Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/34/73195c-e663-498c-97db-af64f3fa2459/1/fninY7dk4NBx5RTL5R_Wezr9T0s.roa
File:                     fninY7dk4NBx5RTL5R_Wezr9T0s.roa (raw, json)
Hash identifier:          SwOpz8NdRi+4j0eDktQnp/qAQ8UOrHFKwcilSnSB5hM=
Subject key identifier:   7E:78:A7:63:B7:64:E0:D0:71:E5:14:CB:E5:1F:D6:7B:3A:FD:4F:4B
Certificate issuer:       /CN=83f36b0adee6cb5518763b5bc8eaa3d41f23e938
Certificate serial:       019425FC3BA2359D2F2526A6DA34FEA677E1
Authority key identifier: 83:F3:6B:0A:DE:E6:CB:55:18:76:3B:5B:C8:EA:A3:D4:1F:23:E9:38
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/g_NrCt7my1UYdjtbyOqj1B8j6Tg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/34/73195c-e663-498c-97db-af64f3fa2459/1/fninY7dk4NBx5RTL5R_Wezr9T0s.roa
Signing time:             Thu 02 Jan 2025 07:47:54 +0000
ROA not before:           Thu 02 Jan 2025 07:47:54 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     62240
IP address blocks:        176.100.130.0/24 maxlen: 24
                          176.100.131.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/34/73195c-e663-498c-97db-af64f3fa2459/1/g_NrCt7my1UYdjtbyOqj1B8j6Tg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/34/73195c-e663-498c-97db-af64f3fa2459/1/g_NrCt7my1UYdjtbyOqj1B8j6Tg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/g_NrCt7my1UYdjtbyOqj1B8j6Tg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 04 Apr 2025 13:43:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:fc:3b:a2:35:9d:2f:25:26:a6:da:34:fe:a6:77:e1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=83f36b0adee6cb5518763b5bc8eaa3d41f23e938
        Validity
            Not Before: Jan  2 07:47:54 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=7e78a763b764e0d071e514cbe51fd67b3afd4f4b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:20:c6:3f:a7:20:bf:db:2c:2a:73:c9:c1:b4:
                    b7:09:8d:d8:86:68:79:d2:1f:7b:3d:4c:37:75:d0:
                    6d:74:36:79:be:d6:af:a4:8e:71:63:0e:fa:1d:d1:
                    3b:f3:14:ca:3f:0a:8a:07:d2:9a:69:21:5e:82:d6:
                    b1:1f:a8:13:37:8d:c0:b7:eb:6f:1c:f3:a5:af:1b:
                    36:7c:d5:21:2d:d7:e3:e2:2b:15:9c:3f:b2:cd:68:
                    cc:ad:2e:59:57:5f:ab:02:fd:b3:d0:4b:94:0e:4c:
                    93:49:48:a6:25:08:5e:b3:e6:ba:7d:ba:17:b3:84:
                    fe:b3:fd:be:fc:be:42:db:5d:5b:4c:0a:06:be:cd:
                    6c:61:3d:c4:12:45:d3:1d:b2:fb:91:e2:bd:66:d1:
                    b3:95:f5:2f:94:74:0e:fc:bd:58:f3:21:d2:71:a7:
                    9c:5c:3f:a8:6e:06:59:32:30:96:14:de:9e:c3:b6:
                    5c:36:7c:a4:00:3a:e7:d1:de:d9:d2:e3:0a:c8:10:
                    fd:11:3e:d2:87:a2:f3:a6:99:65:cc:53:cd:4d:2d:
                    6f:d5:e5:cb:4e:7a:7f:5a:ca:05:ea:fe:9e:87:8b:
                    c3:31:85:3c:15:e8:dd:38:e7:ad:f6:90:71:ae:b0:
                    d5:a0:9d:fc:e7:24:19:cb:ae:0c:95:0c:c2:b7:c4:
                    59:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7E:78:A7:63:B7:64:E0:D0:71:E5:14:CB:E5:1F:D6:7B:3A:FD:4F:4B
            X509v3 Authority Key Identifier:
