Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/57/851e84-2f1a-4c77-b1f2-d5865041a14f/1/PaUzB8wgbbRsaVQjkghBHBx-i68.roa
File:                     PaUzB8wgbbRsaVQjkghBHBx-i68.roa (raw, json)
Hash identifier:          lFrqYnlO5yM3Jwu/7kIddY95Ktd00GHwSSlGhdD9Z3M=
Subject key identifier:   3D:A5:33:07:CC:20:6D:B4:6C:69:54:23:92:08:41:1C:1C:7E:8B:AF
Certificate issuer:       /CN=ca91c42dfa6afbc11e78ee9de2e785f8a20b5043
Certificate serial:       019426D9B11321C3428FB431E3DA0AF7AE8A
Authority key identifier: CA:91:C4:2D:FA:6A:FB:C1:1E:78:EE:9D:E2:E7:85:F8:A2:0B:50:43
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ypHELfpq-8EeeO6d4ueF-KILUEM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/57/851e84-2f1a-4c77-b1f2-d5865041a14f/1/PaUzB8wgbbRsaVQjkghBHBx-i68.roa
Signing time:             Thu 02 Jan 2025 11:49:48 +0000
ROA not before:           Thu 02 Jan 2025 11:49:48 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     20529
IP address blocks:        217.147.192.0/20 maxlen: 24
                          217.147.202.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/57/851e84-2f1a-4c77-b1f2-d5865041a14f/1/ypHELfpq-8EeeO6d4ueF-KILUEM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/57/851e84-2f1a-4c77-b1f2-d5865041a14f/1/ypHELfpq-8EeeO6d4ueF-KILUEM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ypHELfpq-8EeeO6d4ueF-KILUEM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 14:28:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:d9:b1:13:21:c3:42:8f:b4:31:e3:da:0a:f7:ae:8a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ca91c42dfa6afbc11e78ee9de2e785f8a20b5043
        Validity
            Not Before: Jan  2 11:49:48 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3da53307cc206db46c6954239208411c1c7e8baf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:27:53:4c:e4:f0:dc:19:fb:65:c9:7f:ee:60:
                    9a:fc:38:ff:9d:11:a2:71:02:06:e8:65:9e:58:e5:
                    78:74:a1:59:41:86:25:da:a5:cd:12:06:a5:66:b2:
                    f4:b6:d1:2d:93:eb:a2:3a:82:50:85:ab:ac:bc:b9:
                    21:f5:5d:88:aa:29:ad:79:4c:86:2d:91:df:87:6e:
                    5e:b8:ba:bb:3e:ba:84:24:68:51:6b:bb:45:bd:11:
                    dc:d5:eb:29:43:9e:21:71:9e:08:e0:b5:87:45:3b:
                    0d:68:38:56:85:6c:52:56:2c:71:4f:b0:b8:c2:fc:
                    72:8c:4e:40:86:4b:50:7a:6c:94:c5:d3:9c:31:f1:
                    e7:06:9b:f3:7c:ac:5b:62:9d:dd:02:e6:82:82:6a:
                    f5:79:71:2e:35:66:2a:42:ff:5b:9d:b9:33:32:e7:
                    b2:81:48:bb:d9:23:50:e9:53:c1:3c:ab:50:b2:73:
                    f2:ba:5f:58:ba:e8:b4:3d:10:58:aa:b2:e3:69:bb:
                    36:67:37:77:10:28:68:99:38:15:ba:3c:4e:49:66:
                    54:f6:5a:19:cc:a1:5c:57:ae:10:5d:b8:17:16:22:
                    36:3c:38:27:cc:27:54:f2:c7:04:2e:99:f6:ad:d9:
                    f9:29:a5:80:76:33:28:20:60:e2:cc:4d:b1:f9:38:
                    f3:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3D:A5:33:07:CC:20:6D:B4:6C:69:54:23:92:08:41:1C:1C:7E:8B:AF
            X509v3 Authority Key Identifier:
