab:4a:ac:28:6d:24:40:5d:7e:3b:6e:a7:94:ab:59:b6:08:42:
         04:43:86:56:5d:57:24:bb:9f:65:57:f0:d6:87:bc:f8:98:71:
         fa:ac:05:92:aa:4b:5b:36:9a:eb:ce:b9:0f:ad:98:2a:0b:db:
         41:35:77:9d:35:e0:ee:d8:0e:b8:34:39:f2:f3:68:f1:03:b5:
         c0:66:90:ee:39:f2:e5:e1:f1:8f:e5:d8:11:49:25:a7:e8:ae:
         e3:ba:8b:7a:eb:e5:ea:fe:d0:f1:33:cf:75:49:4d:0c:e8:50:
         09:cd:f6:99:37:1e:41:ff:94:71:f9:22:e4:d4:a5:25:35:f2:
         2d:91:b4:eb:df:b7:45:7d:fe:93:3a:52:40:da:47:ae:c5:f6:
         51:4f:f7:d6:63:4c:e7:f8:9d:56:4d:1c:7a:0f:10:6b:2e:ac:
         38:c7:41:6a:3b:4a:ac:94:f6:ae:0e:d1:31:65:e8:35:28:ca:
         a6:2c:c7:c5:e4:d1:57:c4:d8:d8:e1:74:d1:d6:fd:7f:a9:13:
         dc:ed:0b:b5:dd:93:df:e0:52:ad:13:ce:86:ad:cb:9e:9e:fc:
         56:18:e1:63
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZQkRPXCkdL+E+ZLZ74NACSmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJmYjA5N2EzNmMyMzI1ZDEwMzFmZjQwOTFiYTAwYTg2NDU5
ZDQyODgwHhcNMjUwMTAxMjM0ODA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYWQ1NmUzMjFiYzkxZTg3OTgzNTI1YWZjMDhiMzg1MjNmOTk4NTE5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2DRp7Pyb1eqr4vea0TR2eYWDqNwa
IGHDxgiByslY3Cx7uauBIxY0vYfvT2pvstvBJsq7iZ9eLr/mTnUepEXZ2vA94Tgg
OEOPZmkP+L4XOgNDtuq+XWlM2BMwTf9DgIvf/T4ygaRu3DHLs3qWK4nc8Z0wX7M6
H20mtJ8vx6iqCilWS/UobMzLpiUNmpQUucGkZmZ+uQpmQkViGGPdmOMeDwbgIRqN
HCjB+Pd2s3B3YcWVIX0q67Tsy/8R5aj4y8w+VfqI7k9SjhY1Ae7sJFVQgJqBsNrx
u1oRRI4tePl9KHLLvWbYvYKjYdTuIQTes9zWdBKBCXK74Akhx9o0VTZFFwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFPrVbjIbyR6HmDUlr8CLOFI/mYUZMB8GA1UdIwQY
MBaAFL+wl6NsIyXRAx/0CRugCoZFnUKIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdjdDWG8yd2pKZEVESF9RSkc2QUtoa1dkUW9nLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNy9mMmM1ZTgtOGQzNy00ODM4LWEzM2It
ZWNjNDliZGMyYWQ4LzEvMS10VnVNaHZKSG9lWU5TV3Z3SXM0VWotWmhSay5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvMjcvZjJjNWU4LThkMzctNDgzOC1hMzNiLWVjYzQ5YmRjMmFk
OC8xL3Y3Q1hvMndqSmRFREhfUUpHNkFLaGtXZFFvZy5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAFKQujAN
BgkqhkiG9w0BAQsFAAOCAQEAKbunkU3hfJfh+JelO8dzEFGb3BTD6ESYoWoWPSE+
W2+vba+Bq0qsKG0kQF1+O26nlKtZtghCBEOGVl1XJLufZVfw1oe8+Jhx+qwFkqpL
Wzaa6865D62YKgvbQTV3nTXg7tgOuDQ58vNo8QO1wGaQ7jny5eHxj+XYEUklp+iu
47qLeuvl6v7Q8TPPdUlNDOhQCc32mTceQf+Ucfki5NSlJTXyLZG069+3RX3+kzpS
QNpHrsX2UU/31mNM5/idVk0ceg8Qay6sOMdBajtKrJT2rg7RMWXoNSjKpizHxeTR
V8TY2OF00db9f6kT3O0Ltd2T3+BSrRPOhq3Lnp78VhjhYw==
-----END CERTIFICATE-----