                keyid:83:F3:6B:0A:DE:E6:CB:55:18:76:3B:5B:C8:EA:A3:D4:1F:23:E9:38

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/g_NrCt7my1UYdjtbyOqj1B8j6Tg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/34/73195c-e663-498c-97db-af64f3fa2459/1/fninY7dk4NBx5RTL5R_Wezr9T0s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/34/73195c-e663-498c-97db-af64f3fa2459/1/g_NrCt7my1UYdjtbyOqj1B8j6Tg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.100.130.0/23

    Signature Algorithm: sha256WithRSAEncryption
         88:34:04:b3:6f:ee:20:a2:2d:e5:21:c8:0c:c2:3e:dc:b3:27:
         07:77:a0:64:b5:3e:3e:3b:f3:1d:fa:bf:2e:1f:d1:c5:2f:4d:
         86:4b:26:69:90:d7:6d:47:b0:ba:73:fc:0c:e1:6d:f7:a2:1f:
         ba:b4:89:a4:40:3d:cd:60:bc:43:3f:85:8a:39:ce:07:d7:99:
         88:05:74:b5:8e:1b:4c:12:42:4e:0b:75:00:ab:15:87:d8:4d:
         44:17:96:b0:f0:8a:1b:3b:2e:14:05:f9:7d:ec:27:87:d0:31:
         db:88:82:17:2d:b0:c2:73:ca:40:88:c9:32:58:ed:ee:ff:11:
         86:10:7b:db:61:fc:3e:69:71:34:ec:6b:07:56:79:77:6e:3d:
         87:c9:7a:68:d6:64:71:d2:07:a9:dc:c5:29:8c:b4:b1:08:af:
         70:f0:21:d4:57:23:54:43:c7:07:21:d7:09:d2:cb:22:41:50:
         9f:80:52:a0:84:40:20:89:5c:cb:6d:b8:00:bd:13:2c:6e:a3:
         32:26:5d:cf:aa:e4:df:07:c8:9d:5a:16:95:72:37:34:2a:53:
         78:64:00:45:ec:1c:33:16:67:da:57:d3:ed:40:98:f4:7b:ce:
         f3:6d:24:a2:74:75:52:d6:74:08:cb:c2:23:66:c0:f5:f7:62:
         38:77:3f:f9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQl/DuiNZ0vJSam2jT+pnfhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgzZjM2YjBhZGVlNmNiNTUxODc2M2I1YmM4ZWFhM2Q0MWYy
M2U5MzgwHhcNMjUwMTAyMDc0NzU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZTc4YTc2M2I3NjRlMGQwNzFlNTE0Y2JlNTFmZDY3YjNhZmQ0ZjRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvyDGP6cgv9ssKnPJwbS3CY3Yhmh5
0h97PUw3ddBtdDZ5vtavpI5xYw76HdE78xTKPwqKB9KaaSFegtaxH6gTN43At+tv
HPOlrxs2fNUhLdfj4isVnD+yzWjMrS5ZV1+rAv2z0EuUDkyTSUimJQhes+a6fboX
s4T+s/2+/L5C211bTAoGvs1sYT3EEkXTHbL7keK9ZtGzlfUvlHQO/L1Y8yHScaec
XD+obgZZMjCWFN6ew7ZcNnykADrn0d7Z0uMKyBD9ET7Sh6LzppllzFPNTS1v1eXL
Tnp/WsoF6v6eh4vDMYU8FejdOOet9pBxrrDVoJ385yQZy64MlQzCt8RZ9QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFH54p2O3ZODQceUUy+Uf1ns6/U9LMB8GA1UdIwQY
MBaAFIPzawre5stVGHY7W8jqo9QfI+k4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ19OckN0N215MVVZZGp0YnlPcWoxQjhqNlRnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNC83MzE5NWMtZTY2My00OThjLTk3ZGIt
YWY2NGYzZmEyNDU5LzEvZm5pblk3ZGs0TkJ4NVJUTDVSX1dlenI5VDBzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNC83MzE5NWMtZTY2My00OThjLTk3ZGItYWY2NGYzZmEyNDU5
LzEvZ19OckN0N215MVVZZGp0YnlPcWoxQjhqNlRnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBsGSCMA0G
CSqGSIb3DQEBCwUAA4IBAQCINASzb+4goi3lIcgMwj7csycHd6BktT4+O/Md+r8u
H9HFL02GSyZpkNdtR7C6c/wM4W33oh+6tImkQD3NYLxDP4WKOc4H15mIBXS1jhtM
EkJOC3UAqxWH2E1EF5aw8IobOy4UBfl97CeH0DHbiIIXLbDCc8pAiMkyWO3u/xGG
EHvbYfw+aXE07GsHVnl3bj2HyXpo1mRx0gep3MUpjLSxCK9w8CHUVyNUQ8cHIdcJ
0ssiQVCfgFKghEAgiVzLbbgAvRMsbqMyJl3PquTfB8idWhaVcjc0KlN4ZABF7Bwz
FmfaV9PtQJj0e87zbSSidHVS1nQIy8IjZsD192I4dz/5
-----END CERTIFICATE-----