Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/55/983abd-3488-4c6e-ad88-8b1cfb68366e/1/B2d2juf7uKwnCru3ZiDDoYOXciY.roa
File:                     B2d2juf7uKwnCru3ZiDDoYOXciY.roa (raw, json)
Hash identifier:          82W2phd9aqBUTlWrD81GDTCzzKIr5I7VokuYsIuKW0U=
Subject key identifier:   07:67:76:8E:E7:FB:B8:AC:27:0A:BB:B7:66:20:C3:A1:83:97:72:26
Certificate issuer:       /CN=6b7fa05e6b4d8a51294407504d9641ad3e02043f
Certificate serial:       01942220329C7BB99F56B9E760383F04E203
Authority key identifier: 6B:7F:A0:5E:6B:4D:8A:51:29:44:07:50:4D:96:41:AD:3E:02:04:3F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/a3-gXmtNilEpRAdQTZZBrT4CBD8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/55/983abd-3488-4c6e-ad88-8b1cfb68366e/1/B2d2juf7uKwnCru3ZiDDoYOXciY.roa
Signing time:             Wed 01 Jan 2025 13:48:42 +0000
ROA not before:           Wed 01 Jan 2025 13:48:42 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     61045
IP address blocks:        188.93.113.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/55/983abd-3488-4c6e-ad88-8b1cfb68366e/1/a3-gXmtNilEpRAdQTZZBrT4CBD8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/55/983abd-3488-4c6e-ad88-8b1cfb68366e/1/a3-gXmtNilEpRAdQTZZBrT4CBD8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/a3-gXmtNilEpRAdQTZZBrT4CBD8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 14 Mar 2025 00:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:20:32:9c:7b:b9:9f:56:b9:e7:60:38:3f:04:e2:03
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6b7fa05e6b4d8a51294407504d9641ad3e02043f
        Validity
            Not Before: Jan  1 13:48:42 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0767768ee7fbb8ac270abbb76620c3a183977226
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e2:49:62:b0:2a:a4:c7:9f:c1:7c:a8:96:de:a2:
                    83:4f:27:ec:a2:06:49:fc:46:19:d0:9b:a4:8a:6d:
                    09:44:73:ce:db:82:6a:3c:9c:3f:ab:70:12:e8:c3:
                    24:54:a9:5b:fe:0b:17:b5:11:26:8b:7c:79:7d:0c:
                    9c:10:21:3a:54:3d:0e:be:9c:7f:cd:18:78:a7:58:
                    73:59:ac:10:52:9f:3e:b7:ae:ff:17:a8:be:3f:f5:
                    16:d8:5e:b8:33:6d:32:e7:08:0c:b3:c2:9c:2e:97:
                    e2:4b:ea:70:23:1f:a1:47:e4:ef:8e:bd:a0:e0:c3:
                    55:7b:7e:55:c0:5e:2f:bb:87:ea:ec:3b:01:8d:88:
                    de:ec:9a:90:cc:14:35:00:d0:a1:ca:8d:dd:c5:ca:
                    8f:88:f9:46:70:c1:0a:00:ad:1f:61:c1:85:a1:1d:
                    10:4d:54:b6:8a:b9:dc:2c:5f:1e:05:3d:b0:ff:f2:
                    fc:11:78:f2:63:5e:64:a2:30:2f:ba:d1:9f:fb:a4:
                    1f:c9:dd:26:c6:98:09:c9:46:72:cf:b8:d5:c4:65:
                    e2:c2:8d:a0:58:91:bf:14:82:c9:82:c9:57:57:5d:
                    2a:f8:12:54:16:a3:0b:dc:2c:59:1e:5d:54:78:b0:
                    cd:a4:d0:7c:f2:6b:ea:35:95:52:ea:88:05:fa:37:
                    88:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                07:67:76:8E:E7:FB:B8:AC:27:0A:BB:B7:66:20:C3:A1:83:97:72:26
            X509v3 Authority Key Identifier:
                keyid:6B:7F:A0:5E:6B:4D:8A:51:29:44:07:50:4D:96:41:AD:3E:02:04:3F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/a3-gXmtNilEpRAdQTZZBrT4CBD8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/55/983abd-3488-4c6e-ad88-8b1cfb68366e/1/B2d2juf7uKwnCru3ZiDDoYOXciY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/55/983abd-3488-4c6e-ad88-8b1cfb68366e/1/a3-gXmtNilEpRAdQTZZBrT4CBD8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.93.113.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4c:98:f0:4b:5f:a4:f4:ca:3f:de:fb:0a:e4:7c:e8:df:d8:27:
         82:48:c2:ca:05:fd:0c:69:9a:fb:30:7d:09:92:0c:88:bb:71:
         3c:40:0a:52:26:14:fd:d4:fe:77:6e:b8:ce:64:50:7b:95:db:
         79:47:75:81:93:eb:36:42:d8:3c:e1:c9:87:3b:b0:e8:c9:9f:
         70:1c:35:f3:5f:04:f9:91:35:a6:ec:e0:42:15:c0:fe:e3:47:
         06:86:29:64:a5:56:a4:03:a5:8f:78:8e:83:99:48:d8:a0:95:
         ab:b3:4d:42:d6:e9:9d:8d:df:11:95:cf:80:97:27:75:a0:9a:
         4a:ff:be:d5:d9:d4:fd:32:d7:f6:f5:2a:6f:f8:5d:74:34:0c:
         c3:96:4b:03:4e:d6:61:df:70:1e:17:f0:eb:d0:e5:92:47:96:
         94:82:c1:50:12:69:2a:7a:28:78:35:60:94:29:83:4b:7b:f6:
         9c:a0:77:c5:8b:9c:e2:fc:14:00:1a:bb:ea:2c:71:39:94:c1:
         7a:e4:28:aa:47:e3:87:b9:05:1d:1d:ef:11:21:b3:21:9b:26:
         54:be:44:e6:af:4e:f4:9f:b0:21:4b:bc:7d:a3:a7:78:56:68:
         28:2c:c3:b7:c1:41:95:b2:49:b4:f1:a0:1b:34:48:1a:59:de:
         27:18:52:84
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQiIDKce7mfVrnnYDg/BOIDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZiN2ZhMDVlNmI0ZDhhNTEyOTQ0MDc1MDRkOTY0MWFkM2Uw
MjA0M2YwHhcNMjUwMTAxMTM0ODQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNzY3NzY4ZWU3ZmJiOGFjMjcwYWJiYjc2NjIwYzNhMTgzOTc3MjI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4klisCqkx5/BfKiW3qKDTyfsogZJ
/EYZ0Jukim0JRHPO24JqPJw/q3AS6MMkVKlb/gsXtREmi3x5fQycECE6VD0Ovpx/
zRh4p1hzWawQUp8+t67/F6i+P/UW2F64M20y5wgMs8KcLpfiS+pwIx+hR+Tvjr2g
4MNVe35VwF4vu4fq7DsBjYje7JqQzBQ1ANChyo3dxcqPiPlGcMEKAK0fYcGFoR0Q
TVS2irncLF8eBT2w//L8EXjyY15kojAvutGf+6Qfyd0mxpgJyUZyz7jVxGXiwo2g
WJG/FILJgslXV10q+BJUFqML3CxZHl1UeLDNpNB88mvqNZVS6ogF+jeIvwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAdndo7n+7isJwq7t2Ygw6GDl3ImMB8GA1UdIwQY
MBaAFGt/oF5rTYpRKUQHUE2WQa0+AgQ/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYTMtZ1htdE5pbEVwUkFkUVRaWkJyVDRDQkQ4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81NS85ODNhYmQtMzQ4OC00YzZlLWFkODgt
OGIxY2ZiNjgzNjZlLzEvQjJkMmp1Zjd1S3duQ3J1M1ppRERvWU9YY2lZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81NS85ODNhYmQtMzQ4OC00YzZlLWFkODgtOGIxY2ZiNjgzNjZl
LzEvYTMtZ1htdE5pbEVwUkFkUVRaWkJyVDRDQkQ4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAvF1xMA0G
CSqGSIb3DQEBCwUAA4IBAQBMmPBLX6T0yj/e+wrkfOjf2CeCSMLKBf0MaZr7MH0J
kgyIu3E8QApSJhT91P53brjOZFB7ldt5R3WBk+s2Qtg84cmHO7DoyZ9wHDXzXwT5
kTWm7OBCFcD+40cGhilkpVakA6WPeI6DmUjYoJWrs01C1umdjd8Rlc+Alyd1oJpK
/77V2dT9Mtf29Spv+F10NAzDlksDTtZh33AeF/Dr0OWSR5aUgsFQEmkqeih4NWCU
KYNLe/acoHfFi5zi/BQAGrvqLHE5lMF65CiqR+OHuQUdHe8RIbMhmyZUvkTmr070
n7AhS7x9o6d4VmgoLMO3wUGVskm08aAbNEgaWd4nGFKE
-----END CERTIFICATE-----