Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/PE28svvPDwpWYN8i7KztaWTUay4.roa
File:                     PE28svvPDwpWYN8i7KztaWTUay4.roa (raw, json)
Hash identifier:          vWTupCDBeXqcDTiqcpVnDcyBaN5rP8f0ATexE7p7tKU=
Subject key identifier:   3C:4D:BC:B2:FB:CF:0F:0A:56:60:DF:22:EC:AC:ED:69:64:D4:6B:2E
Certificate issuer:       /CN=d76bb48e93e8a0058c5c72a81a8799455307ee56
Certificate serial:       0195ED60AA5E331AA4C75BDF84E4D326D1CC
Authority key identifier: D7:6B:B4:8E:93:E8:A0:05:8C:5C:72:A8:1A:87:99:45:53:07:EE:56
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/12u0jpPooAWMXHKoGoeZRVMH7lY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/PE28svvPDwpWYN8i7KztaWTUay4.roa
Signing time:             Mon 31 Mar 2025 18:04:49 +0000
ROA not before:           Mon 31 Mar 2025 18:04:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212147
IP address blocks:        193.31.12.0/24 maxlen: 24
                          194.26.137.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/12u0jpPooAWMXHKoGoeZRVMH7lY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/12u0jpPooAWMXHKoGoeZRVMH7lY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/12u0jpPooAWMXHKoGoeZRVMH7lY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 08:01:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:ed:60:aa:5e:33:1a:a4:c7:5b:df:84:e4:d3:26:d1:cc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d76bb48e93e8a0058c5c72a81a8799455307ee56
        Validity
            Not Before: Mar 31 18:04:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3c4dbcb2fbcf0f0a5660df22ecaced6964d46b2e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e3:c2:5d:d8:08:ad:24:f5:25:67:4e:67:bd:1f:
                    f2:1d:dd:a4:1c:bf:37:bf:b2:61:64:1b:b8:61:1d:
                    c7:d0:5e:fa:fe:6c:35:5b:28:a0:d0:a2:c4:d4:a4:
                    73:03:62:00:e3:5f:1f:56:32:83:a6:b7:cd:e5:d1:
                    b1:39:ed:98:64:82:83:63:ac:18:e1:31:0a:ca:8c:
                    86:cf:a7:98:13:58:1d:01:14:62:9e:8b:6c:59:e7:
                    51:c7:ef:3d:b2:fa:08:63:95:d0:c5:6d:75:45:bf:
                    11:1b:1d:c7:5d:c5:82:55:34:5b:43:91:18:11:73:
                    9b:9c:84:8a:48:75:aa:f8:cb:b9:ce:ea:d1:67:35:
                    b3:f8:bb:b3:b9:21:25:ff:eb:20:c1:13:be:8a:8f:
                    20:36:e1:0f:c4:45:64:09:38:6f:69:a7:88:f0:1c:
                    39:a4:81:12:04:bd:ae:61:7b:49:68:c1:a0:0f:af:
                    e8:dc:59:b3:c1:2d:7e:7b:a0:f3:2f:e9:14:fd:10:
                    ef:a6:00:4e:a6:58:5a:61:50:3a:a1:1c:78:43:ac:
                    ce:94:0a:59:95:1c:93:50:12:63:c8:13:b3:20:61:
                    a2:e8:ed:68:55:84:bc:5b:49:9e:3a:91:ab:53:91:
                    f8:fa:8f:b0:d4:c9:0a:88:06:6c:1d:ec:7c:39:20:
                    2a:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3C:4D:BC:B2:FB:CF:0F:0A:56:60:DF:22:EC:AC:ED:69:64:D4:6B:2E
            X509v3 Authority Key Identifier:
                keyid:D7:6B:B4:8E:93:E8:A0:05:8C:5C:72:A8:1A:87:99:45:53:07:EE:56

