Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/80/307b98-c222-4835-8381-09c8fe724cd7/1/a-DVKI8WfcIKstVjJWQ3OLGtrMc.roa
File:                     a-DVKI8WfcIKstVjJWQ3OLGtrMc.roa (raw, json)
Hash identifier:          Os4LMnRVFwmNof1gyfyoqeIulxI3OJGZj7GrAyJ745Y=
Subject key identifier:   6B:E0:D5:28:8F:16:7D:C2:0A:B2:D5:63:25:64:37:38:B1:AD:AC:C7
Certificate issuer:       /CN=d9f200e2d38683a7cb1ce5cabbee34c068834a0b
Certificate serial:       01942369E871FF1711471C383F86475C50AB
Authority key identifier: D9:F2:00:E2:D3:86:83:A7:CB:1C:E5:CA:BB:EE:34:C0:68:83:4A:0B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2fIA4tOGg6fLHOXKu-40wGiDSgs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/80/307b98-c222-4835-8381-09c8fe724cd7/1/a-DVKI8WfcIKstVjJWQ3OLGtrMc.roa
Signing time:             Wed 01 Jan 2025 19:48:50 +0000
ROA not before:           Wed 01 Jan 2025 19:48:50 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     14618
IP address blocks:        193.134.240.0/21 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/80/307b98-c222-4835-8381-09c8fe724cd7/1/2fIA4tOGg6fLHOXKu-40wGiDSgs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/80/307b98-c222-4835-8381-09c8fe724cd7/1/2fIA4tOGg6fLHOXKu-40wGiDSgs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2fIA4tOGg6fLHOXKu-40wGiDSgs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 19:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:69:e8:71:ff:17:11:47:1c:38:3f:86:47:5c:50:ab
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d9f200e2d38683a7cb1ce5cabbee34c068834a0b
        Validity
            Not Before: Jan  1 19:48:50 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6be0d5288f167dc20ab2d56325643738b1adacc7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:44:28:00:f4:25:e7:a8:3d:2b:b1:b5:51:d3:
                    9a:f7:c9:0f:93:49:ec:f0:20:7f:49:fc:22:ab:83:
                    2a:ed:f9:fa:30:2c:b4:69:f9:fe:7b:d1:35:62:08:
                    d4:57:fe:12:79:f8:24:3a:49:cc:84:bd:29:f2:3c:
                    b5:8a:ca:90:48:aa:20:6e:86:a8:13:17:ed:16:f9:
                    3f:89:b1:5d:37:eb:72:48:1a:dc:e0:64:6e:77:21:
                    d1:f2:b3:cb:2d:08:cb:34:37:c4:14:9d:bb:9e:6b:
                    af:d5:61:b4:d2:c7:be:04:4c:1b:66:2e:77:3f:a0:
                    03:48:77:ea:80:92:c8:b1:1d:a6:27:f5:bf:6c:21:
                    ca:4d:7b:c1:97:79:ed:e7:48:4a:ee:a5:bc:93:07:
                    3e:1e:b2:1c:7a:bd:03:21:48:18:b2:5a:69:ed:6d:
                    4b:2f:b2:c6:d0:85:87:ee:30:f3:88:1a:16:6c:bc:
                    60:91:c0:0d:43:d7:28:d3:7d:96:4f:c2:22:73:02:
                    5c:de:b7:4a:b1:f5:8e:88:ce:47:fa:ab:a5:27:14:
                    cb:e1:cf:8f:98:3d:95:88:02:a6:3c:82:51:cc:57:
                    4c:9a:5f:53:f9:86:1c:e5:d0:30:9d:51:fc:4a:6d:
                    3f:66:67:b4:8f:7b:89:e6:1d:e1:31:94:e9:6f:8f:
                    41:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6B:E0:D5:28:8F:16:7D:C2:0A:B2:D5:63:25:64:37:38:B1:AD:AC:C7
            X509v3 Authority Key Identifier:
