Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/76/11cd10-3ef7-4105-8248-ba51323db4e5/1/kWTTmcIIlDRdQ1_UbjyGHGmL5gQ.roa
File:                     kWTTmcIIlDRdQ1_UbjyGHGmL5gQ.roa (raw, json)
Hash identifier:          95qxE5aHeVHU5YRLlJvt+EwGhxpcIfgYbsmlarjDLf0=
Subject key identifier:   91:64:D3:99:C2:08:94:34:5D:43:5F:D4:6E:3C:86:1C:69:8B:E6:04
Certificate issuer:       /CN=bbf4e1fdb424a9120223b3a75c6ccc31b6f6224a
Certificate serial:       019427B5FB7787834875672EF6D6CC369305
Authority key identifier: BB:F4:E1:FD:B4:24:A9:12:02:23:B3:A7:5C:6C:CC:31:B6:F6:22:4A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/u_Th_bQkqRICI7OnXGzMMbb2Iko.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/76/11cd10-3ef7-4105-8248-ba51323db4e5/1/kWTTmcIIlDRdQ1_UbjyGHGmL5gQ.roa
Signing time:             Thu 02 Jan 2025 15:50:25 +0000
ROA not before:           Thu 02 Jan 2025 15:50:25 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     41917
IP address blocks:        193.176.2.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/76/11cd10-3ef7-4105-8248-ba51323db4e5/1/u_Th_bQkqRICI7OnXGzMMbb2Iko.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/76/11cd10-3ef7-4105-8248-ba51323db4e5/1/u_Th_bQkqRICI7OnXGzMMbb2Iko.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/u_Th_bQkqRICI7OnXGzMMbb2Iko.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 12:01:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:b5:fb:77:87:83:48:75:67:2e:f6:d6:cc:36:93:05
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bbf4e1fdb424a9120223b3a75c6ccc31b6f6224a
        Validity
            Not Before: Jan  2 15:50:25 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9164d399c20894345d435fd46e3c861c698be604
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:e6:6c:2a:42:7a:e4:de:12:58:1a:13:c3:7c:
                    80:4a:09:81:41:b5:1f:3d:2d:82:0b:eb:e8:a2:17:
                    18:31:23:9d:2d:46:da:47:9f:20:05:74:b4:3c:d0:
                    09:4c:88:9f:85:99:39:2e:91:89:06:41:03:a6:e6:
                    1a:c6:88:0c:1f:eb:75:59:e2:b8:e2:51:60:e3:1e:
                    1a:23:f5:15:b9:86:ed:99:43:dc:a3:e1:8a:5a:28:
                    a0:34:6d:95:28:1b:f2:96:3b:a0:64:d3:9c:b1:86:
                    a5:c1:65:bb:f1:d3:24:58:6d:49:91:26:71:02:a5:
                    19:c9:c6:cf:47:8a:9c:31:ff:fa:dd:80:25:f9:7e:
                    d6:5c:bd:17:fe:61:1f:cb:e3:0e:e9:d8:ef:3d:0c:
                    c9:30:4b:50:ee:34:51:5f:7d:e2:06:ea:10:ec:a5:
                    fa:c5:38:ad:0a:25:2d:f2:2d:72:d4:2c:8f:42:b6:
                    60:fe:a1:9f:7d:49:f7:ac:7b:57:f8:4d:bc:d5:f4:
                    3b:5f:c7:7a:76:f9:29:d5:de:00:02:3f:73:77:14:
                    e4:0a:cb:b0:24:15:e9:13:bc:18:66:42:5d:c4:e8:
                    52:1a:67:03:09:7c:6c:ba:8b:29:92:c7:8c:06:5e:
                    0d:49:36:10:03:73:b9:a1:f9:ae:0f:0e:f8:77:6a:
                    8f:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                91:64:D3:99:C2:08:94:34:5D:43:5F:D4:6E:3C:86:1C:69:8B:E6:04
            X509v3 Authority Key Identifier:
                keyid:BB:F4:E1:FD:B4:24:A9:12:02:23:B3:A7:5C:6C:CC:31:B6:F6:22:4A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/u_Th_bQkqRICI7OnXGzMMbb2Iko.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/76/11cd10-3ef7-4105-8248-ba51323db4e5/1/kWTTmcIIlDRdQ1_UbjyGHGmL5gQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/76/11cd10-3ef7-4105-8248-ba51323db4e5/1/u_Th_bQkqRICI7OnXGzMMbb2Iko.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.176.2.0/24

    Signature Algorithm: sha256WithRSAEncryption
         68:15:e4:7f:d6:25:bb:d7:8e:80:f0:6c:40:2d:fc:40:a8:dc:
         2e:1e:9c:b2:c0:0c:57:74:6c:e0:b9:a6:50:17:8c:d5:38:9e:
         20:14:bb:42:df:ff:57:71:c6:10:69:6b:05:5a:36:b2:a8:34:
         f3:5c:e0:eb:88:41:ef:d2:58:b2:4b:3e:d9:19:03:79:1d:96:
         98:6e:20:75:89:9f:1d:cf:1b:92:b0:4c:0a:d0:62:39:72:2e:
         65:c3:9d:14:21:f8:64:c2:90:30:f2:39:31:2a:3b:00:f8:a4:
         60:71:02:0a:5e:a3:1d:a7:bf:df:14:19:7f:62:80:29:0b:f5:
         fd:01:24:c0:ee:d0:f7:b5:f2:5e:44:77:7f:e4:d2:a7:f7:dd:
         86:fc:31:a1:5f:3e:e7:da:ce:76:18:f3:2f:73:00:6c:b5:cb:
         5e:ec:b7:ac:2a:47:b8:c2:91:cc:13:eb:73:9f:5f:31:ce:85:
         2c:8b:7f:23:b0:87:ce:8e:ac:9a:b0:5f:b0:17:32:00:1f:f9:
         6b:ad:4a:b5:32:46:d3:7e:5a:c5:ac:68:31:22:95:e3:69:fa:
         77:65:e5:da:47:ae:d2:44:62:70:ad:aa:05:6a:ce:7b:e9:b1:
         5e:15:a4:1e:ba:96:84:29:93:cd:50:11:0f:c6:5e:8f:5a:e8:
         aa:d9:e2:bf
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQntft3h4NIdWcu9tbMNpMFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJiZjRlMWZkYjQyNGE5MTIwMjIzYjNhNzVjNmNjYzMxYjZm
NjIyNGEwHhcNMjUwMTAyMTU1MDI1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MTY0ZDM5OWMyMDg5NDM0NWQ0MzVmZDQ2ZTNjODYxYzY5OGJlNjA0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs+ZsKkJ65N4SWBoTw3yASgmBQbUf
PS2CC+voohcYMSOdLUbaR58gBXS0PNAJTIifhZk5LpGJBkEDpuYaxogMH+t1WeK4
4lFg4x4aI/UVuYbtmUPco+GKWiigNG2VKBvyljugZNOcsYalwWW78dMkWG1JkSZx
AqUZycbPR4qcMf/63YAl+X7WXL0X/mEfy+MO6djvPQzJMEtQ7jRRX33iBuoQ7KX6
xTitCiUt8i1y1CyPQrZg/qGffUn3rHtX+E281fQ7X8d6dvkp1d4AAj9zdxTkCsuw
JBXpE7wYZkJdxOhSGmcDCXxsuospkseMBl4NSTYQA3O5ofmuDw74d2qPswIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJFk05nCCJQ0XUNf1G48hhxpi+YEMB8GA1UdIwQY
MBaAFLv04f20JKkSAiOzp1xszDG29iJKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdV9UaF9iUWtxUklDSTdPblhHek1NYmIySWtvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Ni8xMWNkMTAtM2VmNy00MTA1LTgyNDgt
YmE1MTMyM2RiNGU1LzEva1dUVG1jSUlsRFJkUTFfVWJqeUdIR21MNWdRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Ni8xMWNkMTAtM2VmNy00MTA1LTgyNDgtYmE1MTMyM2RiNGU1
LzEvdV9UaF9iUWtxUklDSTdPblhHek1NYmIySWtvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwbACMA0G
CSqGSIb3DQEBCwUAA4IBAQBoFeR/1iW7146A8GxALfxAqNwuHpyywAxXdGzguaZQ
F4zVOJ4gFLtC3/9XccYQaWsFWjayqDTzXODriEHv0liySz7ZGQN5HZaYbiB1iZ8d
zxuSsEwK0GI5ci5lw50UIfhkwpAw8jkxKjsA+KRgcQIKXqMdp7/fFBl/YoApC/X9
ASTA7tD3tfJeRHd/5NKn992G/DGhXz7n2s52GPMvcwBstcte7LesKke4wpHME+tz
n18xzoUsi38jsIfOjqyasF+wFzIAH/lrrUq1MkbTflrFrGgxIpXjafp3ZeXaR67S
RGJwraoFas576bFeFaQeupaEKZPNUBEPxl6PWuiq2eK/
-----END CERTIFICATE-----