                keyid:CA:91:C4:2D:FA:6A:FB:C1:1E:78:EE:9D:E2:E7:85:F8:A2:0B:50:43

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ypHELfpq-8EeeO6d4ueF-KILUEM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/57/851e84-2f1a-4c77-b1f2-d5865041a14f/1/PaUzB8wgbbRsaVQjkghBHBx-i68.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/57/851e84-2f1a-4c77-b1f2-d5865041a14f/1/ypHELfpq-8EeeO6d4ueF-KILUEM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.147.192.0/20

    Signature Algorithm: sha256WithRSAEncryption
         b9:4d:8f:a2:41:06:6e:22:c5:e1:a4:2a:94:1a:ee:78:60:ab:
         32:4b:4e:69:66:7f:d4:7d:99:2a:e0:b4:e7:c7:48:fd:ee:3e:
         8d:c9:9b:6e:d7:33:e7:29:94:e0:42:73:c5:39:c7:ae:d5:ec:
         c5:0d:af:58:ef:3d:84:44:02:4d:53:68:92:0a:5a:6c:f9:f6:
         00:f8:2f:97:4f:db:8e:13:c5:96:7a:7f:6f:2e:9a:c0:f9:70:
         43:78:42:03:f9:76:79:fc:17:15:c3:dd:70:ca:99:29:08:79:
         39:dc:fc:84:bc:bd:90:70:09:c1:e8:6d:f0:5c:b9:ca:9a:a5:
         07:bf:e4:36:b5:84:df:8c:4a:9e:39:b0:02:0a:5b:19:d2:a3:
         0d:83:e0:0a:96:a2:44:ec:6e:5a:5f:74:54:45:21:79:ac:58:
         73:70:ac:5e:b8:6d:85:4c:3a:eb:35:29:ec:7d:0e:31:44:05:
         40:d0:cc:14:8d:16:0b:82:7c:b7:97:78:c0:51:7a:08:90:24:
         8d:8d:3e:bf:93:76:a9:68:3c:c0:8a:d7:d3:ad:67:54:06:9d:
         62:a4:f0:50:ca:d1:27:87:98:cd:df:04:91:59:69:fb:ac:53:
         d7:e0:6f:21:72:e4:5b:71:df:e6:d5:df:a1:11:32:f9:f9:8c:
         17:02:ec:b7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQm2bETIcNCj7Qx49oK966KMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNhOTFjNDJkZmE2YWZiYzExZTc4ZWU5ZGUyZTc4NWY4YTIw
YjUwNDMwHhcNMjUwMTAyMTE0OTQ4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZGE1MzMwN2NjMjA2ZGI0NmM2OTU0MjM5MjA4NDExYzFjN2U4YmFmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxCdTTOTw3Bn7Zcl/7mCa/Dj/nRGi
cQIG6GWeWOV4dKFZQYYl2qXNEgalZrL0ttEtk+uiOoJQhausvLkh9V2IqimteUyG
LZHfh25euLq7PrqEJGhRa7tFvRHc1espQ54hcZ4I4LWHRTsNaDhWhWxSVixxT7C4
wvxyjE5AhktQemyUxdOcMfHnBpvzfKxbYp3dAuaCgmr1eXEuNWYqQv9bnbkzMuey
gUi72SNQ6VPBPKtQsnPyul9Yuui0PRBYqrLjabs2Zzd3EChomTgVujxOSWZU9loZ
zKFcV64QXbgXFiI2PDgnzCdU8scELpn2rdn5KaWAdjMoIGDizE2x+TjzIQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFD2lMwfMIG20bGlUI5IIQRwcfouvMB8GA1UdIwQY
MBaAFMqRxC36avvBHnjuneLnhfiiC1BDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveXBIRUxmcHEtOEVlZU82ZDR1ZUYtS0lMVUVNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Ny84NTFlODQtMmYxYS00Yzc3LWIxZjIt
ZDU4NjUwNDFhMTRmLzEvUGFVekI4d2diYlJzYVZRamtnaEJIQngtaTY4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Ny84NTFlODQtMmYxYS00Yzc3LWIxZjItZDU4NjUwNDFhMTRm
LzEveXBIRUxmcHEtOEVlZU82ZDR1ZUYtS0lMVUVNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQE2ZPAMA0G
CSqGSIb3DQEBCwUAA4IBAQC5TY+iQQZuIsXhpCqUGu54YKsyS05pZn/UfZkq4LTn
x0j97j6NyZtu1zPnKZTgQnPFOceu1ezFDa9Y7z2ERAJNU2iSClps+fYA+C+XT9uO
E8WWen9vLprA+XBDeEID+XZ5/BcVw91wypkpCHk53PyEvL2QcAnB6G3wXLnKmqUH
v+Q2tYTfjEqeObACClsZ0qMNg+AKlqJE7G5aX3RURSF5rFhzcKxeuG2FTDrrNSns
fQ4xRAVA0MwUjRYLgny3l3jAUXoIkCSNjT6/k3apaDzAitfTrWdUBp1ipPBQytEn
h5jN3wSRWWn7rFPX4G8hcuRbcd/m1d+hETL5+YwXAuy3
-----END CERTIFICATE-----