Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7e/e35ac1-05d1-406d-b668-36eaf7948531/1/u8gM57Vzy83m5elKcN7yP_JfkD0.roa
File:                     u8gM57Vzy83m5elKcN7yP_JfkD0.roa (raw, json)
Hash identifier:          11ORynfloHVoIfYWzniyOLKFlZYtVFhIVMRALKTSBUQ=
Subject key identifier:   BB:C8:0C:E7:B5:73:CB:CD:E6:E5:E9:4A:70:DE:F2:3F:F2:5F:90:3D
Certificate issuer:       /CN=365b4abab716ad1407a902e5176560ecc37c966d
Certificate serial:       019427B5788DBC89AC00723121FB2B957AF4
Authority key identifier: 36:5B:4A:BA:B7:16:AD:14:07:A9:02:E5:17:65:60:EC:C3:7C:96:6D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NltKurcWrRQHqQLlF2Vg7MN8lm0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7e/e35ac1-05d1-406d-b668-36eaf7948531/1/u8gM57Vzy83m5elKcN7yP_JfkD0.roa
Signing time:             Thu 02 Jan 2025 15:49:51 +0000
ROA not before:           Thu 02 Jan 2025 15:49:51 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     21107
IP address blocks:        130.193.19.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7e/e35ac1-05d1-406d-b668-36eaf7948531/1/NltKurcWrRQHqQLlF2Vg7MN8lm0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7e/e35ac1-05d1-406d-b668-36eaf7948531/1/NltKurcWrRQHqQLlF2Vg7MN8lm0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NltKurcWrRQHqQLlF2Vg7MN8lm0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 14 Apr 2025 03:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:b5:78:8d:bc:89:ac:00:72:31:21:fb:2b:95:7a:f4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=365b4abab716ad1407a902e5176560ecc37c966d
        Validity
            Not Before: Jan  2 15:49:51 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=bbc80ce7b573cbcde6e5e94a70def23ff25f903d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:06:0f:b7:de:0b:62:60:24:19:52:a4:68:d7:
                    23:6b:0b:8a:21:ec:09:62:1d:c5:31:98:c3:3e:c6:
                    90:3e:9b:d0:2c:bf:21:12:a7:a5:8c:c9:a2:f9:cb:
                    f7:9e:89:62:92:a9:33:60:02:ec:b3:dd:40:bb:e0:
                    91:f6:39:6a:c0:bc:6a:a4:71:ef:77:ec:0a:27:a0:
                    73:c1:74:d9:5e:69:ee:f9:3e:1f:4e:37:1a:02:9e:
                    99:51:10:0a:ef:b1:7b:5d:a5:99:fe:a3:49:48:e5:
                    57:99:24:9f:d1:95:45:f5:df:37:7c:54:ae:99:7c:
                    55:e4:7e:12:36:d2:7e:b7:f1:48:fd:03:48:9d:25:
                    3e:1f:f5:48:fb:aa:a1:6e:e8:62:a4:7d:ca:0a:73:
                    85:a1:1f:47:b4:ca:78:89:8c:ca:b8:c8:6f:e3:85:
                    9c:db:61:8e:ec:8e:7d:3e:ee:b6:06:46:ff:d6:ae:
                    a9:af:fc:b9:94:59:3b:54:44:f5:d2:96:43:9b:b9:
                    42:4a:40:87:62:9a:97:72:e5:b8:59:da:da:41:bf:
                    44:40:e8:32:4d:20:9d:dd:79:34:e8:08:af:d6:9b:
                    97:89:73:6a:60:f1:ec:37:36:ab:10:57:12:a0:f7:
                    92:3c:05:96:9f:0b:10:0c:5b:a4:18:b9:9c:bc:0a:
                    3a:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BB:C8:0C:E7:B5:73:CB:CD:E6:E5:E9:4A:70:DE:F2:3F:F2:5F:90:3D
            X509v3 Authority Key Identifier:
                keyid:36:5B:4A:BA:B7:16:AD:14:07:A9:02:E5:17:65:60:EC:C3:7C:96:6D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NltKurcWrRQHqQLlF2Vg7MN8lm0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7e/e35ac1-05d1-406d-b668-36eaf7948531/1/u8gM57Vzy83m5elKcN7yP_JfkD0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7e/e35ac1-05d1-406d-b668-36eaf7948531/1/NltKurcWrRQHqQLlF2Vg7MN8lm0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  130.193.19.0/24

    Signature Algorithm: sha256WithRSAEncryption
         57:12:59:3d:3c:b9:ab:e1:3c:95:ae:31:48:7d:1b:e0:67:1f:
         e9:67:db:54:1a:16:1f:c3:ce:5c:45:85:d9:7d:97:e1:f9:74:
         c8:a8:d4:96:a5:ae:06:5b:f2:98:38:6c:9f:0d:fc:89:d9:11:
         b3:15:b1:47:f5:a5:1b:e2:86:48:8f:5f:2c:ea:19:d1:33:73:
         9e:d3:66:75:f6:19:57:f7:f6:91:c6:25:32:7d:9c:f9:39:54:
         7e:ee:93:3d:7c:89:64:f1:f4:94:48:5f:19:52:b7:a5:c2:21:
         b1:be:ef:ad:8b:cb:08:eb:39:b0:bf:be:fa:13:01:5d:c5:35:
         36:cd:87:12:15:51:74:c8:29:56:ce:a1:77:67:5e:ae:3a:85:
         eb:1a:20:0b:03:b7:4c:1d:75:44:e0:74:a2:17:65:97:a1:58:
         d6:0c:b1:ca:62:23:39:f1:74:c1:94:7f:4e:fe:1d:25:09:15:
         ec:8b:b7:0b:7f:af:73:db:3c:09:f9:cd:4c:b1:ff:bd:39:69:
         8a:4b:f9:27:8a:3e:fc:ba:dd:50:4a:cb:76:c9:13:0e:1e:8c:
         26:7c:9d:f0:9a:5f:0c:9a:94:65:5a:75:f6:45:ac:21:8d:dc:
         b7:b4:14:7d:08:35:2e:ee:97:c9:d7:b3:ca:ee:d9:c3:66:36:
         8d:d3:d3:1f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQntXiNvImsAHIxIfsrlXr0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2NWI0YWJhYjcxNmFkMTQwN2E5MDJlNTE3NjU2MGVjYzM3
Yzk2NmQwHhcNMjUwMTAyMTU0OTUxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYmM4MGNlN2I1NzNjYmNkZTZlNWU5NGE3MGRlZjIzZmYyNWY5MDNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAygYPt94LYmAkGVKkaNcjawuKIewJ
Yh3FMZjDPsaQPpvQLL8hEqeljMmi+cv3nolikqkzYALss91Au+CR9jlqwLxqpHHv
d+wKJ6BzwXTZXmnu+T4fTjcaAp6ZURAK77F7XaWZ/qNJSOVXmSSf0ZVF9d83fFSu
mXxV5H4SNtJ+t/FI/QNInSU+H/VI+6qhbuhipH3KCnOFoR9HtMp4iYzKuMhv44Wc
22GO7I59Pu62Bkb/1q6pr/y5lFk7VET10pZDm7lCSkCHYpqXcuW4WdraQb9EQOgy
TSCd3Xk06Aiv1puXiXNqYPHsNzarEFcSoPeSPAWWnwsQDFukGLmcvAo61wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLvIDOe1c8vN5uXpSnDe8j/yX5A9MB8GA1UdIwQY
MBaAFDZbSrq3Fq0UB6kC5RdlYOzDfJZtMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTmx0S3VyY1dyUlFIcVFMbEYyVmc3TU44bG0wLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83ZS9lMzVhYzEtMDVkMS00MDZkLWI2Njgt
MzZlYWY3OTQ4NTMxLzEvdThnTTU3Vnp5ODNtNWVsS2NON3lQX0pma0QwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83ZS9lMzVhYzEtMDVkMS00MDZkLWI2NjgtMzZlYWY3OTQ4NTMx
LzEvTmx0S3VyY1dyUlFIcVFMbEYyVmc3TU44bG0wLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAgsETMA0G
CSqGSIb3DQEBCwUAA4IBAQBXElk9PLmr4TyVrjFIfRvgZx/pZ9tUGhYfw85cRYXZ
fZfh+XTIqNSWpa4GW/KYOGyfDfyJ2RGzFbFH9aUb4oZIj18s6hnRM3Oe02Z19hlX
9/aRxiUyfZz5OVR+7pM9fIlk8fSUSF8ZUrelwiGxvu+ti8sI6zmwv776EwFdxTU2
zYcSFVF0yClWzqF3Z16uOoXrGiALA7dMHXVE4HSiF2WXoVjWDLHKYiM58XTBlH9O
/h0lCRXsi7cLf69z2zwJ+c1Msf+9OWmKS/knij78ut1QSst2yRMOHowmfJ3wml8M
mpRlWnX2Rawhjdy3tBR9CDUu7pfJ17PK7tnDZjaN09Mf
-----END CERTIFICATE-----