Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6c/31a837-952b-4341-bf6c-5e13ff3ef3e9/1/Xv3jRI_Goilx0oRS6QUoX2FVjSA.roa
File:                     Xv3jRI_Goilx0oRS6QUoX2FVjSA.roa (raw, json)
Hash identifier:          nhKfA2MjTGNfRAHFmjilFDbA2GCbm9w5CpQgC0BmFtY=
Subject key identifier:   5E:FD:E3:44:8F:C6:A2:29:71:D2:84:52:E9:05:28:5F:61:55:8D:20
Certificate issuer:       /CN=f353c73f1fbf4bfb46d06750e25660cda1d801b1
Certificate serial:       019424454028E46ADCCCD630E9932C6E5CBE
Authority key identifier: F3:53:C7:3F:1F:BF:4B:FB:46:D0:67:50:E2:56:60:CD:A1:D8:01:B1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/81PHPx-_S_tG0GdQ4lZgzaHYAbE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6c/31a837-952b-4341-bf6c-5e13ff3ef3e9/1/Xv3jRI_Goilx0oRS6QUoX2FVjSA.roa
Signing time:             Wed 01 Jan 2025 23:48:25 +0000
ROA not before:           Wed 01 Jan 2025 23:48:25 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     13335
IP address blocks:        193.162.35.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6c/31a837-952b-4341-bf6c-5e13ff3ef3e9/1/81PHPx-_S_tG0GdQ4lZgzaHYAbE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6c/31a837-952b-4341-bf6c-5e13ff3ef3e9/1/81PHPx-_S_tG0GdQ4lZgzaHYAbE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/81PHPx-_S_tG0GdQ4lZgzaHYAbE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:45:40:28:e4:6a:dc:cc:d6:30:e9:93:2c:6e:5c:be
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f353c73f1fbf4bfb46d06750e25660cda1d801b1
        Validity
            Not Before: Jan  1 23:48:25 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5efde3448fc6a22971d28452e905285f61558d20
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:20:7e:ce:fd:8d:c2:78:05:26:27:48:88:be:
                    f0:27:50:e8:66:e9:75:b8:b4:d4:bf:0b:1b:b9:db:
                    91:36:b0:9a:4f:c3:16:c8:89:fb:a1:15:6b:3b:2e:
                    43:8f:a8:ec:44:77:9e:ec:ca:3d:ea:61:1c:77:51:
                    62:8e:dc:07:c3:05:e0:7f:65:67:35:2f:09:68:4e:
                    d6:cd:3a:7b:7b:1f:96:b2:48:ac:ab:c3:a2:21:24:
                    c1:af:de:9a:5b:11:9d:27:bb:88:6e:ac:99:1e:31:
                    51:fe:19:2b:63:59:2f:d3:28:33:90:fc:58:fe:64:
                    6e:b1:c4:60:3d:9f:89:1d:87:44:54:20:76:4e:e7:
                    e7:8d:a1:06:e1:08:18:ff:b6:ff:7f:cf:f7:29:f7:
                    c2:6c:df:14:44:1d:da:c2:a6:ba:21:de:3f:35:74:
                    81:ca:7d:b6:28:03:64:68:a9:78:8e:92:41:97:8d:
                    5f:29:72:28:08:c4:41:03:5c:6b:32:e0:94:f1:0b:
                    30:53:32:48:00:9f:60:f1:71:f1:42:b6:95:fa:9e:
                    d6:2d:67:48:95:3e:33:5b:d5:8e:b7:1f:f3:72:0d:
                    12:8a:46:85:59:f9:8d:99:13:bd:e2:a8:8e:c5:3a:
                    7e:14:2d:c0:4b:df:84:25:7d:ae:11:bf:56:71:db:
                    a5:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5E:FD:E3:44:8F:C6:A2:29:71:D2:84:52:E9:05:28:5F:61:55:8D:20
            X509v3 Authority Key Identifier:
                keyid:F3:53:C7:3F:1F:BF:4B:FB:46:D0:67:50:E2:56:60:CD:A1:D8:01:B1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/81PHPx-_S_tG0GdQ4lZgzaHYAbE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6c/31a837-952b-4341-bf6c-5e13ff3ef3e9/1/Xv3jRI_Goilx0oRS6QUoX2FVjSA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6c/31a837-952b-4341-bf6c-5e13ff3ef3e9/1/81PHPx-_S_tG0GdQ4lZgzaHYAbE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.162.35.0/24

    Signature Algorithm: sha256WithRSAEncryption
         36:d4:87:ce:04:f4:68:01:ed:4a:18:b0:3f:21:5f:91:6c:68:
         2f:6d:0b:d0:fe:6a:d1:1d:42:5e:e6:7a:71:64:fd:36:ae:7f:
         71:f9:fc:ee:f3:25:35:2e:38:d4:11:11:c5:8f:0d:79:8d:eb:
         09:cd:e4:d7:e1:c8:06:40:f7:33:ab:bd:40:ef:be:1f:55:3e:
         d6:b2:2e:16:05:8e:ae:77:cc:83:3d:9e:47:b2:38:96:c6:9d:
         4f:79:5a:51:93:68:92:b1:95:d3:e8:e7:f9:3f:17:0d:74:df:
         d8:53:d5:b7:f4:96:06:d0:f5:b8:8a:20:6a:10:1c:2c:bd:55:
         72:ed:3e:f9:b8:51:f0:53:06:67:eb:ff:ba:d5:48:07:3e:bf:
         5d:e1:95:9b:ab:c9:88:1d:a8:5a:60:c4:d0:15:89:e2:81:2b:
         9b:8e:51:cf:14:68:ea:4a:50:9b:09:27:eb:dd:c6:2f:e2:48:
         80:14:56:73:06:14:07:e0:92:02:40:97:16:f7:88:c4:7f:ef:
         6e:7c:78:e8:9d:bb:f8:61:9d:a3:05:10:a4:97:3d:f0:c5:de:
         48:98:6a:0f:57:3e:52:f6:b5:08:42:9d:88:b8:a2:05:b7:2d:
         19:bf:d2:2e:10:cd:0f:3f:52:0d:08:f0:6e:a4:d7:0e:f7:01:
         1a:f9:6f:b3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQkRUAo5GrczNYw6ZMsbly+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYzNTNjNzNmMWZiZjRiZmI0NmQwNjc1MGUyNTY2MGNkYTFk
ODAxYjEwHhcNMjUwMTAxMjM0ODI1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZWZkZTM0NDhmYzZhMjI5NzFkMjg0NTJlOTA1Mjg1ZjYxNTU4ZDIwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoCB+zv2NwngFJidIiL7wJ1DoZul1
uLTUvwsbuduRNrCaT8MWyIn7oRVrOy5Dj6jsRHee7Mo96mEcd1FijtwHwwXgf2Vn
NS8JaE7WzTp7ex+Wskisq8OiISTBr96aWxGdJ7uIbqyZHjFR/hkrY1kv0ygzkPxY
/mRuscRgPZ+JHYdEVCB2TufnjaEG4QgY/7b/f8/3KffCbN8URB3awqa6Id4/NXSB
yn22KANkaKl4jpJBl41fKXIoCMRBA1xrMuCU8QswUzJIAJ9g8XHxQraV+p7WLWdI
lT4zW9WOtx/zcg0SikaFWfmNmRO94qiOxTp+FC3AS9+EJX2uEb9WcdulLQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFF7940SPxqIpcdKEUukFKF9hVY0gMB8GA1UdIwQY
MBaAFPNTxz8fv0v7RtBnUOJWYM2h2AGxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvODFQSFB4LV9TX3RHMEdkUTRsWmd6YUhZQWJFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Yy8zMWE4MzctOTUyYi00MzQxLWJmNmMt
NWUxM2ZmM2VmM2U5LzEvWHYzalJJX0dvaWx4MG9SUzZRVW9YMkZWalNBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Yy8zMWE4MzctOTUyYi00MzQxLWJmNmMtNWUxM2ZmM2VmM2U5
LzEvODFQSFB4LV9TX3RHMEdkUTRsWmd6YUhZQWJFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwaIjMA0G
CSqGSIb3DQEBCwUAA4IBAQA21IfOBPRoAe1KGLA/IV+RbGgvbQvQ/mrRHUJe5npx
ZP02rn9x+fzu8yU1LjjUERHFjw15jesJzeTX4cgGQPczq71A774fVT7Wsi4WBY6u
d8yDPZ5HsjiWxp1PeVpRk2iSsZXT6Of5PxcNdN/YU9W39JYG0PW4iiBqEBwsvVVy
7T75uFHwUwZn6/+61UgHPr9d4ZWbq8mIHahaYMTQFYnigSubjlHPFGjqSlCbCSfr
3cYv4kiAFFZzBhQH4JICQJcW94jEf+9ufHjonbv4YZ2jBRCklz3wxd5ImGoPVz5S
9rUIQp2IuKIFty0Zv9IuEM0PP1INCPBupNcO9wEa+W+z
-----END CERTIFICATE-----