Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2c/39bb72-f6af-4a67-9c44-ba881122ca63/1/RPdruY8oCYU-NG_cdmDTyaYXs9w.roa
File:                     RPdruY8oCYU-NG_cdmDTyaYXs9w.roa (raw, json)
Hash identifier:          i9rNw7/5XltvLVBXot4AXkRNS8YKs+TQnC29q/66MR8=
Subject key identifier:   44:F7:6B:B9:8F:28:09:85:3E:34:6F:DC:76:60:D3:C9:A6:17:B3:DC
Certificate issuer:       /CN=3ec7d2bfc3fa78e7100a1b8935905aff7a496bc9
Certificate serial:       01941F8C97F354946442796E4B026F6EAE63
Authority key identifier: 3E:C7:D2:BF:C3:FA:78:E7:10:0A:1B:89:35:90:5A:FF:7A:49:6B:C9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PsfSv8P6eOcQChuJNZBa_3pJa8k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2c/39bb72-f6af-4a67-9c44-ba881122ca63/1/RPdruY8oCYU-NG_cdmDTyaYXs9w.roa
Signing time:             Wed 01 Jan 2025 01:48:15 +0000
ROA not before:           Wed 01 Jan 2025 01:48:15 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     47774
IP address blocks:        193.111.16.0/23 maxlen: 24
                          194.117.55.128/25 maxlen: 25
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2c/39bb72-f6af-4a67-9c44-ba881122ca63/1/PsfSv8P6eOcQChuJNZBa_3pJa8k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2c/39bb72-f6af-4a67-9c44-ba881122ca63/1/PsfSv8P6eOcQChuJNZBa_3pJa8k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PsfSv8P6eOcQChuJNZBa_3pJa8k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 18 Apr 2025 13:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:8c:97:f3:54:94:64:42:79:6e:4b:02:6f:6e:ae:63
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3ec7d2bfc3fa78e7100a1b8935905aff7a496bc9
        Validity
            Not Before: Jan  1 01:48:15 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=44f76bb98f2809853e346fdc7660d3c9a617b3dc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:b3:4f:04:96:85:d4:3a:ee:66:d1:3c:e3:56:
                    af:05:24:75:35:35:89:df:c2:f9:b0:d8:22:62:12:
                    e5:75:09:c2:5a:9e:9b:e5:d0:4a:6f:1c:19:a1:cc:
                    c7:53:c4:03:58:82:3a:63:07:2d:cd:44:ad:d2:8c:
                    a7:0a:83:88:ed:ce:e3:11:6c:4c:0a:50:56:6e:e3:
                    41:c0:70:01:84:d4:2b:44:6b:17:70:4f:85:b0:21:
                    c6:ba:1c:41:8b:7d:55:b7:0f:32:8e:92:be:7c:a3:
                    60:80:9f:4d:f2:86:ed:4b:30:ef:a1:2e:9b:c8:2f:
                    bd:15:c9:d9:10:91:2c:fa:a5:98:5f:ec:9e:44:d4:
                    e7:77:0d:d7:65:f3:91:f5:18:60:5b:ca:e0:13:81:
                    4b:7d:f9:47:9c:a3:b6:c7:23:35:1c:99:41:fc:34:
                    4a:68:7b:7b:bb:2a:0e:18:3f:27:27:d9:e3:de:b2:
                    61:c2:e5:39:92:6f:9e:08:76:09:ce:d1:a3:6e:d3:
                    de:29:ee:cc:4a:61:a1:49:62:6b:7d:b3:e9:87:a4:
                    a4:de:d9:9d:d4:bc:b9:55:7c:97:d2:5d:5c:9e:02:
                    b4:2f:8d:64:9c:05:23:dd:2c:2d:21:6b:c7:60:e2:
                    1f:02:80:bf:7f:eb:6c:28:bf:5f:da:54:cb:f5:9c:
                    a4:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                44:F7:6B:B9:8F:28:09:85:3E:34:6F:DC:76:60:D3:C9:A6:17:B3:DC
            X509v3 Authority Key Identifier:
                keyid:3E:C7:D2:BF:C3:FA:78:E7:10:0A:1B:89:35:90:5A:FF:7A:49:6B:C9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PsfSv8P6eOcQChuJNZBa_3pJa8k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2c/39bb72-f6af-4a67-9c44-ba881122ca63/1/RPdruY8oCYU-NG_cdmDTyaYXs9w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2c/39bb72-f6af-4a67-9c44-ba881122ca63/1/PsfSv8P6eOcQChuJNZBa_3pJa8k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.111.16.0/23
                  194.117.55.128/25

    Signature Algorithm: sha256WithRSAEncryption
         3b:f2:f3:da:66:7e:d1:68:ad:b0:19:04:22:b5:cd:cb:12:04:
         5b:e1:50:9b:ea:a3:29:c4:97:a5:fd:ca:99:6c:24:77:bc:f2:
         06:03:1c:3c:3a:96:1d:ae:bc:13:c0:ed:b2:93:2f:ff:b4:e0:
         37:48:e5:06:a1:10:9d:73:40:74:87:38:ce:37:08:4a:bb:bf:
         2e:7f:20:6b:0a:b7:ce:17:8e:22:f1:59:2e:df:d0:61:07:88:
         f6:6a:e0:15:53:b3:ce:9b:29:8a:d0:03:82:b9:36:88:6b:9c:
         c2:bc:70:f6:ef:5f:62:57:a7:14:d4:40:56:18:e1:bb:63:35:
         b5:12:04:53:23:8f:19:70:11:32:ab:fc:48:f4:75:94:f9:ca:
         87:d9:59:8b:ec:15:0d:12:a1:a2:78:8d:91:af:b9:72:a0:c0:
         ed:6a:b8:b3:4b:68:6f:34:ba:3d:b8:5e:a0:1a:6c:ac:56:99:
         b0:2d:6c:d6:79:30:63:9a:e6:ec:3a:fe:e3:6d:45:90:81:0d:
         ca:5a:5b:98:72:60:b0:59:0b:be:bb:4e:52:ed:d8:3a:82:40:
         82:3b:43:f4:c7:d1:d7:ba:47:b6:df:09:d4:c4:10:4b:d1:f0:
         b5:db:96:b0:15:7a:1d:fa:73:ce:c4:25:1f:ce:1b:83:f7:11:
         cf:66:1d:44
-----BEGIN CERTIFICATE-----
MIIFBDCCA+ygAwIBAgISAZQfjJfzVJRkQnluSwJvbq5jMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNlYzdkMmJmYzNmYTc4ZTcxMDBhMWI4OTM1OTA1YWZmN2E0
OTZiYzkwHhcNMjUwMTAxMDE0ODE1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NGY3NmJiOThmMjgwOTg1M2UzNDZmZGM3NjYwZDNjOWE2MTdiM2RjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnrNPBJaF1DruZtE841avBSR1NTWJ
38L5sNgiYhLldQnCWp6b5dBKbxwZoczHU8QDWII6YwctzUSt0oynCoOI7c7jEWxM
ClBWbuNBwHABhNQrRGsXcE+FsCHGuhxBi31Vtw8yjpK+fKNggJ9N8obtSzDvoS6b
yC+9FcnZEJEs+qWYX+yeRNTndw3XZfOR9RhgW8rgE4FLfflHnKO2xyM1HJlB/DRK
aHt7uyoOGD8nJ9nj3rJhwuU5km+eCHYJztGjbtPeKe7MSmGhSWJrfbPph6Sk3tmd
1Ly5VXyX0l1cngK0L41knAUj3SwtIWvHYOIfAoC/f+tsKL9f2lTL9Zyk1wIDAQAB
o4ICEDCCAgwwHQYDVR0OBBYEFET3a7mPKAmFPjRv3HZg08mmF7PcMB8GA1UdIwQY
MBaAFD7H0r/D+njnEAobiTWQWv96SWvJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUHNmU3Y4UDZlT2NRQ2h1Sk5aQmFfM3BKYThrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYy8zOWJiNzItZjZhZi00YTY3LTljNDQt
YmE4ODExMjJjYTYzLzEvUlBkcnVZOG9DWVUtTkdfY2RtRFR5YVlYczl3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYy8zOWJiNzItZjZhZi00YTY3LTljNDQtYmE4ODExMjJjYTYz
LzEvUHNmU3Y4UDZlT2NRQ2h1Sk5aQmFfM3BKYThrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCYGCCsGAQUFBwEHAQH/BBcwFTATBAIAATANAwQBwW8QAwUH
wnU3gDANBgkqhkiG9w0BAQsFAAOCAQEAO/Lz2mZ+0WitsBkEIrXNyxIEW+FQm+qj
KcSXpf3KmWwkd7zyBgMcPDqWHa68E8DtspMv/7TgN0jlBqEQnXNAdIc4zjcISru/
Ln8gawq3zheOIvFZLt/QYQeI9mrgFVOzzpspitADgrk2iGucwrxw9u9fYlenFNRA
Vhjhu2M1tRIEUyOPGXARMqv8SPR1lPnKh9lZi+wVDRKhoniNka+5cqDA7Wq4s0to
bzS6PbheoBpsrFaZsC1s1nkwY5rm7Dr+421FkIENylpbmHJgsFkLvrtOUu3YOoJA
gjtD9MfR17pHtt8J1MQQS9HwtduWsBV6HfpzzsQlH84bg/cRz2YdRA==
-----END CERTIFICATE-----