Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7e/fac2a2-5f69-4043-8d65-5bc8795c2cba/1/jdn52CanAogysSSsHvxl8oKYqEU.roa
File:                     jdn52CanAogysSSsHvxl8oKYqEU.roa (raw, json)
Hash identifier:          nA6uVwF0uVARnhrLjCGdNBrWcovmnCAcVghKvtj+qwk=
Subject key identifier:   8D:D9:F9:D8:26:A7:02:88:32:B1:24:AC:1E:FC:65:F2:82:98:A8:45
Certificate issuer:       /CN=a84570854fe886b94ae625363c625dda60bb3efc
Certificate serial:       019426D97419D49330EB52DB92639DADEEB6
Authority key identifier: A8:45:70:85:4F:E8:86:B9:4A:E6:25:36:3C:62:5D:DA:60:BB:3E:FC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qEVwhU_ohrlK5iU2PGJd2mC7Pvw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7e/fac2a2-5f69-4043-8d65-5bc8795c2cba/1/jdn52CanAogysSSsHvxl8oKYqEU.roa
Signing time:             Thu 02 Jan 2025 11:49:32 +0000
ROA not before:           Thu 02 Jan 2025 11:49:32 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     35407
IP address blocks:        193.138.30.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7e/fac2a2-5f69-4043-8d65-5bc8795c2cba/1/qEVwhU_ohrlK5iU2PGJd2mC7Pvw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7e/fac2a2-5f69-4043-8d65-5bc8795c2cba/1/qEVwhU_ohrlK5iU2PGJd2mC7Pvw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qEVwhU_ohrlK5iU2PGJd2mC7Pvw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 15 Mar 2025 03:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:d9:74:19:d4:93:30:eb:52:db:92:63:9d:ad:ee:b6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a84570854fe886b94ae625363c625dda60bb3efc
        Validity
            Not Before: Jan  2 11:49:32 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8dd9f9d826a7028832b124ac1efc65f28298a845
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:e8:02:d0:94:82:e2:d3:a1:0d:40:31:ad:20:
                    17:f8:e9:e0:58:f6:40:21:2c:1c:5e:43:d3:c8:4d:
                    1b:e5:a3:83:4c:2f:5f:eb:20:7d:3f:5a:bf:ba:9f:
                    65:ec:5c:88:04:7a:d7:48:00:55:4d:0d:a4:b0:c9:
                    d4:9c:2c:87:0e:5e:d1:0b:69:cf:56:79:c4:e7:50:
                    8e:1b:4b:b5:a9:c0:66:a6:20:48:3a:e5:68:17:9b:
                    68:ec:52:59:7a:2a:34:6f:94:83:ef:30:94:b1:41:
                    20:e6:33:0a:93:ca:fa:69:67:10:bb:38:a7:0e:03:
                    64:97:6b:a6:f3:bd:d5:28:14:8b:5a:77:67:4b:c0:
                    f6:a2:65:ea:a5:c0:de:24:13:e3:59:ba:46:db:49:
                    aa:c1:94:b4:54:17:f0:21:19:ce:6c:ba:48:f1:6e:
                    8d:9e:15:7e:a6:e6:4a:39:f5:64:8f:e0:40:f6:7b:
                    74:d5:1d:d0:37:91:f2:86:ca:20:ba:ae:30:8e:e0:
                    27:ed:9b:24:d9:c6:5a:5f:32:a8:b5:ce:1e:f1:af:
                    6d:fc:48:b0:a5:ab:ec:c8:85:cb:77:9d:6b:45:c6:
                    57:a2:3c:13:f9:c9:21:38:23:06:23:69:b8:64:b0:
                    cd:3c:c9:70:a5:7d:ae:b6:66:91:83:4b:31:c0:c5:
                    c3:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8D:D9:F9:D8:26:A7:02:88:32:B1:24:AC:1E:FC:65:F2:82:98:A8:45
            X509v3 Authority Key Identifier:
                keyid:A8:45:70:85:4F:E8:86:B9:4A:E6:25:36:3C:62:5D:DA:60:BB:3E:FC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qEVwhU_ohrlK5iU2PGJd2mC7Pvw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7e/fac2a2-5f69-4043-8d65-5bc8795c2cba/1/jdn52CanAogysSSsHvxl8oKYqEU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7e/fac2a2-5f69-4043-8d65-5bc8795c2cba/1/qEVwhU_ohrlK5iU2PGJd2mC7Pvw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.138.30.0/24

    Signature Algorithm: sha256WithRSAEncryption
         aa:4d:17:49:80:1d:e9:03:4c:de:67:17:5c:bb:2f:84:54:49:
         b1:45:68:59:f7:08:35:1e:94:00:21:7c:4d:9b:b2:22:a7:e5:
         56:51:f9:0c:55:b2:d6:47:ac:cd:8a:10:7c:63:f3:09:48:36:
         42:de:98:36:ec:4e:0d:81:da:51:a4:a8:11:49:ab:91:29:fc:
         80:77:0c:5f:24:bc:cb:c8:98:43:3d:3f:c0:4f:dc:49:13:bd:
         8a:6d:93:6a:76:e2:99:92:66:17:3f:ae:99:ff:d0:3a:37:94:
         72:e1:0e:5e:2b:0e:f7:be:37:39:99:70:76:11:d1:df:57:fe:
         34:7a:50:67:90:ff:8a:06:02:bc:c4:0b:73:ea:09:f7:a3:d4:
         02:cc:f4:5a:59:60:04:44:a2:80:a2:91:1f:73:c1:f6:21:ad:
         0f:17:42:67:7e:23:b0:c2:96:41:d2:14:7c:d8:6b:9e:57:d9:
         d3:9f:a2:02:4f:7e:af:b2:d4:92:f8:95:f5:ad:50:d0:98:32:
         e0:dd:d9:8c:6e:40:ff:87:d2:c8:e5:10:48:f8:34:2f:66:92:
         b0:57:c6:f1:20:d7:58:82:82:fa:22:c3:1e:21:3d:67:c2:8b:
         3f:08:99:33:46:f3:d9:bf:3c:e4:7a:db:8f:fe:91:21:51:4d:
         87:fb:fa:52
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQm2XQZ1JMw61LbkmOdre62MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE4NDU3MDg1NGZlODg2Yjk0YWU2MjUzNjNjNjI1ZGRhNjBi
YjNlZmMwHhcNMjUwMTAyMTE0OTMyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZGQ5ZjlkODI2YTcwMjg4MzJiMTI0YWMxZWZjNjVmMjgyOThhODQ1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxOgC0JSC4tOhDUAxrSAX+OngWPZA
ISwcXkPTyE0b5aODTC9f6yB9P1q/up9l7FyIBHrXSABVTQ2ksMnUnCyHDl7RC2nP
VnnE51COG0u1qcBmpiBIOuVoF5to7FJZeio0b5SD7zCUsUEg5jMKk8r6aWcQuzin
DgNkl2um873VKBSLWndnS8D2omXqpcDeJBPjWbpG20mqwZS0VBfwIRnObLpI8W6N
nhV+puZKOfVkj+BA9nt01R3QN5Hyhsoguq4wjuAn7Zsk2cZaXzKotc4e8a9t/Eiw
pavsyIXLd51rRcZXojwT+ckhOCMGI2m4ZLDNPMlwpX2utmaRg0sxwMXDXwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFI3Z+dgmpwKIMrEkrB78ZfKCmKhFMB8GA1UdIwQY
MBaAFKhFcIVP6Ia5SuYlNjxiXdpguz78MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcUVWd2hVX29ocmxLNWlVMlBHSmQybUM3UHZ3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83ZS9mYWMyYTItNWY2OS00MDQzLThkNjUt
NWJjODc5NWMyY2JhLzEvamRuNTJDYW5Bb2d5c1NTc0h2eGw4b0tZcUVVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83ZS9mYWMyYTItNWY2OS00MDQzLThkNjUtNWJjODc5NWMyY2Jh
LzEvcUVWd2hVX29ocmxLNWlVMlBHSmQybUM3UHZ3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwYoeMA0G
CSqGSIb3DQEBCwUAA4IBAQCqTRdJgB3pA0zeZxdcuy+EVEmxRWhZ9wg1HpQAIXxN
m7Iip+VWUfkMVbLWR6zNihB8Y/MJSDZC3pg27E4NgdpRpKgRSauRKfyAdwxfJLzL
yJhDPT/AT9xJE72KbZNqduKZkmYXP66Z/9A6N5Ry4Q5eKw73vjc5mXB2EdHfV/40
elBnkP+KBgK8xAtz6gn3o9QCzPRaWWAERKKAopEfc8H2Ia0PF0JnfiOwwpZB0hR8
2GueV9nTn6ICT36vstSS+JX1rVDQmDLg3dmMbkD/h9LI5RBI+DQvZpKwV8bxINdY
goL6IsMeIT1nwos/CJkzRvPZvzzketuP/pEhUU2H+/pS
-----END CERTIFICATE-----