Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/44/fb48fd-4ec5-43f1-93cc-8654786e20a9/1/omUHhrKSJPjXc3fnFI7A_uy7HUU.roa
File:                     omUHhrKSJPjXc3fnFI7A_uy7HUU.roa (raw, json)
Hash identifier:          xj7VTWYKB+CTrZ+OfVzTG694MjcNSO25Qbd0GhfZgnw=
Subject key identifier:   A2:65:07:86:B2:92:24:F8:D7:73:77:E7:14:8E:C0:FE:EC:BB:1D:45
Certificate issuer:       /CN=6745314516483fe27c0530ccb9707c376d20e7f0
Certificate serial:       0194236A37C4B6B99869CA3CAB6265A6F59D
Authority key identifier: 67:45:31:45:16:48:3F:E2:7C:05:30:CC:B9:70:7C:37:6D:20:E7:F0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Z0UxRRZIP-J8BTDMuXB8N20g5_A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/44/fb48fd-4ec5-43f1-93cc-8654786e20a9/1/omUHhrKSJPjXc3fnFI7A_uy7HUU.roa
Signing time:             Wed 01 Jan 2025 19:49:11 +0000
ROA not before:           Wed 01 Jan 2025 19:49:11 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     399668
IP address blocks:        193.3.178.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/44/fb48fd-4ec5-43f1-93cc-8654786e20a9/1/Z0UxRRZIP-J8BTDMuXB8N20g5_A.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/44/fb48fd-4ec5-43f1-93cc-8654786e20a9/1/Z0UxRRZIP-J8BTDMuXB8N20g5_A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Z0UxRRZIP-J8BTDMuXB8N20g5_A.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 16:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:6a:37:c4:b6:b9:98:69:ca:3c:ab:62:65:a6:f5:9d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6745314516483fe27c0530ccb9707c376d20e7f0
        Validity
            Not Before: Jan  1 19:49:11 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a2650786b29224f8d77377e7148ec0feecbb1d45
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:3a:82:00:4a:e7:91:9d:48:df:27:ba:11:85:
                    a9:d5:f3:5a:c1:0e:3c:b9:cf:4c:60:10:50:7e:d0:
                    69:5a:ea:ac:77:ae:ed:14:fb:09:88:52:ed:d1:38:
                    d5:fc:4c:2c:22:a7:83:a2:36:84:b9:a0:a6:e1:b7:
                    1d:88:32:e8:16:12:04:c1:6c:26:50:22:ff:b3:46:
                    be:08:2a:64:52:e6:33:be:8c:bb:c4:f1:f2:16:ae:
                    ca:56:34:a5:a0:11:59:95:35:aa:93:a3:2c:8a:64:
                    c8:c8:a7:fc:02:e0:78:9d:50:6d:b8:28:95:e8:e5:
                    0e:19:36:92:b8:c1:e7:6f:10:b5:92:60:2e:b0:3e:
                    dd:18:37:e5:6d:6c:12:00:fb:7b:b8:fe:fd:6d:65:
                    23:a6:6c:cd:5e:08:09:26:27:21:be:72:83:1b:d9:
                    3b:c0:df:1e:4e:78:a8:22:88:a4:61:47:b9:5d:09:
                    ae:3d:57:a7:a7:16:25:51:f0:5f:f7:a1:58:ac:94:
                    7b:96:ed:d8:f3:43:da:df:48:28:66:72:7d:60:2d:
                    08:ab:83:ab:ab:45:33:0d:ca:a7:0b:e2:33:8b:cf:
                    12:be:01:0e:80:66:66:72:92:02:aa:ad:a2:28:1b:
                    e3:fa:25:12:29:4f:c9:7c:55:fd:f6:bc:d0:1f:a3:
                    22:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A2:65:07:86:B2:92:24:F8:D7:73:77:E7:14:8E:C0:FE:EC:BB:1D:45
            X509v3 Authority Key Identifier:
                keyid:67:45:31:45:16:48:3F:E2:7C:05:30:CC:B9:70:7C:37:6D:20:E7:F0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Z0UxRRZIP-J8BTDMuXB8N20g5_A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/44/fb48fd-4ec5-43f1-93cc-8654786e20a9/1/omUHhrKSJPjXc3fnFI7A_uy7HUU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/44/fb48fd-4ec5-43f1-93cc-8654786e20a9/1/Z0UxRRZIP-J8BTDMuXB8N20g5_A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.3.178.0/24

    Signature Algorithm: sha256WithRSAEncryption
         30:85:98:22:ca:35:e1:06:1f:d0:f5:63:25:dc:3c:a2:a2:bd:
         00:d3:b9:97:bc:34:be:0b:bb:04:f0:07:93:0f:70:98:c7:e4:
         29:04:f9:75:fe:03:5f:3e:86:95:12:cf:ad:d4:e4:24:c0:83:
         35:c0:b5:7d:a2:ea:d2:4f:6c:6a:5e:f8:37:30:07:e1:49:6a:
         4c:de:91:ed:5e:bc:03:fd:26:7b:1b:1a:e8:74:30:54:32:b7:
         d1:35:ad:b0:27:c0:ca:51:26:f3:9d:a3:75:57:b5:6a:52:33:
         59:37:a4:c1:ce:af:42:ee:9a:72:2d:f3:40:18:de:fc:0e:7e:
         fc:f4:65:48:dd:82:81:a8:4a:54:ec:f9:b7:6a:be:0f:cc:03:
         4d:76:1a:dd:02:db:11:15:fa:05:70:61:2c:11:6b:cc:bc:20:
         98:66:42:6f:e3:bc:5a:5d:4f:12:8d:d8:3f:fa:98:06:8f:00:
         dc:a0:90:12:7c:37:12:66:00:62:02:4c:9c:89:15:91:f0:77:
         ef:7a:0b:ca:0f:10:eb:70:8a:37:10:29:7c:c8:c0:ae:79:d9:
         4e:2f:a2:8a:74:ba:b0:81:67:20:ca:6f:10:c3:3e:01:83:6a:
         7a:3d:80:c9:5f:a0:8a:79:65:f9:1a:d4:83:1b:1c:8e:8e:43:
         13:4a:b4:34
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQjajfEtrmYaco8q2JlpvWdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY3NDUzMTQ1MTY0ODNmZTI3YzA1MzBjY2I5NzA3YzM3NmQy
MGU3ZjAwHhcNMjUwMTAxMTk0OTExWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMjY1MDc4NmIyOTIyNGY4ZDc3Mzc3ZTcxNDhlYzBmZWVjYmIxZDQ1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsDqCAErnkZ1I3ye6EYWp1fNawQ48
uc9MYBBQftBpWuqsd67tFPsJiFLt0TjV/EwsIqeDojaEuaCm4bcdiDLoFhIEwWwm
UCL/s0a+CCpkUuYzvoy7xPHyFq7KVjSloBFZlTWqk6MsimTIyKf8AuB4nVBtuCiV
6OUOGTaSuMHnbxC1kmAusD7dGDflbWwSAPt7uP79bWUjpmzNXggJJichvnKDG9k7
wN8eTnioIoikYUe5XQmuPVenpxYlUfBf96FYrJR7lu3Y80Pa30goZnJ9YC0Iq4Or
q0UzDcqnC+Izi88SvgEOgGZmcpICqq2iKBvj+iUSKU/JfFX99rzQH6MigwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKJlB4aykiT413N35xSOwP7sux1FMB8GA1UdIwQY
MBaAFGdFMUUWSD/ifAUwzLlwfDdtIOfwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWjBVeFJSWklQLUo4QlRETXVYQjhOMjBnNV9BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80NC9mYjQ4ZmQtNGVjNS00M2YxLTkzY2Mt
ODY1NDc4NmUyMGE5LzEvb21VSGhyS1NKUGpYYzNmbkZJN0FfdXk3SFVVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80NC9mYjQ4ZmQtNGVjNS00M2YxLTkzY2MtODY1NDc4NmUyMGE5
LzEvWjBVeFJSWklQLUo4QlRETXVYQjhOMjBnNV9BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwQOyMA0G
CSqGSIb3DQEBCwUAA4IBAQAwhZgiyjXhBh/Q9WMl3Dyior0A07mXvDS+C7sE8AeT
D3CYx+QpBPl1/gNfPoaVEs+t1OQkwIM1wLV9ourST2xqXvg3MAfhSWpM3pHtXrwD
/SZ7GxrodDBUMrfRNa2wJ8DKUSbznaN1V7VqUjNZN6TBzq9C7ppyLfNAGN78Dn78
9GVI3YKBqEpU7Pm3ar4PzANNdhrdAtsRFfoFcGEsEWvMvCCYZkJv47xaXU8Sjdg/
+pgGjwDcoJASfDcSZgBiAkyciRWR8HfvegvKDxDrcIo3ECl8yMCuedlOL6KKdLqw
gWcgym8Qwz4Bg2p6PYDJX6CKeWX5GtSDGxyOjkMTSrQ0
-----END CERTIFICATE-----