                keyid:D9:F2:00:E2:D3:86:83:A7:CB:1C:E5:CA:BB:EE:34:C0:68:83:4A:0B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2fIA4tOGg6fLHOXKu-40wGiDSgs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/80/307b98-c222-4835-8381-09c8fe724cd7/1/a-DVKI8WfcIKstVjJWQ3OLGtrMc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/80/307b98-c222-4835-8381-09c8fe724cd7/1/2fIA4tOGg6fLHOXKu-40wGiDSgs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.134.240.0/21

    Signature Algorithm: sha256WithRSAEncryption
         8c:42:ab:83:85:70:8b:b1:14:94:3e:28:47:1c:d1:66:a0:73:
         63:87:4f:46:2e:83:f8:ee:50:19:d8:4d:c5:0a:37:24:4a:06:
         54:58:db:a4:a6:0e:5b:4d:62:07:de:f5:37:1a:28:d3:92:08:
         2d:00:54:e4:c5:f8:a2:86:3f:ca:f5:b8:ac:a4:3f:f4:00:e8:
         aa:37:49:f3:c6:33:8c:bf:12:54:e3:ac:ec:46:f7:3c:75:5d:
         82:74:4d:b9:47:d8:47:a9:d6:a0:15:9c:bf:0f:98:82:b9:d2:
         20:36:9c:e8:2e:33:e0:11:a7:3d:d9:2e:9f:bb:b7:28:51:3e:
         dc:09:93:df:ac:12:ad:85:80:c2:15:d0:2a:b6:af:7c:5a:96:
         5d:ca:19:9d:1a:39:0b:d0:a3:d7:50:4d:32:c8:e0:f1:06:bb:
         18:bb:ad:bd:21:23:f9:60:d2:ca:2a:2d:28:5d:65:44:f2:d0:
         08:df:0f:32:ae:81:f7:58:70:e2:53:03:7b:d7:7e:4d:75:a9:
         ca:5f:ee:03:46:ff:9c:6e:14:2c:6a:3d:85:d6:9e:06:71:93:
         f6:45:d9:b0:f5:96:07:e1:6d:b6:b9:e4:ee:18:31:42:f6:04:
         40:6e:f7:f5:80:96:c4:53:36:72:f0:d9:1c:99:f9:24:ac:c0:
         1c:39:19:fe
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQjaehx/xcRRxw4P4ZHXFCrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ5ZjIwMGUyZDM4NjgzYTdjYjFjZTVjYWJiZWUzNGMwNjg4
MzRhMGIwHhcNMjUwMTAxMTk0ODUwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YmUwZDUyODhmMTY3ZGMyMGFiMmQ1NjMyNTY0MzczOGIxYWRhY2M3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz0QoAPQl56g9K7G1UdOa98kPk0ns
8CB/Sfwiq4Mq7fn6MCy0afn+e9E1YgjUV/4SefgkOknMhL0p8jy1isqQSKogboao
ExftFvk/ibFdN+tySBrc4GRudyHR8rPLLQjLNDfEFJ27nmuv1WG00se+BEwbZi53
P6ADSHfqgJLIsR2mJ/W/bCHKTXvBl3nt50hK7qW8kwc+HrIcer0DIUgYslpp7W1L
L7LG0IWH7jDziBoWbLxgkcANQ9co032WT8IicwJc3rdKsfWOiM5H+qulJxTL4c+P
mD2ViAKmPIJRzFdMml9T+YYc5dAwnVH8Sm0/Zme0j3uJ5h3hMZTpb49BpQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGvg1SiPFn3CCrLVYyVkNzixrazHMB8GA1UdIwQY
MBaAFNnyAOLThoOnyxzlyrvuNMBog0oLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMmZJQTR0T0dnNmZMSE9YS3UtNDB3R2lEU2dzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MC8zMDdiOTgtYzIyMi00ODM1LTgzODEt
MDljOGZlNzI0Y2Q3LzEvYS1EVktJOFdmY0lLc3RWakpXUTNPTEd0ck1jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MC8zMDdiOTgtYzIyMi00ODM1LTgzODEtMDljOGZlNzI0Y2Q3
LzEvMmZJQTR0T0dnNmZMSE9YS3UtNDB3R2lEU2dzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDwYbwMA0G
CSqGSIb3DQEBCwUAA4IBAQCMQquDhXCLsRSUPihHHNFmoHNjh09GLoP47lAZ2E3F
CjckSgZUWNukpg5bTWIH3vU3GijTkggtAFTkxfiihj/K9bispD/0AOiqN0nzxjOM
vxJU46zsRvc8dV2CdE25R9hHqdagFZy/D5iCudIgNpzoLjPgEac92S6fu7coUT7c
CZPfrBKthYDCFdAqtq98WpZdyhmdGjkL0KPXUE0yyODxBrsYu629ISP5YNLKKi0o
XWVE8tAI3w8yroH3WHDiUwN7135NdanKX+4DRv+cbhQsaj2F1p4GcZP2Rdmw9ZYH
4W22ueTuGDFC9gRAbvf1gJbEUzZy8NkcmfkkrMAcORn+
-----END CERTIFICATE-----