Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/32/7276f3-c88e-4819-9e59-6084cfc6e4c4/1/e9K3ROTtQGAIvma-lxNEnMwJC2A.roa
File:                     e9K3ROTtQGAIvma-lxNEnMwJC2A.roa (raw, json)
Hash identifier:          FZXtwNH18f+yarE1SlyyM2bCUezbZToQsOy/EnG3HSs=
Subject key identifier:   7B:D2:B7:44:E4:ED:40:60:08:BE:66:BE:97:13:44:9C:CC:09:0B:60
Certificate issuer:       /CN=77eda8f726a69b504de994943b0a5f2308c2a96b
Certificate serial:       0194228D7BA55BE1FCBB2B5003A78604F8F0
Authority key identifier: 77:ED:A8:F7:26:A6:9B:50:4D:E9:94:94:3B:0A:5F:23:08:C2:A9:6B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/d-2o9yamm1BN6ZSUOwpfIwjCqWs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/32/7276f3-c88e-4819-9e59-6084cfc6e4c4/1/e9K3ROTtQGAIvma-lxNEnMwJC2A.roa
Signing time:             Wed 01 Jan 2025 15:48:05 +0000
ROA not before:           Wed 01 Jan 2025 15:48:05 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     36351
IP address blocks:        193.56.217.0/24 maxlen: 24
                          2a05:a880:dc20::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/32/7276f3-c88e-4819-9e59-6084cfc6e4c4/1/d-2o9yamm1BN6ZSUOwpfIwjCqWs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/32/7276f3-c88e-4819-9e59-6084cfc6e4c4/1/d-2o9yamm1BN6ZSUOwpfIwjCqWs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/d-2o9yamm1BN6ZSUOwpfIwjCqWs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 10:01:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:8d:7b:a5:5b:e1:fc:bb:2b:50:03:a7:86:04:f8:f0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=77eda8f726a69b504de994943b0a5f2308c2a96b
        Validity
            Not Before: Jan  1 15:48:05 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=7bd2b744e4ed406008be66be9713449ccc090b60
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:88:d9:2a:ab:79:fa:67:b9:2b:c6:72:f9:68:
                    00:0f:72:1d:7d:d3:b8:52:19:39:f0:d6:fb:c8:26:
                    fb:16:28:ac:5d:9c:c3:97:5c:07:9d:75:ae:31:a0:
                    80:48:20:0d:a0:94:a1:ce:4d:1a:0f:54:59:49:a7:
                    9e:32:9e:a0:d5:53:1a:35:54:d8:07:f4:82:16:94:
                    a1:ed:71:d2:70:f5:2b:1c:bd:52:40:e5:4c:cc:19:
                    87:b6:26:b1:08:91:61:14:1e:03:bb:2f:68:4b:88:
                    ce:90:d0:91:4f:5a:2c:62:7e:4f:3f:6d:9e:b2:2b:
                    02:5a:c5:5f:2a:02:6f:8b:61:3e:48:13:24:77:3d:
                    d5:a1:60:ef:a7:e7:49:73:cb:35:c2:ef:47:f7:3e:
                    6a:90:15:80:dd:ac:30:7f:34:b5:e1:78:da:90:6f:
                    5f:46:47:f8:a9:77:d8:61:da:2f:54:61:3d:49:e1:
                    b3:eb:4c:c6:17:55:f6:ba:04:19:f6:68:fa:45:f7:
                    a6:42:17:6f:87:18:50:5a:ca:23:2f:7b:8d:27:a3:
                    9f:17:e9:c9:af:f0:d2:3f:c3:c6:60:58:3e:9d:3c:
                    86:3b:86:a8:3a:16:52:8b:2b:e7:9d:cc:e6:d9:2d:
                    0f:29:40:a4:cb:1c:31:9b:19:0b:8d:09:99:a4:88:
                    0b:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7B:D2:B7:44:E4:ED:40:60:08:BE:66:BE:97:13:44:9C:CC:09:0B:60
            X509v3 Authority Key Identifier:
                keyid:77:ED:A8:F7:26:A6:9B:50:4D:E9:94:94:3B:0A:5F:23:08:C2:A9:6B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/d-2o9yamm1BN6ZSUOwpfIwjCqWs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/32/7276f3-c88e-4819-9e59-6084cfc6e4c4/1/e9K3ROTtQGAIvma-lxNEnMwJC2A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/32/7276f3-c88e-4819-9e59-6084cfc6e4c4/1/d-2o9yamm1BN6ZSUOwpfIwjCqWs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.56.217.0/24
                IPv6:
                  2a05:a880:dc20::/48

    Signature Algorithm: sha256WithRSAEncryption
         2a:89:83:78:79:31:89:bf:90:00:f1:6e:4a:ee:29:2f:30:5e:
         d5:61:97:44:b8:13:1a:08:dd:21:90:bf:31:a3:91:df:ad:79:
         ad:90:1c:a5:54:7c:52:ff:ff:f5:87:e3:1d:a7:3f:8a:ef:94:
         0f:6d:eb:69:2d:1a:f6:31:60:81:a3:d2:5c:18:81:23:fb:cc:
         08:3f:8c:c2:cf:a4:e8:ed:ae:bb:d2:b0:7e:d7:af:ab:c5:01:
         21:ee:5f:a9:84:00:55:6a:7a:3b:51:0b:f2:23:eb:b8:b0:1c:
         10:a6:7c:97:aa:ff:1b:8a:02:b2:0f:e8:56:6a:15:bb:8e:2a:
         47:cc:20:b4:3e:22:07:a5:2e:e7:cb:90:bb:b0:04:d0:3f:da:
         da:77:10:a7:a4:5c:6f:c6:db:1c:eb:2d:39:55:ba:b7:55:d3:
         69:1b:1f:87:ac:85:ac:5e:c0:3b:e9:87:13:1e:35:d1:a5:49:
         43:83:e6:8e:ba:ce:17:63:c0:70:bb:e7:0f:75:2d:24:a6:25:
         13:70:b0:0a:d7:9a:b7:f2:71:c7:a0:da:c6:b9:8f:c4:ee:5d:
         1f:49:14:a1:3a:45:61:52:ac:ed:12:2a:fa:64:e3:67:b8:d7:
         90:2c:fc:71:2e:7a:37:3b:45:44:3f:4c:cc:88:f9:92:69:81:
         f1:06:7c:f9
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZQijXulW+H8uytQA6eGBPjwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc3ZWRhOGY3MjZhNjliNTA0ZGU5OTQ5NDNiMGE1ZjIzMDhj
MmE5NmIwHhcNMjUwMTAxMTU0ODA1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YmQyYjc0NGU0ZWQ0MDYwMDhiZTY2YmU5NzEzNDQ5Y2NjMDkwYjYwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqYjZKqt5+me5K8Zy+WgAD3IdfdO4
Uhk58Nb7yCb7FiisXZzDl1wHnXWuMaCASCANoJShzk0aD1RZSaeeMp6g1VMaNVTY
B/SCFpSh7XHScPUrHL1SQOVMzBmHtiaxCJFhFB4Duy9oS4jOkNCRT1osYn5PP22e
sisCWsVfKgJvi2E+SBMkdz3VoWDvp+dJc8s1wu9H9z5qkBWA3awwfzS14XjakG9f
Rkf4qXfYYdovVGE9SeGz60zGF1X2ugQZ9mj6RfemQhdvhxhQWsojL3uNJ6OfF+nJ
r/DSP8PGYFg+nTyGO4aoOhZSiyvnnczm2S0PKUCkyxwxmxkLjQmZpIgL2wIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFHvSt0Tk7UBgCL5mvpcTRJzMCQtgMB8GA1UdIwQY
MBaAFHftqPcmpptQTemUlDsKXyMIwqlrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZC0ybzl5YW1tMUJONlpTVU93cGZJd2pDcVdzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMi83Mjc2ZjMtYzg4ZS00ODE5LTllNTkt
NjA4NGNmYzZlNGM0LzEvZTlLM1JPVHRRR0FJdm1hLWx4TkVuTXdKQzJBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMi83Mjc2ZjMtYzg4ZS00ODE5LTllNTktNjA4NGNmYzZlNGM0
LzEvZC0ybzl5YW1tMUJONlpTVU93cGZJd2pDcVdzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAwTjZMA8E
AgACMAkDBwAqBaiA3CAwDQYJKoZIhvcNAQELBQADggEBACqJg3h5MYm/kADxbkru
KS8wXtVhl0S4ExoI3SGQvzGjkd+tea2QHKVUfFL///WH4x2nP4rvlA9t62ktGvYx
YIGj0lwYgSP7zAg/jMLPpOjtrrvSsH7Xr6vFASHuX6mEAFVqejtRC/Ij67iwHBCm
fJeq/xuKArIP6FZqFbuOKkfMILQ+IgelLufLkLuwBNA/2tp3EKekXG/G2xzrLTlV
urdV02kbH4eshaxewDvphxMeNdGlSUOD5o66zhdjwHC75w91LSSmJRNwsArXmrfy
cceg2sa5j8TuXR9JFKE6RWFSrO0SKvpk42e415As/HEuejc7RUQ/TMyI+ZJpgfEG
fPk=
-----END CERTIFICATE-----