Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7f/ea0863-2db8-46ff-9950-d12830b3b1e0/1/BjEhACV2yXJRHQhe31y5AzO3--o.roa
File:                     BjEhACV2yXJRHQhe31y5AzO3--o.roa (raw, json)
Hash identifier:          IOjD1WKD18GQcde1wwfvHfJUbrYC9FaaN08pCD3XzFo=
Subject key identifier:   06:31:21:00:25:76:C9:72:51:1D:08:5E:DF:5C:B9:03:33:B7:FB:EA
Certificate issuer:       /CN=5c0273657ec5a1384d536f1bd99d916507fe7b29
Certificate serial:       019426D985714D80F556DB53F31E1F0C686E
Authority key identifier: 5C:02:73:65:7E:C5:A1:38:4D:53:6F:1B:D9:9D:91:65:07:FE:7B:29
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XAJzZX7FoThNU28b2Z2RZQf-eyk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7f/ea0863-2db8-46ff-9950-d12830b3b1e0/1/BjEhACV2yXJRHQhe31y5AzO3--o.roa
Signing time:             Thu 02 Jan 2025 11:49:37 +0000
ROA not before:           Thu 02 Jan 2025 11:49:37 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213094
IP address blocks:        193.3.34.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7f/ea0863-2db8-46ff-9950-d12830b3b1e0/1/XAJzZX7FoThNU28b2Z2RZQf-eyk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7f/ea0863-2db8-46ff-9950-d12830b3b1e0/1/XAJzZX7FoThNU28b2Z2RZQf-eyk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XAJzZX7FoThNU28b2Z2RZQf-eyk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 14:00:57 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:d9:85:71:4d:80:f5:56:db:53:f3:1e:1f:0c:68:6e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5c0273657ec5a1384d536f1bd99d916507fe7b29
        Validity
            Not Before: Jan  2 11:49:37 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=063121002576c972511d085edf5cb90333b7fbea
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:a1:a9:a0:9c:ff:3f:e0:e9:8c:d1:c6:d5:34:
                    34:64:25:47:05:c8:4c:e5:aa:db:bd:7b:82:36:bd:
                    7d:12:79:bf:f3:19:79:6b:9f:1c:27:02:86:60:5a:
                    2f:62:eb:43:a6:d7:6b:57:24:81:64:47:05:a2:05:
                    f6:95:5b:2f:ce:c0:aa:6f:78:69:95:d0:a2:c8:a9:
                    59:fc:ac:83:bd:e5:e5:90:9c:78:10:3c:d6:68:8f:
                    cd:fa:45:c9:b2:4e:45:ce:bb:6f:bb:8a:60:98:e3:
                    cf:e5:4a:a1:97:80:b0:f9:c8:a1:2f:d1:38:6a:6c:
                    86:7e:96:aa:7b:7a:b9:94:d7:38:01:a2:9d:fb:1d:
                    31:5c:09:7f:5e:9e:5f:0e:62:9d:2e:15:04:c8:b6:
                    91:e3:e4:6f:df:f9:b7:3d:7e:51:ec:a6:73:5a:f7:
                    5a:2e:28:71:fa:9a:19:69:d8:b0:ab:76:b5:18:dd:
                    a1:97:8b:bb:c6:8a:65:00:d8:bc:3a:07:5e:a8:06:
                    aa:bf:1e:a3:5c:dc:19:72:48:6b:18:0a:a7:12:d2:
                    fb:91:6f:ed:26:27:06:8e:19:fd:d8:d5:e6:cc:dc:
                    3e:eb:43:85:c5:1a:48:aa:f3:42:35:40:e3:ea:ea:
                    ce:7e:16:55:99:e8:95:49:62:1c:37:fb:9a:b5:4f:
                    b1:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                06:31:21:00:25:76:C9:72:51:1D:08:5E:DF:5C:B9:03:33:B7:FB:EA
            X509v3 Authority Key Identifier:
                keyid:5C:02:73:65:7E:C5:A1:38:4D:53:6F:1B:D9:9D:91:65:07:FE:7B:29

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XAJzZX7FoThNU28b2Z2RZQf-eyk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/ea0863-2db8-46ff-9950-d12830b3b1e0/1/BjEhACV2yXJRHQhe31y5AzO3--o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/ea0863-2db8-46ff-9950-d12830b3b1e0/1/XAJzZX7FoThNU28b2Z2RZQf-eyk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.3.34.0/24

    Signature Algorithm: sha256WithRSAEncryption
         42:ba:8f:1e:df:fd:23:0e:ea:65:2d:98:c7:a0:4f:9d:e6:63:
         70:5e:1a:db:c0:ee:55:8e:83:94:19:18:d8:7f:24:a5:b9:d0:
         f5:ee:0d:df:54:cf:ef:63:d5:80:34:43:ba:35:e0:fb:9b:8a:
         16:d8:3e:e1:5a:30:76:1d:07:7a:8e:21:e6:08:06:ff:a0:48:
         0e:d2:6e:d7:07:0a:e1:a3:96:b4:b5:c6:25:06:dc:47:4b:8e:
         dd:32:fa:c9:eb:16:1e:a4:85:f4:ad:e6:e6:f4:c5:79:6f:af:
         2a:f1:2b:ed:94:c2:e7:13:28:12:8c:91:e1:a9:c2:5d:9a:15:
         88:1a:8e:4e:46:af:57:fd:6e:91:00:5d:0e:21:20:a9:cb:9e:
         5b:74:27:23:d7:87:22:10:2a:a8:91:a7:ba:15:5e:1e:0d:c0:
         87:d5:d0:0f:27:f0:17:36:b9:38:f3:8f:70:fa:5b:24:b5:55:
         be:c3:86:7c:02:62:d9:96:d8:9e:55:a5:a6:0e:ab:06:8e:6d:
         2f:05:42:86:5f:6c:69:fc:8b:eb:17:c5:8a:05:a6:e8:e3:cc:
         8a:a3:15:0f:20:21:d7:d4:f8:3d:7b:34:99:55:7a:8e:bd:fa:
         11:5f:95:c5:49:22:b5:3e:92:07:29:e1:c8:79:c8:3e:72:87:
         84:8a:19:eb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQm2YVxTYD1VttT8x4fDGhuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVjMDI3MzY1N2VjNWExMzg0ZDUzNmYxYmQ5OWQ5MTY1MDdm
ZTdiMjkwHhcNMjUwMTAyMTE0OTM3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNjMxMjEwMDI1NzZjOTcyNTExZDA4NWVkZjVjYjkwMzMzYjdmYmVhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnaGpoJz/P+DpjNHG1TQ0ZCVHBchM
5arbvXuCNr19Enm/8xl5a58cJwKGYFovYutDptdrVySBZEcFogX2lVsvzsCqb3hp
ldCiyKlZ/KyDveXlkJx4EDzWaI/N+kXJsk5Fzrtvu4pgmOPP5Uqhl4Cw+cihL9E4
amyGfpaqe3q5lNc4AaKd+x0xXAl/Xp5fDmKdLhUEyLaR4+Rv3/m3PX5R7KZzWvda
Lihx+poZadiwq3a1GN2hl4u7xoplANi8OgdeqAaqvx6jXNwZckhrGAqnEtL7kW/t
JicGjhn92NXmzNw+60OFxRpIqvNCNUDj6urOfhZVmeiVSWIcN/uatU+xHwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAYxIQAldslyUR0IXt9cuQMzt/vqMB8GA1UdIwQY
MBaAFFwCc2V+xaE4TVNvG9mdkWUH/nspMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWEFKelpYN0ZvVGhOVTI4YjJaMlJaUWYtZXlrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Zi9lYTA4NjMtMmRiOC00NmZmLTk5NTAt
ZDEyODMwYjNiMWUwLzEvQmpFaEFDVjJ5WEpSSFFoZTMxeTVBek8zLS1vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Zi9lYTA4NjMtMmRiOC00NmZmLTk5NTAtZDEyODMwYjNiMWUw
LzEvWEFKelpYN0ZvVGhOVTI4YjJaMlJaUWYtZXlrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwQMiMA0G
CSqGSIb3DQEBCwUAA4IBAQBCuo8e3/0jDuplLZjHoE+d5mNwXhrbwO5VjoOUGRjY
fySludD17g3fVM/vY9WANEO6NeD7m4oW2D7hWjB2HQd6jiHmCAb/oEgO0m7XBwrh
o5a0tcYlBtxHS47dMvrJ6xYepIX0rebm9MV5b68q8SvtlMLnEygSjJHhqcJdmhWI
Go5ORq9X/W6RAF0OISCpy55bdCcj14ciECqokae6FV4eDcCH1dAPJ/AXNrk4849w
+lsktVW+w4Z8AmLZltieVaWmDqsGjm0vBUKGX2xp/IvrF8WKBabo48yKoxUPICHX
1Pg9ezSZVXqOvfoRX5XFSSK1PpIHKeHIecg+coeEihnr
-----END CERTIFICATE-----