Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/70/daf1ae-d5eb-4ca4-8aaf-78741ac93b30/1/to47JCc_e9Qrrg2tVbeiwG63wsQ.roa
File:                     to47JCc_e9Qrrg2tVbeiwG63wsQ.roa (raw, json)
Hash identifier:          tHKJZVV0X66uh963WSmhjzD4IRWkIMFnLIgcHV2NkJM=
Subject key identifier:   B6:8E:3B:24:27:3F:7B:D4:2B:AE:0D:AD:55:B7:A2:C0:6E:B7:C2:C4
Certificate issuer:       /CN=0e282a15c1a5d154bbda872b357607a91f950aa5
Certificate serial:       01946068106E1863A02953FF80E766A36F89
Authority key identifier: 0E:28:2A:15:C1:A5:D1:54:BB:DA:87:2B:35:76:07:A9:1F:95:0A:A5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DigqFcGl0VS72ocrNXYHqR-VCqU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/70/daf1ae-d5eb-4ca4-8aaf-78741ac93b30/1/to47JCc_e9Qrrg2tVbeiwG63wsQ.roa
Signing time:             Mon 13 Jan 2025 16:03:40 +0000
ROA not before:           Mon 13 Jan 2025 16:03:40 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     57033
IP address blocks:        193.107.83.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/70/daf1ae-d5eb-4ca4-8aaf-78741ac93b30/1/DigqFcGl0VS72ocrNXYHqR-VCqU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/70/daf1ae-d5eb-4ca4-8aaf-78741ac93b30/1/DigqFcGl0VS72ocrNXYHqR-VCqU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DigqFcGl0VS72ocrNXYHqR-VCqU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 07:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:60:68:10:6e:18:63:a0:29:53:ff:80:e7:66:a3:6f:89
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0e282a15c1a5d154bbda872b357607a91f950aa5
        Validity
            Not Before: Jan 13 16:03:40 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b68e3b24273f7bd42bae0dad55b7a2c06eb7c2c4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:7a:16:6f:1f:82:24:15:f1:10:b3:17:fa:00:
                    16:28:31:ac:13:b1:10:eb:ed:33:0e:54:2a:4d:01:
                    b5:af:af:e2:d0:f7:ec:72:ce:57:34:a0:84:74:3a:
                    2b:b9:2d:ef:6a:bc:bc:3e:66:a4:8a:ba:9e:0d:b0:
                    a3:b5:ca:76:4a:fd:6b:48:01:ce:cc:08:40:66:49:
                    16:59:3a:33:66:dc:dc:05:7f:55:79:b8:c2:b2:18:
                    39:59:dc:e2:19:3f:2a:8a:9d:46:f8:52:e5:9c:6d:
                    76:2d:59:9d:76:2a:c2:c1:c0:6e:44:23:89:85:8b:
                    2b:fe:de:00:1c:92:53:3e:8f:82:9e:ee:d0:df:d8:
                    0c:6b:01:ab:6d:b5:a8:2f:6c:fd:06:4c:45:f3:34:
                    47:48:f7:7c:c3:26:7b:03:a9:90:5e:00:50:e3:8f:
                    11:51:06:a5:5f:11:09:8d:54:67:44:c0:ff:e5:fc:
                    4b:20:b1:38:a9:22:72:7f:b6:b2:75:07:db:44:c9:
                    de:72:ba:3c:06:77:a9:13:ac:5c:c0:b6:d6:28:91:
                    5c:8b:0c:ed:3a:19:6a:a5:bb:2b:86:b3:85:b5:86:
                    b0:6b:17:f7:e2:a2:02:ea:30:20:2b:de:8f:c6:3d:
                    49:8a:df:0c:e4:86:a9:38:78:19:04:8a:fa:7f:36:
                    16:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B6:8E:3B:24:27:3F:7B:D4:2B:AE:0D:AD:55:B7:A2:C0:6E:B7:C2:C4
            X509v3 Authority Key Identifier:
                keyid:0E:28:2A:15:C1:A5:D1:54:BB:DA:87:2B:35:76:07:A9:1F:95:0A:A5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DigqFcGl0VS72ocrNXYHqR-VCqU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/70/daf1ae-d5eb-4ca4-8aaf-78741ac93b30/1/to47JCc_e9Qrrg2tVbeiwG63wsQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/70/daf1ae-d5eb-4ca4-8aaf-78741ac93b30/1/DigqFcGl0VS72ocrNXYHqR-VCqU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.107.83.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b6:a9:51:0f:2d:d8:b8:58:60:7e:5d:fc:e5:31:a8:e9:4b:91:
         e0:ff:cb:d3:d7:b1:43:4c:ea:14:dd:c6:7d:56:05:cd:14:2f:
         04:f4:1a:b3:b3:94:29:d6:11:1d:cc:54:a7:df:17:a6:bf:17:
         37:02:a2:3b:61:c3:bd:80:1a:ab:8a:73:6e:b2:20:d2:c4:a1:
         76:58:52:03:4f:49:27:5a:01:f4:99:f3:a2:a8:ce:6b:a5:e5:
         30:69:39:6f:05:04:b9:d6:c5:bf:eb:f0:89:b3:a2:0a:7e:02:
         c5:f3:66:5d:09:3c:64:2d:ce:05:4b:b8:d2:28:74:87:7f:e0:
         0e:21:c8:6a:2d:07:bc:ba:6a:27:c6:7b:a4:4f:f8:ba:ae:66:
         a3:1e:b4:b3:51:5e:88:87:52:89:a8:24:72:a9:54:64:46:68:
         0a:a8:82:a7:43:51:7c:ba:0d:d8:4d:dc:59:09:60:62:f4:f2:
         7c:0f:21:c7:7b:22:68:42:77:70:1e:2d:45:3f:e2:d3:64:a8:
         87:fd:df:59:24:cd:a7:7f:29:6c:9d:9c:cb:d8:95:c3:42:65:
         5e:e1:65:6f:ef:65:7c:ec:05:b3:30:84:c9:19:61:ec:dc:59:
         f6:72:cb:5e:25:fd:9d:9c:01:01:ac:b2:d1:74:e8:4c:2a:ce:
         e7:b7:50:0a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZRgaBBuGGOgKVP/gOdmo2+JMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBlMjgyYTE1YzFhNWQxNTRiYmRhODcyYjM1NzYwN2E5MWY5
NTBhYTUwHhcNMjUwMTEzMTYwMzQwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNjhlM2IyNDI3M2Y3YmQ0MmJhZTBkYWQ1NWI3YTJjMDZlYjdjMmM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz3oWbx+CJBXxELMX+gAWKDGsE7EQ
6+0zDlQqTQG1r6/i0Pfscs5XNKCEdDoruS3vary8PmakirqeDbCjtcp2Sv1rSAHO
zAhAZkkWWTozZtzcBX9VebjCshg5WdziGT8qip1G+FLlnG12LVmddirCwcBuRCOJ
hYsr/t4AHJJTPo+Cnu7Q39gMawGrbbWoL2z9BkxF8zRHSPd8wyZ7A6mQXgBQ448R
UQalXxEJjVRnRMD/5fxLILE4qSJyf7aydQfbRMnecro8BnepE6xcwLbWKJFciwzt
OhlqpbsrhrOFtYawaxf34qIC6jAgK96Pxj1Jit8M5IapOHgZBIr6fzYW8QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLaOOyQnP3vUK64NrVW3osBut8LEMB8GA1UdIwQY
MBaAFA4oKhXBpdFUu9qHKzV2B6kflQqlMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRGlncUZjR2wwVlM3Mm9jck5YWUhxUi1WQ3FVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MC9kYWYxYWUtZDVlYi00Y2E0LThhYWYt
Nzg3NDFhYzkzYjMwLzEvdG80N0pDY19lOVFycmcydFZiZWl3RzYzd3NRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MC9kYWYxYWUtZDVlYi00Y2E0LThhYWYtNzg3NDFhYzkzYjMw
LzEvRGlncUZjR2wwVlM3Mm9jck5YWUhxUi1WQ3FVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwWtTMA0G
CSqGSIb3DQEBCwUAA4IBAQC2qVEPLdi4WGB+XfzlMajpS5Hg/8vT17FDTOoU3cZ9
VgXNFC8E9Bqzs5Qp1hEdzFSn3xemvxc3AqI7YcO9gBqrinNusiDSxKF2WFIDT0kn
WgH0mfOiqM5rpeUwaTlvBQS51sW/6/CJs6IKfgLF82ZdCTxkLc4FS7jSKHSHf+AO
IchqLQe8umonxnukT/i6rmajHrSzUV6Ih1KJqCRyqVRkRmgKqIKnQ1F8ug3YTdxZ
CWBi9PJ8DyHHeyJoQndwHi1FP+LTZKiH/d9ZJM2nfylsnZzL2JXDQmVe4WVv72V8
7AWzMITJGWHs3Fn2csteJf2dnAEBrLLRdOhMKs7nt1AK
-----END CERTIFICATE-----