Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/39/c98fb5-dc94-4b7d-a989-6c2fab5a4085/1/pDgcJBf96EMv4X7AtJpEDVK25IM.roa
File:                     pDgcJBf96EMv4X7AtJpEDVK25IM.roa (raw, json)
Hash identifier:          Ar5Gw+93T25Y1llBxZfk1/rjZ4JNjjhQm1mEv32a/os=
Subject key identifier:   A4:38:1C:24:17:FD:E8:43:2F:E1:7E:C0:B4:9A:44:0D:52:B6:E4:83
Certificate issuer:       /CN=39a6f54d21f537a9de24787dd0e8fba406a9cadd
Certificate serial:       0194206867FEE944BB987FD033E4D081C148
Authority key identifier: 39:A6:F5:4D:21:F5:37:A9:DE:24:78:7D:D0:E8:FB:A4:06:A9:CA:DD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Oab1TSH1N6neJHh90Oj7pAapyt0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/39/c98fb5-dc94-4b7d-a989-6c2fab5a4085/1/pDgcJBf96EMv4X7AtJpEDVK25IM.roa
Signing time:             Wed 01 Jan 2025 05:48:20 +0000
ROA not before:           Wed 01 Jan 2025 05:48:20 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     56647
IP address blocks:        193.37.232.0/24 maxlen: 24
                          193.37.235.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/39/c98fb5-dc94-4b7d-a989-6c2fab5a4085/1/Oab1TSH1N6neJHh90Oj7pAapyt0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/39/c98fb5-dc94-4b7d-a989-6c2fab5a4085/1/Oab1TSH1N6neJHh90Oj7pAapyt0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Oab1TSH1N6neJHh90Oj7pAapyt0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 09 Apr 2025 08:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:68:67:fe:e9:44:bb:98:7f:d0:33:e4:d0:81:c1:48
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=39a6f54d21f537a9de24787dd0e8fba406a9cadd
        Validity
            Not Before: Jan  1 05:48:20 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a4381c2417fde8432fe17ec0b49a440d52b6e483
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:b9:64:77:19:45:c5:da:f4:a7:0c:4f:46:56:
                    8a:2b:b0:55:f6:3e:3c:96:d3:2b:7e:fc:ec:94:4a:
                    f2:e7:0f:fc:b0:1e:ed:fa:47:fb:c0:f4:68:7a:61:
                    53:f8:44:74:65:b0:8f:35:19:2c:57:6d:df:e7:e1:
                    fd:e5:c7:1b:af:e7:e6:a1:64:06:c7:6a:2c:2d:cb:
                    ad:25:f7:68:97:d1:31:a1:92:91:c9:f7:c8:01:9b:
                    3a:c3:0f:d6:54:c7:90:3a:ea:30:d1:dd:1a:8c:58:
                    e1:4a:7c:f0:10:32:0c:be:2c:bc:47:31:c7:81:70:
                    f0:7f:9e:d2:13:33:89:1a:64:90:84:a3:65:98:a1:
                    d6:04:52:8e:34:75:1b:d8:4a:09:a3:66:5d:4b:8f:
                    20:d2:73:84:ce:38:a2:1a:79:ed:da:2e:42:70:93:
                    4a:62:d4:8f:f8:17:b2:14:82:c3:4c:70:8b:e6:26:
                    78:0b:41:b0:a5:af:3e:6f:69:99:66:5e:48:c4:0c:
                    35:3d:ab:7c:65:3b:7b:61:7a:fd:0d:f2:45:60:0c:
                    f6:9f:42:e9:7f:79:4d:6a:53:90:4a:56:6b:dd:d8:
                    de:93:11:fc:f8:50:22:d4:e2:07:bd:cf:34:67:c0:
                    a3:02:64:2b:8c:38:b2:ae:1a:a4:7a:db:99:53:f1:
                    ab:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A4:38:1C:24:17:FD:E8:43:2F:E1:7E:C0:B4:9A:44:0D:52:B6:E4:83
            X509v3 Authority Key Identifier:
                keyid:39:A6:F5:4D:21:F5:37:A9:DE:24:78:7D:D0:E8:FB:A4:06:A9:CA:DD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Oab1TSH1N6neJHh90Oj7pAapyt0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/39/c98fb5-dc94-4b7d-a989-6c2fab5a4085/1/pDgcJBf96EMv4X7AtJpEDVK25IM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/39/c98fb5-dc94-4b7d-a989-6c2fab5a4085/1/Oab1TSH1N6neJHh90Oj7pAapyt0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.37.232.0/24
                  193.37.235.0/24

    Signature Algorithm: sha256WithRSAEncryption
         12:05:76:4b:02:2b:2b:4e:fb:07:bd:19:a5:03:2d:8b:32:9b:
         85:3e:52:ee:50:44:1b:24:d5:33:37:6a:ac:9a:67:55:cd:5b:
         88:d6:2b:90:26:e6:db:bf:c6:34:4a:6f:82:36:74:11:3f:f8:
         4f:99:69:52:fc:1e:24:e8:ce:d7:99:82:da:e9:57:5e:2a:eb:
         30:bb:c0:39:bc:a6:6c:ef:65:5e:cf:c0:28:37:8e:56:bc:7a:
         28:6c:18:f7:74:c1:8d:cf:3b:39:79:a6:de:d6:03:a6:b4:4c:
         b5:d4:a5:89:e0:d1:92:df:c0:7e:9b:d8:37:1d:ee:1e:e2:4d:
         2c:12:57:cc:e7:40:27:75:28:03:77:f0:2e:8f:d5:68:47:5c:
         6b:76:55:09:6d:dc:23:ce:4c:d9:38:d2:e4:95:00:dd:dc:db:
         ae:a9:d1:65:8d:8c:44:85:87:b0:69:12:e3:dc:85:68:33:89:
         93:8f:15:d7:7f:4e:ea:58:06:b5:e6:4b:92:b9:03:d2:ab:e1:
         e6:bc:42:45:4b:bf:5b:a1:3a:7f:9c:02:67:96:26:e4:49:78:
         f9:ec:ec:3e:d8:d0:d2:05:93:7e:7a:a1:e4:e9:40:ca:90:56:
         7e:0c:dc:73:90:c2:8a:87:ed:f5:de:c6:46:f2:b1:f0:b6:9f:
         42:09:4e:bf
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQgaGf+6US7mH/QM+TQgcFIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM5YTZmNTRkMjFmNTM3YTlkZTI0Nzg3ZGQwZThmYmE0MDZh
OWNhZGQwHhcNMjUwMTAxMDU0ODIwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNDM4MWMyNDE3ZmRlODQzMmZlMTdlYzBiNDlhNDQwZDUyYjZlNDgzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr7lkdxlFxdr0pwxPRlaKK7BV9j48
ltMrfvzslEry5w/8sB7t+kf7wPRoemFT+ER0ZbCPNRksV23f5+H95ccbr+fmoWQG
x2osLcutJfdol9ExoZKRyffIAZs6ww/WVMeQOuow0d0ajFjhSnzwEDIMviy8RzHH
gXDwf57SEzOJGmSQhKNlmKHWBFKONHUb2EoJo2ZdS48g0nOEzjiiGnnt2i5CcJNK
YtSP+BeyFILDTHCL5iZ4C0Gwpa8+b2mZZl5IxAw1Pat8ZTt7YXr9DfJFYAz2n0Lp
f3lNalOQSlZr3djekxH8+FAi1OIHvc80Z8CjAmQrjDiyrhqketuZU/GriwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFKQ4HCQX/ehDL+F+wLSaRA1StuSDMB8GA1UdIwQY
MBaAFDmm9U0h9Tep3iR4fdDo+6QGqcrdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT2FiMVRTSDFONm5lSkhoOTBPajdwQWFweXQwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zOS9jOThmYjUtZGM5NC00YjdkLWE5ODkt
NmMyZmFiNWE0MDg1LzEvcERnY0pCZjk2RU12NFg3QXRKcEVEVksyNUlNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zOS9jOThmYjUtZGM5NC00YjdkLWE5ODktNmMyZmFiNWE0MDg1
LzEvT2FiMVRTSDFONm5lSkhoOTBPajdwQWFweXQwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAwSXoAwQA
wSXrMA0GCSqGSIb3DQEBCwUAA4IBAQASBXZLAisrTvsHvRmlAy2LMpuFPlLuUEQb
JNUzN2qsmmdVzVuI1iuQJubbv8Y0Sm+CNnQRP/hPmWlS/B4k6M7XmYLa6VdeKusw
u8A5vKZs72Vez8AoN45WvHoobBj3dMGNzzs5eabe1gOmtEy11KWJ4NGS38B+m9g3
He4e4k0sElfM50AndSgDd/Auj9VoR1xrdlUJbdwjzkzZONLklQDd3NuuqdFljYxE
hYewaRLj3IVoM4mTjxXXf07qWAa15kuSuQPSq+HmvEJFS79boTp/nAJnlibkSXj5
7Ow+2NDSBZN+eqHk6UDKkFZ+DNxzkMKKh+313sZG8rHwtp9CCU6/
-----END CERTIFICATE-----