Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3e/03dc6e-8524-45d7-acc5-e659fde05289/1/mCH81i7xBtgIGVkVDDWoy8KkJ-g.roa
File:                     mCH81i7xBtgIGVkVDDWoy8KkJ-g.roa (raw, json)
Hash identifier:          Z8+T6RRnwrbdCq/N/SZfyv3PBeRfv8rhSz1giWeS+Kg=
Subject key identifier:   98:21:FC:D6:2E:F1:06:D8:08:19:59:15:0C:35:A8:CB:C2:A4:27:E8
Certificate issuer:       /CN=3414a06dac854dbee60984588dec7b3284b5aa50
Certificate serial:       01942445145480680C91BEF167F178508F80
Authority key identifier: 34:14:A0:6D:AC:85:4D:BE:E6:09:84:58:8D:EC:7B:32:84:B5:AA:50
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NBSgbayFTb7mCYRYjex7MoS1qlA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3e/03dc6e-8524-45d7-acc5-e659fde05289/1/mCH81i7xBtgIGVkVDDWoy8KkJ-g.roa
Signing time:             Wed 01 Jan 2025 23:48:14 +0000
ROA not before:           Wed 01 Jan 2025 23:48:14 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     20853
IP address blocks:        193.104.99.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3e/03dc6e-8524-45d7-acc5-e659fde05289/1/NBSgbayFTb7mCYRYjex7MoS1qlA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3e/03dc6e-8524-45d7-acc5-e659fde05289/1/NBSgbayFTb7mCYRYjex7MoS1qlA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NBSgbayFTb7mCYRYjex7MoS1qlA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 23:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:45:14:54:80:68:0c:91:be:f1:67:f1:78:50:8f:80
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3414a06dac854dbee60984588dec7b3284b5aa50
        Validity
            Not Before: Jan  1 23:48:14 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9821fcd62ef106d8081959150c35a8cbc2a427e8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e0:c3:4d:73:ca:fa:36:16:5e:aa:6c:88:26:a6:
                    17:b9:c4:2f:d7:d9:86:f2:e1:98:d2:7f:6c:5b:88:
                    fd:46:2e:c8:8d:a5:de:26:ac:e8:64:89:51:9f:da:
                    96:ca:3f:0b:95:5c:14:70:8a:d6:52:80:67:46:9d:
                    7a:37:5c:1c:20:bf:93:13:6f:5a:1d:17:6c:ec:b2:
                    dd:56:f2:ef:cb:16:7f:4b:9f:62:ee:ef:7b:69:e6:
                    8a:40:63:ab:0b:9f:66:0d:fe:ff:1e:19:06:2c:b1:
                    0a:0c:15:76:e4:05:00:80:95:74:f8:06:8b:2a:aa:
                    06:3e:d7:da:ab:48:b1:52:8c:7c:9d:41:50:55:ab:
                    29:4c:e0:5f:94:78:73:50:ba:76:06:34:bb:73:02:
                    d4:1a:d3:47:43:28:2c:55:f6:36:db:0f:05:54:2c:
                    2a:4e:1d:e0:73:23:d2:78:33:e1:ab:03:8f:f1:75:
                    28:ee:b5:4e:77:0f:8c:f9:01:fd:f6:38:df:ca:91:
                    cb:11:4d:e8:25:ec:4b:56:e0:5d:4e:cf:cb:6a:8a:
                    0c:11:23:9e:af:d4:96:26:36:52:1a:23:2b:56:9a:
                    7c:0a:f4:14:0d:18:f6:1a:68:a9:34:04:c0:69:88:
                    2a:87:5f:8f:4c:66:96:7c:99:a3:af:e6:2a:d5:56:
                    12:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                98:21:FC:D6:2E:F1:06:D8:08:19:59:15:0C:35:A8:CB:C2:A4:27:E8
            X509v3 Authority Key Identifier:
                keyid:34:14:A0:6D:AC:85:4D:BE:E6:09:84:58:8D:EC:7B:32:84:B5:AA:50

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NBSgbayFTb7mCYRYjex7MoS1qlA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3e/03dc6e-8524-45d7-acc5-e659fde05289/1/mCH81i7xBtgIGVkVDDWoy8KkJ-g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3e/03dc6e-8524-45d7-acc5-e659fde05289/1/NBSgbayFTb7mCYRYjex7MoS1qlA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.104.99.0/24

    Signature Algorithm: sha256WithRSAEncryption
         27:ed:c4:eb:11:ef:a0:27:4f:4e:2f:11:1c:44:0d:34:1f:49:
         30:ef:9a:75:89:14:0a:04:66:68:9b:ea:5a:1a:77:21:74:57:
         9c:bd:f9:83:06:a8:ac:c7:3a:79:c0:47:9c:6b:a6:bf:eb:b0:
         3a:1d:59:54:93:a4:fc:27:cf:28:e0:8c:e8:a5:14:19:42:87:
         1b:5d:cd:50:34:f8:74:b2:7a:02:72:87:b6:1b:ca:cd:86:ab:
         2e:da:c1:2e:d6:e8:b2:cc:2c:8d:68:cb:ea:be:17:f1:c8:91:
         16:47:ac:25:99:55:49:a2:67:2e:d3:f0:be:7d:7c:c8:d0:6e:
         9b:3e:da:61:f0:82:e0:2f:a8:de:d7:da:85:26:b7:5b:e4:af:
         d9:bf:40:7a:5c:03:ca:db:75:86:44:98:ef:5f:16:94:e9:dc:
         78:73:04:6d:d2:83:a2:f4:f1:19:dc:ea:30:8a:ba:a2:36:f3:
         66:ac:49:e5:25:c5:08:01:32:e8:f4:d6:03:99:40:34:b3:3d:
         56:30:2e:92:41:9f:b8:ac:ff:84:76:31:71:f4:2c:f4:5f:c7:
         c6:fa:2e:78:1c:a5:05:37:96:10:a2:81:7b:0c:67:28:1e:36:
         5a:c8:7d:46:31:e8:a7:05:a1:b9:11:70:3d:16:0b:88:3f:26:
         07:d3:81:17
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQkRRRUgGgMkb7xZ/F4UI+AMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM0MTRhMDZkYWM4NTRkYmVlNjA5ODQ1ODhkZWM3YjMyODRi
NWFhNTAwHhcNMjUwMTAxMjM0ODE0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ODIxZmNkNjJlZjEwNmQ4MDgxOTU5MTUwYzM1YThjYmMyYTQyN2U4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4MNNc8r6NhZeqmyIJqYXucQv19mG
8uGY0n9sW4j9Ri7IjaXeJqzoZIlRn9qWyj8LlVwUcIrWUoBnRp16N1wcIL+TE29a
HRds7LLdVvLvyxZ/S59i7u97aeaKQGOrC59mDf7/HhkGLLEKDBV25AUAgJV0+AaL
KqoGPtfaq0ixUox8nUFQVaspTOBflHhzULp2BjS7cwLUGtNHQygsVfY22w8FVCwq
Th3gcyPSeDPhqwOP8XUo7rVOdw+M+QH99jjfypHLEU3oJexLVuBdTs/LaooMESOe
r9SWJjZSGiMrVpp8CvQUDRj2GmipNATAaYgqh1+PTGaWfJmjr+Yq1VYSBwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJgh/NYu8QbYCBlZFQw1qMvCpCfoMB8GA1UdIwQY
MBaAFDQUoG2shU2+5gmEWI3sezKEtapQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTkJTZ2JheUZUYjdtQ1lSWWpleDdNb1MxcWxBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZS8wM2RjNmUtODUyNC00NWQ3LWFjYzUt
ZTY1OWZkZTA1Mjg5LzEvbUNIODFpN3hCdGdJR1ZrVkREV295OEtrSi1nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZS8wM2RjNmUtODUyNC00NWQ3LWFjYzUtZTY1OWZkZTA1Mjg5
LzEvTkJTZ2JheUZUYjdtQ1lSWWpleDdNb1MxcWxBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwWhjMA0G
CSqGSIb3DQEBCwUAA4IBAQAn7cTrEe+gJ09OLxEcRA00H0kw75p1iRQKBGZom+pa
GnchdFecvfmDBqisxzp5wEeca6a/67A6HVlUk6T8J88o4IzopRQZQocbXc1QNPh0
snoCcoe2G8rNhqsu2sEu1uiyzCyNaMvqvhfxyJEWR6wlmVVJomcu0/C+fXzI0G6b
Ptph8ILgL6je19qFJrdb5K/Zv0B6XAPK23WGRJjvXxaU6dx4cwRt0oOi9PEZ3Oow
irqiNvNmrEnlJcUIATLo9NYDmUA0sz1WMC6SQZ+4rP+EdjFx9Cz0X8fG+i54HKUF
N5YQooF7DGcoHjZayH1GMeinBaG5EXA9FguIPyYH04EX
-----END CERTIFICATE-----