Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/72/dc1c50-650d-43c4-9e76-ccd4fad950ed/1/cn8udPBTEEt-C91LbDNfkmvEIY8.roa
File:                     cn8udPBTEEt-C91LbDNfkmvEIY8.roa (raw, json)
Hash identifier:          qd0d0GALCyhOr1vz+5VbFHCBAqP5I2yIxXIsY00d+3A=
Subject key identifier:   72:7F:2E:74:F0:53:10:4B:7E:0B:DD:4B:6C:33:5F:92:6B:C4:21:8F
Certificate issuer:       /CN=bebf09c2f8fff97ef8aec2f8173578d0a3a74c81
Certificate serial:       019427B541BDE2A5EE8ECAC51895944C5B7B
Authority key identifier: BE:BF:09:C2:F8:FF:F9:7E:F8:AE:C2:F8:17:35:78:D0:A3:A7:4C:81
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vr8Jwvj_-X74rsL4FzV40KOnTIE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/72/dc1c50-650d-43c4-9e76-ccd4fad950ed/1/cn8udPBTEEt-C91LbDNfkmvEIY8.roa
Signing time:             Thu 02 Jan 2025 15:49:37 +0000
ROA not before:           Thu 02 Jan 2025 15:49:37 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     43014
IP address blocks:        193.200.177.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/72/dc1c50-650d-43c4-9e76-ccd4fad950ed/1/vr8Jwvj_-X74rsL4FzV40KOnTIE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/72/dc1c50-650d-43c4-9e76-ccd4fad950ed/1/vr8Jwvj_-X74rsL4FzV40KOnTIE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vr8Jwvj_-X74rsL4FzV40KOnTIE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:b5:41:bd:e2:a5:ee:8e:ca:c5:18:95:94:4c:5b:7b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bebf09c2f8fff97ef8aec2f8173578d0a3a74c81
        Validity
            Not Before: Jan  2 15:49:37 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=727f2e74f053104b7e0bdd4b6c335f926bc4218f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:79:6d:be:8a:2d:ca:83:e3:b7:13:8c:0a:d5:
                    1c:dc:d5:d5:b9:fc:a1:89:dd:40:12:5f:61:05:f2:
                    4e:75:f4:d9:58:f9:7c:f0:d5:52:22:00:f8:59:d5:
                    ea:4d:ea:ba:66:20:86:c6:a7:ec:51:90:e8:3e:87:
                    b4:fa:92:43:4e:59:df:6a:c1:a3:a8:49:92:6b:f5:
                    6e:57:ad:cd:d3:58:a3:09:10:9b:80:91:bf:e0:85:
                    23:08:56:d0:21:ab:2d:e4:bd:0e:0d:e8:f2:6a:9c:
                    d6:5d:36:42:a6:ab:cc:17:42:0a:2b:cb:12:3c:74:
                    c8:b5:5d:33:14:60:ed:80:1d:e6:ab:eb:a3:dd:3b:
                    1f:48:0b:05:5f:7d:e9:46:4f:01:64:cb:f9:1a:97:
                    8f:c0:c3:c9:5c:4c:e7:f2:5d:ab:2b:26:ad:47:ff:
                    1f:0c:fa:88:6a:3d:7f:e0:6e:75:c2:00:5d:34:73:
                    36:87:81:06:cd:bd:6a:8b:3e:c6:f8:b2:a7:31:b1:
                    51:a3:63:a2:53:83:86:1a:09:74:bb:25:40:be:bf:
                    4f:ea:ee:80:36:fb:aa:fb:47:ef:da:23:76:cc:ed:
                    30:9d:d8:29:46:b1:b5:5e:ae:f7:ae:b1:52:34:49:
                    f2:5b:c9:3a:66:5f:21:f9:3c:1d:3a:e7:fb:d7:c0:
                    d4:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                72:7F:2E:74:F0:53:10:4B:7E:0B:DD:4B:6C:33:5F:92:6B:C4:21:8F
            X509v3 Authority Key Identifier:
                keyid:BE:BF:09:C2:F8:FF:F9:7E:F8:AE:C2:F8:17:35:78:D0:A3:A7:4C:81

