Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4c/63dbe5-5aa3-4f19-8da4-a8d361ce64aa/1/B0TfHkEyVnbd2N0e6k2tgOD6_wI.roa
File:                     B0TfHkEyVnbd2N0e6k2tgOD6_wI.roa (raw, json)
Hash identifier:          Urqkg7JIHNdsGel84r9NTaWTAKTT4SDTb2BONLXGY8w=
Subject key identifier:   07:44:DF:1E:41:32:56:76:DD:D8:DD:1E:EA:4D:AD:80:E0:FA:FF:02
Certificate issuer:       /CN=073b4c1248c4bcf22b0577dfca9b14d9063c28c0
Certificate serial:       0194244524AE1E62A4D057A526253EDA6762
Authority key identifier: 07:3B:4C:12:48:C4:BC:F2:2B:05:77:DF:CA:9B:14:D9:06:3C:28:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BztMEkjEvPIrBXffypsU2QY8KMA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4c/63dbe5-5aa3-4f19-8da4-a8d361ce64aa/1/B0TfHkEyVnbd2N0e6k2tgOD6_wI.roa
Signing time:             Wed 01 Jan 2025 23:48:18 +0000
ROA not before:           Wed 01 Jan 2025 23:48:18 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     49418
IP address blocks:        87.251.89.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4c/63dbe5-5aa3-4f19-8da4-a8d361ce64aa/1/BztMEkjEvPIrBXffypsU2QY8KMA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4c/63dbe5-5aa3-4f19-8da4-a8d361ce64aa/1/BztMEkjEvPIrBXffypsU2QY8KMA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BztMEkjEvPIrBXffypsU2QY8KMA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 03:01:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:45:24:ae:1e:62:a4:d0:57:a5:26:25:3e:da:67:62
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=073b4c1248c4bcf22b0577dfca9b14d9063c28c0
        Validity
            Not Before: Jan  1 23:48:18 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0744df1e41325676ddd8dd1eea4dad80e0faff02
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:b3:33:e5:b1:54:12:14:24:f0:7e:0a:79:6e:
                    a8:36:62:8e:38:94:7e:1c:4a:37:56:09:a0:e2:c9:
                    b3:78:20:d5:1d:0a:db:67:90:09:3e:84:03:e3:37:
                    4b:cb:d1:c4:e1:a5:70:f1:94:67:23:62:01:1d:9a:
                    57:99:4a:64:6c:d5:3f:9d:0d:39:68:a7:6f:9b:c2:
                    50:c9:88:a6:a9:70:fb:5d:79:d4:d7:2c:dc:9e:da:
                    97:16:fb:62:3d:e2:c0:23:3c:80:e3:f6:d8:d2:e1:
                    9d:9e:66:4c:4a:eb:b5:7d:76:76:78:6c:87:94:20:
                    4b:37:f7:17:c4:60:ae:b6:df:83:c4:9c:c7:6d:55:
                    35:06:b8:65:c4:56:c0:06:a8:3a:ae:25:50:8b:4b:
                    82:61:cb:09:6c:64:e9:0a:96:3f:9d:9f:7b:d5:09:
                    ba:3a:13:61:9d:65:2e:6c:00:60:6d:6e:be:c0:93:
                    bb:68:bd:79:50:e1:6c:8c:77:6a:ad:b9:b0:3b:1b:
                    bc:77:e5:16:0a:d0:ed:9a:b1:2a:2f:cf:74:14:c2:
                    31:92:ec:7e:35:d7:cc:1a:87:54:ba:56:a8:bd:34:
                    c7:f5:9d:06:f7:81:e4:27:46:03:26:11:f9:ef:8e:
                    66:28:5b:d9:17:e3:72:c6:47:21:e3:58:67:36:e3:
                    b5:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                07:44:DF:1E:41:32:56:76:DD:D8:DD:1E:EA:4D:AD:80:E0:FA:FF:02
            X509v3 Authority Key Identifier:
