Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/53/da8b6b-19fa-4976-baa0-329211029a1a/1/64AufSKo0ctGsskBfGJHYgegDUM.roa
File:                     64AufSKo0ctGsskBfGJHYgegDUM.roa (raw, json)
Hash identifier:          TxQbijMyiwaYhEgR6gv3I6pa/f1D2b/JYXZHussR2b4=
Subject key identifier:   EB:80:2E:7D:22:A8:D1:CB:46:B2:C9:01:7C:62:47:62:07:A0:0D:43
Certificate issuer:       /CN=35f1a573915153de82890eae1303067fa68b2877
Certificate serial:       01941FFAB30E147A2BE600572262FAD675B0
Authority key identifier: 35:F1:A5:73:91:51:53:DE:82:89:0E:AE:13:03:06:7F:A6:8B:28:77
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NfGlc5FRU96CiQ6uEwMGf6aLKHc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/53/da8b6b-19fa-4976-baa0-329211029a1a/1/64AufSKo0ctGsskBfGJHYgegDUM.roa
Signing time:             Wed 01 Jan 2025 03:48:31 +0000
ROA not before:           Wed 01 Jan 2025 03:48:31 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     211434
IP address blocks:        193.163.184.0/24 maxlen: 24
                          2a10:e540::/29 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/53/da8b6b-19fa-4976-baa0-329211029a1a/1/NfGlc5FRU96CiQ6uEwMGf6aLKHc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/53/da8b6b-19fa-4976-baa0-329211029a1a/1/NfGlc5FRU96CiQ6uEwMGf6aLKHc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NfGlc5FRU96CiQ6uEwMGf6aLKHc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 23 Apr 2025 21:00:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:fa:b3:0e:14:7a:2b:e6:00:57:22:62:fa:d6:75:b0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=35f1a573915153de82890eae1303067fa68b2877
        Validity
            Not Before: Jan  1 03:48:31 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=eb802e7d22a8d1cb46b2c9017c62476207a00d43
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:8b:fe:bd:91:c2:b6:09:39:74:a5:16:8a:0a:
                    b1:49:72:d8:c9:78:f3:68:39:7a:cb:64:94:ba:5f:
                    f7:6c:65:54:e3:e4:4b:22:61:3d:2a:f7:f1:03:d5:
                    f5:d2:65:7c:16:1e:a1:10:d0:dc:bd:92:40:53:15:
                    77:1a:fa:92:4c:85:c4:2d:8b:c6:ef:4c:b6:e6:ba:
                    a9:22:b7:ec:7a:0b:59:5c:1b:d4:9f:c8:57:48:c0:
                    4c:b1:e1:b8:44:8c:a3:8d:d7:04:83:8a:2d:60:11:
                    73:9a:d2:3d:fe:f1:ee:db:61:44:c9:aa:00:08:eb:
                    e8:d5:3f:14:eb:df:21:b9:47:b8:d4:9e:b7:ca:c4:
                    dd:02:c9:cb:ec:fd:c1:07:9e:8b:f2:ae:d8:fa:b4:
                    fd:b3:b8:00:57:9c:7f:04:f6:4a:70:6b:ac:db:d3:
                    70:ef:6c:20:27:05:b9:39:d1:98:f1:94:3e:56:bb:
                    74:dc:24:a0:06:97:6e:a8:c0:23:d9:4f:25:70:c6:
                    cd:8b:62:f2:13:39:65:5f:79:ae:f8:c1:4e:d4:6b:
                    cb:88:9a:39:58:fb:e8:d4:2b:dd:81:58:2a:bf:29:
                    62:b2:9a:1f:09:7b:8e:01:02:cb:7a:dd:d2:e2:12:
                    4f:a1:59:ec:92:ee:4d:f7:33:d5:90:04:0e:be:1e:
                    ad:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EB:80:2E:7D:22:A8:D1:CB:46:B2:C9:01:7C:62:47:62:07:A0:0D:43
            X509v3 Authority Key Identifier:
                keyid:35:F1:A5:73:91:51:53:DE:82:89:0E:AE:13:03:06:7F:A6:8B:28:77

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NfGlc5FRU96CiQ6uEwMGf6aLKHc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/53/da8b6b-19fa-4976-baa0-329211029a1a/1/64AufSKo0ctGsskBfGJHYgegDUM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/53/da8b6b-19fa-4976-baa0-329211029a1a/1/NfGlc5FRU96CiQ6uEwMGf6aLKHc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.163.184.0/24
                IPv6:
                  2a10:e540::/29

    Signature Algorithm: sha256WithRSAEncryption
         25:37:23:22:13:04:f8:0d:4c:dd:94:a4:29:bd:25:76:82:f0:
         8a:e3:7d:43:dc:48:26:8b:e8:19:41:01:41:2d:7e:d7:c3:fe:
         05:5d:e1:5d:66:ee:0b:4d:d5:e8:d1:8b:52:b8:bc:8e:59:a5:
         13:d8:80:c1:3c:ab:5e:6b:32:92:dc:ad:2a:49:81:a3:28:77:
         7f:8d:ec:d4:5d:0b:bf:a9:76:cf:0a:98:3e:70:3e:c0:d2:4a:
         30:c0:f6:a4:f5:07:13:4b:f5:e4:b4:89:87:dc:b8:d0:e5:f1:
         07:74:0b:d3:b8:2a:f5:38:33:50:b3:7f:5b:ea:63:94:40:bb:
         b0:57:d0:07:53:22:c1:77:49:59:ad:43:e7:18:1e:4e:fd:f5:
         46:ac:7e:2b:06:57:ad:74:7e:19:01:32:aa:6e:97:74:be:72:
         5d:32:43:65:f8:d8:87:6f:20:70:ed:c9:5c:05:85:17:dc:a4:
         09:d3:1a:d4:fd:32:ce:ca:8f:0d:52:26:7f:b5:60:7b:24:89:
         a8:47:69:42:96:e7:1d:f3:50:a7:cf:2e:1b:5f:85:dd:4c:2e:
         37:fa:19:f7:d1:3b:8b:9b:ac:2c:f5:cc:7a:de:33:51:ba:3d:
         46:ee:82:c2:bd:12:a4:f6:57:65:7b:df:bf:58:21:fc:fd:81:
         9f:20:2f:1f
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQf+rMOFHor5gBXImL61nWwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1ZjFhNTczOTE1MTUzZGU4Mjg5MGVhZTEzMDMwNjdmYTY4
YjI4NzcwHhcNMjUwMTAxMDM0ODMxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYjgwMmU3ZDIyYThkMWNiNDZiMmM5MDE3YzYyNDc2MjA3YTAwZDQzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApov+vZHCtgk5dKUWigqxSXLYyXjz
aDl6y2SUul/3bGVU4+RLImE9KvfxA9X10mV8Fh6hENDcvZJAUxV3GvqSTIXELYvG
70y25rqpIrfsegtZXBvUn8hXSMBMseG4RIyjjdcEg4otYBFzmtI9/vHu22FEyaoA
COvo1T8U698huUe41J63ysTdAsnL7P3BB56L8q7Y+rT9s7gAV5x/BPZKcGus29Nw
72wgJwW5OdGY8ZQ+Vrt03CSgBpduqMAj2U8lcMbNi2LyEzllX3mu+MFO1GvLiJo5
WPvo1CvdgVgqvylispofCXuOAQLLet3S4hJPoVnsku5N9zPVkAQOvh6tHwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFOuALn0iqNHLRrLJAXxiR2IHoA1DMB8GA1UdIwQY
MBaAFDXxpXORUVPegokOrhMDBn+miyh3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTmZHbGM1RlJVOTZDaVE2dUV3TUdmNmFMS0hjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81My9kYThiNmItMTlmYS00OTc2LWJhYTAt
MzI5MjExMDI5YTFhLzEvNjRBdWZTS28wY3RHc3NrQmZHSkhZZ2VnRFVNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81My9kYThiNmItMTlmYS00OTc2LWJhYTAtMzI5MjExMDI5YTFh
LzEvTmZHbGM1RlJVOTZDaVE2dUV3TUdmNmFMS0hjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAwaO4MA0E
AgACMAcDBQMqEOVAMA0GCSqGSIb3DQEBCwUAA4IBAQAlNyMiEwT4DUzdlKQpvSV2
gvCK431D3Egmi+gZQQFBLX7Xw/4FXeFdZu4LTdXo0YtSuLyOWaUT2IDBPKteazKS
3K0qSYGjKHd/jezUXQu/qXbPCpg+cD7A0kowwPak9QcTS/XktImH3LjQ5fEHdAvT
uCr1ODNQs39b6mOUQLuwV9AHUyLBd0lZrUPnGB5O/fVGrH4rBletdH4ZATKqbpd0
vnJdMkNl+NiHbyBw7clcBYUX3KQJ0xrU/TLOyo8NUiZ/tWB7JImoR2lClucd81Cn
zy4bX4XdTC43+hn30TuLm6ws9cx63jNRuj1G7oLCvRKk9ldle9+/WCH8/YGfIC8f
-----END CERTIFICATE-----