Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7a/745c65-b877-45f2-b898-b30b0e5265a8/1/v9WYkBz15RpwA0n7rXgCIDyTPvU.roa
File:                     v9WYkBz15RpwA0n7rXgCIDyTPvU.roa (raw, json)
Hash identifier:          vUv7k6coWvAmWrqVuPUy83SA1mmkmDGBast/PkGxxu4=
Subject key identifier:   BF:D5:98:90:1C:F5:E5:1A:70:03:49:FB:AD:78:02:20:3C:93:3E:F5
Certificate issuer:       /CN=36a1daece1c6e878546dbd1333da09feb8bff018
Certificate serial:       019426D9973C0070577CB2F8911B2B736F19
Authority key identifier: 36:A1:DA:EC:E1:C6:E8:78:54:6D:BD:13:33:DA:09:FE:B8:BF:F0:18
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NqHa7OHG6HhUbb0TM9oJ_ri_8Bg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7a/745c65-b877-45f2-b898-b30b0e5265a8/1/v9WYkBz15RpwA0n7rXgCIDyTPvU.roa
Signing time:             Thu 02 Jan 2025 11:49:41 +0000
ROA not before:           Thu 02 Jan 2025 11:49:41 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     31027
IP address blocks:        193.162.5.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7a/745c65-b877-45f2-b898-b30b0e5265a8/1/NqHa7OHG6HhUbb0TM9oJ_ri_8Bg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7a/745c65-b877-45f2-b898-b30b0e5265a8/1/NqHa7OHG6HhUbb0TM9oJ_ri_8Bg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NqHa7OHG6HhUbb0TM9oJ_ri_8Bg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 09 Apr 2025 11:01:21 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:d9:97:3c:00:70:57:7c:b2:f8:91:1b:2b:73:6f:19
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=36a1daece1c6e878546dbd1333da09feb8bff018
        Validity
            Not Before: Jan  2 11:49:41 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=bfd598901cf5e51a700349fbad7802203c933ef5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:4d:51:9a:43:66:fc:39:81:c0:74:79:48:8a:
                    f7:44:dc:b9:01:e9:ad:72:24:12:c2:65:d0:9a:6a:
                    40:a3:42:27:bf:1a:9e:aa:bf:6e:50:f1:a2:7b:d7:
                    3c:3b:7c:d7:10:a0:bf:cf:6d:ab:16:fb:7a:99:95:
                    9d:e5:3a:50:4a:03:ba:0a:1b:86:93:1f:b1:f2:b6:
                    d1:6e:c3:b6:93:f8:58:1b:01:81:db:37:55:67:98:
                    02:bc:34:43:e9:ec:40:13:71:4c:a4:35:e6:9d:03:
                    ab:0b:b2:fe:96:94:db:3d:87:7c:75:a7:a7:9d:07:
                    f1:da:3e:74:70:22:86:fb:bc:4f:35:8e:fb:98:86:
                    2c:32:c8:34:d8:f3:91:59:44:f6:d4:3c:18:10:0d:
                    cf:6d:f2:63:19:c6:3f:d4:ff:c9:a6:69:f2:0e:fe:
                    51:51:57:c8:eb:5a:ae:06:3b:9f:96:d1:50:56:f9:
                    02:28:f1:57:a6:58:bb:89:02:9e:21:87:4f:1b:f2:
                    32:26:5e:5b:e1:7e:0f:5f:bc:44:3f:78:f9:67:2f:
                    54:be:a2:08:ab:7c:ab:a9:1e:05:33:e2:1f:ea:37:
                    70:09:07:9f:14:46:1d:53:9e:76:6f:a4:79:eb:73:
                    43:f2:c0:2d:ea:e7:1e:94:5b:38:58:9b:00:da:ec:
                    9a:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BF:D5:98:90:1C:F5:E5:1A:70:03:49:FB:AD:78:02:20:3C:93:3E:F5
            X509v3 Authority Key Identifier:
                keyid:36:A1:DA:EC:E1:C6:E8:78:54:6D:BD:13:33:DA:09:FE:B8:BF:F0:18

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NqHa7OHG6HhUbb0TM9oJ_ri_8Bg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/745c65-b877-45f2-b898-b30b0e5265a8/1/v9WYkBz15RpwA0n7rXgCIDyTPvU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/745c65-b877-45f2-b898-b30b0e5265a8/1/NqHa7OHG6HhUbb0TM9oJ_ri_8Bg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.162.5.0/24

    Signature Algorithm: sha256WithRSAEncryption
         13:28:e9:ce:e9:19:08:a5:0d:f9:7a:5a:66:11:03:56:4e:b8:
         54:8f:54:28:7e:8c:cd:64:93:09:0e:86:38:b8:22:30:c4:ba:
         99:86:03:e7:ad:85:9e:70:18:ff:41:33:6d:c1:c6:85:5f:63:
         1b:32:56:83:a8:f5:af:8b:b4:97:e7:0a:ff:d8:40:94:57:9e:
         cb:67:25:46:43:47:43:40:e6:77:4b:17:50:bb:9e:51:a5:6b:
         cb:b9:70:f9:b6:11:34:8d:9b:36:d5:4f:9b:69:b2:b4:c5:c2:
         ae:6d:7f:0f:e0:e3:cb:b7:a7:ef:84:37:3e:60:35:6c:d4:3e:
         3f:c6:c3:da:49:65:cb:36:23:4b:ba:02:33:21:ad:29:ed:13:
         77:94:a4:48:73:44:40:4f:4f:f9:21:70:60:b0:9c:35:d1:85:
         4a:63:80:70:3c:40:e5:4f:ef:97:0a:88:08:05:1e:26:ef:cf:
         5f:cb:0b:63:de:43:dc:c4:57:55:be:21:2b:99:00:0c:10:97:
         19:4f:bd:75:21:d1:a1:13:ad:c5:74:71:79:bf:f6:ae:f3:b1:
         fb:9f:6d:24:cd:fe:e6:44:f7:02:85:e3:37:a0:d7:04:43:9d:
         a7:aa:ff:17:b1:ad:5d:26:17:64:45:07:f1:bb:4a:0c:b1:fb:
         a3:7a:07:1f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQm2Zc8AHBXfLL4kRsrc28ZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YTFkYWVjZTFjNmU4Nzg1NDZkYmQxMzMzZGEwOWZlYjhi
ZmYwMTgwHhcNMjUwMTAyMTE0OTQxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZmQ1OTg5MDFjZjVlNTFhNzAwMzQ5ZmJhZDc4MDIyMDNjOTMzZWY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoE1RmkNm/DmBwHR5SIr3RNy5Aemt
ciQSwmXQmmpAo0Invxqeqr9uUPGie9c8O3zXEKC/z22rFvt6mZWd5TpQSgO6ChuG
kx+x8rbRbsO2k/hYGwGB2zdVZ5gCvDRD6exAE3FMpDXmnQOrC7L+lpTbPYd8daen
nQfx2j50cCKG+7xPNY77mIYsMsg02PORWUT21DwYEA3PbfJjGcY/1P/JpmnyDv5R
UVfI61quBjufltFQVvkCKPFXpli7iQKeIYdPG/IyJl5b4X4PX7xEP3j5Zy9UvqII
q3yrqR4FM+If6jdwCQefFEYdU552b6R563ND8sAt6ucelFs4WJsA2uyaoQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFL/VmJAc9eUacANJ+614AiA8kz71MB8GA1UdIwQY
MBaAFDah2uzhxuh4VG29EzPaCf64v/AYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnFIYTdPSEc2SGhVYmIwVE05b0pfcmlfOEJnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83YS83NDVjNjUtYjg3Ny00NWYyLWI4OTgt
YjMwYjBlNTI2NWE4LzEvdjlXWWtCejE1UnB3QTBuN3JYZ0NJRHlUUHZVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83YS83NDVjNjUtYjg3Ny00NWYyLWI4OTgtYjMwYjBlNTI2NWE4
LzEvTnFIYTdPSEc2SGhVYmIwVE05b0pfcmlfOEJnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwaIFMA0G
CSqGSIb3DQEBCwUAA4IBAQATKOnO6RkIpQ35elpmEQNWTrhUj1QofozNZJMJDoY4
uCIwxLqZhgPnrYWecBj/QTNtwcaFX2MbMlaDqPWvi7SX5wr/2ECUV57LZyVGQ0dD
QOZ3SxdQu55RpWvLuXD5thE0jZs21U+babK0xcKubX8P4OPLt6fvhDc+YDVs1D4/
xsPaSWXLNiNLugIzIa0p7RN3lKRIc0RAT0/5IXBgsJw10YVKY4BwPEDlT++XCogI
BR4m789fywtj3kPcxFdVviErmQAMEJcZT711IdGhE63FdHF5v/au87H7n20kzf7m
RPcCheM3oNcEQ52nqv8Xsa1dJhdkRQfxu0oMsfujegcf
-----END CERTIFICATE-----