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vr8Jwvj_-X74rsL4FzV40KOnTIE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/72/dc1c50-650d-43c4-9e76-ccd4fad950ed/1/cn8udPBTEEt-C91LbDNfkmvEIY8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/72/dc1c50-650d-43c4-9e76-ccd4fad950ed/1/vr8Jwvj_-X74rsL4FzV40KOnTIE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.200.177.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8b:89:30:c3:ee:27:39:70:7e:cf:5e:e3:7a:c9:63:07:f7:68:
         3a:74:1d:7f:23:67:62:77:51:ff:e0:61:ea:a9:71:42:55:55:
         9f:8d:d1:a7:d2:44:df:83:53:34:cb:44:ad:c1:16:e0:f7:e5:
         0c:b7:91:22:bc:6c:d5:81:76:d0:d1:90:40:c5:f2:09:44:81:
         a3:01:c0:2c:bf:13:83:52:6c:8b:7e:17:ed:dc:a3:32:91:b3:
         fa:60:42:07:4b:dc:8b:18:04:55:19:73:18:42:48:bd:82:8c:
         b7:0d:33:f9:82:9a:8e:ae:5c:d7:14:93:89:22:18:d5:1e:3a:
         35:95:6b:a5:9e:8f:6b:e9:23:82:20:2d:dc:44:e5:5c:a3:c3:
         1f:d8:06:3e:10:d1:3f:16:60:8d:54:19:57:3a:d6:b8:79:25:
         fa:eb:c1:b7:03:f4:f7:c7:1c:46:2b:73:a2:78:14:44:f6:8f:
         43:4f:c9:8f:f0:8c:40:54:fd:5f:45:54:67:19:01:9f:90:a1:
         5f:4b:95:a6:8e:b4:db:7c:71:3c:26:6e:11:fd:9f:b4:a4:46:
         8d:ae:b2:26:d9:56:11:7b:2a:42:f9:af:36:50:97:8e:ce:d0:
         df:18:77:98:b1:e0:6c:9c:be:75:7e:de:b3:1f:a3:f7:dc:e4:
         be:ee:49:e5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQntUG94qXujsrFGJWUTFt7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJlYmYwOWMyZjhmZmY5N2VmOGFlYzJmODE3MzU3OGQwYTNh
NzRjODEwHhcNMjUwMTAyMTU0OTM3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MjdmMmU3NGYwNTMxMDRiN2UwYmRkNGI2YzMzNWY5MjZiYzQyMThmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy3ltvootyoPjtxOMCtUc3NXVufyh
id1AEl9hBfJOdfTZWPl88NVSIgD4WdXqTeq6ZiCGxqfsUZDoPoe0+pJDTlnfasGj
qEmSa/VuV63N01ijCRCbgJG/4IUjCFbQIast5L0ODejyapzWXTZCpqvMF0IKK8sS
PHTItV0zFGDtgB3mq+uj3TsfSAsFX33pRk8BZMv5GpePwMPJXEzn8l2rKyatR/8f
DPqIaj1/4G51wgBdNHM2h4EGzb1qiz7G+LKnMbFRo2OiU4OGGgl0uyVAvr9P6u6A
Nvuq+0fv2iN2zO0wndgpRrG1Xq73rrFSNEnyW8k6Zl8h+TwdOuf718DU/QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHJ/LnTwUxBLfgvdS2wzX5JrxCGPMB8GA1UdIwQY
MBaAFL6/CcL4//l++K7C+Bc1eNCjp0yBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdnI4Snd2al8tWDc0cnNMNEZ6VjQwS09uVElFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Mi9kYzFjNTAtNjUwZC00M2M0LTllNzYt
Y2NkNGZhZDk1MGVkLzEvY244dWRQQlRFRXQtQzkxTGJETmZrbXZFSVk4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Mi9kYzFjNTAtNjUwZC00M2M0LTllNzYtY2NkNGZhZDk1MGVk
LzEvdnI4Snd2al8tWDc0cnNMNEZ6VjQwS09uVElFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwcixMA0G
CSqGSIb3DQEBCwUAA4IBAQCLiTDD7ic5cH7PXuN6yWMH92g6dB1/I2did1H/4GHq
qXFCVVWfjdGn0kTfg1M0y0StwRbg9+UMt5EivGzVgXbQ0ZBAxfIJRIGjAcAsvxOD
UmyLfhft3KMykbP6YEIHS9yLGARVGXMYQki9goy3DTP5gpqOrlzXFJOJIhjVHjo1
lWulno9r6SOCIC3cROVco8Mf2AY+ENE/FmCNVBlXOta4eSX668G3A/T3xxxGK3Oi
eBRE9o9DT8mP8IxAVP1fRVRnGQGfkKFfS5WmjrTbfHE8Jm4R/Z+0pEaNrrIm2VYR
eypC+a82UJeOztDfGHeYseBsnL51ft6zH6P33OS+7knl
-----END CERTIFICATE-----