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/12u0jpPooAWMXHKoGoeZRVMH7lY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/PE28svvPDwpWYN8i7KztaWTUay4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/12u0jpPooAWMXHKoGoeZRVMH7lY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.31.12.0/24
                  194.26.137.0/24

    Signature Algorithm: sha256WithRSAEncryption
         78:f1:49:50:98:d3:01:bc:df:54:a5:13:0e:f3:0d:59:77:ad:
         2a:00:75:70:3c:22:9f:b9:eb:a5:64:21:84:00:d8:23:f2:39:
         b3:f7:1c:ae:99:a5:05:90:23:33:43:2a:f6:e4:bf:7e:89:eb:
         7f:17:eb:cc:49:2c:fc:b3:95:59:19:95:1c:cf:83:a5:0b:9c:
         69:91:59:90:97:f6:f8:48:74:32:0d:75:cf:c0:57:ba:e6:52:
         23:db:4c:f6:f6:f1:88:fc:1e:94:ed:5d:9a:c9:03:d1:75:c5:
         b3:e2:17:5c:48:9e:a7:2a:f4:52:fa:c6:28:b5:ca:c4:fd:28:
         49:ae:2c:eb:9f:57:73:ec:83:54:ca:4e:57:3b:25:b6:30:3b:
         29:a5:88:17:ba:4b:17:45:8d:6b:83:ec:69:02:29:93:87:6c:
         f6:42:d6:f3:38:dc:74:8f:b0:e3:e9:82:a8:aa:30:6e:11:ec:
         b0:c6:bf:ec:34:71:91:f5:b7:9a:9b:9e:80:f5:e6:7e:ef:f1:
         96:15:58:5f:39:e0:36:64:7f:b3:c8:83:ef:b0:14:fe:86:a0:
         65:b5:67:41:7d:50:20:83:28:65:2d:de:a9:33:eb:36:37:dc:
         53:aa:a6:26:fa:4e:5b:a6:e2:e4:80:3d:81:14:9c:0f:f3:34:
         fb:fb:f0:03
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZXtYKpeMxqkx1vfhOTTJtHMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ3NmJiNDhlOTNlOGEwMDU4YzVjNzJhODFhODc5OTQ1NTMw
N2VlNTYwHhcNMjUwMzMxMTgwNDQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYzRkYmNiMmZiY2YwZjBhNTY2MGRmMjJlY2FjZWQ2OTY0ZDQ2YjJlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA48Jd2AitJPUlZ05nvR/yHd2kHL83
v7JhZBu4YR3H0F76/mw1Wyig0KLE1KRzA2IA418fVjKDprfN5dGxOe2YZIKDY6wY
4TEKyoyGz6eYE1gdARRinotsWedRx+89svoIY5XQxW11Rb8RGx3HXcWCVTRbQ5EY
EXObnISKSHWq+Mu5zurRZzWz+LuzuSEl/+sgwRO+io8gNuEPxEVkCThvaaeI8Bw5
pIESBL2uYXtJaMGgD6/o3FmzwS1+e6DzL+kU/RDvpgBOplhaYVA6oRx4Q6zOlApZ
lRyTUBJjyBOzIGGi6O1oVYS8W0meOpGrU5H4+o+w1MkKiAZsHex8OSAqDwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFDxNvLL7zw8KVmDfIuys7Wlk1GsuMB8GA1UdIwQY
MBaAFNdrtI6T6KAFjFxyqBqHmUVTB+5WMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMTJ1MGpwUG9vQVdNWEhLb0dvZVpSVk1IN2xZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi9hNWJmYjYtNmExMC00ZmJjLWFmNDgt
OGJmYmRkNDVjYjYyLzEvUEUyOHN2dlBEd3BXWU44aTdLenRhV1RVYXk0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi9hNWJmYjYtNmExMC00ZmJjLWFmNDgtOGJmYmRkNDVjYjYy
LzEvMTJ1MGpwUG9vQVdNWEhLb0dvZVpSVk1IN2xZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAwR8MAwQA
whqJMA0GCSqGSIb3DQEBCwUAA4IBAQB48UlQmNMBvN9UpRMO8w1Zd60qAHVwPCKf
ueulZCGEANgj8jmz9xyumaUFkCMzQyr25L9+iet/F+vMSSz8s5VZGZUcz4OlC5xp
kVmQl/b4SHQyDXXPwFe65lIj20z29vGI/B6U7V2ayQPRdcWz4hdcSJ6nKvRS+sYo
tcrE/ShJrizrn1dz7INUyk5XOyW2MDsppYgXuksXRY1rg+xpAimTh2z2QtbzONx0
j7Dj6YKoqjBuEeywxr/sNHGR9beam56A9eZ+7/GWFVhfOeA2ZH+zyIPvsBT+hqBl
tWdBfVAggyhlLd6pM+s2N9xTqqYm+k5bpuLkgD2BFJwP8zT7+/AD
-----END CERTIFICATE-----