                keyid:07:3B:4C:12:48:C4:BC:F2:2B:05:77:DF:CA:9B:14:D9:06:3C:28:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BztMEkjEvPIrBXffypsU2QY8KMA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/63dbe5-5aa3-4f19-8da4-a8d361ce64aa/1/B0TfHkEyVnbd2N0e6k2tgOD6_wI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/63dbe5-5aa3-4f19-8da4-a8d361ce64aa/1/BztMEkjEvPIrBXffypsU2QY8KMA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.251.89.0/24

    Signature Algorithm: sha256WithRSAEncryption
         85:47:7a:2c:16:b6:2a:a7:0a:36:5f:67:27:82:45:2c:42:3c:
         9c:32:f2:d5:d3:ba:d0:d5:8b:1e:10:56:5a:50:71:82:97:b3:
         a0:8b:43:ef:e2:1c:ac:68:a5:b9:db:c5:2e:f7:dc:33:aa:cc:
         93:76:b2:33:f1:42:65:e5:6c:b2:e0:1b:7f:e1:d4:aa:82:c8:
         12:b4:3f:10:0a:05:f4:79:6e:90:84:19:ba:33:57:72:be:5a:
         57:20:f8:72:fb:12:e5:b0:ba:a9:58:15:91:0e:5f:8f:c3:be:
         bd:6d:cf:7b:69:36:9b:ab:e5:3b:35:b8:0c:0e:ae:a3:ac:1a:
         c5:54:cf:ab:d5:84:d9:23:7a:23:16:8d:88:61:10:87:a7:d0:
         c0:86:6d:f1:72:bb:24:f9:14:e4:95:94:d1:12:7d:1d:18:ae:
         2c:69:c6:b0:ca:c9:54:a8:db:5d:4b:80:47:ac:d7:0e:e6:9a:
         13:ad:db:9b:aa:b8:c8:59:8d:24:9b:df:02:7e:36:a3:30:1b:
         3b:fa:92:a9:4c:d3:cb:b6:f4:59:6d:cb:6b:e5:33:1b:d8:37:
         f0:49:b0:31:88:0e:39:ad:3d:69:82:bc:5a:28:fd:b3:25:b5:
         5d:dc:a4:51:5d:57:1b:f9:8d:13:5f:a4:cb:11:cd:d4:20:67:
         d2:20:d3:85
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQkRSSuHmKk0FelJiU+2mdiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA3M2I0YzEyNDhjNGJjZjIyYjA1NzdkZmNhOWIxNGQ5MDYz
YzI4YzAwHhcNMjUwMTAxMjM0ODE4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNzQ0ZGYxZTQxMzI1Njc2ZGRkOGRkMWVlYTRkYWQ4MGUwZmFmZjAyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx7Mz5bFUEhQk8H4KeW6oNmKOOJR+
HEo3Vgmg4smzeCDVHQrbZ5AJPoQD4zdLy9HE4aVw8ZRnI2IBHZpXmUpkbNU/nQ05
aKdvm8JQyYimqXD7XXnU1yzcntqXFvtiPeLAIzyA4/bY0uGdnmZMSuu1fXZ2eGyH
lCBLN/cXxGCutt+DxJzHbVU1BrhlxFbABqg6riVQi0uCYcsJbGTpCpY/nZ971Qm6
OhNhnWUubABgbW6+wJO7aL15UOFsjHdqrbmwOxu8d+UWCtDtmrEqL890FMIxkux+
NdfMGodUulaovTTH9Z0G94HkJ0YDJhH5745mKFvZF+Nyxkch41hnNuO1gQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAdE3x5BMlZ23djdHupNrYDg+v8CMB8GA1UdIwQY
MBaAFAc7TBJIxLzyKwV338qbFNkGPCjAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQnp0TUVrakV2UElyQlhmZnlwc1UyUVk4S01BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yy82M2RiZTUtNWFhMy00ZjE5LThkYTQt
YThkMzYxY2U2NGFhLzEvQjBUZkhrRXlWbmJkMk4wZTZrMnRnT0Q2X3dJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yy82M2RiZTUtNWFhMy00ZjE5LThkYTQtYThkMzYxY2U2NGFh
LzEvQnp0TUVrakV2UElyQlhmZnlwc1UyUVk4S01BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAV/tZMA0G
CSqGSIb3DQEBCwUAA4IBAQCFR3osFrYqpwo2X2cngkUsQjycMvLV07rQ1YseEFZa
UHGCl7Ogi0Pv4hysaKW528Uu99wzqsyTdrIz8UJl5Wyy4Bt/4dSqgsgStD8QCgX0
eW6QhBm6M1dyvlpXIPhy+xLlsLqpWBWRDl+Pw769bc97aTabq+U7NbgMDq6jrBrF
VM+r1YTZI3ojFo2IYRCHp9DAhm3xcrsk+RTklZTREn0dGK4sacawyslUqNtdS4BH
rNcO5poTrdubqrjIWY0km98CfjajMBs7+pKpTNPLtvRZbctr5TMb2DfwSbAxiA45
rT1pgrxaKP2zJbVd3KRRXVcb+Y0TX6TLEc3UIGfSINOF
-----END CERTIFICATE-----