Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/81/f81915-405e-4b54-9cb4-70a556ba8a11/1/t0ABKlreTdgbRnQWxypS9Vsg-qo.roa
File:                     t0ABKlreTdgbRnQWxypS9Vsg-qo.roa (raw, json)
Hash identifier:          DhyTprna0g/snYnfn/Phy/SkjXi5ucdmEspJ/7aAlds=
Subject key identifier:   B7:40:01:2A:5A:DE:4D:D8:1B:46:74:16:C7:2A:52:F5:5B:20:FA:AA
Certificate issuer:       /CN=b9762db1282ffd084761232038f81f5d29e640d5
Certificate serial:       019426D8FDE8D7BC8E6C39D4C3E8C7F9DD4E
Authority key identifier: B9:76:2D:B1:28:2F:FD:08:47:61:23:20:38:F8:1F:5D:29:E6:40:D5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uXYtsSgv_QhHYSMgOPgfXSnmQNU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/81/f81915-405e-4b54-9cb4-70a556ba8a11/1/t0ABKlreTdgbRnQWxypS9Vsg-qo.roa
Signing time:             Thu 02 Jan 2025 11:49:02 +0000
ROA not before:           Thu 02 Jan 2025 11:49:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     396356
IP address blocks:        185.139.34.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/81/f81915-405e-4b54-9cb4-70a556ba8a11/1/uXYtsSgv_QhHYSMgOPgfXSnmQNU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/81/f81915-405e-4b54-9cb4-70a556ba8a11/1/uXYtsSgv_QhHYSMgOPgfXSnmQNU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/uXYtsSgv_QhHYSMgOPgfXSnmQNU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 10 Apr 2025 23:00:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:d8:fd:e8:d7:bc:8e:6c:39:d4:c3:e8:c7:f9:dd:4e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b9762db1282ffd084761232038f81f5d29e640d5
        Validity
            Not Before: Jan  2 11:49:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b740012a5ade4dd81b467416c72a52f55b20faaa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:93:cc:95:5b:cc:4b:83:6c:50:2d:5d:4a:40:
                    a6:93:0d:f1:3a:e4:74:52:63:51:bf:01:39:a8:c0:
                    58:40:32:82:b3:8c:c5:e4:e6:d2:28:b9:6b:19:78:
                    93:52:2d:8e:f2:f3:2f:1b:79:1a:fc:12:b1:09:e2:
                    d2:34:cb:54:92:b6:7f:70:58:e8:d9:71:c8:ee:2a:
                    18:47:6b:fe:d1:86:8a:0b:93:dd:d9:c1:07:56:01:
                    94:5b:e1:7b:71:1d:67:e4:15:6d:5a:ea:4b:69:10:
                    5c:dc:8d:d9:fc:55:dd:6c:5e:bb:be:26:12:06:86:
                    dd:44:fa:56:a9:6f:90:0e:b6:e5:28:91:25:d7:a2:
                    ad:fb:43:83:c4:3b:ba:65:29:92:9f:99:d5:45:bc:
                    0c:ca:52:3a:ca:d6:b9:91:ae:5a:b1:0f:c0:82:83:
                    4e:52:5a:65:c5:4b:7d:ba:d3:8d:3f:73:6d:96:c3:
                    df:6a:b9:9a:b6:66:9b:7e:66:19:cb:54:47:bb:d0:
                    79:fb:ec:18:8d:83:39:59:08:3e:75:8d:f0:8d:6d:
                    ab:f3:a1:41:ba:6b:dc:90:2c:cc:ba:ab:e3:9d:11:
                    2d:97:7b:ac:af:43:39:ac:bb:9e:7d:9f:b5:5f:db:
                    e1:a5:87:99:2a:32:5e:28:0c:2e:fc:a1:3f:af:38:
                    da:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B7:40:01:2A:5A:DE:4D:D8:1B:46:74:16:C7:2A:52:F5:5B:20:FA:AA
            X509v3 Authority Key Identifier:
                keyid:B9:76:2D:B1:28:2F:FD:08:47:61:23:20:38:F8:1F:5D:29:E6:40:D5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uXYtsSgv_QhHYSMgOPgfXSnmQNU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/81/f81915-405e-4b54-9cb4-70a556ba8a11/1/t0ABKlreTdgbRnQWxypS9Vsg-qo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/81/f81915-405e-4b54-9cb4-70a556ba8a11/1/uXYtsSgv_QhHYSMgOPgfXSnmQNU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.139.34.0/24

    Signature Algorithm: sha256WithRSAEncryption
         27:aa:0e:05:b1:24:3a:94:d7:6f:e0:82:57:08:30:92:5f:41:
         c4:e0:ea:ac:a9:94:f3:ac:38:ee:78:06:29:be:7c:27:76:a3:
         db:70:84:4c:ea:40:10:01:25:b4:46:b0:0b:59:f6:6a:75:0e:
         06:02:27:7c:6e:3f:c9:a9:e7:2a:87:f4:d0:89:d6:40:5b:fe:
         09:7f:55:0f:79:fa:f6:7b:28:6b:e4:ab:35:ac:20:03:22:82:
         62:c4:96:18:c5:08:bb:fa:17:c3:d0:00:67:34:68:b0:e8:f8:
         44:ab:fc:a2:90:56:64:f1:16:dc:40:c1:06:43:a0:cc:18:47:
         e2:0a:59:2b:b6:93:0b:e3:c8:2f:fa:93:70:ae:d5:2d:43:6b:
         7b:9e:af:ed:5b:8f:fc:05:09:a7:43:c2:a7:e1:39:58:89:2f:
         a4:1f:18:5d:a7:9f:a4:b7:91:2f:c2:02:c1:10:f1:20:1c:73:
         af:3c:c3:14:e1:77:86:89:f1:3c:58:4e:8a:4b:fb:d4:b4:23:
         b3:7a:bf:17:8a:e2:c8:43:d0:fd:3a:c1:be:8d:f4:9b:a6:56:
         32:37:ba:04:26:fc:85:35:3b:92:f9:27:32:ce:1c:71:46:a3:
         e7:1a:fa:f7:b6:c8:64:02:6f:26:56:cd:c0:25:b8:3a:7c:54:
         e9:b2:ba:52
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQm2P3o17yObDnUw+jH+d1OMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI5NzYyZGIxMjgyZmZkMDg0NzYxMjMyMDM4ZjgxZjVkMjll
NjQwZDUwHhcNMjUwMTAyMTE0OTAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNzQwMDEyYTVhZGU0ZGQ4MWI0Njc0MTZjNzJhNTJmNTViMjBmYWFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsJPMlVvMS4NsUC1dSkCmkw3xOuR0
UmNRvwE5qMBYQDKCs4zF5ObSKLlrGXiTUi2O8vMvG3ka/BKxCeLSNMtUkrZ/cFjo
2XHI7ioYR2v+0YaKC5Pd2cEHVgGUW+F7cR1n5BVtWupLaRBc3I3Z/FXdbF67viYS
BobdRPpWqW+QDrblKJEl16Kt+0ODxDu6ZSmSn5nVRbwMylI6yta5ka5asQ/AgoNO
UlplxUt9utONP3NtlsPfarmatmabfmYZy1RHu9B5++wYjYM5WQg+dY3wjW2r86FB
umvckCzMuqvjnREtl3usr0M5rLuefZ+1X9vhpYeZKjJeKAwu/KE/rzjaxQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLdAASpa3k3YG0Z0FscqUvVbIPqqMB8GA1UdIwQY
MBaAFLl2LbEoL/0IR2EjIDj4H10p5kDVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdVhZdHNTZ3ZfUWhIWVNNZ09QZ2ZYU25tUU5VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MS9mODE5MTUtNDA1ZS00YjU0LTljYjQt
NzBhNTU2YmE4YTExLzEvdDBBQktscmVUZGdiUm5RV3h5cFM5VnNnLXFvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MS9mODE5MTUtNDA1ZS00YjU0LTljYjQtNzBhNTU2YmE4YTEx
LzEvdVhZdHNTZ3ZfUWhIWVNNZ09QZ2ZYU25tUU5VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuYsiMA0G
CSqGSIb3DQEBCwUAA4IBAQAnqg4FsSQ6lNdv4IJXCDCSX0HE4OqsqZTzrDjueAYp
vnwndqPbcIRM6kAQASW0RrALWfZqdQ4GAid8bj/Jqecqh/TQidZAW/4Jf1UPefr2
eyhr5Ks1rCADIoJixJYYxQi7+hfD0ABnNGiw6PhEq/yikFZk8RbcQMEGQ6DMGEfi
ClkrtpML48gv+pNwrtUtQ2t7nq/tW4/8BQmnQ8Kn4TlYiS+kHxhdp5+kt5EvwgLB
EPEgHHOvPMMU4XeGifE8WE6KS/vUtCOzer8XiuLIQ9D9OsG+jfSbplYyN7oEJvyF
NTuS+ScyzhxxRqPnGvr3tshkAm8mVs3AJbg6fFTpsrpS
-----END CERTIFICATE-----