Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3d/3f9619-4bd0-4aba-90e2-7c3f8c40c510/1/jOBsmTZZQR2oFpHPynuOSfcKlhQ.roa
File:                     jOBsmTZZQR2oFpHPynuOSfcKlhQ.roa (raw, json)
Hash identifier:          HS2UqrHXUPTUg04Ke/uHXIU8tldEPiGgxWt1zu5k5H0=
Subject key identifier:   8C:E0:6C:99:36:59:41:1D:A8:16:91:CF:CA:7B:8E:49:F7:0A:96:14
Certificate issuer:       /CN=abd96aae88ef99b4d50e49ecae9cae48f37881f7
Certificate serial:       019426D8FA75B4E2B3EA12CC6B5570FEBE75
Authority key identifier: AB:D9:6A:AE:88:EF:99:B4:D5:0E:49:EC:AE:9C:AE:48:F3:78:81:F7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/q9lqrojvmbTVDknsrpyuSPN4gfc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3d/3f9619-4bd0-4aba-90e2-7c3f8c40c510/1/jOBsmTZZQR2oFpHPynuOSfcKlhQ.roa
Signing time:             Thu 02 Jan 2025 11:49:01 +0000
ROA not before:           Thu 02 Jan 2025 11:49:01 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     8317
IP address blocks:        194.88.238.0/23 maxlen: 23
                          195.24.240.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3d/3f9619-4bd0-4aba-90e2-7c3f8c40c510/1/q9lqrojvmbTVDknsrpyuSPN4gfc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3d/3f9619-4bd0-4aba-90e2-7c3f8c40c510/1/q9lqrojvmbTVDknsrpyuSPN4gfc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/q9lqrojvmbTVDknsrpyuSPN4gfc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 10 Mar 2025 11:00:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:d8:fa:75:b4:e2:b3:ea:12:cc:6b:55:70:fe:be:75
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=abd96aae88ef99b4d50e49ecae9cae48f37881f7
        Validity
            Not Before: Jan  2 11:49:01 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8ce06c993659411da81691cfca7b8e49f70a9614
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:6f:c7:71:77:ce:e0:39:71:10:f9:a7:a0:08:
                    f0:27:34:41:a6:ee:b8:9b:62:6f:95:c1:71:e6:31:
                    cc:f1:01:e8:dd:48:ea:9b:2f:9e:bf:88:cc:c4:f7:
                    dd:0d:ae:87:cb:4a:e3:42:45:7d:06:52:2d:fb:f2:
                    c7:c4:c2:3a:d0:47:a6:c3:82:6e:eb:c2:ad:05:77:
                    5c:f7:44:3f:70:da:11:82:25:77:05:f3:d4:85:49:
                    d2:bf:a6:5e:14:15:b2:2f:49:4c:e1:81:5b:6e:d4:
                    5c:79:d7:6e:9b:8a:5f:d1:7c:24:1d:7f:18:e1:52:
                    cc:7c:d3:1c:97:0e:f8:2e:7b:13:33:46:ab:f0:6b:
                    df:c9:8f:98:4b:c2:32:e7:d3:4d:27:36:3d:09:81:
                    12:91:13:c6:b9:b5:cf:74:6b:2e:ca:bf:00:ae:0e:
                    16:a6:b1:33:a7:6f:f5:aa:3e:bf:1d:29:c8:08:0d:
                    55:9d:cc:b9:e6:a3:20:24:e2:93:fa:36:02:f8:34:
                    5d:cb:73:f8:10:b4:d5:ce:94:4a:cc:6f:e3:3c:46:
                    bb:54:83:50:7e:30:6e:b6:d6:78:da:54:fd:9c:f4:
                    c7:d4:6e:31:ba:7d:24:28:de:a9:5e:c5:ed:39:3d:
                    6c:f3:f5:5e:cd:9e:78:c2:a3:2f:bf:df:f8:f6:d6:
                    36:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8C:E0:6C:99:36:59:41:1D:A8:16:91:CF:CA:7B:8E:49:F7:0A:96:14
            X509v3 Authority Key Identifier:
                keyid:AB:D9:6A:AE:88:EF:99:B4:D5:0E:49:EC:AE:9C:AE:48:F3:78:81:F7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/q9lqrojvmbTVDknsrpyuSPN4gfc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/3f9619-4bd0-4aba-90e2-7c3f8c40c510/1/jOBsmTZZQR2oFpHPynuOSfcKlhQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/3f9619-4bd0-4aba-90e2-7c3f8c40c510/1/q9lqrojvmbTVDknsrpyuSPN4gfc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.88.238.0/23
                  195.24.240.0/23

    Signature Algorithm: sha256WithRSAEncryption
         76:79:c0:ea:3b:00:5b:b1:b5:3e:c7:3a:f1:87:82:25:ee:91:
         f2:05:10:90:8f:01:b4:01:43:58:ac:a8:a6:0e:2a:7a:0c:f7:
         d3:3f:25:14:64:11:f0:21:9d:b2:b7:8b:d7:fe:ab:fe:0b:86:
         0b:c1:bb:d6:9c:bb:01:76:7c:f9:e5:00:f7:c1:e9:ce:51:df:
         46:45:bb:78:35:3d:2c:f5:b9:a1:46:d8:75:1d:f1:34:21:20:
         22:ca:1e:4b:ea:c5:e0:52:6d:1e:4d:8b:0c:01:c1:4a:99:ad:
         4c:d5:3f:96:23:77:56:32:bc:3d:b3:59:c3:f1:5c:73:34:da:
         8b:23:a8:5e:4b:de:55:58:e7:6e:22:3b:ce:86:6c:0b:fe:28:
         54:be:d1:14:9f:90:fc:5e:4f:82:39:6e:2a:4a:9c:20:95:f8:
         7c:aa:ec:f3:29:4c:10:d4:50:ce:49:8b:14:72:36:8f:3f:68:
         9e:2e:00:7d:2a:d2:78:97:7f:08:2b:e9:e4:05:c1:c1:21:1c:
         56:36:3a:25:d7:73:16:02:0a:e9:ee:8b:3e:04:f2:25:35:59:
         82:67:8c:b1:10:27:a2:a8:50:73:06:05:40:6e:15:53:ab:b0:
         41:37:65:90:22:96:1f:f2:cb:39:a5:c5:26:8c:a4:e5:12:0f:
         19:89:1e:4b
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQm2Pp1tOKz6hLMa1Vw/r51MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFiZDk2YWFlODhlZjk5YjRkNTBlNDllY2FlOWNhZTQ4ZjM3
ODgxZjcwHhcNMjUwMTAyMTE0OTAxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4Y2UwNmM5OTM2NTk0MTFkYTgxNjkxY2ZjYTdiOGU0OWY3MGE5NjE0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzG/HcXfO4DlxEPmnoAjwJzRBpu64
m2JvlcFx5jHM8QHo3Ujqmy+ev4jMxPfdDa6Hy0rjQkV9BlIt+/LHxMI60Eemw4Ju
68KtBXdc90Q/cNoRgiV3BfPUhUnSv6ZeFBWyL0lM4YFbbtRceddum4pf0XwkHX8Y
4VLMfNMclw74LnsTM0ar8GvfyY+YS8Iy59NNJzY9CYESkRPGubXPdGsuyr8Arg4W
prEzp2/1qj6/HSnICA1Vncy55qMgJOKT+jYC+DRdy3P4ELTVzpRKzG/jPEa7VINQ
fjButtZ42lT9nPTH1G4xun0kKN6pXsXtOT1s8/VezZ54wqMvv9/49tY2QwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFIzgbJk2WUEdqBaRz8p7jkn3CpYUMB8GA1UdIwQY
MBaAFKvZaq6I75m01Q5J7K6crkjzeIH3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcTlscXJvanZtYlRWRGtuc3JweXVTUE40Z2ZjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZC8zZjk2MTktNGJkMC00YWJhLTkwZTIt
N2MzZjhjNDBjNTEwLzEvak9Cc21UWlpRUjJvRnBIUHludU9TZmNLbGhRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZC8zZjk2MTktNGJkMC00YWJhLTkwZTItN2MzZjhjNDBjNTEw
LzEvcTlscXJvanZtYlRWRGtuc3JweXVTUE40Z2ZjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBwljuAwQB
wxjwMA0GCSqGSIb3DQEBCwUAA4IBAQB2ecDqOwBbsbU+xzrxh4Il7pHyBRCQjwG0
AUNYrKimDip6DPfTPyUUZBHwIZ2yt4vX/qv+C4YLwbvWnLsBdnz55QD3wenOUd9G
Rbt4NT0s9bmhRth1HfE0ISAiyh5L6sXgUm0eTYsMAcFKma1M1T+WI3dWMrw9s1nD
8VxzNNqLI6heS95VWOduIjvOhmwL/ihUvtEUn5D8Xk+COW4qSpwglfh8quzzKUwQ
1FDOSYsUcjaPP2ieLgB9KtJ4l38IK+nkBcHBIRxWNjol13MWAgrp7os+BPIlNVmC
Z4yxECeiqFBzBgVAbhVTq7BBN2WQIpYf8ss5pcUmjKTlEg8ZiR5L
-----END CERTIFICATE-----