Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/52/beaf9d-5b28-4df4-b67d-6a7fa82296c9/1/vckMl2OKOufIYLA6xJgut9gT3f0.roa
File:                     vckMl2OKOufIYLA6xJgut9gT3f0.roa (raw, json)
Hash identifier:          onDVG2ZFT5wXt5G5Co8mfB4Yy/QhekuAbPP/p4mZSXY=
Subject key identifier:   BD:C9:0C:97:63:8A:3A:E7:C8:60:B0:3A:C4:98:2E:B7:D8:13:DD:FD
Certificate issuer:       /CN=8fd38fb4d3b9a2c7c8fff597718c905b9e2f84cd
Certificate serial:       01941F8C683D561FDB0503A4F5FA336090BA
Authority key identifier: 8F:D3:8F:B4:D3:B9:A2:C7:C8:FF:F5:97:71:8C:90:5B:9E:2F:84:CD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/j9OPtNO5osfI__WXcYyQW54vhM0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/52/beaf9d-5b28-4df4-b67d-6a7fa82296c9/1/vckMl2OKOufIYLA6xJgut9gT3f0.roa
Signing time:             Wed 01 Jan 2025 01:48:02 +0000
ROA not before:           Wed 01 Jan 2025 01:48:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     3320
IP address blocks:        193.84.136.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/52/beaf9d-5b28-4df4-b67d-6a7fa82296c9/1/j9OPtNO5osfI__WXcYyQW54vhM0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/52/beaf9d-5b28-4df4-b67d-6a7fa82296c9/1/j9OPtNO5osfI__WXcYyQW54vhM0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/j9OPtNO5osfI__WXcYyQW54vhM0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 13:01:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:8c:68:3d:56:1f:db:05:03:a4:f5:fa:33:60:90:ba
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8fd38fb4d3b9a2c7c8fff597718c905b9e2f84cd
        Validity
            Not Before: Jan  1 01:48:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=bdc90c97638a3ae7c860b03ac4982eb7d813ddfd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:5d:f8:01:93:9c:73:7c:18:10:73:9e:38:7f:
                    15:9a:f5:3d:f3:6a:ca:b9:21:d9:8c:66:72:0d:ee:
                    f1:88:7a:9c:34:74:44:ec:a4:70:05:cc:cf:b4:ac:
                    92:e0:02:83:84:86:c5:b2:cf:f7:6a:b2:5d:91:8e:
                    f3:82:35:af:b9:04:ec:c0:fd:0a:a7:f3:80:db:2c:
                    c3:1c:5d:f3:0f:18:00:2f:86:e6:53:59:d8:1b:11:
                    b4:5e:a6:6b:a8:65:3f:db:ea:14:79:95:e7:27:4e:
                    1a:91:48:87:7e:5e:d6:ac:b2:8a:92:af:6c:d8:d8:
                    19:6e:ac:d7:e4:d8:be:bf:2f:4f:60:83:0e:14:80:
                    f0:a2:a1:79:4e:82:bf:a5:6f:25:de:d9:52:de:b9:
                    18:fa:28:a5:49:ea:0a:ce:a5:e5:d3:2f:ea:6e:c2:
                    a3:c5:19:6a:fa:01:8f:e0:26:8e:09:c1:96:0d:98:
                    b2:b0:b9:47:6b:75:db:55:1a:f5:3a:2c:61:dd:d4:
                    40:52:2b:7a:a2:93:34:0a:e7:d2:7b:a1:7b:24:5c:
                    8e:d2:95:4b:d8:59:89:a0:4b:99:3a:72:0e:c5:7e:
                    e1:94:7a:92:78:f9:2b:3d:97:9b:02:a0:c9:c6:ce:
                    a0:82:56:77:c9:da:ab:69:82:a1:83:87:ab:eb:64:
                    c3:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BD:C9:0C:97:63:8A:3A:E7:C8:60:B0:3A:C4:98:2E:B7:D8:13:DD:FD
            X509v3 Authority Key Identifier:
                keyid:8F:D3:8F:B4:D3:B9:A2:C7:C8:FF:F5:97:71:8C:90:5B:9E:2F:84:CD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/j9OPtNO5osfI__WXcYyQW54vhM0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/52/beaf9d-5b28-4df4-b67d-6a7fa82296c9/1/vckMl2OKOufIYLA6xJgut9gT3f0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/52/beaf9d-5b28-4df4-b67d-6a7fa82296c9/1/j9OPtNO5osfI__WXcYyQW54vhM0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.84.136.0/22

    Signature Algorithm: sha256WithRSAEncryption
         b5:28:4f:bf:fc:4a:b9:f8:2f:04:eb:0d:d2:4e:d3:72:8c:f2:
         94:8c:b7:59:4b:c7:65:31:c2:d5:f3:6c:ae:e3:70:27:c8:7a:
         5d:3e:b7:fa:86:38:ed:e2:ef:a7:8c:94:38:a9:d6:45:1d:3b:
         15:86:41:43:04:5a:ff:49:17:f8:b5:5c:f2:4d:11:53:15:47:
         a6:1f:b1:22:38:22:c5:0c:66:25:f8:c5:ca:40:ab:cf:b4:07:
         78:a0:57:20:2a:50:a8:43:c5:a4:aa:40:df:15:89:b8:67:bb:
         40:e4:2a:e5:3c:a8:23:69:6a:73:5f:e7:ae:08:8f:72:b1:a2:
         e9:5f:2a:0e:56:e4:01:25:de:08:b5:3c:f5:38:15:a7:8a:c2:
         1b:8d:ec:a3:1d:e2:e6:0f:8d:3d:4b:0a:5a:b8:e5:31:d6:ea:
         4e:22:75:d0:9f:b9:3d:6b:3f:02:ce:d0:40:30:f0:70:76:86:
         8d:3e:70:60:3f:bb:5a:c8:16:4f:82:39:79:a3:41:b8:d1:c9:
         83:c6:d7:e5:96:81:14:1a:ef:9b:8b:39:fe:de:81:ed:ce:cd:
         dd:30:bf:cd:ee:e8:ff:7f:f9:d5:5c:35:c3:08:c5:e3:cf:d4:
         00:97:2d:96:1a:5d:e9:6e:48:dc:6a:a3:dc:df:e8:bb:70:7e:
         23:9b:11:a5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQfjGg9Vh/bBQOk9fozYJC6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhmZDM4ZmI0ZDNiOWEyYzdjOGZmZjU5NzcxOGM5MDViOWUy
Zjg0Y2QwHhcNMjUwMTAxMDE0ODAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZGM5MGM5NzYzOGEzYWU3Yzg2MGIwM2FjNDk4MmViN2Q4MTNkZGZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu134AZOcc3wYEHOeOH8VmvU982rK
uSHZjGZyDe7xiHqcNHRE7KRwBczPtKyS4AKDhIbFss/3arJdkY7zgjWvuQTswP0K
p/OA2yzDHF3zDxgAL4bmU1nYGxG0XqZrqGU/2+oUeZXnJ04akUiHfl7WrLKKkq9s
2NgZbqzX5Ni+vy9PYIMOFIDwoqF5ToK/pW8l3tlS3rkY+iilSeoKzqXl0y/qbsKj
xRlq+gGP4CaOCcGWDZiysLlHa3XbVRr1Oixh3dRAUit6opM0CufSe6F7JFyO0pVL
2FmJoEuZOnIOxX7hlHqSePkrPZebAqDJxs6gglZ3ydqraYKhg4er62TDOQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFL3JDJdjijrnyGCwOsSYLrfYE939MB8GA1UdIwQY
MBaAFI/Tj7TTuaLHyP/1l3GMkFueL4TNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvajlPUHROTzVvc2ZJX19XWGNZeVFXNTR2aE0wLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Mi9iZWFmOWQtNWIyOC00ZGY0LWI2N2Qt
NmE3ZmE4MjI5NmM5LzEvdmNrTWwyT0tPdWZJWUxBNnhKZ3V0OWdUM2YwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Mi9iZWFmOWQtNWIyOC00ZGY0LWI2N2QtNmE3ZmE4MjI5NmM5
LzEvajlPUHROTzVvc2ZJX19XWGNZeVFXNTR2aE0wLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCwVSIMA0G
CSqGSIb3DQEBCwUAA4IBAQC1KE+//Eq5+C8E6w3STtNyjPKUjLdZS8dlMcLV82yu
43AnyHpdPrf6hjjt4u+njJQ4qdZFHTsVhkFDBFr/SRf4tVzyTRFTFUemH7EiOCLF
DGYl+MXKQKvPtAd4oFcgKlCoQ8WkqkDfFYm4Z7tA5CrlPKgjaWpzX+euCI9ysaLp
XyoOVuQBJd4ItTz1OBWnisIbjeyjHeLmD409SwpauOUx1upOInXQn7k9az8CztBA
MPBwdoaNPnBgP7tayBZPgjl5o0G40cmDxtflloEUGu+bizn+3oHtzs3dML/N7uj/
f/nVXDXDCMXjz9QAly2WGl3pbkjcaqPc3+i7cH4jmxGl
-----END CERTIFICATE-----